Abstract
Despite regulatory efforts to protect personal data online, users knowingly consent to disclose more personal data than they intend, and they are also prone to disclose more than they know. We consider that a reliance on cognitive heuristics is key to explaining these aspects of users’ disclosure decisions. Also, that the cues underpinning these heuristics can be exploited by organisations seeking to extract more data than is required. Through the lens of an existing credibility heuristic framework, we qualitatively analyse 23, one-to-one, semi-structured interviews. We identify six super-ordinate classes of heuristics that users rely upon during disclosures: PROMINENCE, NETWORK, RELIABILITY, ACCORDANCE, NARRATIVE, MODALITY, and a seventh non-heuristics TRADE class. Our results suggest that regulatory efforts seeking to increase the autonomy of the informed user are inapt. Instead the key to supporting users during disclosure decisions could be to positively nudge users through the cues underpinning these simple heuristics.
Notes
- 1.
Metzger et al., found six heuristics through a process of reduction, i.e., Recognition is subsumed under Reputation, as to perceive reputation involves a prior recognition.
References
Acquisti, A.: Privacy and security of personal information. In: Camp, L.J., Lewis, S. (eds.) Economics of Information Security in Advances in Information Security, vol. 12, pp. 179–186. Springer, Heidelberg (2004). http://link.springer.com/content/pdf/10.1007/1-4020-8090-5_14.pdf
Acquisti, A.: Nudging privacy: the behavioral economics of personal information. Digit. Enlightenment Yearb. 2012, 193–197 (2012)
Acquisti, A., Grossklags, J.: Privacy attitudes and privacy behavior. In: Camp, L.J., Lewis, S. (eds.) Economics of Information Security, pp. 1–15. Springer, Heidelberg (2004). http://link.springer.com/content/pdf/10.1007/1-4020-8090-5_13.pdf
Acquisti, A., Grossklags, J.: What can behavioral economics teach us about privacy? In: Digital Privacy, pp. 363–377. Auerbach Publications (2007). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.145.7609&rep=rep.1&type=pdf, http://www.crcnetbase.com/doi/abs/10.1201/9781420052183.ch18
Acquisti, A., John, L., Loewenstein, G.: The impact of relative standards on the propensity to disclose. J. Market. Res. 49(2), 160–174 (2012). http://journals.ama.org/doi/abs/10.1509/jmr.09.0215
Adjerid, I., Acquisti, A., Brandimarte, L., Loewenstein, G.: Sleights of privacy. In: Proceedings of the Ninth Symposium on Usable Privacy and Security - SOUPS 2013, p. 1. ACM (2013). http://dl.acm.org/citation.cfm?id=2501604.2501613
Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watching you. In: Proceedings of the Ninth Symposium on Usable Privacy and Security - SOUPS 2013, p. 1. ACM (2013). http://dl.acm.org/citation.cfm?id=2501604.2501616%5Cnwww.scopus.com/inward/record.url?eid=2-s2.0-84883078013&partnerID=tZOtx3y1
Balebako, R., Leon, P.G., Almuhimedi, H., Kelley, P.G., Mugan, J., Acquisti, A., Cranor, L.F., Sadeh, N.: Nudging users towards privacy on mobile devices. In: CEUR Workshop Proceedings, vol. 722, pp. 23–26 (2011)
Cialdini, R., Trost, M.: Social influence: social norms, conformity and compliance. In: The Handbook of Social Psychology, vol. 2, pp. 151–192 (1998). http://psycnet.apa.org/psycinfo/1998-07091-021
Fereday, J., Muir-Cochrane, E.: Demonstrating rigor using thematic analysis: a hybrid approach of inductive and deductive coding and theme development. Int. J. Qual. Methods 5(1), 80–92 (2006)
