Advertisement

Journal of Business Ethics

, Volume 156, Issue 1, pp 123–140 | Cite as

Perceived Privacy Violation: Exploring the Malleability of Privacy Expectations

  • Scott A. WrightEmail author
  • Guang-Xin Xie
Original Paper

Abstract

Recent scholarship in business ethics has revealed the importance of privacy expectations as they relate to implicit privacy norms and the business practices that may violate these expectations. Yet, it is unclear how and when businesses may violate these expectations, factors that form or influence privacy expectations, or whether or not expectations have in fact been violated by company actions. This article reports the findings of three studies exploring how and when the corporate dissemination of consumer data violates privacy expectations. The results indicate that consumer sentiment is more negative following intentional releases of sensitive consumer data, but the effect of data dissemination is more complex than that of company intentionality and data sensitivity alone. Companies can effectively set, and re-affirm, privacy expectations via consent procedures preceding and succeeding data dissemination notifications. Although implied consent has become more widely used in practice, we show how explicit consent outperforms implied consent in these regards. Importantly, this research provides process evidence that identifies perceived violation of privacy expectations as the underlying mechanism to explain the deleterious effects, on consumer sentiment, when company actions are misaligned with consumers’ privacy expectations. Ethical implications for companies collecting and disseminating consumer information are offered.

Keywords

Consumer privacy Data dissemination Explicit consent Intentionality Personal data Implied consent Privacy infringement Sensitive information Social contract theory 

Notes

Compliance with Ethical Standards

Conflict of interest

The authors declare that they have no conflict of interest.

Supplementary material

10551_2017_3553_MOESM1_ESM.doc (206 kb)
Supplementary material 1 (DOC 206 kb)

