SHARING IS (NOT) CARING – THE ROLE OF EXTERNAL
PRIVACY IN USERS’ INFORMATION DISCLOSURE
BEHAVIORS ON SOCIAL NETWORK SITES
Tina Morlok, Institute for Information Systems and New Media, Munich School of
Management, LMU Munich, Germany, email@example.com
Social network sites (SNSs) enjoy wide popularity as platforms for social interaction. When users
interact with each other, they however do not only disclose their own information, but also information
about others. Users therefore do not only manage their own privacy (internal privacy), but also that of
others (external privacy). Privacy concerns and their effects on disclosure behavior have been
extensively examined in prior literature, but there has been little research in IS on the role of external
privacy. There is a gap in research on how concerns for external privacy might affect users’ voluntary
disclosure decisions and how first-hand privacy invasion experiences shape users’ concerns for external
privacy. We apply external information privacy concerns (EIPC) and external social privacy concerns
(ESPC) as proxies for measuring external privacy. Our research model is based on Communication
Privacy Management theory, empirically validated through an online survey with 265 participants. We
find that EIPC and ESPC negatively affect users’ intentions to disclose information about others. In
contrast, when individuals perceive ownership of others’ information, their willingness to disclose
increases. Finally, users’ own experience with privacy invasion moderates the relationship between
EIPC, ESPC, and users’ disclosure intentions.
Keywords: External Privacy, Privacy Concerns, Privacy Invasion, Social Network Sites,
Communication Privacy Management Theory.
In recent years, the usage of social network sites (SNSs) has become omnipresent, since SNSs are
particularly helpful for communication and social interaction in the digital world. An SNS allows users
to disclose and share information with others, meet new people, feel connected or build communities
based on similar interests (Xu et al. 2012a). Information disclosure on an SNS differs from contexts
such as online banking or e-commerce. In addition to the obligatory information disclosure to use the
service (e.g. registration and creating profiles), individuals’ main reason for SNS usage lies in socially
interacting with others. Thus, they voluntarily disclose information to other users. A specific
characteristic of SNSs is particularly striking: Users disclose information about themselves but also
about others, for example when posting pictures or tagging friends in status updates. Users therefore
manage their own privacy (internal privacy), but also that of others (external privacy). Consequently,
users’ disclosure behaviors can negatively affect internal as well as external privacy. The disclosure of
others’ information might result in embarrassment, cyber-mobbing or reputation damage (Solove 2007).
Thus, new privacy challenges arise in the SNS context.
The disclosure of massive amounts of information on SNS platforms has raised privacy concerns among
users (Pew Research Center 2013), data protection authorities, and scholars. In 2015, public authorities
started a media campaign to increase awareness about threats to external privacy on SNSs (BBC News
2015). Extensive research has also been done on privacy and on how privacy concerns affect users’
disclosure behaviors (Smith et al. 2011). But researchers focused mainly on how individuals handle
internal privacy and how privacy concerns and prior privacy invasion affect disclosure behavior (Awad
& Krishnan 2006; John et al. 2011; Phelps et al. 2000). Because users’ disclosure behaviors can threaten
external privacy, it is not sufficient to explain their decision-making processes only with respect to their
internal privacy. That is why we pose two interdependent research questions to address this research
RQ1: How do concerns for external privacy affect users’ intentions to disclose information about
others on SNS platforms?
RQ2: Which impact do users’ first-hand privacy invasion experiences have on users’ concerns for
external privacy and their intention to disclose information about others on SNS platforms?
The concept of privacy generally represents a process of interpersonal boundary regulation and holds
the key to managing the interaction level with an individual’s social environment (Altman 1975). In our
study, we focus on the concept of external privacy and distinguish it from internal privacy. While the
former describes how individuals manage boundaries of others’ information, the latter refers to how
individuals control boundaries regarding their personal information. In information systems (IS)
research, only a few studies have been conducted to examine privacy beyond internal privacy (Alashoor
et al. 2015; Choi & Jiang 2013; Jia & Xu 2015; Morlok et al. 2016). In our research, we shift the focus
beyond the potential victim of privacy violation to the perspective of SNSs users having the decision-
making power on disclosure but whose own privacy is not be affected by their disclosure. Whereas Pu
and Grossklags (2015) examined the monetary value users place on their friends’ privacy when deciding
on social app adoption, we focus on users’ willingness to (voluntarily) disclose others’ information for
social interaction on SNSs. Since prior research showed the important effect of privacy invasion
experiences on individuals’ concerns for internal privacy and on the disclosure of their own personal
information (Awad & Krishnan 2006; Bansal et al. 2016), we examine whether prior internal privacy
invasion might also affect users’ concerns for external privacy, keeping them from disclosing others’
information. We use external information privacy concerns (EIPC) and external social privacy concerns
(ESPC) as proxies to capture external privacy, which cannot be measured directly as it is a latent concept.
To answer our research questions, we develop a research model that draws on the Communication
Privacy Management (CPM) theory (Petronio 1991) and helps to examine how users manage external
privacy boundaries. We conduct an online survey among 265 SNSs users in Germany and test our
research model and hypotheses using structural equation modeling.
We make three major contributions to the existing body of knowledge. First, our study is among the first
to empirically examine the role of external privacy in users’ decision-making process on information
disclosure on SNS. Secondly, we show that EIPC and ESPC are two distinct concepts that jointly serve
as proxies for measuring external privacy. Thirdly, we find that prior internal privacy invasion moderates
the relation between EIPC/ESPC and the intention to disclose information about others. This study also
offers important implications for practitioners, such as SNS operators like Facebook or Instagram.
Because EIPC and ESPC may impede users from actively participating on an SNS, operators should
consider offering users additional features to not only protect their own (internal) privacy but also
external privacy such as that of their friends or families.
The remainder of this paper is organized as follows: In the next section, we outline the theoretical
background of privacy concerns on SNS platforms and of CPM theory. We then introduce our research
model and hypotheses. In section 4, we report on our survey to test the proposed model, followed by a
description of our results. In section 6, we discuss the results and derive implications for theory and
practice. Finally, we point out the limitations of our study, followed by the conclusion.
2 THEORETICAL BACKGROUND
2.1 Privacy Concerns on SNS Platforms
The concept of privacy concerns has been widely adopted as a proxy to measure privacy (Smith et al.
