Conference PaperPDF Available

Sharing is (Not) Caring - The Role of External Privacy in Users' Information Disclosure Behaviors on Social Network Sites

Authors:

Abstract and Figures

Social network sites (SNSs) enjoy wide popularity as platforms for social interaction. When users interact with each other, they however do not only disclose their own information, but also information about others. Users therefore do not only manage their own privacy (internal privacy), but also that of others (external privacy). Privacy concerns and their effects on disclosure behavior have been extensively examined in prior literature, but there has been little research in IS on the role of external privacy. There is a gap in research on how concerns for external privacy might affect users’ voluntary disclosure decisions and how first-hand privacy invasion experiences shape users’ concerns for external privacy. We apply external information privacy concerns (EIPC) and external social privacy concerns (ESPC) as proxies for measuring external privacy. Our research model is based on Communication Privacy Management theory, empirically validated through an online survey with 265 participants. We find that EIPC and ESPC negatively affect users’ intentions to disclose information about others. In contrast, when individuals perceive ownership of others’ information, their willingness to disclose increases. Finally, users’ own experience with privacy invasion moderates the relationship between EIPC, ESPC, and users’ disclosure intentions.
Content may be subject to copyright.
SHARING IS (NOT) CARING THE ROLE OF EXTERNAL
PRIVACY IN USERS’ INFORMATION DISCLOSURE
BEHAVIORS ON SOCIAL NETWORK SITES
Tina Morlok, Institute for Information Systems and New Media, Munich School of
Management, LMU Munich, Germany, morlok@bwl.lmu.de
Abstract
Social network sites (SNSs) enjoy wide popularity as platforms for social interaction. When users
interact with each other, they however do not only disclose their own information, but also information
about others. Users therefore do not only manage their own privacy (internal privacy), but also that of
others (external privacy). Privacy concerns and their effects on disclosure behavior have been
extensively examined in prior literature, but there has been little research in IS on the role of external
privacy. There is a gap in research on how concerns for external privacy might affect users’ voluntary
disclosure decisions and how first-hand privacy invasion experiences shape users’ concerns for external
privacy. We apply external information privacy concerns (EIPC) and external social privacy concerns
(ESPC) as proxies for measuring external privacy. Our research model is based on Communication
Privacy Management theory, empirically validated through an online survey with 265 participants. We
find that EIPC and ESPC negatively affect users’ intentions to disclose information about others. In
contrast, when individuals perceive ownership of others’ information, their willingness to disclose
increases. Finally, users’ own experience with privacy invasion moderates the relationship between
EIPC, ESPC, and users’ disclosure intentions.
Keywords: External Privacy, Privacy Concerns, Privacy Invasion, Social Network Sites,
Communication Privacy Management Theory.
1 INTRODUCTION
In recent years, the usage of social network sites (SNSs) has become omnipresent, since SNSs are
particularly helpful for communication and social interaction in the digital world. An SNS allows users
to disclose and share information with others, meet new people, feel connected or build communities
based on similar interests (Xu et al. 2012a). Information disclosure on an SNS differs from contexts
such as online banking or e-commerce. In addition to the obligatory information disclosure to use the
service (e.g. registration and creating profiles), individuals’ main reason for SNS usage lies in socially
interacting with others. Thus, they voluntarily disclose information to other users. A specific
characteristic of SNSs is particularly striking: Users disclose information about themselves but also
about others, for example when posting pictures or tagging friends in status updates. Users therefore
manage their own privacy (internal privacy), but also that of others (external privacy). Consequently,
users’ disclosure behaviors can negatively affect internal as well as external privacy. The disclosure of
others’ information might result in embarrassment, cyber-mobbing or reputation damage (Solove 2007).
Thus, new privacy challenges arise in the SNS context.
