Information Systems Frontiers

, Volume 15, Issue 2, pp 279–292 | Cite as

Privacy policies and national culture on the internet

  • I. Reay
  • P. Beatty
  • S. Dick
  • J. Miller


The Web today enables consumers and vendors to conduct business almost without regard to physical location. However, this does not mean that all barriers are removed; culturally-based assumptions about the behavior of the other party can lead to major misunderstandings. We study the differences in privacy-sensitive decisions made by website operators (which can be expected to vary between cultures) as one particular example of these differing assumptions. In particular, we seek to understand whether new norms of behavior may be emerging as online vendors recognize the damage privacy invasions do to consumers’ trust. We present a large-scale empirical study of privacy-sensitive actions across cultures on the Internet. Our study is based on an automated analysis of P3P documents posted on the 100,000 most popular websites. We find that the adoption of P3P, as well as specific company policies, vary across cultural dimensions. The analysis also suggests that discrepancies exist between concerns for information privacy and the adoption of privacy enhancing technologies within a culture.


Privacy on the web Privacy enhancing technologies P3P Cultural analysis Cultural dimensions Electronic commerce 



The authors wish to thank for providing a copy of their Top 100,000 List for our research.


  1. Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security and Privacy, 3(1), 26–33.CrossRefGoogle Scholar
  2. Ahn, C., Jung, S.-H., & Kang, S.-H. (2003). An evaluation of weighted chi-square statistics for clustered binary data. Drug Information Journal, 37, 91–99.CrossRefGoogle Scholar
  3. Akerlof, G. A. (1970). The market for "lemons": Quality uncertainty and the market mechanism. Quarterly Journal of Economics, 84, 488–500.CrossRefGoogle Scholar
  4. Anton, A. I., Earp, J. B., He, Q., Stufflebeam, W., Bolchini, D., & Jensen, C. (2004). Financial privacy policies and the need for standardization. IEEE Security and Privacy, 2(2), 36–45.CrossRefGoogle Scholar
  5. Anton, A. I., Earp, J. B., & Young, J. D. (2010). How internet user's privacy concerns have evolved since 2002. IEEE Security and Privacy, 8(1), 21–27.CrossRefGoogle Scholar
  6. Bracey, D. H. (2006). Exploring law and culture. Long Grove: Waveland.Google Scholar
  7. Bruckner, L., & Voss, M. (2005, October 2005). MozPETsa privacy enhanced web browser. Paper presented at the Third Annual Conference on Privacy, Security and Trust, St. Andrews, New Brunswick, Canada.Google Scholar
  8. Byers, S., Cranor, L., Kormann, D. (2003). Automated analysis of P3P-enabled web sites. Paper presented at the Proc. 5th Int. C. Electronic Commerce, Pittsburgh, PA, USA.Google Scholar
  9. Capurro, R. (2005). Privacy. An intercultural perspective. Ethics and Information Technology, 7, 37–47.CrossRefGoogle Scholar
  10. Carter, L., & Weerakkody, V. (2008). E-government adoption: A cultural comparison. Information Systems Frontiers, 10(4), 473–482.CrossRefGoogle Scholar
  11. Cohen, J. (1988). Statistical power analysis for the behavioral sciences (2nd ed.). Hillsdale: Lawrence Earlbaum Associates.Google Scholar
  12. Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J. (2002). The platform for privacy preferences 1.0 Specification World Wide Web Consortium (W3C):, from
  13. Cranor, L. F., Byers, S., Kormann, D. (2003). An analysis of P3P deployment on commercial, government and children's web sites as of May 2003: Federal Trade Commission.Google Scholar
  14. Cranor, L., Egelman, S., Sheng, S., McDonald, A., Chowdhury, A. (2008). P3P deployment on websites. Electronic Commerce Research and Applications, to appear.Google Scholar
