Abstract
Companies are increasingly collecting and using data on their current and potential customers to improve their CRM, sales, and service effectiveness. At the same time, they are faced with a growing reluctance of customers to disclose their personal information or to allow tracking of their behaviors because of privacy concerns. This chapter discusses the concept of customer privacy concerns and the respective implications for successful CRM practices. After introducing trends and underlying drivers of customer privacy concerns, this chapter sheds more light on the different governmental regulations concerning privacy in a cross-country comparison. Sections 14.4, 14.5, and 14.6 continue with presenting the underlying psychological processes and respective customer responses which are summarized in a comprehensive conceptual framework. At the end of this chapter, implications for a responsible privacy handling related to CRM are drawn.
References
Aguirre, E., Mahr, D., Grewel, D., Ruyter, K. D., & Wetzels, M. (2015). Unraveling the personalization paradox: The effect of information collection and trust-building strategies on online advertisement effectiveness. Journal of Retailing, 91(1), 34–59.
Allen, & Overy. (2016). The EU general data protection regulation. http://www.allenovery.com/SiteCollectionDocuments/RadicalchangestoEuropeandataprotectionlegislation.pdf. Accessed October 14, 2016.
Bisson, D. (2015). The Ashley Madison hack—A timeline. http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-ashley-madison-hack-a-timeline. Accessed October 10, 2016.
Blattberg, R. C., Kim, B. D., & Neslin, S. A. (2008). Database marketing: Analyzing and managing customers. New York: Springer.
Bleier, A., & Eisenbeiss, M. (2015). The importance of trust for personalized online advertising. Journal of Retailing, 91(3), 390–409.
Court of Justice of the European Union. (2014). An internet search engine operator is responsible for the processing that it carries out of personal data which appear on web pages published by third parties. https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf. Accesed February 7, 2018.
Datafloq. (2016). From data ownership to data usage: How consumers will monetize their personal data. https://datafloq.com/read/data-ownership-data-usage-consumers-monetize-data/68. Accessed November 17, 2016.
Davies, S. (2015). The smart fitting room is the future of retail. http://tech.co/smart-fitting-room-future-retail-2015-12. Accessed October 10, 2016.
Direct Marketing Association. (2015). Data privacy: What the consumer really thinks. https://dma.org.uk/uploads/ckeditor/Data-privacy-2015-what-consumers-really-thinks_final.pdf. Accessed November 17, 2016.
EPIC. (2011). US Patriot Act. http://epic.org/privacy/terrorism/usapatriot/#introduction. Accessed September 29, 2011.
European Commission. (2012). Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf. Accessed October 10, 2016.
EU-GDPR. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32016R0679. Accessed October 14, 2016.
FTC. (2000). Privacy online: Fair information practices in the electronic marketplace. http://www.ftc.gov/reports/privacy2000/privacy2000.pdf. Accessed September 29, 2011.
FTC. (2010). Protecting consumer privacy in an era of rapid change—A proposed framework for businesses and policymakers. http://www.ftc.gov/os/2010/12/101201privacyreport.pdf. Accessed September 29, 2011.
FTC. (2015). National do not call registry. https://www.consumer.ftc.gov/articles/0108-national-do-not-call-registry#reregister. Accessed October 10, 2016.
Garfinkel, S. L., Juels, A., & Pappu, R. (2005). RFID privacy: An overview of problems and proposed solutions. IEEE Privacy & Security, 3(3), 34–43.
Gartner. (2011). Google-FTC settlement may have important privacy implications. http://www.gartner.com/DisplayDocument?id=1620221. Accessed September 29, 2011.
Gartner. (2014). Gartner Says the Internet of Things Will Transform the Data Center. http://www.gartner.com/newsroom/id/2684915. Accessed April 10, 2017.
GBG. (2015). Data distrust pits consumers against business. www.thetrusteconomy.com/news/. Accessed October 10, 2016.
Global Legal Group. (2016). The International Comparative Legal Guide to: Data Protection 2016. https://iclg.com/practice-areas/data-protection/data-protection-2016. Accessed April 10, 2017.
Goldfarb, A., & Tucker, C. E. (2011). Privacy regulation and online advertising. Management Science, 57(1), 57–71.
Goldfarb, A., & Tucker, C. E. (2012). Shifts in privacy concerns. American Economic Review: Papers & Proceedings, 102(3), 349–353.
Harris, M. H., Van Hoye, G., & Lievens, F. (2003). Privacy and attitudes towards internet based selection systems: A cross cultural comparison. International Journal of Selection and Assessment, 11(2–3), 230–236.
Hildner, L. (2006). Defusing the threat of RFID: Protecting consumer privacy through technology-specific legislation at the state level. Harvard Civil Rights-Civil Liberties Law Review, 41(1), 133–176.
Hoffman, D. L., Novak, T. P., & Peralta, M. A. (1999). Building consumer trust in online environments: The case for information privacy. Communications of the ACM, 42(4), 80–85.