2011). Privacy researchers have comprehensively examined privacy concern mechanisms and how they
affect individuals’ purchase decisions, technology adoption, and disclosure behavior (Angst & Agarwal
2009; Bansal & Gefen 2010; Dinev et al. 2006). Most existing studies focus on the informational
component of privacy concerns (Xu et al. 2012b). The Concern for Information Privacy (CFIP) scale
(Smith et al. 1996) represents the most frequently used scale. It distinguishes four data-related
dimensions (collection, unauthorized secondary usage, errors, and improper access) and is especially
useful for analyzing individuals’ information privacy concerns towards organizations.
The main difference between SNS platforms and other contexts, such as e-commerce or online banking,
is the social characteristics. Users do not only disclose information to an organization, but their
disclosure behavior is mainly aimed at socializing and building new relationships with other users (Hu
et al. 2011). SNS users therefore do not only perceive information privacy concerns towards a specific
organization (e.g. Facebook), but they also perceive social privacy concerns towards other users (Chen
et al. 2009). Thus, EIPC and ESPC need to be distinguished for examining external privacy on SNSs.
Our concept of EIPC draws on the classical concept of information privacy concerns (Smith et al. 1996),
but we focus on SNS users deciding on others’ disclosure but whose own privacy is not affected by their
disclosure choices. EIPC refers to an SNS user’s general tendency to worry about organizational
practices that might negatively affect external privacy (i.e. others’ personal information). In contrast,
ESPC refer to the degree to which an SNS user worries about other users’ further handling of the
disclosed information, as external privacy might be at risk. We conceptualize ESPC drawing on the
concept of social privacy concerns developed by Wang and Midha (2012) as well as on general privacy
literature since there is little research in IS literature on social privacy concerns to date (Chen et al.
2009). Social privacy concerns comprise three dimensions: exposure, intrusion, and identification. First,
exposure relates to unveiling physical and emotional attributes about a person, including grief, nudity,
and sex. That is why this dimension is strongly related to individuals’ dignity and social norms and why
individuals place high importance on privacy because it expresses personal dignity (Cohen 2000). When
individuals get exposed, they experience feelings of embarrassment and humiliation (Solove 2006).
Users’ disclosure choice can therefore lead to exposure of other individuals. Consequently, exposure
concerns represent one dimension of ESPC. Secondly, intrusion refers to perceived invasion into one’s
privacy and to incursions into an individual’s life, such as social circles or comfort zones (Solove 2006).
The perception of privacy invasion can make individuals feel uncomfortable and can also cause harm,
such as reputation damage (Solove 2007). This implies that SNS users are willing to disclose information
about other individuals as long as their real life does not get disturbed (Wang & Midha 2012). Hence,
intrusion concerns represent the second dimension of ESPC. Finally, identification builds the third
dimension. Personally identifiable information relates to information that allows to identify or to locate
individuals (Chellappa & Sin 2005). Users will not perceive identification concerns as long as
individuals cannot be identified from the disclosed information (Qian & Scott 2007). Yet, users perceive
identification concerns if individuals can be identified based on the disclosed information, since they
consider external privacy threats as more likely (Choi et al. 2015a). ESPC stem from the social
characteristics of SNSs and can be explained by three elements that are closely linked to the CPM
framework (Petronio 1991) and the concept of privacy as personal space (Altman 1975).
2.2 Communication Privacy Management (CPM) Theory
Petronio (2002) stressed that individuals do not only have to take decisions on disclosing their own
information but often also on revealing information about others. CPM theory (Petronio 1991) therefore
offers an effective theoretical framework for describing how users handle external privacy. The theory
has been applied in contexts of offline and online communication, such as family interactions (Petronio
2010) and blogging (Child et al. 2009). Recently, it has also been adopted in the SNS context
(Chennamaneni & Taneja 2015) and for analyzing collective privacy concerns (Jia & Xu 2015) and
friends’ privacy in the context of social apps (Choi & Jiang 2013).
CPM applies the metaphor of privacy boundaries to illustrate how individuals manage their own and
others’ information. According to CPM, individuals erect boundaries to manage the flow of information
which they disclose. CPM proposes that there are two types of boundaries – personal and mutual
boundaries. Personal boundaries refer to the management of information about the self, whereas the
latter describes how individuals manage information about others (Petronio 2002). Our understanding
of external privacy builds on the concept of mutual boundaries. In mutual boundaries, the discloser and
the recipient share control over the information and have to negotiate these boundaries. Once an
individual discloses information, the original owner gives up the sole control over the information and
the recipient of the information becomes a co-owner. Petronio (2002) proposes that individuals perceive
co-ownership about others’ information and feel responsible for it. That is why perceived ownership
represents a major factor in individuals’ disclosure decisions. The perception of ownership refers to an
individual’s right to control privacy boundaries. The discloser and the recipient negotiate on further
handling of the information to other people and entities. However, in the SNS context, a major challenge
arises: It becomes hardly feasible to draw clear boundary lines indicating where the relationships begin
and end (Child & Petronio 2011). That is why co-ownership is not always positive. Petronio (2002)
points out that there might also be situations where ownership ties can become unpleasant for the co-
owner, since co-owners may disclose information that could cause harm to others. On an SNS, users’
disclosure behaviors can have negative effects on external privacy. The degree to which users perceive
themselves as responsible affects how much they protect external privacy. Generally, the disclosure of
own information represents a voluntary choice. Individuals disclose their personal information for
perceived benefits. In contrast, the disclosure of information about others means that the person who
decides on disclosure gains potential benefits against the costs of others, for example by violating
external privacy (Choi et al. 2015b).
3 RESEARCH MODEL AND HYPOTHESES
Drawing on CPM theory, we developed the research model (depicted in Figure 1). It includes
informational aspects and social aspects of external privacy due to specific SNS characteristics. EIPC
build on the classical understanding of information privacy concerns, transferred to external privacy. By
considering the social concerns for privacy, we follow the recent stream in privacy literature (Jia & Xu
2015; Wang & Midha 2012). Thus, EIPC and ESPC jointly serve as proxies for measuring external
privacy. Our model elaborates on previous work on privacy concerns in three important ways. First,
EIPC and ESPC negatively affect users’ intentions to disclose information about others (INTO) and
therefore represent the negative counterbalance of the risk-control calculus (Petronio 2002).