The disclosure of massive amounts of information on SNS platforms has raised privacy concerns among
users (Pew Research Center 2013), data protection authorities, and scholars. In 2015, public authorities
started a media campaign to increase awareness about threats to external privacy on SNSs (BBC News
2015). Extensive research has also been done on privacy and on how privacy concerns affect users’
disclosure behaviors (Smith et al. 2011). But researchers focused mainly on how individuals handle
internal privacy and how privacy concerns and prior privacy invasion affect disclosure behavior (Awad
& Krishnan 2006; John et al. 2011; Phelps et al. 2000). Because users’ disclosure behaviors can threaten
external privacy, it is not sufficient to explain their decision-making processes only with respect to their
internal privacy. That is why we pose two interdependent research questions to address this research
gap:
RQ1: How do concerns for external privacy affect users’ intentions to disclose information about
others on SNS platforms?
RQ2: Which impact do users’ first-hand privacy invasion experiences have on users’ concerns for
external privacy and their intention to disclose information about others on SNS platforms?
The concept of privacy generally represents a process of interpersonal boundary regulation and holds
the key to managing the interaction level with an individual’s social environment (Altman 1975). In our
study, we focus on the concept of external privacy and distinguish it from internal privacy. While the
former describes how individuals manage boundaries of others’ information, the latter refers to how
individuals control boundaries regarding their personal information. In information systems (IS)
research, only a few studies have been conducted to examine privacy beyond internal privacy (Alashoor
et al. 2015; Choi & Jiang 2013; Jia & Xu 2015; Morlok et al. 2016). In our research, we shift the focus
beyond the potential victim of privacy violation to the perspective of SNSs users having the decision-
making power on disclosure but whose own privacy is not be affected by their disclosure. Whereas Pu
and Grossklags (2015) examined the monetary value users place on their friends’ privacy when deciding
on social app adoption, we focus on users’ willingness to (voluntarily) disclose others’ information for
social interaction on SNSs. Since prior research showed the important effect of privacy invasion
experiences on individuals’ concerns for internal privacy and on the disclosure of their own personal
information (Awad & Krishnan 2006; Bansal et al. 2016), we examine whether prior internal privacy
invasion might also affect users’ concerns for external privacy, keeping them from disclosing others’
information. We use external information privacy concerns (EIPC) and external social privacy concerns
(ESPC) as proxies to capture external privacy, which cannot be measured directly as it is a latent concept.
To answer our research questions, we develop a research model that draws on the Communication
Privacy Management (CPM) theory (Petronio 1991) and helps to examine how users manage external
privacy boundaries. We conduct an online survey among 265 SNSs users in Germany and test our
research model and hypotheses using structural equation modeling.
We make three major contributions to the existing body of knowledge. First, our study is among the first
to empirically examine the role of external privacy in users’ decision-making process on information
disclosure on SNS. Secondly, we show that EIPC and ESPC are two distinct concepts that jointly serve
as proxies for measuring external privacy. Thirdly, we find that prior internal privacy invasion moderates
the relation between EIPC/ESPC and the intention to disclose information about others. This study also
offers important implications for practitioners, such as SNS operators like Facebook or Instagram.
Because EIPC and ESPC may impede users from actively participating on an SNS, operators should
consider offering users additional features to not only protect their own (internal) privacy but also
external privacy such as that of their friends or families.
The remainder of this paper is organized as follows: In the next section, we outline the theoretical
background of privacy concerns on SNS platforms and of CPM theory. We then introduce our research
model and hypotheses. In section 4, we report on our survey to test the proposed model, followed by a
description of our results. In section 6, we discuss the results and derive implications for theory and
practice. Finally, we point out the limitations of our study, followed by the conclusion.
2 THEORETICAL BACKGROUND
2.1 Privacy Concerns on SNS Platforms
The concept of privacy concerns has been widely adopted as a proxy to measure privacy (Smith et al.
2011). Privacy researchers have comprehensively examined privacy concern mechanisms and how they
affect individuals’ purchase decisions, technology adoption, and disclosure behavior (Angst & Agarwal
2009; Bansal & Gefen 2010; Dinev et al. 2006). Most existing studies focus on the informational
component of privacy concerns (Xu et al. 2012b). The Concern for Information Privacy (CFIP) scale
(Smith et al. 1996) represents the most frequently used scale. It distinguishes four data-related
dimensions (collection, unauthorized secondary usage, errors, and improper access) and is especially
useful for analyzing individuals’ information privacy concerns towards organizations.