  15. Dahl, S. (2004). Intercultural research: The current state of Knowledge Middlesex University:, from
  16. De Troyer, O., Mushtaha, A. N., Stengers, H., Baetens, M., Boers, F., Casteleyn, S., et al. (2006). On cultural differences in Local Web Interfaces. Journal of Web Engineering, 5(3), 246–264.Google Scholar
  17. Earp, J. B., Anton, A. I., Aiman-Smith, L., & Stufflebeam, W. H. (2005). Examining internet privacy policies within the context of user privacy values. IEEE Transactions on Engineering Management, 52(2), 227–237.CrossRefGoogle Scholar
  18. Egelman, S., & Cranor, L. F. (2006, August, 2006). An analysis of P3P-enabled web sites among top-20 search results. Paper presented at the Eighth International Conference on Electronic Commerce, Fredericton, New Brunswick, Canada.Google Scholar
  19. Elgin, B., & Grow, B. (2006). The plot to hijack your computer, BusinessWeek Online.Google Scholar
  20. Ellickson, R. C. (2001). The evolution of social norms: A perspective from the legal academy. In M. Hechter & K.-D. Opp (Eds.), Social norms (pp. 35–75). New York: Russell Sage.Google Scholar
  21. Ess, C., & Sudweeks, F. (2005). Culture and computer-mediated communication: Toward new understandings. Journal of Computer-Mediated Communication, 11(1).Google Scholar
  22. Garfinkel, S. (1995). PGP: Pretty good privacy. Sebastopol: O'Reilly & Associates.Google Scholar
  23. Gevorgyan, G., & Manucharova, N. (2009). Does culturally adapted online communication work? a study of American and Chinese internet users' attitudes and preferences toward culturally customized web design elements. Journal of Computer-Mediated Communication, 14(2), 393–413.CrossRefGoogle Scholar
  24. Goecks, J., & Mynatt, E. D. (2005). Social approaches to end-user privacy management. In L. F. Cranor & S. Garfinkel (Eds.), Security and usability designing secure systems that people can use. Beijing: O'Reilly.Google Scholar
  25. Greenspan, S., Goldberg, D., Weimer, D., Basso, A. (2000, December 2000). Interpersonal trust and common ground in electronically mediated communication. Paper presented at the 2000 ACM Conference on Computer Supported Cooperative Work, Philadelphia, Pennsylvania, United States.Google Scholar
  26. Gritzalis, S. (2004). Enhancing web privacy and anonymity in the digital era. Information Management and Computer Security, 12(3), 255–288.CrossRefGoogle Scholar
  27. Gudynkunst, W. B. (1998). Bridging differences effective intergroup communication (3rd ed.). Thousand Oaks: Sage Publications.Google Scholar
  28. Gudynkunst, W. B., Ting-Toomey, S., & Chua, E. (1988). Culture and interpersonal communication. Newbury Park: Sage.Google Scholar
  29. Hall, E. T. (1989). Beyond culture. New York: Doubleday.Google Scholar
  30. Hasselblad, V., & Hedges, L. V. (1995). Meta-analysis of screening and diagnostic tests. Psychological Bulletin, 117(1), 167–178.CrossRefGoogle Scholar
  31. Hofstede, G. H. (1980). Culture's consequences: International differences in work-related values. Berkeley: Sage Publications.Google Scholar
  32. Hofstede, G. H. (1991). Cultures and organizations. Berkshire: McGraw-Hill.Google Scholar
  33. Hofstede, G. (2006). Cultural dimensions Itim International:, from
  34. Horne, C. (2001). Sociological perspectives on the emergence of norms. In M. Hechter & K.-D. Opp (Eds.), Social norms. New York: Russell Sage.Google Scholar
  35. Howell, D. C. (2002). Statistical methods for psychology (5th ed.). Pacific Grove: Duxbury/Thomson Learning.Google Scholar
  36. Hsu, M.-H., & Kuo, F.-Y. (2003). The effect of organization-based self-esteem and deindividualism in protecting personal information privacy. Journal of Business Ethics, 42(4), 305–320.CrossRefGoogle Scholar
