Abstract
Privacy is a current topic in the context of digital services because such services demand mass volumes of consumer data. Although most consumers are aware of their personal privacy, they frequently do not behave rationally in terms of the risk-benefit trade-off. This phenomenon is known as the privacy paradox. It is a common limitation in research papers examining consumers’ privacy intentions. Using a design science approach, we develop a metric that determines the extent of consumers’ privacy paradox in digital services based on the theoretical construct of the privacy calculus. We demonstrate a practical application of the metric for mobile apps. With that, we contribute to validating respective research findings. Moreover, among others, consumers and companies can be prevented from unwanted consequences regarding data privacy issues and service market places can provide privacy-customized suggestions.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abdelzaher, T., Anokwa, Y., Boda, P., Burke, J., Estrin, D., Guibas, L., ... Reich, J. (2007). Mobiscopes for human spaces. IEEE Pervasive Computing, 6(2), 20–29. https://doi.org/10.1109/MPRV.2007.38.
Acquisti, A. (2004). Privacy in electronic commerce and the economics of immediate gratification. In Proceedings of the 5th ACM Conference on Electronic Commerce (pp. 21–29). https://doi.org/10.1145/988772.988777.
Acquisti, A., & Gross, R. (2006). Imagined communities: Awareness, information sharing, and privacy on the Facebook. In Proceedings of the 6th Workshop on Privacy Enhancing Technologies (pp. 36–58).
Acquisti, A., & Grossklags, J. (2004). Privacy attitudes and privacy behavior. In L. J. Camp & S. Lewis (Eds.), Economics of information security (pp. 165–178). Boston: Kluwer Academic Publishers.
Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security and Privacy, 3(1), 26–33. https://doi.org/10.1109/MSP.2005.22.
Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509–514. https://doi.org/10.1126/science.aaa1465.
Alt, R., Militzer-Horstmann, C., & Zimmermann, H.-D. (2015). Editorial 25/2: electronic markets and privacy. Electronic Markets, 25(2), 87–90. https://doi.org/10.1007/s12525-015-0193-y.
Becker, M., Lehrig, S., & Becker, S. (2015). Systematically deriving quality metrics for cloud computing systems. In Proceedings of the 6th ACM/SPEC International Conference on Performance Engineering (pp. 169–174). New York, USA. https://doi.org/10.1145/2668930.2688043.
Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS Quarterly, 35(4), 1017–1042.
Bélanger, F., Hiller, J. S., & Smith, W. J. (2002). Trustworthiness in electronic commerce: the role of privacy, security, and site attributes. The Journal of Strategic Information Systems, 11(3–4), 245–270. https://doi.org/10.1016/S0963-8687(02)00018-5.
Berendt, B., Günther, O., & Spiekermann, S. (2005). Privacy in e-commerce: stated preferences vs. actual behavior. Communications of the ACM, 48(4), 101–106. https://doi.org/10.1145/1053291.1053295.
Böhme, R., & Freiling, F. C. (2008). On metrics and measurements. In I. Eusgeld (Ed.), Lecture notes in computer science: Vol. 4909. Dependability metrics. Advanced lectures (pp. 7–13). Berlin: Springer.
Bouwers, E., van Deursen, A., & Visser, J. (2013). Evaluating usefulness of software metrics: An industrial experience report. Proceedings of the 35th International Conference on Software Engineering (pp. 921–930).
Brislin, R. W. (1970). Back-translation for cross-cultural research. Journal of Cross-Cultural Psychology, 1(3), 185–216.
Buchanan, T., Paine, C., Joinson, A. N., & Reips, U. (2007). Development of measures of online privacy concern and protection for use on the internet. Journal of the American Society for Information Science and Technology, 58(2), 157–165.
Buck, C., Horbel, C., Germelmann, C. C., & Eymann, T. (2014). The unconscious app consumer. Proceedings of the 22nd European Conference on Information Systems (ECIS2014), Tel Aviv, June 9–11, 2014.
Chellappa, R. K., & Sin, R. G. (2005). Personalization versus privacy: an empirical examination of the online consumer’s dilemma. Information Technology and Management, 6(2–3), 181–202.
Cho, H., Rivera-Sánchez, M., & Lim, S. S. (2009). A multinational study on online privacy: global concerns and local responses. New Media & Society, 11(3), 395–416.