Fogg, B.J., Soohoo, C., Danielson, D.R., Marable, L., Stanford, J., Tauber, E.R.: How do users evaluate the credibility of web sites? A study with over 2,500 participants. In: Proceedings of the 2003 Conference on Designing for User Experiences (DUX 2003), pp. 1–15. ACM (2003). http://dl.acm.org/citation.cfm?id=997078.997097
Fogg, B.J.: Prominence-interpretation theory: explaining how people assess credibility online. In: Conference on Human Factors in Computing Systems - Proceedings, pp. 722–723. ACM (2003). http://dl.acm.org/citation.cfm?id=765951%5Cnwww.scopus.com/inward/record.url?eid=2-s2.0-84869039673&partnerID=40&md5=f36a1afb8a3a649f12e97c7d6b38854a
Furnell, S., Phippen, A.: Online privacy: a matter of policy? Comput. Fraud Secur. 2012(8), 12–18 (2012). 10.1016/S1361-3723(12)70083-0
Gambino, A., Kim, J., Sundar, S.S., Ge, J., Rosson, M.B.: User disbelief in privacy paradox: heuristics that determine disclosure. In: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pp. 2837–2843. ACM (2016)
Gigerenzer, G., Gaissmaier, W.: Heuristic decision making. Ann. Rev. Psychol. 62, 451–482 (2011)
Gigerenzer, G., Hoffrage, U., Goldstein, D.G.: Fast and frugal heuristics are plausible models of cognition: reply to Dougherty, Franco-Watkins, and Thomas. Psychol. Rev. 115(1), 230–239 (2008)
Gigerenzer, G., Todd, P.M.: Fast and frugal heuristics: the adaptive toolbox. In: Simple Heuristics that make us Smart, pp. 3–34. Oxford University Press, Oxford (1999)
Goodman, M.: Future Crimes: Everything is Connected, Everyone is Vulnerable and What We can do about it. Anchor, Daman (2015)
Hansen, P.G., Jespersen, A.M.: Nudge and the manipulation of choice: a framework for the responsible use of the nudge approach to behaviour change in public policy. Eur. J. Risk Regul. 1, 3–28 (2013). http://ssrn.com/abstract=2555337
Heikkinen, A., Wickström, G., Leino-Kilpi, H.: Understanding privacy in occupational health services. Nurs. Ethics 13(5), 515–530 (2006). http://nej.sagepub.com/content/13/5/515.abstract
Higgins, E.: Promotion and prevention. Regulatory focus as a motivational principle.pdf. Adv. Exp. Soc. Psychol. 30, 1–46 (1998)
Hollingsed, T., Novick, D.G.: Usability inspection methods after 15 years of research and practice. In: Proceedings of the 25th Annual ACM International Conference on Design of Communication, pp. 249–255. ACM (2007)
Holloway, I.: Basic Concepts for Qualitative Research. Wiley, Hoboken (1997)
Hoofnagle, C.J.: Identity theft: making the known unknowns known. Harvard J. Law Technol. 21, 98–122 (2007). http://papers.ssrn.com/sol3/papers.cfm?abstract_id=969441
Kahn, C.M., Roberds, W.: Credit and identity theft. J. Monetary Econ. 55(2), 251–264 (2008). http://linkinghub.elsevier.com/retrieve/pii/S0304393207001250
Kahneman, D.: Thinking, Fast and Slow. Macmillan, Basingstoke (2011)
Kehr, F., Wentzel, D., Mayer, P.: Rethinking the privacy calculus: on the role of dispositional factors and affect. In: The 34th International Conference on Information Systems, vol. 1, pp. 1–10 (2013). http://cocoa.ethz.ch/downloads/2013/11/1624_kehr_2013_privacy_icis.pdf
Knijnenburg, B.P.: On the dimensionality of information disclosure behavior in social networks. Int. J. Hum.-Comput. Stud. 71(12), 1144–1162 (2013)
Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F., Egelman, S.: Of passwords and people. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI 2011), pp. 2595–2604. ACM (2011). http://dl.acm.org/citation.cfm?doid=1978942.1979321
Krasnova, H., Günther, O.: Privacy concerns and identity in online social networks. Identity Inf. Soc. 2(1), 39–63 (2009)
Krasnova, H., Spiekermann, S., Koroleva, K., Hildebrand, T.: Online social networks: why we disclose. J. Inf. Technol. 25(2), 109–125 (2010). http://www.palgrave-journals.com/doifinder/10.1057/jit.2010.6