The main difference between SNS platforms and other contexts, such as e-commerce or online banking,
is the social characteristics. Users do not only disclose information to an organization, but their
disclosure behavior is mainly aimed at socializing and building new relationships with other users (Hu
et al. 2011). SNS users therefore do not only perceive information privacy concerns towards a specific
organization (e.g. Facebook), but they also perceive social privacy concerns towards other users (Chen
et al. 2009). Thus, EIPC and ESPC need to be distinguished for examining external privacy on SNSs.
Our concept of EIPC draws on the classical concept of information privacy concerns (Smith et al. 1996),
but we focus on SNS users deciding on others’ disclosure but whose own privacy is not affected by their
disclosure choices. EIPC refers to an SNS user’s general tendency to worry about organizational
practices that might negatively affect external privacy (i.e. others’ personal information). In contrast,
ESPC refer to the degree to which an SNS user worries about other users’ further handling of the
disclosed information, as external privacy might be at risk. We conceptualize ESPC drawing on the
concept of social privacy concerns developed by Wang and Midha (2012) as well as on general privacy
literature since there is little research in IS literature on social privacy concerns to date (Chen et al.
2009). Social privacy concerns comprise three dimensions: exposure, intrusion, and identification. First,
exposure relates to unveiling physical and emotional attributes about a person, including grief, nudity,
and sex. That is why this dimension is strongly related to individuals’ dignity and social norms and why
individuals place high importance on privacy because it expresses personal dignity (Cohen 2000). When
individuals get exposed, they experience feelings of embarrassment and humiliation (Solove 2006).
Users’ disclosure choice can therefore lead to exposure of other individuals. Consequently, exposure
concerns represent one dimension of ESPC. Secondly, intrusion refers to perceived invasion into one’s
privacy and to incursions into an individual’s life, such as social circles or comfort zones (Solove 2006).
The perception of privacy invasion can make individuals feel uncomfortable and can also cause harm,
such as reputation damage (Solove 2007). This implies that SNS users are willing to disclose information
about other individuals as long as their real life does not get disturbed (Wang & Midha 2012). Hence,
intrusion concerns represent the second dimension of ESPC. Finally, identification builds the third
dimension. Personally identifiable information relates to information that allows to identify or to locate
individuals (Chellappa & Sin 2005). Users will not perceive identification concerns as long as
individuals cannot be identified from the disclosed information (Qian & Scott 2007). Yet, users perceive
identification concerns if individuals can be identified based on the disclosed information, since they
consider external privacy threats as more likely (Choi et al. 2015a). ESPC stem from the social
characteristics of SNSs and can be explained by three elements that are closely linked to the CPM
framework (Petronio 1991) and the concept of privacy as personal space (Altman 1975).
2.2 Communication Privacy Management (CPM) Theory
Petronio (2002) stressed that individuals do not only have to take decisions on disclosing their own
information but often also on revealing information about others. CPM theory (Petronio 1991) therefore
offers an effective theoretical framework for describing how users handle external privacy. The theory
has been applied in contexts of offline and online communication, such as family interactions (Petronio
2010) and blogging (Child et al. 2009). Recently, it has also been adopted in the SNS context
(Chennamaneni & Taneja 2015) and for analyzing collective privacy concerns (Jia & Xu 2015) and
friends’ privacy in the context of social apps (Choi & Jiang 2013).