Culnan, M. J., & Armstrong, P. K. (1999). Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation. Organization Science, 10(1), 104–115.
Culnan, M. J., & Bies, R. J. (2003). Consumer privacy: balancing economic and justice considerations. Journal of Social Issues, 59(2), 323–342.
Cunningham, S. M. (1967). The major dimensions of perceived risk. In D. F. Cox (Ed.), Risk taking and information handling in consumer behavior (pp. 82–111). Cambridge: Harvard University Press.
Degirmenci, K., Guhr, N., & Breitner, M. (2013). Mobile applications and access to personal information: a discussion of users’ privacy concerns. Proceedings of the 34th International Conference on Information Systems (ICIS 2013), Milan, December 15–18, 2013.
Dinev, T., & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17(1), 61–80.
Dinev, T., Bellotto, M., Hart, P., Russo, V., Serra, I., & Colautti, C. (2006). Privacy calculus model in e-commerce: a study of Italy and the United States. European Journal of Information Systems, 15(4), 389–402.
Egelman, S., Felt, A. P., & Wagner, D. (2013). Choice architecture and smartphone privacy: There’s a price for that. In R. Böhme (Ed.), The economics of information security and privacy (pp. 211–236). Heidelberg: Springer.
Erl, T., Puttini, R., & Mahmood, Z. (2013). Cloud computing: concepts, technology and architecture. Upper Saddle River, NJ: Prentice Hall.
Even, A., & Shankaranarayanan, G. (2007). Utility-driven assessment of data quality. ACM SIGMIS Database, 38(2), 75–93. https://doi.org/10.1145/1240616.1240623.
Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., & Wagner, D. (2012). Android permissions: user attention, comprehension, and behavior. Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS 2012), Washington, DC, July 11–13, 2012.
Fishbein, M., & Ajzen, I. (1975). Belief, attitude, intention and behavior: An introduction to theory and research: An introduction to theory and research. Reading, MA: Addison-Wesley.
Graupner, E., Melcher, F., Demers, D., & Maedche, A. (2015). Customers’ intention to use digital services in retail banking: an information processing perspective. Proceedings of the 23rd European Conference on Information Systems (ECIS 2015), Münster, May 26–29, 2015.
Gregor, S. (2006). The nature of theory in information systems. MIS Quarterly, 30(3), 611–642.
Gregor, S., & Hevner, A. R. (2013). Positioning and presenting design science research for maximum impact. MIS Quarterly, 37(2), 337–356.
Gregor, S., & Jones, D. (2007). The anatomy of a design theory. Journal of the Association for Information Systems, 8(5), 312–335.
Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: review and open research issues. Information Systems, 47, 98–115. https://doi.org/10.1016/j.is.2014.07.006.
Hauff, S., Veit, D., & Tuunainen, V. (2015). Towards a taxonomy of perceived consequences of privacy-invasive practices. Proceedings of the 23rd European Conference on Information Systems (ECIS 2015), Münster, May 26–29, 2015.
Hauser, J., & Katz, G. (1998). Metrics: you are what you measure! European Management Journal, 16(5), 517–528.
Hawkey, K., & Inkpen, K. M. (2006). Keeping up appearances: Understanding the dimensions of incidental information privacy. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. New York: ACM Press. https://doi.org/10.1145/1124772.1124893.
Heimbach, I., Gottschlich, J., & Hinz, O. (2015). The value of user’s facebook profile data for product recommendation generation. Electronic Markets, 25(2), 125–138. https://doi.org/10.1007/s12525-015-0187-9.
Herrmann, D. S. (2007). Complete guide to security and privacy metrics: Measuring regulatory compliance, operational resilience, and ROI. Boca Raton, FL: Auerbach Publications.
Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design science in information systems research. MIS Quarterly, 28(1), 75–105.
Horbach, M., & Horbach, M. (Eds.). (2013). Informatik 2013: Informatik angepasst an Mensch, Organisation und Umwelt. Koblenz: Bonner Köllen Verlag.
Hui, K.-L., Tan, B. C. Y., & Goh, C.-Y. (2006). Online information disclosure: motivators and measurements. ACM Transactions on Internet Technology (TOIT), 6(4), 415–441. https://doi.org/10.1145/1183463.1183467.
Jensen, C., Potts, C., & Jensen, C. (2005). Privacy practices of internet users: self-reports versus observed behavior. International Journal of Human-Computer Studies, 63(1), 203–227.