  37. Jensen, C., & Potts, C. (2004, April 2004). Privacy policies as decision-making tools: An evaluation of online privacy notices. Paper presented at the CHI 2004, Vienna, Austria.Google Scholar
  38. Jensen, C., Potts, C., & Jensen, C. (2005). Privacy practices of internet users: Self-reports versus observed behavior. International Journal of Human Computer Studies, 63, 203–227.CrossRefGoogle Scholar
  39. Kaplan, S. E., & Nieschwietz, R. J. (2003). A web assurance model of trust for B2C E-commerce. International Journal of Accounting Information Systems, 4(2), 95–114.CrossRefGoogle Scholar
  40. Kim, H., Coyle, J. R., & Gould, S. J. (2009). Collectivist and individualist influences on website design in South Korea and the U.S.: A cross-cultural content analysis. Journal of Computer-Mediated Communication, 14(3), 581–601.CrossRefGoogle Scholar
  41. Koike, Y., & Taiki, S. (2002). P3P validator world wide web consortium:, from
  42. Kumaraguru, P., & Cranor, L. (2005, May 2005). Privacy in India: Attitudes and awareness. Paper presented at the 2005 Workshop on Privacy Enhancing Technologies, Dubrovnik, Croatia.Google Scholar
  43. Leeds-Hurwitz, W. (1990). Notes in the history of intercultural communication: The Foreign Service Institute and the mandate for intercultural training. The Quarterly Journal of Speech, 76(3), 262–281.CrossRefGoogle Scholar
  44. Lichtenstein, S., Swatman, P. M. C., Babu, K. (2003). Adding value to online privacy for consumers: Remedying deficiencies in online privacy policies with an holistic approach. Paper presented at the 36th Hawaii International Conference on System Sciences, Hawaii.Google Scholar
  45. Lipsey, M. W., & Wilson, D. B. (2001). Practical meta-analysis (vol. 49). Thousand Oaks: Sage Publications.Google Scholar
  46. McSweeney, B. (2002). Hofstede's model of national cultural differences and their consequences: A triumph of faith—a failure of analysis. Human Relations, 55(1), 89–118.Google Scholar
  47. Milberg, S. J., Burke, S. J., Smith, H. J., & Kallman, E. A. (1995). Values, personal information privacy, and regulatory approaches. Communications of the ACM, 38(12), 65–74.CrossRefGoogle Scholar
  48. Milberg, S. J., Smith, H. J., & Burke, S. J. (2000). Information privacy: Corporate management and national regulation. Organization Science, 11(1), 35–57.CrossRefGoogle Scholar
  49. Moores, T. (2005). Do Consumers understand the role of privacy seals in e-commerce? Communications of the ACM, 48(3), 86–91.CrossRefGoogle Scholar
  50. Pitta, D. A., Fung, H.-G., & Isberg, S. (1999). Ethical issues across cultures: Managing the differing perspectives of china and the USA. Journal of Consumer Marketing, 16(3), 240–256.CrossRefGoogle Scholar
  51. Reay, I., Beatty, P., Dick, S., & Miller, J. (2007). A survey and analysis of the P3P protocol’s agents, adoption, maintenance and future. IEEE Transactions on Dependable & Secure Computing, 4(2), 151–164.CrossRefGoogle Scholar
  52. Reay, I., Dick, S., & Miller, J. (2009a). An analysis of privacy signals on the world wide web: Past, present and future. Information Sciences, 179(8), 1102–1115.CrossRefGoogle Scholar
  53. Reay, I., Dick, S., & Miller, J. (2009b). A large-scale empirical study of online privacy policies: Stated actions vs. legal obligations. ACM Transactions on the Web, 3(2), 34.CrossRefGoogle Scholar
  54. Rogers, E. M., Hart, W. B., & Miike, Y. (2002). Edward T. Hall and the history of intercultural communication: The United States and Japan. Keio Communication Review, 24, 3–26.Google Scholar
  55. Shaw, T. R. (2003). The moral intensity of privacy: An empirical study of webmasters' attitudes. Journal of Business Ethics, 46(4), 301–318.CrossRefGoogle Scholar