Additionally, ESPC comprise three distinct constructs: exposure concerns (EXPC), intrusion concerns
(INTRUC) and identification concerns (IDC) (Wang & Midha 2012). Secondly, users’ perception of
ownership of others’ information (OWNO) positively affects their willingness to disclose and therefore
builds the positive counterbalance of users’ risk-control assessment (Petronio 2002). We specifically
focus on the role of external privacy and prior invasion of users’ internal privacy on their disclosure
intention. Additionally, we do not want to provide an encompassing model covering all benefits and
costs of SNS usage. We therefore apply no additional benefits or risk factors next to OWNO, EIPC, and
ESPC. Thirdly, we are especially interested in the moderating effect of prior invasion of internal privacy
(INV) on users’ disclosure intentions, as we aim to extend prior findings for internal privacy (Awad &
Krishnan 2006; Bansal et al. 2016). We therefore integrate INV as a moderator, highlighting its potential
effect on the relation between EIPC, ESPC, and INTO.
Figure 1. Research model.
3.1 Perceived Ownership of Others’ Information
Individuals experience connections to tangible targets, but also to intangible targets or latent concepts
such as privacy. This phenomenon has been described as psychological ownership and refers to a mental
state in which individuals feel that the target of ownership is theirs (Pierce et al. 2001). Even though
ownership is usually experienced as involving object-person relationships, it can also be considered
toward nonphysical entities, such as ideas. Adapted to the area of information privacy, this implies that
individuals may feel ownership regarding the intangible good of personal information (Kehr et al. 2014).
The perception of ownership relies on the extent to which individuals feel in control of the target
(Petronio 2002). The perception of ownership is therefore closely linked to the degree of perceived
control. Petronio (2002) proposes that disclosure decisions depend on a risk-control calculus where
individuals weigh privacy concerns against the perception of control. Based on this logic, we suggest
that individuals who perceive others’ information as their property feel in control of it and are therefore
more willing to disclose. We propose that individuals who have feelings of ownership of others’
information also feel entitled to decide on disclosure. As a result, SNS users with stronger feelings of
OWNO should be more likely to disclose. We therefore propose:
Hypothesis 1: Perceived ownership of others’ information has a positive effect on the intention to
disclose information about others.
3.2 External Privacy
Petronio (2002) argues that individuals manage mutual privacy boundaries and feel responsible for
others’ information. It can therefore be concluded that individuals take external privacy into account
when deciding on information disclosure. According to the risk-control calculus of CPM, privacy
concerns represent a risk-related factor which affects users’ disclosure decisions. Drawing on Wang and
Midha (2012), informational and social aspects of privacy need to be separated in an SNS context.
Consequently, EIPC and ESPC allow the measurement of external privacy in this context. EIPC build
on the well-established concept of information privacy concerns and refer to individuals’ concerns
towards organizational practices (Smith et al. 1996). Many studies have examined the negative effects
of information privacy concerns on individuals’ disclosure decisions (Chellappa & Sin 2005; Malhotra
et al. 2004). This negative type of relationship has been shown in various contexts, such as e-commerce,
e-health, as well as SNSs (Angst & Agarwal 2009; Tsai et al. 2011; Wilson et al. 2014). With regard to
external privacy, individuals who perceive higher EIPC should therefore be more reluctant to disclose
information about others. We therefore hold:
Hypothesis 2: External information privacy concerns have a negative impact on the intention to disclose
information about others.
Due to the social characteristics of SNSs, we argue that ESPC also need to be considered when
examining users’ disclosure behaviors. Wang and Midha (2012) have already shown the negative
influence of social privacy concerns on information disclosure in the health SNS context. Next to
information privacy concerns, users’ disclosure behaviors are determined by their social privacy
concerns including exposure concerns, intrusion concerns, and identification concerns (Wang & Midha
2012). First, prior studies show that users worry about the disclosure of sensitive information that might
result in exposure and embarrassment (Choi et al. 2015a; Malhotra et al. 2004). Once information is
disclosed on an SNS, it is virtually impossible to identify all the people to whom the information is
disclosed. Strangers might also gain access to potentially embarrassing information. Since co-owners
also feel responsible for others’ information (Petronio 2002), they will consider potential embarrassment
for others and decide not to disclose. Users who perceive higher concerns regarding others’ exposure
will be more reluctant to disclose information about others. We therefore propose the following
Hypothesis 3: Exposure concerns negatively affect the intention to disclose information about others.
Secondly, intrusion of one’s privacy can lead to defamation in social interactions (Choi et al. 2015a).
Individuals perceive an intrusion of privacy when they are not able to control their interactions with the
environment (Laufer et al. 1973). Prior studies in privacy research show that intrusion concerns have a
negative impact on users’ disclosure choices (Acquisti et al. 2012). Co-owners perceive intrusion
concerns regarding external privacy due to the feeling of responsibility (Petronio 2002). Users’
perception of external privacy intrusion therefore provides reasonable grounds not to disclose others’
information. As a result, users who perceive intrusion concerns will be more reluctant to disclose. We
Hypothesis 4: Intrusion concerns negatively affect the intention to disclose information about others.
The disclosure of identifiable information (e.g. name tags, location or facial recognition) may result in
external privacy violations. Owing to the mutual boundaries co-owners manage with the original owner
of the information (Petronio 2002), users who co-own others’ information will be more reluctant to
disclose information that might allow identification of the depicted individuals. Findings of existing
studies show the negative effect of identification concerns on users’ disclosure behaviors (Chellappa &
Sin 2005; Choi et al. 2015a). Users will perceive intrusion concerns regarding external privacy when
others’ identity might be revealed by their information disclosure and therefore their willingness to
disclose decreases (Choi et al. 2015a). Therefore, the following hypothesis is proposed:
Hypothesis 5: Identification concerns negatively affect the intention to disclose information about
3.3 The Moderating Role of Prior Invasion of Internal Privacy
Individuals’ experiences are a decisive factor in causing actual privacy-related behavior (Bates 1964;
Yoo et al. 2012). Prior literature examined the effect of prior privacy invasion on the perception of
privacy concerns (Culnan 1993; Smith et al. 1996). In addition, different studies in contexts such as
personalization and SNSs showed that experiences of privacy invasion can shape individuals’ concerns
regarding information disclosure (Awad & Krishnan 2006). Individuals’ first-hand privacy invasion
experiences affect their perception of privacy concerns and consequently their disclosure decisions,
notwithstanding the disclosure of information about themselves or others. We therefore propose that
once individuals have experienced invasion of their internal privacy, they will also be more reluctant to
disclose others’ information. As a result, prior invasion of internal privacy should moderate the relation
between EIPC, ESPC, and the intention to disclose. In sum, we posit the following hypotheses:
Hypothesis 6a: Prior invasion of internal privacy negatively affects the relationship between external
information privacy concerns and the intention to disclose information about others.