References

  1. Ackerman, M. S., Cranor, L. F., & Reagle, J. (1999). Privacy in e-commerce: Examining user scenarios and privacy preferences. In Proceedings of the 1st ACM conference on electronic commerce (pp. 1–8).Google Scholar
  2. Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509–514.Google Scholar
  3. Altman, I. (1975). Environment and social behavior: Privacy, personal space, territory, and crowding. Monterey, CA: Brooks/Cole.Google Scholar
  4. Baca-Motes, K., Brown, A., Gneezy, A., Keenan, E. A., & Nelson, L. D. (2013). Commitment and behavior change: Evidence from the field. Journal of Consumer Research, 39(5), 1070–1084.Google Scholar
  5. Brenkert, G. G. (1981). Privacy, polygraphs and work. Business and Professional Ethics Journal, 1(1), 19–35.Google Scholar
  6. Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448.Google Scholar
  7. Cranor, L. F. (2012). Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. Journal on Telecommunications and High Technology Law, 10, 273.Google Scholar
  8. Disney (2015). Privacy policy. https://disneyprivacycenter.com/privacy-policy-translations/english/#DIMGQuestion4. Accessed May 25, 2016.
  9. Dommeyer, C. J., & Gross, B. L. (2003). What consumers know and what they do: An investigation of consumer knowledge, awareness, and use of privacy protection strategies. Journal of Interactive Marketing, 17(2), 34–51.Google Scholar
  10. Donaldson, T., & Dunfee, T. W. (1994). Toward a unified conception of business ethics: Integrative social contracts theory. Academy of Management Review, 19(2), 252–284.Google Scholar
  11. Dunfee, T. W. (2006). A critical perspective of integrative social contracts theory: Recurring criticisms and next generation research topics. Journal of Business Ethics, 68(3), 303–328.Google Scholar
  12. Easton, R. B., Graber, M. A., Monnahan, J., & Hughes, J. (2007). Defining the scope of implied consent in the emergency department. The American Journal of Bioethics, 7(12), 35–38.Google Scholar
  13. Facebook (2013). Important message from Facebook’s white hat program. https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766. Accessed December 19, 2015.
  14. Federal Trade Commission. (2009). The CAN-SPAM Act: A compliance guide for business. https://www.ftc.gov/system/files/documents/plain-language/bus61-can-spam-act-compliance-guide-business.pdf. Accessed December 1, 2016.
  15. Federal Trade Commission. (2011). FTC charges deceptive privacy practices in Google’s rollout of its buzz social network. http://Ftc.Gov/Opa/2011/03/Googleshtm. Accessed December 1, 2016.
  16. Federal Trade Commission. (2014). Data brokers: A call for transparency and accountability. Www.Ftc.Gov/System/Files/Documents/Reports/Data-Brokers-Call-Transparency-Accountabilityreport-Federal-Trade-Commission-may-2014/140527databrokerreport.Pdf. Accessed December 1, 2016.
  17. Finkle, J. (2013). Adobe data breach more extensive than previously disclosed. Reuters, http://www.reuters.com/article/us-adobe-cyberattack-idUSBRE99S1DJ20131029. Accessed December 19, 2015.
  18. Fredrix, E. (2005). Ameritrade loses backup tape containing 200 K client files. http://usatoday30.usatoday.com/tech/news/computersecurity/infotheft/2005-04-20-ameritrade-files-lost_x.htm. Accessed December 1, 2016.
  19. Garcia, A. (2015). Target settles for $39 million over data breach. http://money.cnn.com/2015/12/02/news/companies/target-data-breach-settlement. Accessed September 1, 2016.
  20. Google. (2016). Privacy policy. http://www.google.com/policies/privacy. Accessed December 1, 2016.
  21. Harris, K. D. (2016). California Data Breach Report 2012-2015. https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf. Accessed May 25, 2016.
  22. Hayes, A. F. (2013). Introduction to mediation, moderation, and conditional process analysis: A regression-based approach. New York: Guilford Press.Google Scholar
  23. Heide, J. B., Wathne, K. H., & Rokkan, A. I. (2007). Interfirm monitoring, social contracts, and relationship outcomes. Journal of Marketing Research, 44(3), 425–433.Google Scholar
  24. Huh, Y. E., Vosgerau, J., & Morewedge, C. K. (2014). Social defaults: Observed choices become choice defaults. Journal of Consumer Research, 41(3), 746–760.Google Scholar
  25. Janssen, A., & Gevers, S. (2005). Explicit or implied consent and organ donation post-mortem: Does it matter. Medicine and Law, 24(3), 575–583.Google Scholar
  26. Johnson, E. J., Bellman, S., & Lohse, G. L. (2002). Defaults, framing and privacy: Why opting in-opting out. Marketing Letters, 13(1), 5–15.Google Scholar
  27. Johnson, E. J., & Goldstein, D. (2003). Do defaults save lives? Science, 302(5649), 1338–1339.Google Scholar
  28. Kang, J., & Hustvedt, G. (2014). Building trust between consumers and corporations: The role of consumer perceptions of transparency and social responsibility. Journal of Business Ethics, 125(2), 253–265.Google Scholar
  29. Kannan, K., Rees, J., & Sridhar, S. (2007). Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1), 69–91.Google Scholar
  30. Kelly, E. (2017). Congress tackles major privacy, surveillance issues. USA Today https://www.usatoday.com/story/news/politics/2017/04/12/congress-tackles-major-privacy-surveillance-issues/100335168. Accessed April 16, 2017.
  31. Kroft, S. (2014). The data brokers: Selling your personal information. CBS News. http://www.cbsnews.com/news/the-data-brokers-selling-your-personal-information/. Accessed October 5, 2015.
  32. Lombrozo, T. (2010). Causal–explanatory pluralism: How intentions, functions, and mechanisms influence causal ascriptions. Cognitive Psychology, 61(4), 303–332.Google Scholar
  33. Lowry, P. B., Posey, C., Roberts, T. L., & Bennett, R. J. (2014). Is your banker leaking your personal information? The roles of ethics and individual-level cultural characteristics in predicting organizational computer abuse. Journal of Business Ethics, 121(3), 385–401.Google Scholar
  34. Luo, X., Raithel, S., & Wiles, M. A. (2013). The impact of brand rating dispersion on firm value. Journal of Marketing Research, 50(3), 399–415.Google Scholar
  35. Madden, M. (2014). Public perceptions of privacy and security in the post-Snowden era. http://www.pewinternet.org/2014/11/12/public-privacy-perceptions. Accessed December 1, 2016.
  36. Martin, K. (2012). Diminished or just different? A factorial vignette study of privacy as a social contract. Journal of Business Ethics, 111(4), 519–539.Google Scholar