  56. Singh, N., Zhao, H., & Hu, X. (2003). Analyzing the cultural content of web sites, a cross-national comparison of China, India, Japan, and US. International Marketing Review, 22(2), 129–146.CrossRefGoogle Scholar
  57. Sipior, J. C., & Ward, B. T. (2008). Trust, privacy, and legal protection in the use of software with surreptitiously installed operations: An empirical evaluation. Information Systems Frontiers, 10(1), 3–18.CrossRefGoogle Scholar
  58. Smith, H. J., Milberg, S. J., & Burke, S. J. (1996). Information privacy: Measuring individual's concerns about organizational practices. MIS Quarterly, 20(2), 167–196.CrossRefGoogle Scholar
  59. Spence, A. M. (1973). Job market signalling. Quarterly Journal of Economics, 87, 355–374.CrossRefGoogle Scholar
  60. Spiekermann, S., Grossklags, J., Berendt, B. (2001). E-privacy in 2nd generation e-commerce: Privacy preferences versus actual behaviour. Paper presented at the 3rd ACM conference on Electronic Commerce.Google Scholar
  61. Staff. (2002). A matter of trust: What users want from web sites. Washington: Princeton Survey Research Associates.Google Scholar
  62. Staff. (2003). P3P dashboard report. London: Ernst and Young.Google Scholar
  63. Staff. (2006a). BBBOnLine, Inc.–promoting trust and confidence on the Internet Better Business Bureau, from
  64. Staff. (2006b). Geolocation IP address to country city region latitude longitude ZIP Code ISP domain name database for developers, from
  65. Staff. (2006c). State sues major "spyware" distributor office of New York State Attorney General Eliot Spitzer, from
  66. Staff. (2006d). TRUSTe–make privacy your choice San Francisco, CA, USA:, from
  67. Staff. (2006e). WebTrust/SysTrust Washington, D.C., USA: American Institute of Certified Public Accountants, from
  68. Staff. (2007a). Alexa web search–top 500 San Francisco, CA, USA: Alexa Internet Inc. retrieved February 21, 2007, from
  69. Staff. (2007b). DOCKET NO. C-4194 decision and order. Washington: Federal Trade Commission.Google Scholar
  70. Staff. (2008). VeriSign–security (SSL certificates), intelligent communications, and identity protection Mountain View, CA, USA: Verisign, from
  71. Taylor, C. R., Franke, G. R., & Maynard, M. L. (2000). Attitudes toward direct marketing and its regulation: A comparison of the United States and Japan. Journal of Public Policy and Marketing, 19(2), 228–237.CrossRefGoogle Scholar
  72. Turow, J., Feldman, L., Meltzer, K. (2005). Open to exploitation: American shoppers online and offline: University of Pennsylvania's Annenberg School for Communication. Google Scholar
  73. Venkatesh, V., & Brown, S. A. (2001). A longitudinal investigation of personal computer adoption in homes: Adoption determinants and emerging challenges. MIS Quarterly, 25(1), 71–102.CrossRefGoogle Scholar
  74. Watt, A. (2005). Beginning regular expressions. Indianapolis Indiana: Wiley Publishing, Inc.Google Scholar
  75. Westin, A. F. (1967). Privacy and freedom. New York: Atheneum.Google Scholar
  76. Winkler, J. K., Dibbern, J., & Heinzl, A. (2008). The impact of cultural differences in offshore outsourcing—case study results from German–Indian application development projects. Information Systems Frontiers, 10(2), 243–258.CrossRefGoogle Scholar
  77. Zhang, X., & Maruping, L. M. (2008). Household technology adoption in a global marketplace: Incorporating the role of espoused cultural values. Information Systems Frontiers, 10(4), 397–402.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.Electrical and Computer EngineeringUniversity of AlbertaEdmontonCanada
  2. 2.Department Electrical & Computer EngineeringUniversity of AlbertaEdmontonCanada

Personalised recommendations