CPM applies the metaphor of privacy boundaries to illustrate how individuals manage their own and
others’ information. According to CPM, individuals erect boundaries to manage the flow of information
which they disclose. CPM proposes that there are two types of boundaries personal and mutual
boundaries. Personal boundaries refer to the management of information about the self, whereas the
latter describes how individuals manage information about others (Petronio 2002). Our understanding
of external privacy builds on the concept of mutual boundaries. In mutual boundaries, the discloser and
the recipient share control over the information and have to negotiate these boundaries. Once an
individual discloses information, the original owner gives up the sole control over the information and
the recipient of the information becomes a co-owner. Petronio (2002) proposes that individuals perceive
co-ownership about others’ information and feel responsible for it. That is why perceived ownership
represents a major factor in individuals’ disclosure decisions. The perception of ownership refers to an
individual’s right to control privacy boundaries. The discloser and the recipient negotiate on further
handling of the information to other people and entities. However, in the SNS context, a major challenge
arises: It becomes hardly feasible to draw clear boundary lines indicating where the relationships begin
and end (Child & Petronio 2011). That is why co-ownership is not always positive. Petronio (2002)
points out that there might also be situations where ownership ties can become unpleasant for the co-
owner, since co-owners may disclose information that could cause harm to others. On an SNS, users’
disclosure behaviors can have negative effects on external privacy. The degree to which users perceive
themselves as responsible affects how much they protect external privacy. Generally, the disclosure of
own information represents a voluntary choice. Individuals disclose their personal information for
perceived benefits. In contrast, the disclosure of information about others means that the person who
decides on disclosure gains potential benefits against the costs of others, for example by violating
external privacy (Choi et al. 2015b).
3 RESEARCH MODEL AND HYPOTHESES
Drawing on CPM theory, we developed the research model (depicted in Figure 1). It includes
informational aspects and social aspects of external privacy due to specific SNS characteristics. EIPC
build on the classical understanding of information privacy concerns, transferred to external privacy. By
considering the social concerns for privacy, we follow the recent stream in privacy literature (Jia & Xu
2015; Wang & Midha 2012). Thus, EIPC and ESPC jointly serve as proxies for measuring external
privacy. Our model elaborates on previous work on privacy concerns in three important ways. First,
EIPC and ESPC negatively affect users’ intentions to disclose information about others (INTO) and
therefore represent the negative counterbalance of the risk-control calculus (Petronio 2002).
Additionally, ESPC comprise three distinct constructs: exposure concerns (EXPC), intrusion concerns
(INTRUC) and identification concerns (IDC) (Wang & Midha 2012). Secondly, users’ perception of
ownership of others’ information (OWNO) positively affects their willingness to disclose and therefore
builds the positive counterbalance of users’ risk-control assessment (Petronio 2002). We specifically
focus on the role of external privacy and prior invasion of users’ internal privacy on their disclosure
intention. Additionally, we do not want to provide an encompassing model covering all benefits and
costs of SNS usage. We therefore apply no additional benefits or risk factors next to OWNO, EIPC, and
ESPC. Thirdly, we are especially interested in the moderating effect of prior invasion of internal privacy
(INV) on users’ disclosure intentions, as we aim to extend prior findings for internal privacy (Awad &
Krishnan 2006; Bansal et al. 2016). We therefore integrate INV as a moderator, highlighting its potential
effect on the relation between EIPC, ESPC, and INTO.
Figure 1. Research model.
3.1 Perceived Ownership of Others’ Information
Individuals experience connections to tangible targets, but also to intangible targets or latent concepts
such as privacy. This phenomenon has been described as psychological ownership and refers to a mental
state in which individuals feel that the target of ownership is theirs (Pierce et al. 2001). Even though
ownership is usually experienced as involving object-person relationships, it can also be considered
toward nonphysical entities, such as ideas. Adapted to the area of information privacy, this implies that
individuals may feel ownership regarding the intangible good of personal information (Kehr et al. 2014).
The perception of ownership relies on the extent to which individuals feel in control of the target
(Petronio 2002). The perception of ownership is therefore closely linked to the degree of perceived
control. Petronio (2002) proposes that disclosure decisions depend on a risk-control calculus where
individuals weigh privacy concerns against the perception of control. Based on this logic, we suggest
that individuals who perceive others’ information as their property feel in control of it and are therefore
more willing to disclose. We propose that individuals who have feelings of ownership of others’
information also feel entitled to decide on disclosure. As a result, SNS users with stronger feelings of
OWNO should be more likely to disclose. We therefore propose:
Hypothesis 1: Perceived ownership of others’ information has a positive effect on the intention to
disclose information about others.