  37. Martin, K. (2015). Privacy notices as tabula rasa: An empirical investigation into how complying with a privacy notice is related to meeting privacy expectations online. Journal of Public Policy & Marketing, 34(2), 210–227.Google Scholar
  38. Martin, K. (2016). Understanding privacy online: Development of a social contract approach to privacy. Journal of Business Ethics, 137(3), 551–569.Google Scholar
  39. Martin, K., & Shilton, K. (2015). Why experience matters to privacy: How context-based experience moderates consumer privacy expectations for mobile applications. Journal of the Association for Information Science and Technology, 67(8), 1871–1882.Google Scholar
  40. Martin, K., & Shilton, K. (2016). Putting mobile application privacy in context: An empirical study of user privacy expectations for mobile devices. The Information Society, 32(3), 200–216.Google Scholar
  41. Micewski, E. R., & Troy, C. (2007). Business ethics–deontologically revisited. Journal of Business Ethics, 72(1), 17–25.Google Scholar
  42. Milne, G. R. (2000). Privacy and ethical issues in database/interactive marketing and public policy: A research framework and overview of the special issue. Journal of Public Policy & Marketing, 19(1), 1–6.Google Scholar
  43. Milne, G. R., & Bahl, S. (2010). Are there differences between consumers’ and marketers’ privacy expectations? A segment-and technology-level analysis. Journal of Public Policy & Marketing, 29(1), 138–149.Google Scholar
  44. Milne, G. R., & Culnan, M. J. (2004). Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices. Journal of Interactive Marketing, 18(3), 15–29.Google Scholar
  45. Milne, G. R., Culnan, M. J., & Greene, H. (2006). A longitudinal assessment of online privacy notice readability. Journal of Public Policy & Marketing, 25(2), 238–249.Google Scholar
  46. Milne, G. R., & Gordon, M. E. (1993). Direct mail privacy-efficiency trade-offs within an implied social contract framework. Journal of Public Policy & Marketing, 12(2), 206–215.Google Scholar
  47. Mothersbaugh, L. D., Foxx, W. K., II, Beatty, S. E., & Wang, S. (2011). Disclosure antecedents in an online service context: The role of sensitivity of information. Journal of Service Research, 15(1), 76–98.Google Scholar
  48. Newman, G. E., Gorlin, M., & Dhar, R. (2014). When going green backfires: How firm intentions shape the evaluation of socially beneficial product enhancements. Journal of Consumer Research, 41(3), 823–839.Google Scholar
  49. Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79, 101–139.Google Scholar
  50. Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Stanford, CA: Stanford Law Books.Google Scholar
  51. Nissenbaum, H. (2015). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics. doi: 10.1007/s11948-015-9674-9
  52. Nowak, G. J., & Phelps, J. (1997). Direct marketing and the use of individual-level consumer information: Determining how and when “privacy” matters. Journal of Interactive Marketing, 11(4), 94–108.Google Scholar
  53. Nunan, D., & Di Domenico, M. (2015). Big data: A normal accident waiting to happen? Journal of Business Ethics. doi: 10.1007/s10551-015-2904-x
  54. Ohm, P. (2015). Sensitive information. Southern California Law Review, 88(5), 1125–1196.Google Scholar
  55. Peslak, A. R. (2005). An ethical exploration of privacy and radio frequency identification. Journal of Business Ethics, 59(4), 327–345.Google Scholar
  56. Phelps, J., Nowak, G., & Ferrell, E. (2000). Privacy concerns and consumer willingness to provide personal information. Journal of Public Policy & Marketing, 19(1), 27–41.Google Scholar
  57. Pizarro, D., Uhlmann, E., & Salovey, P. (2003). Asymmetry in judgments of moral blame and praise the role of perceived metadesires. Psychological Science, 14(3), 267–272.Google Scholar
  58. Pollach, I. (2005). A typology of communicative strategies in online privacy policies: Ethics, power and informed consent. Journal of Business Ethics, 62(3), 221–235.Google Scholar
  59. Quick, M., Hollowood, E., Miles, C., & Hampson, D. (2017). World’s biggest data breaches. Informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks. Accessed April 16, 2017.
  60. Robinson, S. L. (1996). Trust and breach of the psychological contract. Administrative Science Quarterly, 41(4), 574–599.Google Scholar
  61. Robinson, S. L., & Morrison, E. W. (2000). The development of psychological contract breach and violation: A longitudinal study. Journal of organizational Behavior, 21(5), 525–546.Google Scholar
  62. Rousseau, D. M. (1989). Psychological and implied contracts in organizations. Employee Responsibilities and Rights Journal, 2(2), 121–139.Google Scholar
  63. Russo-Spena, T., Tregua, M., & De Chiara, A. (2016). Trends and drivers in CSR disclosure: A focus on reporting practices in the automotive industry. Journal of Business Ethics, 1–16.Google Scholar
  64. Sheehan, K. B., & Hoy, M. G. (2000). Dimensions of privacy concern among online consumers. Journal of Public Policy & Marketing, 19(1), 62–73.Google Scholar
  65. Smith, N. C., Goldstein, D. G., & Johnson, E. J. (2013). Choice without awareness: Ethical and policy implications of defaults. Journal of Public Policy & Marketing, 32(2), 159–172.Google Scholar
  66. Stohl, C., Etter, M., Banghart, S., & Woo, D. (2015). Social media policies: Implications for contemporary notions of corporate social responsibility. Journal of Business Ethics. doi: 10.1007/s10551-015-2743-9
  67. Target. (2016). Privacy policy. http://www.target.com/spot/privacy-policy. Accessed May 25, 2016.
  68. Tom, G., Barnett, T., Lew, W., & Selmants, J. (1987). Cueing the consumer: The role of salient cues in consumer perception. Journal of Consumer Marketing, 4(2), 23–27.Google Scholar
  69. Veatch, R. M. (2007). Implied, presumed and waived consent: The relative moral wrongs of under-and over-informing. The American Journal of Bioethics, 7(12), 39–54.Google Scholar
  70. Walker, K. L. (2016). Surrendering information through the looking glass: Transparency, trust, and protection. Journal of Public Policy & Marketing, 35(1), 144–158.Google Scholar
  71. Zhou, W., & Piramuthu, S. (2015). Information relevance model of customized privacy for IoT. Journal of Business Ethics, 131(1), 19–30.Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2017

Authors and Affiliations

  1. 1.Department of Marketing, Ryan Center for Business StudiesProvidence CollegeProvidenceUSA
  2. 2.Department of Marketing, College of ManagementUniversity of MassachusettsBostonUSA

Personalised recommendations