Kaiser, M., Klier, M., & Heinrich, B. (2007). How to measure data quality? A metric-based approach. Proceedings of the 28th International Conference on Information Systems (ICIS 2007), Montreal, December 9–12, 2007.
Keith, M. J., Thompson, S. C., Hale, J., & Greer, C. (2012). Examining the rationality of information disclosure through mobile devices. Proceedings of the 33rd International Conference on Information Systems (ICIS 2012), Orlando, December 16–19, 2012.
Keith, M. J., Thompson, S. C., Hale, J., Lowry, P. B., & Greer, C. (2013). Information disclosure on mobile devices: re-examining privacy calculus with actual user behavior. International Journal of Human-Computer Studies, 71(12), 1163–1173.
Keith, M. J., Babb, J. S., & Lowry, P. B. (2014). A longitudinal study of information privacy on mobile devices. In Proceedings of the 47th Hawaii International Conference on System Sciences (pp. 3149–3158).
Kotler, P., & Armstrong, G. M. (2010). Principles of marketing. Upper Saddle River, NY: Pearson Prentice Hall.
Krasnova, H., & Veltri, N. F. (2010). Privacy calculus on social networking sites: explorative evidence from Germany and USA. Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS 2010), January 5–8, 2010.
Krasnova, H., Günther, O., Spiekermann, S., & Koroleva, K. (2009). Privacy concerns and identity in online social networks. Identity in the Information Society, 2(1), 39–63.
Kumaraguru, P., & Cranor, L. F. (2005). Privacy indexes: A survey of Westin’s studies. Technical Report, CMUISRI-05-138, Carnegie Mellon University, Institute of Software Research.
Laufer, R. S., & Wolfe, M. (1977). Privacy as a concept and a social issue: a multidimensional developmental theory. Journal of Social Issues, 33(3), 22–42.
Liggesmeyer, P. (2009). Software-Qualität: Testen, Analysieren und Verifizieren von Software. Heidelberg: Spektrum Akademischer Verlag.
Linkov, I., Welle, P., Loney, D., Tkachuk, A., Canis, L., Kim, J. B., & Bridges, T. (2011). Use of multicriteria decision analysis to support weight of evidence evaluation. Risk Analysis, 31(8), 1211–1225. https://doi.org/10.1111/j.1539-6924.2011.01585.x.
Lioudakis, G. V., Koutsoloukas, E. A., Dellas, N. L., Tselikas, N., Kapellaki, S., Prezerakos, G. N.,. ... Venieris, I. S. (2007). A middleware architecture for privacy protection. Computer Networks, 51(16), 4679–4696. https://doi.org/10.1016/j.comnet.2007.06.010.
Lynne, M. M., & Mentzer, K. (2014). Foresight for a responsible future with ICT. Information Systems Frontiers, 16.
Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Information Systems Research, 15(4), 336–355.
Mason, R. O. (1986). Four ethical issues of the information age. MIS Quarterly, 10(1), 5–12.
Merriam Webster. (2017). Definition of metric. Retrieved from https://www.merriam-webster.com/dictionary/metric.
Min, J., & Kim, B. (2015). How are people enticed to disclose personal information despite privacy concerns in social network sites? The calculus between benefit and cost. Journal of the Association for Information Science and Technology, 66(4), 839–857.
Nissenbaum, H. (1997). Toward an approach to privacy in public: Challenges of information technology. Ethics & Behavior, 7(3), 207–219.
Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The privacy paradox: personal information disclosure intentions versus behaviors. Journal of Consumer Affairs, 41(1), 100–126.
Offermann, P., Blom, S., Schönherr, M., & Bub, U. (2010). Artifact types in information systems design science – a literature review. In D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell,. ... S. Aier (Eds.), Global perspectives on design science research (pp. 77–92). Heidelberg: Springer. https://doi.org/10.1007/978-3-642-13335-0_6.
Palmer, J. W. (2002). Web site usability, design, and performance metrics. Information Systems Research, 13(2), 151–167.
Peffers, K., Tuunanen, T., Rothenberger, M. A., & Chatterjee, S. (2007). A design science research methodology for information systems research. Journal of Management Information Systems, 24(3), 45–77. https://doi.org/10.2753/MIS0742-1222240302.