IBM. (2016). 2016 Ponemon cost of data breach study. https://www.ibm.com/security/data-breach/. Accessed May 11, 2017.
ICT. (2016). ICT facts and figures 2016. http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2016.pdf. Accessed October 10, 2016.
Kluth, A. (2008). The perils of sharing. The Economist. http://www.economist.com/node/12499877. Accessed February 7, 2018.
KPMG. (2010). Consumers & convergence IV. http://www.kpmg.com/Global/en/IssuesAndInsights/ArticlesPublications/consumers-and-convergence/Documents/Consumers-Convergence-IV-july-2010.pdf. Accessed September 29, 2011.
Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet Users’ Information Privacy Concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4), 336–355.
Martin, K. D., & Murphy, P. E. (2016). The role of data privacy in marketing. Journal of the Academy of Marketing Science, forthcoming.
Microsoft. (2000). Bill Gates opens SafeNet 2000 summit. http://www.microsoft.com/Presspass/press/2000/dec00/safenetpr.mspx. Accessed September 29, 2011.
Morey, T., Forbath, T., & Schoop, A. (2015). Customer data: Designing for transparency and trust. Harvard Business Review, 93(5), 96–105.
Nayak, R., Padhye, R., Wang, L., Chatterjee, K., & Gupta, S. (2015). The role of mass customisation in the apparel industry. International Journal of Fashion Design, Technology and Education, 8(2), 162–172.
Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of Consumer Affairs, 41(1), 100–126.
Pearson, H. (2007). Privacy checklist for business. Harvard Business Review, 86(10), 123–130.
Peltier, J. W., Milne, G. R., & Phelps, J. E. (2009). Information privacy research: Framework for integrating multiple publics, information channels, and responses. Journal of Interactive Marketing, 23(2), 191–205.
Preibusch, S. (2015). Privacy behaviors after Snowden. Communications of the ACM, 58(5), 48–55.
Privacy International. (2016). The global surveillance industry. https://www.privacyinternational.org/node/911. Accessed October 10, 2016.
Privacy International. (2015). The right to privacy in the United Kingdom. https://www.privacyinternational.org/sites/default/files/PI%20submission%20UK.pdf. Accessed October 10, 2016.
PWC. (2016). Internet advertising. Key insights at a glance. https://www.pwc.com/gx/en/global-entertainment-media-outlook/assets/2015/internet-advertising-key-insights-1-advertising-segment.pdf. Accessed October 13, 2016.
PWC. (2014). Defending yesterday. Key findings from The Global State of Information Security Survey 2014. http://www.pwc.com/gx/en/consulting-services/information-security-survey/pwc-gsiss-2014-key-findings-report.pdf. Accessed May 11, 2017.
Rainie, L. (2016). The state of privacy in post-Snowden America. http://www.pewresearch.org/fact-tank/2016/09/21/the-state-of-privacy-in-america/, Pew Research Center. Accessed October 10, 2016.
Roznowski, J. L. (2003). A content analysis of mass media stories surrounding the consumer privacy issue 1990–2001. Journal of Interactive Marketing, 17(2), 52–69.
Rust, R. T., Kannan, P. K., & Peng, N. (2002). The customer economics of internet privacy. Journal of the Academy of Marketing Science, 30(4), 455–464.
Sidley. (2016). South Korea Enacts Stricter Penalties for Data Protection Violations by Telecommunications and Online Services Providers. http://datamatters.sidley.com/south-korea-enacts-stricter-penalties-for-data-protection-violations-by-telecommunications-and-online-services-providers/. Accessed April 10, 2017.
Son, J. Y., & Kim, S. S. (2008). Internet Users’ information privacy-protective responses: A taxonomy and nomological model. MIS Quarterly, 32(3), 503–529.
Spiekermann, S. (2012). The privacy paradox. http://derstandard.at/1330390059705/The-Privacy-Paradox. Accessed October 10, 2016.
Statista. (2016). Market capitalization of the largest U.S. internet companies as of March 2016 (in billion U.S. dollars). https://www.statista.com/statistics/209331/largest-us-internet-companies-by-market-cap. Accessed October 14, 2016.
Stone, E. F., Gueutal, H. G., Gardner, D. G., & McClure, S. (1983). A field experiment comparing information-privacy values, beliefs, and attitudes across several types of organizations. Journal of Applied Psychology, 68(3), 459–468.
Symantec. (2015). State of privacy report. https://www.symantec.com/content/en/us/about/presskits/b-state-of-privacy-report-2015.pdf. Accessed October 11, 2016.
Techworld. (2013). How NFC is transforming the weekly shopping experience. http://www.techworld.com/mobile/how-nfc-is-transforming-weekly-shopping-experience-3438410. Accessed October 10, 2016.
The Economist. (2010). Location-based services on mobile phones—Follow me. The Economist. http://www.economist.com/node/15612291. Accessed February 7, 2018.