3.2 External Privacy
Petronio (2002) argues that individuals manage mutual privacy boundaries and feel responsible for
others’ information. It can therefore be concluded that individuals take external privacy into account
when deciding on information disclosure. According to the risk-control calculus of CPM, privacy
concerns represent a risk-related factor which affects users’ disclosure decisions. Drawing on Wang and
Midha (2012), informational and social aspects of privacy need to be separated in an SNS context.
Consequently, EIPC and ESPC allow the measurement of external privacy in this context. EIPC build
on the well-established concept of information privacy concerns and refer to individuals’ concerns
towards organizational practices (Smith et al. 1996). Many studies have examined the negative effects
of information privacy concerns on individuals’ disclosure decisions (Chellappa & Sin 2005; Malhotra
et al. 2004). This negative type of relationship has been shown in various contexts, such as e-commerce,
e-health, as well as SNSs (Angst & Agarwal 2009; Tsai et al. 2011; Wilson et al. 2014). With regard to
external privacy, individuals who perceive higher EIPC should therefore be more reluctant to disclose
information about others. We therefore hold:
Hypothesis 2: External information privacy concerns have a negative impact on the intention to disclose
information about others.
Due to the social characteristics of SNSs, we argue that ESPC also need to be considered when
examining users’ disclosure behaviors. Wang and Midha (2012) have already shown the negative
influence of social privacy concerns on information disclosure in the health SNS context. Next to
information privacy concerns, users’ disclosure behaviors are determined by their social privacy
concerns including exposure concerns, intrusion concerns, and identification concerns (Wang & Midha
2012). First, prior studies show that users worry about the disclosure of sensitive information that might
result in exposure and embarrassment (Choi et al. 2015a; Malhotra et al. 2004). Once information is
disclosed on an SNS, it is virtually impossible to identify all the people to whom the information is
disclosed. Strangers might also gain access to potentially embarrassing information. Since co-owners
also feel responsible for others’ information (Petronio 2002), they will consider potential embarrassment
for others and decide not to disclose. Users who perceive higher concerns regarding others’ exposure
will be more reluctant to disclose information about others. We therefore propose the following
hypothesis:
Hypothesis 3: Exposure concerns negatively affect the intention to disclose information about others.
Secondly, intrusion of one’s privacy can lead to defamation in social interactions (Choi et al. 2015a).
Individuals perceive an intrusion of privacy when they are not able to control their interactions with the
environment (Laufer et al. 1973). Prior studies in privacy research show that intrusion concerns have a
negative impact on users’ disclosure choices (Acquisti et al. 2012). Co-owners perceive intrusion
concerns regarding external privacy due to the feeling of responsibility (Petronio 2002). Users’
perception of external privacy intrusion therefore provides reasonable grounds not to disclose others’
information. As a result, users who perceive intrusion concerns will be more reluctant to disclose. We
therefore hypothesize:
Hypothesis 4: Intrusion concerns negatively affect the intention to disclose information about others.
The disclosure of identifiable information (e.g. name tags, location or facial recognition) may result in
external privacy violations. Owing to the mutual boundaries co-owners manage with the original owner
of the information (Petronio 2002), users who co-own others’ information will be more reluctant to
disclose information that might allow identification of the depicted individuals. Findings of existing
studies show the negative effect of identification concerns on users’ disclosure behaviors (Chellappa &
Sin 2005; Choi et al. 2015a). Users will perceive intrusion concerns regarding external privacy when
others’ identity might be revealed by their information disclosure and therefore their willingness to
disclose decreases (Choi et al. 2015a). Therefore, the following hypothesis is proposed:
Hypothesis 5: Identification concerns negatively affect the intention to disclose information about
others.
3.3 The Moderating Role of Prior Invasion of Internal Privacy
Individuals’ experiences are a decisive factor in causing actual privacy-related behavior (Bates 1964;
Yoo et al. 2012). Prior literature examined the effect of prior privacy invasion on the perception of
privacy concerns (Culnan 1993; Smith et al. 1996). In addition, different studies in contexts such as
personalization and SNSs showed that experiences of privacy invasion can shape individuals’ concerns
regarding information disclosure (Awad & Krishnan 2006). Individuals’ first-hand privacy invasion
experiences affect their perception of privacy concerns and consequently their disclosure decisions,
notwithstanding the disclosure of information about themselves or others. We therefore propose that
once individuals have experienced invasion of their internal privacy, they will also be more reluctant to
disclose others’ information. As a result, prior invasion of internal privacy should moderate the relation
between EIPC, ESPC, and the intention to disclose. In sum, we posit the following hypotheses:
Hypothesis 6a: Prior invasion of internal privacy negatively affects the relationship between external
information privacy concerns and the intention to disclose information about others.