Hypothesis 6b: Prior invasion of internal privacy negatively affects the relationship between
exposure concerns and the intention to disclose information about others.
Hypothesis 6c: Prior invasion of internal privacy negatively affects the relationship between intrusion
concerns and the intention to disclose information about others.
Hypothesis 6d: Prior invasion of internal privacy negatively affects the relationship between
identification concerns and the intention to disclose information about others.
Scale development was based on extensive screening of privacy literature. To ensure construct validity,
we relied on existing measures where possible. All items have been revised to fit the research context
of SNSs (see Appendix). All constructs were measured using seven-point Likert-type scales. We
captured the construct of intention to disclose information about others (INTO) using measurement
items adapted from Malhotra et al. (2004). To assess the perception of ownership of others’ information
(OWNO), we adapted the scale proposed by Van Dyne and Pierce (2004). Following Xu et al. (2008),
we adapted the CFIP scale (Smith et al. 1996) to measure EIPC. To assess the social aspects of SNS
usage, we measured ESPC by three different constructs including exposure concerns (EXPC), intrusion
concerns (INTRUC), and identification concerns (IDC). We operationalized the EXPC based on Solove
(2006). Additionally, we measured INTRUC with three items adapted from Xu et al. (2008). IDC were
measured with items adapted from Chellappa and Sin (2005). Finally, we measured internal privacy
invasion experiences (INV) based on Bansal and Gefen (2010).
4.2 Survey Administration and Sample
We carefully pretested the structure of the questionnaire to evaluate its accuracy and clarity. We ensured
content validity for the instrument scales through an expert panel consisting of ten researchers who were
experienced in empirical research methods and quantitative data analysis techniques (Johnston &
Warkentin 2010). Based on their feedback, we made small adjustments regarding clarity and
comprehensibility of the survey instructions and the question items. To examine our research model and
hypotheses, we conducted an online survey. The survey was distributed via the campus mailing lists of
a large public university in Germany and posts in relevant Facebook groups. As an incentive, we offered
that all participants could take part in a lottery for Amazon vouchers. Offering rewards in exchange for
completing a survey is a common strategy in survey methodology (Xu et al. 2012b). Data was collected
from December 2015 to January 2016. In total, 352 participants completed the questionnaire. Subjects
took about eight minutes on average to complete the study. In preparation for the data analysis, we
adjusted the data for respondents who had spent less than five minutes on answering the questionnaire,
ensuring users’ thoroughness and quality of responses. This led to a final sample of 265 participants, of
whom 155 (58%) were women and 110 (42%) were men. The majority of the participants (211 or 80%)
were college students, while employees represented a relatively small proportion (45 or 17%).
Additionally, 169 (64%) of the participants were between 19 and 25 years of age, while 76 (29%) were
26 to 35 years of age.
5 DATA ANALYSIS AND RESULTS
We used structural equation modeling (SEM) to assess the model fit and to test our hypotheses by
means of the statistical software SmartPLS 3 (Ringle et al. 2015). Bootstrapping was applied for
significance testing. The usage of SmartPLS was especially useful because it can handle complex
predictive models (Chin 1998). Partial least squares (PLS) analysis allows researchers to examine the
inter-relationships in a predictive model and does not make distributional assumptions. Additionally, it
can access formative as well as reflective measurement models (Hair et al. 2014). PLS fits exploratory
studies that aim to develop new theories or enhance the current literature with new phenomena and
contexts very well (Gefen et al. 2000). For data analysis, we applied a two-step approach. First, we
assessed the measurement model’s quality to ensure its validity and reliability. Secondly, we analyzed
the hypotheses and the overall quality of the research model.
5.1 Measurement Model
The reflective measures were assessed for reliability and validity. The values for item loading,
Cronbach’s alpha, composite reliability and average variance extracted (AVE) were above the respective
thresholds of 0.7, 0.7, 0.7, and 0.5 (Hair et al. 2011), meeting the established guidelines for reliability
and validity of reflective measures (Table 1). We assessed the discriminant validity by verifying that the
square roots of AVEs exceeded inter-construct correlations, the Fornell-Larcker criterion and the
heterotrait-monotrait ratio of correlations (HTMT). The indicators’ factor loadings were higher than all
the cross-loadings and thus indicating adequate discriminant validity (Chin 1998; Fornell & Larcker
1981). Since the AVE’s square root values were much larger than the highest latent variable correlation
in all the cases, the Fornell-Larcker criterion was also fulfilled. Following Henseler et al. (2015), we
also assessed the HTMT. All values for HTMT were below the threshold of 0.85.
We assessed the reliability of the formative constructs of our measurement model by testing the
assumption of multicollinearity. We calculated the variance inflation factor (VIF), which evaluates the
level of variance in the estimated coefficients (Andreev et al. 2009). VIF quantifies the severity of
collinearity among the indicators in a formative measurement model. Table 2 gives an overview of the
VIF values with a maximum VIF of 2.187, suggesting that multicollinearity is not a problem in our
study, even with a more restrictive VIF value of 3.30 (Hair et al. 2011; Petter et al. 2007). Additionally,
we examined the indicator weights and tested for significance. Since two items were reported as not
significant (EXPC_2; INTRUC_3), we analyzed the outer loadings of the items drawing on Hair et al.
(2014). It was found that most outer loadings were equal or above 0.5 and significant. The outer loadings
for EIPC_4, EIPC_5 and EIPC_6 were slightly below 0.5, but they were significant (p < 0.01).
Intention to disclose
of others’ information
Table 1. Validity and reliability results for the reflective measures.
Perceived ownership of others’ information (OWNO)
External information privacy concerns (EIPC)
Exposure concerns (EXPC)
Intrusion concerns (INTRUC)
Identification concerns (IDC)
Table 2. Multi-collinearity assessments.
5.2 Structural Model
After confirmation of acceptable properties for the measurement model, we analyzed the structural
model (Figure 2). We applied the bootstrap method to assess path significance testing, following two
steps. First, to test H1 to H5 a PLS regression was undertaken on the path model, using the full sample
of 265 participants. Secondly, to test H6a to H6d, the data set was split into two groups: group A
consisted of participants who experienced prior invasion of internal privacy (131), while group B
included participants without experience of privacy invasion (134) (Tsai & Bagozzi 2014). The
predictive power of the structural model was assessed using R² in the endogenous construct (Chin 1998).