The Economist. (2011). Anonymous no more. The Economist. http://www.economist.com/node/18304046. Accessed February 7, 2018.
The Telegraph. (2013). One surveillance camera for every 11 people in Britain, says CCTV survey. http://www.telegraph.co.uk/technology/10172298/One-surveillance-camera-for-every-11-people-in-Britain-says-CCTV-survey.html. Accessed October 10, 2016.
Tucker, K. (2014). Social networks, personalized advertising, and privacy controls. Journal of Marketing Research, 51(5), 546–562.
Turner, M. A. (2001). The impact of data restrictions on consumer distance shopping. Direct Marketing Association. http://www.the-dma.org/isec/9.pdf. Accessed September 28, 2011.
Whitman, J. Q. (2004). The Two western cultures of privacy: Dignity versus liberty. Yale Law Journal, 113(6), 1151–1221.
Wirtz, J., & Lwin, M. O. (2009). Regulatory focus theory, trust, and privacy concerns. Journal of Service Research, 12(2), 190–207.
Wirtz, J., Lwin, M. O., & Williams, J. D. (2007). Causes and consequences of consumer online privacy concern. International Journal of Service Industry Management, 18(4), 326–348.
World Economic Forum. (2011). Personal data: The emergence of a new asset class. http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdf. Accessed November 17, 2016.
Xu, H., Dinev, T., Smith, J., & Hart, P. (2011). Information privacy concerns: Linking individual perceptions with institutional privacy assurances. Journal of the Association of Information Systems, 12(12), 798–824.
Author information
Authors and Affiliations
Appendices
Appendix 1: Selected settlements in violation of FIP principles (Peltier et al., 2009)
FIP | Company/settlement date | Case |
---|---|---|
Notice/awareness | Centurion Financial Benefits (2007) | Consumers were told they were providing information for a $2000 credit card limit. Instead, they received an application for a scored value/cash card with no line of credit |
 | Sony BMG (2005) | Sent flawed and overreaching computer program via millions of music CDs that was officially intended to restrict the consumers’ use of the music. The program also could report listening habits and installed undisclosed and sometimes hidden files on computers that could expose users to tampering by third parties |
 | DoubleClick (2002) | Violated state and federal laws by surreptitiously tracking and collecting consumers’ personally identifiable data and combining it with information on their web surfing habits |
Choice/consent | Bank of America (2007) | Disclosed consumers’ personal, private, and confidential information to third parties without consent |
 | Gateway Learning Corporation (2004) | Rented personal information, in violation of promises made in its privacy policy statement. After collecting consumers’ information, privacy policies were changed to allow sharing of information without prior notice or consent given by customers |
 | Cartmanager International (2005) | The FTC alleged that CartManager did not adequately inform consumers or merchants that it would collect and rent information and that the company acted knowing that it was contrary to the privacy policies of many merchants |
Access | Quicken Loans (2002) | Failed to provide «adverse action» notices in violation of the Fair Credit Reporting Act and failed to comply with the provisions of the Act to notify the consumers when an action was based wholly or partly on their credit report |
 | Performance Capital Management (2001) | Provided credit bureaus with inaccurate «delinquency dates» for its accounts, resulting in negative information remaining on consumers’ credit reports. PCM failed to investigate consumer disputes referred by credit bureaus or notify bureaus when consumers disputed collection accounts |
Integrity/security | Guidance Software (2006) | The FTC charged that failure to take reasonable security measures to protect sensitive customer data contradicted security promises made on the website. This failure allowed hackers to access sensitive credit card information for thousands of consumers |
 | ChoicePoint Inc. (2006) | Failure to take appropriate security measures to protect sensitive information of tens of millions of customers resulted in fraudulent purchases worth millions of dollars |
 | Microsoft Corp. (2007) | The FTC alleged that Microsoft did not employ reasonable and appropriate measures to maintain and protect the privacy and confidentiality of consumers’ personal information collected through its Passport and Passport Wallet service, including credit card numbers and billing information |
Supplemental readings on customer privacy
European Union
► http://ec.europa.eu/justice/policies/privacy/index_en.htm
► www.privacyinternational.org
United States
► www.ftc.com
► http://www.export.gov/safeharbor/
► https://www.donotcall.gov/
Germany
► http://www.bfdi.bund.de/EN/Home/homepage_node.html
► http://www.robinsonliste.de/
Research/Reports
► http://blogs.wsj.com/wtk-mobile/
► http://www.digitalcenter.org/
Rights and permissions
Copyright information
© 2018 Springer-Verlag GmbH Germany, part of Springer Nature
About this chapter
Cite this chapter
Kumar, V., Reinartz, W. (2018). Customer Privacy Concerns and Privacy Protective Responses. In: Customer Relationship Management. Springer Texts in Business and Economics. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-55381-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-662-55381-7_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-55380-0
Online ISBN: 978-3-662-55381-7
eBook Packages: Business and ManagementBusiness and Management (R0)