Roeber, B., Rehse, O., Knorrek, R., & Thomsen, B. (2015). Personal data: how context shapes consumers’ data sharing with organizations from various sectors. Electronic Markets, 25(2), 95–108. https://doi.org/10.1007/s12525-015-0183-0.
Schreiner, M., & Hess, T. (2015). Why are consumers willing to pay for privacy? An application of the privacy-freemium model to media companies. Proceedings of the 23rd European Conference on Information Systems (ECIS 2015), Münster, May 26–29, 2015.
Sheng, H., Nah, F. F.-H., & Siau, K. (2008). An experimental study on ubiquitous commerce adoption: impact of personalization and privacy concerns. Journal of the Association for Information Systems, 9(6), 15.
Smith, H. J., Milberg, S. J., & Burke, S. J. (1996). Information privacy: measuring individuals’ concerns about organizational practices. MIS Quarterly, 20(2), 167–196.
Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary review. MIS Quarterly, 35(4), 989–1016.
Son, J.-Y., & Kim, S. S. (2008). Internet users’ information privacy-protective responses: a taxonomy and a nomological model. MIS Quarterly, 32(3), 503–529.
Spiekermann, S., Grossklags, J., & Berendt, B. (2001). E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior. Proceedings of the 3rd ACM Conference on Electronic Commerce.
Spiekermann, S., Acquisti, A., Böhme, R., & Hui, K.-L. (2015). The challenges of personal data markets and privacy. Electronic Markets, 25(2), 161–167. https://doi.org/10.1007/s12525-015-0191-0.
Stone, E. F., Gueutal, H. G., Gardner, D. G., & McClure, S. (1983). A field experiment comparing information: privacy values, beliefs, and attitudes across several types of organizations. Journal of Applied Psychology, 68(3), 459.
Stutzman, F., Gross, R., & Acquisti, A. (2013). Silent listeners: the evolution of privacy and disclosure on Facebook. The Journal of Privacy and Confidentiality, 4(2), 7–41.
Tene, O., & Polonetsky, J. (2012). Privacy in the age of big data: a time for big decisions. Stanford Law Review Online, 64, 63–69.
van Slyke, C., Shim, J. T., Johnson, R., & Jiang, J. J. (2006). Concern for information privacy and online consumer purchasing. Journal of the Association for Information Systems, 7(6), 415–444.
Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D. (2003). User acceptance of information technology: toward a unified view. MIS Quarterly, 27(3), 425–478.
Venkatesh, V., Thong, J. Y. L., & Xu, X. (2012). Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology. MIS Quarterly, 36(1), 157–178.
Wallmüller, E. (2001). Software-Qualitätsmanagement in der Praxis: Software-Qualität durch Führung und Verbesserung von Software-Prozessen. München: Hanser.
Wei, X., Gomez, L., Neamtiu, I., & Faloutsos, M. (2012). Malicious android applications in the enterprise: What do they do and how do we fix it? In Proceedings of the 28th International Conference on Data Engineering Workshops (pp. 251–254).
Xu, H., Teo, H.-H., Tan, B. C. Y., & Agarwal, R. (2009). The role of push-pull technology in privacy calculus: the case of location-based services. Journal of Management Information Systems, 26(3), 135–174.
Zhan, J., & Rajamani, V. (2008). The economics of privacy-privacy: People, policy and technology. Proceedings of the 2nd International Conference on Information Security and Assurance.
Zhou, T. (2013). Examining continuous usage of location-based services from the perspective of perceived justice. Information Systems Frontiers, 15, 141–150.
Zukowski, T., & Brown, I. (2007). Examining the influence of demographic factors on internet users’ information privacy concerns. Proceedings of the 2007 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries.
Author information
Authors and Affiliations
Corresponding author
Additional information
Responsible Editor: Ulrike Baumöl
Electronic supplementary material
ESM 1
(PDF 109 kb)
Appendices
Appendix 1: Components of a design theory following Gregor and Jones (2007) satisfied by the present research
Appendix 2: Uni-dimensional results of the survey
Rights and permissions
About this article
Cite this article
Gimpel, H., Kleindienst, D. & Waldmann, D. The disclosure of private data: measuring the privacy paradox in digital services. Electron Markets 28, 475–490 (2018). https://doi.org/10.1007/s12525-018-0303-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12525-018-0303-8