The structural model for the total sample explained 47.3% of the variance regarding the intention to
disclose information about others. Since we only focused on the role of OWNO, EIPC, and ESPC,
without including factors such as perceived benefits of SNS usage (Wilson et al. 2014), this is a
satisfactory result. In addition to evaluating R² values, we examined Stone-Geisser’s Q² value, which
should exceed the threshold of zero for a certain reflective endogenous latent variable (Hair et al. 2014).
Since we found Q² to be larger than zero for the construct of the intention to disclose information about
others (Q² = 0.417), the structural model shows predictive relevance.
5.2.1 Full Sample Results
Figure 2 provides a summary of the PLS analysis for the full sample. We tested our five hypotheses by
examining the direct effects of OWNO, EIPC, EXPC, INTRUC, and IDC on users’ disclosure intentions.
First, for the relationship between OWNO and the disclosure intention, we found that OWNO is a
significant predictor of users’ disclosure intentions (ß = 0.067, p < 0.10), supporting H1. The results also
support the negative effect of EIPC on the intention to disclose (ß = -0.589, p < 0.01), as we propose in
H2. Moreover, EXPC are a significant predictor of users’ disclosure intentions (ß = -0.082, p < 0.10),
supporting H3. In addition, we found a significant negative effect of INTRUC on users’ disclosure
intentions (ß = -0.103, p < 0.05), which supports H4. However, we did not find a significant relationship
between IDC and users’ disclosure intentions (ß = 0.029, p > 0.10). H5 can therefore not be supported.
Figure 2. Results of PLS analysis.
5.2.2 Moderating Influence of Prior Invasion of Internal Privacy
To test the proposed moderating role of prior invasion of internal privacy, we split the overall sample
into two sub-samples. To achieve this, we conducted a median split on the variable INV. Drawing on
Tsai and Bagozzi (2014), we created two separate structural models for the sub-samples and tested the
moderating effect to identify differences in the coefficients of the hypothesized paths of our research
model. First, we built a summated scale based on the mean value of the individual INV items. We
subsequently used the median value of this scale (median = 2) to assign all participants to one of two
groups (prior invasion of internal privacy vs. no prior invasion of internal privacy). This resulted in 131
participants in the prior-invasion group (A) and 134 participants in the no-prior-invasion group (B).
Figure 3 shows the results for the two sub-samples. For both groups, EIPC show a strong negative effect
on users’ disclosure intentions (group A: ß = -0.523, p < 0.01; group B: ß = -0.688, p < 0.01). H6a can
therefore not be supported. Surprisingly, EXPC show a significant negative effect on users’ disclosure
intentions for group B (ß = -0.139, p < 0.1), but not for group A (ß = -0.109, p > 0.1). Consequently,
H6b is not supported. However, for group A, INTRUC have a strong negative impact on users’
disclosure intentions (ß = -0.170, p < 0.05; ß = -0.078, p > 0.1), supporting H6c. Finally, for both groups,
IDC have no significant negative effect on the intention to disclose information about others on SNSs
(group A: ß = 0.062, p > 0.1; group B: ß = 0.071, p > 0.1). H6d is therefore not supported. Table 3
summarizes the results of hypothesis testing for the total sample and for both groups.
Figure 3. Tested research model with moderator effects.
(No prior invasion)
Significance levels: *** p < 0.01, ** p < 0.05, * p < 0.10
Table 3. Results of hypothesis testing.
6 DISCUSSION AND CONTRIBUTION
The purpose of this paper is to enhance the understanding of the concept of external privacy on SNSs.
Specifically, we sought to achieve three main goals: (1) to examine the role of external privacy on users’
disclosure intentions on an SNS, (2) to show that EIPC and ESPC can serve as proxies to measure
external privacy and (3) to examine the moderating effect of users’ own experiences with internal
privacy invasion on the relation between EIPC/ESPC and their intention to disclose information about
others. To achieve these objectives, this study drew on existing privacy literature as well as on CPM
theory to derive hypotheses and investigated them in an online survey among 265 SNS users.
The results from structural equation modeling show that external privacy concerns reflect in two distinct
concepts: EIPC and ESPC. More specifically, we found that users’ disclosure intentions on an SNS is a
function of informational and social aspects of external privacy concerns and the degree of perceived
ownership of others’ information. The perception of ownership functions as a determinant of users’
disclosure intentions and reflects the positive counterbalance of users’ risk-control calculus (Petronio
2002). On the other hand, EIPC and ESPC affect disclosure decisions negatively. While our theorizing
had suggested ESPC to comprise EXPC, INTRUC, and IDC, the latter did not show any significant
influence on users’ intentions to disclose information about others. This stands in contrast to prior
research on internal privacy in the context of health SNSs (Wang & Midha 2012). A closer look reveals
that this finding is understandable in an SNS context. On health SNSs, anonymity is crucial for users
since they exchange sensitive information on personal diseases. Users therefore perceive identification
concerns. On the contrary, identification is a crucial prerequisite for Facebook usage. The main usage
reason on Facebook is to maintain relationships (e.g. with friends and family) and to socially interact
with each other (Boyd & Ellison 2007). Facebook’s real-name policy also enforces users to reveal their
actual name (Facebook 2015). Disclosed information can however result in embarrassment or privacy
intrusion. That is why users perceive exposure concerns (EXPC) and intrusion concerns (INTRUC)
regarding others’ privacy, which reduce their intention to disclose. These attitudes crucially depend on
whether a user has fallen victim to internal privacy invasion in the past. This study shows that users’
experiences with privacy invasion moderate the abovementioned effects of EIPC and ESPC on
disclosure intention. Specifically, users who have previously experienced an invasion of internal privacy
(group A) limit their disclosure behavior because of INTRUC but not because of EXPC. Users who lack
such experiences (group B) also seem to be aware of ESPC. However, contrary to those users who have
already experienced violations of their privacy (group A), their disclosure behavior is not limited by
INTRUC but instead by EXPC. These findings reveal the previously neglected but highly complex
nature of the relationship between ESPC and INTO. Nonetheless, these results are comprehensible. Once
users have experienced invasion of their internal privacy (group A) they will also be more concerned
about intrusion of external privacy because it is easier for those users to put themselves into the others’
position. Thus, the awareness of external privacy threats depends on users’ first-hand privacy
experiences. Taken together, our findings establish a framework for explaining SNS usage as a result
from disclosure behavior (i.e. INTO). This is achieved by theorizing through the lens of concerns for
external privacy, drawing on CPM theory and combining information and social concerns for external
privacy with a new explanatory variable (i.e. perception of ownership).