Kruger, J., Wirtz, D., Van Boven, L., Altermatt, T.W.: The effort heuristic. J. Exp. Soc. Psychol. 40(1), 91–98 (2004)
Metzger, M.J.: Privacy, trust, and disclosure: exploring barriers to electronic commerce. J. Comput.-Mediated Commun. 9(4), 1–29 (2006)
Metzger, M.J., Flanagin, A.J.: Credibility and trust of information in online environments: the use of cognitive heuristics. J. Pragmatics 59, 210–220 (2013). http://www.sciencedirect.com/science/article/pii/S0378216613001768
Metzger, M.J., Flanagin, A.J., Medders, R.B.: Social and heuristics approaches to credibility evaluation online. J. Commun. 60(3), 413–439 (2010)
Nielsen, J.: Usability inspection methods. In: Conference Companion on Human Factors in Computing Systems, pp. 413–414. ACM (1994)
Norberg, P.A., Horne, D.R., Horne, D.A.: The privacy paradox: personal information disclosure intentions versus behaviors. J. Consum. Affairs 41(1), 100–126 (2007)
Olivero, N., Lunt, P.: Privacy versus willingness to disclose in e-commerce exchanges: the effect of risk awareness on the relative role of trust and control. J. Econ. Psychol. 25(2), 243–262 (2004)
Ryan, G.W., Bernard, H.R.: Techniques to identify themes. Field Methods 15(1), 85–109 (2003)
Solove, D.J.: Introduction: privacy self-management and the consent dilemma. Harvard Law Rev. 126, 1880–1903 (2012). http://papers.ssrn.com/abstract=2171018
Sundar, S.S., Kang, H., Wu, M., Go, E., Zhang, B.: Unlocking the privacy paradox: do cognitive heuristics hold the key? In: CHI 2013 Extended Abstracts on Human Factors in Computing Systems, pp. 811–816 (2013)
Sundar, S.S.: The MAIN model: a heuristic approach to understanding technology effects on credibility. In: Digital Media, Youth, and Credibility, pp. 73–100 (2008). http://www.mitpressjournals.org/doi/abs/10.1162/dmal.9780262562324.073
Tversky, A., Kahneman, D.: Availability: a heuristic for judging frequency and robability. Cogn. Psychol. 5(2), 207–232 (1973). http://www.sciencedirect.com/science/article/pii/0010028573900339
Tversky, A., Kahneman, D.: Judgment under uncertainty: heuristics and biases. In: Wendt, D., Vlek, C. (eds.) Utility, Probability, and Human Decision Making, vol. 11, pp. 141–162. Springer, Heidelberg (1975). doi:10.1007/978-94-010-1834-0_8
Vila, T., Greenstadt, R., Molnar, D.: Why we can’t be bothered to read privacy policies models of privacy economics as a lemons market. In: Proceeding ICEC 2003 Proceedings of the 5th International Conference on Electronic Commerce, pp. 403–407. ACM (2003). http://dl.acm.org/citation.cfm?id=948057&dl=ACM&coll=DL&CFID=304526782&CFTOKEN=23143651
Ward, R.: Physiological responses to different WEB page designs. Int. J. Hum.-Comput. Stud. 59(1–2), 199–212 (2003). http://linkinghub.elsevier.com/retrieve/pii/S1071581903000193
Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008). http://dl.acm.org/ft_gateway.cfm?id=1349043&type=html
Westin, A.F.: Social and political dimensions of privacy. J. Soc. Issues 59(2), 431–453 (2003)
Whitney, S., McCullough, L.B.: A typology of shared decision making, informed consent, and simple consent. Ann. Intern. Med. 140(1), 54–59 (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Marmion, V., Bishop, F., Millard, D.E., Stevenage, S.V. (2017). The Cognitive Heuristics Behind Disclosure Decisions. In: Ciampaglia, G., Mashhadi, A., Yasseri, T. (eds) Social Informatics. SocInfo 2017. Lecture Notes in Computer Science(), vol 10539. Springer, Cham. https://doi.org/10.1007/978-3-319-67217-5_35
Download citation
DOI: https://doi.org/10.1007/978-3-319-67217-5_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67216-8
Online ISBN: 978-3-319-67217-5
eBook Packages: Computer ScienceComputer Science (R0)