This paper makes three major contributions to privacy literature. Our first contribution lies in
highlighting the role of concerns for external privacy in users’ decision-making on disclosing
information about others and ultimately participating on SNSs. This investigation represents a major
and novel theoretical contribution to privacy literature, since it complements prior findings on the effect
of concerns for internal privacy on users’ disclosure behaviors (John et al. 2011). It also represents a
complement to recent findings on collective (Choi & Jiang 2013; Jia & Xu 2015) and interdependent
privacy (Biczók & Chia 2013; Pu & Grossklags 2015). Secondly, this paper shows that EIPC and ESPC
are two different concepts and jointly serve as proxies for external privacy. In addition, our findings
imply that ESPC are not one homogeneous concept but include three components – exposure concerns,
intrusion concerns and identification concerns. Hence, our study complements other findings on privacy
beyond the internal perspective (Choi & Jiang 2013; Jia & Xu 2015; Pu & Grossklags 2015). Our third
contribution entails revealing the moderator effect of internal privacy invasion experiences on the
relation between EIPC, ESPC, and users’ disclosure intentions. Specifically, intrusion concerns mainly
affect disclosure intention for users with first-hand experience of internal privacy invasion. Our findings
therefore support prior literature on the role of experience as a crucial factor in causing actual privacy-
related behavior (Awad & Krishnan 2006; Bansal et al. 2016; Bates 1964), notwithstanding internal or
external privacy. In doing so, this study answers several calls by IS scholars (e.g. Biczók & Chia 2013;
Choi et al. 2015a) to examine the role of privacy beyond the concept of internal privacy. Our study
offers a novel complement to existing privacy literature by showing that external privacy represents a
crucial element in the SNS context and needs to be taken into account when analyzing users’ disclosure
Our study also offers important implications for practice. Information disclosure is crucial for any
successful SNS. It paves the way for social interaction, personalized services and advertisement (Chen
2013). SNS operators such as Facebook, for example, thus seek to achieve a large and active user base
(e.g. monthly active users). This study identifies factors that may impede users from actively
participating in social networks: concerns for external (i.e. others’) privacy. To encourage users’
voluntary information disclosure and ensure their active participation, SNS operators should strive to
provide well-designed control mechanisms that guarantee internal as well as external privacy. So far,
privacy control mechanisms on SNS platforms mainly aim at raising users’ awareness of threats for
internal privacy, if at all. Clearly highlighted privacy settings can increase users’ control perception and
incentivize them to actively participate. For SNS operators it is also essential to ensure privacy
protection with regard to informational and social aspects. SNS operators who seek to strengthen their
users’ loyalty could try to be among the first operators that implement mechanisms to protect external
privacy, thereby differentiating themselves from competitors.
7 LIMITATIONS AND CONCLUSION
This paper is not without limitations. Three limitations of this study are notable and provide avenues for
future research on external privacy. First, our findings are based on the case of Facebook. Future studies
could investigate the role of external privacy on disclosure behavior on different SNS platforms to
confirm the generalizability of our results. Secondly, we examined the effects of perceived ownership,
EIPC, ESPC, and the moderating effect of prior internal privacy invasion on the intention to disclose
information about others. We did not analyze users’ de facto behaviors. In prior literature, several
authors have identified the so-called privacy paradox which characterizes the discrepancy between
individuals’ expressed behavioral intentions and their de facto observable behavior (Awad & Krishnan
2006; Norberg et al. 2007). The question is whether the theoretical construct of individuals’ disclosure
intentions is an appropriate proxy for their de facto disclosure behavior. Future studies are encouraged
to examine individuals’ de facto disclosure behaviors. Finally, data analysis and the results of this study
are based on a student sample. Assuming that the likelihood of privacy invasion experiences increases
with age, samples that are based on a more dispersed age structure could generate different results. In
addition to this, the survey was conducted in Germany, where a controversial debate on privacy and data
protection took place recently. Our results may therefore not be representative of users in other countries
and with different cultural backgrounds. Future studies could thus include other groups of participants.
This study is not only among the first in IS to examine the role of external privacy in individuals’
disclosure behaviors on SNS; it also provides concrete measures, namely EIPC and ESPC. Additionally,
we show that internal privacy invasion experiences shape individuals’ perceptions of EIPC as well as
ESPC, and consequently their disclosure intentions. In summary, this study represents an important first
step towards a better understanding of the nature of external privacy and how it affects users’ disclosure
behaviors. It may therefore be a starting point for future studies on external privacy in various contexts.
Construct indicators (measured on seven-point, Likert-type scale)
INTO_1: I am willing to share pictures of my friends on Facebook.
INTO_2: It is probable that I share pictures of my friends on Facebook.
INTO_3: It is likely that I share pictures of my friends on Facebook.
EIPC_1: It usually bothers me to share pictures of my friends on Facebook.
EIPC_2: I am concerned that Facebook is collecting too many pictures of my
EIPC_3: I am concerned that unauthorized people may access the pictures of
my friends that I shared on Facebook.
EIPC_4: I am concerned that the pictures I share on Facebook may be kept in
a non-accurate manner.
EIPC_5: I am concerned that Facebook may use the pictures of my friends I
shared for other purposes without notifying me or getting my authorization.
EIPC_6: I am concerned that Facebook may sell friends’ pictures I shared to
from Xu et
EXPC_1: I am concerned that as a result of my picture-sharing on Facebook,
others can make inferences about the physical attributes of my friends.
EXPC_2: I am concerned that as a result of my picture-sharing on Facebook,
others can draw conclusions that could make my friends feel embarrassed.
EXPC_3: I am concerned that as a result of my picture-sharing on Facebook,
others can draw conclusions that could make my friends feel embarrassed.
EXPC_4: I am concerned that as a result of my picture-sharing on Facebook,
others can draw conclusions that could make my friends feel humiliated.
INTRUC_1: I feel that as a result of my picture-sharing on Facebook, others
know more about my friends than what I am comfortable with.
INTRUC_2: I believe that as a result of my picture-sharing on Facebook,
information about my friends that I consider private is now more readily
available to others than I would want it to be.
INTRUC_3: I feel that as a result of my information-sharing on Facebook,
information about my friends is out there that, if used, will invade their
INTRUC_4: I feel that as a result of my information-sharing on Facebook, my
friends' privacy has been invaded by others that collect the data.
from Xu et
IDC_1: I am concerned that my friends can be identified based on the pictures
I share on Facebook.
IDC_2: I believe that as a result of my picture-sharing on Facebook, it is much
easier for others to identify my friends.
INV_1: I have already felt myself to be a victim of privacy violation on
INV_2: I have already had bad experiences with violation of my privacy on
INV_3: I have already experienced violation of my privacy on Facebook.
OWNO_1: The pictures of my friends I share on Facebook are my data.
OWNO_2: I feel a high degree of personal ownership for the pictures of my
friends I share on Facebook.
OWNO_3: I sense that the pictures of my friends I share on Facebook are
Acquisti, A., John, L.K. and Loewenstein, G. (2012). The impact of relative standards on the
propensity to disclose. Journal of Marketing Research, 49 (2), 160-174.
Alashoor, T., Keil, M., Liu, L. and Smith, J. (2015). How values shape concerns about privacy for self
and others. In Proceedings of the 36th International Conference on Information Systems (ICIS),
Fort Worth, Texas, USA.
Altman, I. (1975). The environment and social behavior: Privacy, personal space, territory, and
crowding. Brooks/Cole Publishing Company, Monterey, California.
Andreev, P., Heart, T., Maoz, H. and Pliskin, N. (2009). Validating formative partial least squares
(pls) models: Methodological review and empirical illustration. In Proceedings of the 30th
International Conference on Information Systems (ICIS), Phoenix, Arizona, USA.
Angst, C.M. and Agarwal, R. (2009). Adoption of electronic health records in the presence of privacy
concerns: The elaboration likelihood model and individual persuasion. MIS Quarterly, 33 (2), 339-
Awad, N.F. and Krishnan, M.S. (2006). The personalization privacy paradox: An empirical evaluation
of information transparency and the willingness to be profiled online for personalization. MIS
Quarterly, 30 (1), 13-28.
Bansal, G. and Gefen, D. (2010). The impact of personal dispositions on information sensitivity,
privacy concern and trust in disclosing health information online. Decision Support Systems, 49
Bansal, G., Zahedi, F.M. and Gefen, D. (2016). Do context and personality matter? Trust and privacy
concerns in disclosing private information online. Information & Management, 53 (1), 1-21.
Bates, A.P. (1964). Privacy – a useful concept? Social Forces, 42 (4), 429-434.
BBC News (2015). German police warn parents over Facebook pictures of children,
http://www.bbc.com/news/technology-34539059 (visited on 23.02.2016).
Biczók, G. and Chia, P.H. (2013). Interdependent privacy: Let me share your data, In Financial
cryptography and data security, Sadeghi, A.-R. (ed.). Springer, Berlin Heidelberg, 338-353.
Boyd, D.M. and Ellison, N.B. (2007). Social network sites: Definition, history, and scholarship.
Journal of Computer-Mediated Communications, 13 (1), 210-230.
Chellappa, R.K. and Sin, R.G. (2005). Personalization versus privacy: An empirical examination of
the online consumer’s dilemma. Information Technology and Management, 6 (2-3), 181-202.
Chen, J., Ping, W., Xu, Y. and Tan, B.C. (2009). Am i afraid of my peers? Understanding the
antecedents of information privacy concerns in the online social context. In Proceedings of the 30th
International Conference on Information Systems (ICIS), Phoenix, Arizona, USA.
Chen, R. (2013). Living a private life in public social networks: An exploration of member self-
disclosure. Decision Support Systems, 55 (3), 661-668.
Chennamaneni, A. and Taneja, A. (2015). Communication privacy management and self-disclosure on
social media - a case of Facebook. In Proceedings of the 21st Americas Conference on Information
Systems (AMCIS), Puerto Rico, USA.
Child, J.T., Pearson, J.C. and Petronio, S. (2009). Blogging, communication, and privacy
management: Development of the blogging privacy management measure. Journal of the American
Society for Information Science and Technology, 60 (10), 2079-2094.
Child, J.T. and Petronio, S. (2011). Unpacking the paradoxes of privacy in cmc relationships: The
challenges of blogging and relational communication on the internet, In Computer-mediated
communication in personal relationships, Webb, K. W. L. (ed.). Peter Lang, New York, 21-40.
Chin, W.W. (1998). The partial least squares approach to structural equation modeling. Modern
Methods for Business Research, 295 (2), 295-336.
Choi, B.C., Jiang, Z., Xiao, B. and Kim, S.S. (2015a). Embarrassing exposures in online social
networks: An integrated perspective of privacy invasion and relationship bonding. Information
Systems Research, 26 (4), 675-694.
Choi, B.C., Lee, N.T. and Land, L.P.W. (2015b). The effects of general privacy concerns and
transactional privacy concerns on Facebook apps usage. In Proceedings of the 19th Pacific Asia
Conference on Information Systems (PACIS), Singapore.
Choi, C.F.B. and Jiang, Z.J. (2013). Trading friendship for value: An investigation of collective
privacy concerns in social application usage. In Proceedings of the 35th International Conference
on Information Systems (ICIS), Milan, Italy.
Cohen, J.E. (2000). Examined lives: Informational privacy and the subject as object. Stanford Law
Culnan, M.J. (1993). "How did they get my name?": An exploratory investigation of consumer
attitudes toward secondary information use. MIS Quarterly, 17 (3), 341-363.
Dinev, T., Bellotto, M., Hart, P., Russo, V., Serra, I. and Colautti, C. (2006). Privacy calculus model in
e-commerce–a study of italy and the united states. European Journal of Information Systems, 15
Facebook (2015). What names are allowed on Facebook, Help Centre,
https://www.facebook.com/help/112146705538576 (visited on 18.02.2016).
Fornell, C. and Larcker, D.F. (1981). Evaluating structural equation models with unobservable
variables and measurement error. Journal of Marketing Research, 18 (1), 39-50.
Gefen, D., Straub, D. and Boudreau, M.-C. (2000). Structural equation modeling and regression:
Guidelines for research practice. Communications of the Association for Information Systems, 4
Hair, J.F., Ringle, C.M. and Sarstedt, M. (2011). Pls-sem: Indeed a silver bullet. Journal of Marketing
Theory and Practice, 19 (2), 139-152.
Hair, J.F.J., Hult, G.T.M., Ringle, C.M. and Sarstedt, M. (2014). A primer on partial least squares
structural equation modeling (pls-sem). SAGE Publications, Thousand Oaks.
Henseler, J., Ringle, C.M. and Sarstedt, M. (2015). A new criterion for assessing discriminant validity
in variance-based structural equation modeling. Journal of the Academy of Marketing Science, 43
Hu, T., Poston, R.S. and Kettinger, W.J. (2011). Nonadopters of online social network services: Is it
easy to have fun yet. Communications of the Association for Information Systems, 29 (1), 441-458.
Jia, H. and Xu, H. (2015). Measuring individuals’ concerns over collective privacy on social
networking sites. In Proceedings of the 36th International Conference on Information Systems
(ICIS), Fort Worth, Texas, USA.
John, L.K., Acquisti, A. and Loewenstein, G. (2011). Strangers on a plane: Context-dependent
willingness to divulge sensitive information. Journal of Consumer Research, 37 (5), 858-873.
Johnston, A.C. and Warkentin, M. (2010). Fear appeals and information security behaviors: An
empirical study. MIS Quarterly, 34 (3), 549-566.
Kehr, F., Wentzel, D. and Kowatsch, T. (2014). Privacy paradox revised: Pre-existing attitudes,
psychological ownership, and actual disclosure. In Proceedings of the 35th International
Conference on Information Systems (ICIS), Auckland, New Zealand.
Laufer, R.S., Proshansky, H.M. and Wolfe, M. (1973). Some analytic dimensions of privacy, In
Environmental psychology: People and their physical settings, Proshansky, H. M., Ittelson, W. H.
and Rivlin, L. G. (eds.). Holt McDougal, New York.
Malhotra, N.K., Kim, S.S. and Agarwal, J. (2004). Internet users' information privacy concerns
(IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15 (4), 336-
Morlok, T., Matt, C. and Hess, T. (2016). Negative externe Effekte bei der Nutzung mobiler Endgeräte
- Zur Rolle der Privatsphäre Dritter im Entscheidungskalkül des Nutzers. In Proceedings of the
Multikonferenz Wirtschaftsinformatik (MKWI), Ilmenau, Germany.
Norberg, P.A., Horne, D.R. and Horne, D.A. (2007). The privacy paradox: Personal information
disclosure intentions versus behaviors. Journal of Consumer Affairs, 41 (1), 100-126.
Petronio, S. (1991). Communication boundary management: A theoretical model of managing
disclosure of private information between marital couples. Communication Theory, 1 (4), 311-335.
Petronio, S. (2002). Boundaries of privacy: Dialectics and disclosure. State University of New York
Petronio, S. (2010). Communication privacy management theory: What do we know about family
privacy regulation? Journal of Family Theory & Review, 2 (3), 175-196.
Petter, S., Straub, D. and Rai, A. (2007). Specifying formative constructs in information systems
research. MIS Quarterly, 31 (4), 623-656.
Pew Research Center (2013). Social media update 2013,
http://www.pewinternet.org/files/2013/12/PIP_Social-Networking-2013.pdf (visited on
Phelps, J., Nowak, G. and Ferrell, E. (2000). Privacy concerns and consumer willingness to provide
personal information. Journal of Public Policy and Marketing, 19 (1), 27-41.
Pierce, J.L., Kostova, T. and Dirks, K.T. (2001). Toward a theory of psychological ownership in
organizations. Academy of Management Review, 26 (2), 298-310.
Pu, Y. and Grossklags, J. (2015). Using conjoint analysis to investigate the value of interpendent
privacy in social app adoption scenarios. In Proceedings of the 36th International Conference on
Information Systems (ICIS), Fort Worth, Texas, USA.
Qian, H. and Scott, C.R. (2007). Anonymity and self‐disclosure on weblogs. Journal of Computer‐
Mediated Communication, 12 (4), 1428-1451.
Ringle, C.M., Wende, S. and Becker, J.-M. (2015). Smartpls 3, www.smartpls.com (visited on
Smith, H.J., Dinev, T. and Xu, H. (2011). Information privacy research: An interdisciplinary review.
MIS Quarterly, 35 (4), 989-1016.
Smith, H.J., Milberg, S.J. and Burke, S.J. (1996). Information privacy: Measuring individuals'
concerns about organizational practices. MIS Quarterly, 20 (2), 167-196.
Solove, D.J. (2006). A taxonomy of privacy. University of Pennsylvania Law Review, 154 (3), 477-
Solove, D.J. (2007). The future of reputation: Gossip, rumor, and privacy on the internet. Yale
University Press, New Haven & London.
Tsai, H.-T. and Bagozzi, R.P. (2014). Contribution behavior in virtual communities: Cognitive,
emotional, and social influences. MIS Quarterly, 38 (1), 143-163.
Tsai, J.Y., Egelman, S., Cranor, L. and Acquisti, A. (2011). The effect of online privacy information
on purchasing behavior: An experimental study. Information Systems Research, 22 (2), 254-268.
Van Dyne, L. and Pierce, J.L. (2004). Psychological ownership and feelings of possession: Three field
studies predicting employee attitudes and organizational citizenship behavior. Journal of
Organizational Behavior, 25 (4), 439-459.
Wang, Y. and Midha, V. (2012). User self-disclosure on health social networks: A social exchange
perspective. In Proceedings of the 33rd International Conference on Information Systems (ICIS),
Orlando, Florida, USA.
Wilson, D.W., Proudfoot, J.G. and Valacich, J.S. (2014). Saving face on Facebook: Privacy concerns,
social benefits, and impression management. In Proceedings of the 35th International Conference
on Information Systems (ICIS), Auckland, New Zealand.
Xu, C.M., Benbasat, I. and Cavusoglu, H. (2012a). Trusting those who trust you: A study on trust and
privacy on Facebook. In Proceedings of the 33rd International Conference on Information Systems
(ICIS), Orlando, Florida, USA.
Xu, H., Dinev, T., S., H. J. and Hart, P. (2008). Examining the formation of individual's privacy
concerns: Toward an integrative view. In Proceedings of the 29th International Conference on
Information Systems (ICIS), Paris, France.
Xu, H., Teo, H.H., Tan, B.C.Y. and Agarwal, R. (2012b). Effects of individual self-protection,
industry self-regulation, and government regulation on privacy concerns: A study of location-based
services. Information Systems Research, 23 (4), 1342-1363.
Yoo, C.W., Ahn, H.J. and Rao, H.R. (2012). An exploration of the impact of information privacy
invasion. In Proceedings of the 33rd International Conference on Information Systems (ICIS),
Orlando, Florida, USA.