Hypothesis 6b: Prior invasion of internal privacy negatively affects the relationship between
exposure concerns and the intention to disclose information about others.
Hypothesis 6c: Prior invasion of internal privacy negatively affects the relationship between intrusion
concerns and the intention to disclose information about others.
Hypothesis 6d: Prior invasion of internal privacy negatively affects the relationship between
identification concerns and the intention to disclose information about others.
4 METHODOLOGY
4.1 Measurement
Scale development was based on extensive screening of privacy literature. To ensure construct validity,
we relied on existing measures where possible. All items have been revised to fit the research context
of SNSs (see Appendix). All constructs were measured using seven-point Likert-type scales. We
captured the construct of intention to disclose information about others (INTO) using measurement
items adapted from Malhotra et al. (2004). To assess the perception of ownership of others’ information
(OWNO), we adapted the scale proposed by Van Dyne and Pierce (2004). Following Xu et al. (2008),
we adapted the CFIP scale (Smith et al. 1996) to measure EIPC. To assess the social aspects of SNS
usage, we measured ESPC by three different constructs including exposure concerns (EXPC), intrusion
concerns (INTRUC), and identification concerns (IDC). We operationalized the EXPC based on Solove
(2006). Additionally, we measured INTRUC with three items adapted from Xu et al. (2008). IDC were
measured with items adapted from Chellappa and Sin (2005). Finally, we measured internal privacy
invasion experiences (INV) based on Bansal and Gefen (2010).
4.2 Survey Administration and Sample
We carefully pretested the structure of the questionnaire to evaluate its accuracy and clarity. We ensured
content validity for the instrument scales through an expert panel consisting of ten researchers who were
experienced in empirical research methods and quantitative data analysis techniques (Johnston &
Warkentin 2010). Based on their feedback, we made small adjustments regarding clarity and
comprehensibility of the survey instructions and the question items. To examine our research model and
hypotheses, we conducted an online survey. The survey was distributed via the campus mailing lists of
a large public university in Germany and posts in relevant Facebook groups. As an incentive, we offered
that all participants could take part in a lottery for Amazon vouchers. Offering rewards in exchange for
completing a survey is a common strategy in survey methodology (Xu et al. 2012b). Data was collected
from December 2015 to January 2016. In total, 352 participants completed the questionnaire. Subjects
took about eight minutes on average to complete the study. In preparation for the data analysis, we
adjusted the data for respondents who had spent less than five minutes on answering the questionnaire,
ensuring users’ thoroughness and quality of responses. This led to a final sample of 265 participants, of
whom 155 (58%) were women and 110 (42%) were men. The majority of the participants (211 or 80%)
were college students, while employees represented a relatively small proportion (45 or 17%).
Additionally, 169 (64%) of the participants were between 19 and 25 years of age, while 76 (29%) were
26 to 35 years of age.
5 DATA ANALYSIS AND RESULTS
We used structural equation modeling (SEM) to assess the model fit and to test our hypotheses by
means of the statistical software SmartPLS 3 (Ringle et al. 2015). Bootstrapping was applied for
significance testing. The usage of SmartPLS was especially useful because it can handle complex
predictive models (Chin 1998). Partial least squares (PLS) analysis allows researchers to examine the
inter-relationships in a predictive model and does not make distributional assumptions. Additionally, it
can access formative as well as reflective measurement models (Hair et al. 2014). PLS fits exploratory
studies that aim to develop new theories or enhance the current literature with new phenomena and
contexts very well (Gefen et al. 2000). For data analysis, we applied a two-step approach. First, we
assessed the measurement model’s quality to ensure its validity and reliability. Secondly, we analyzed
the hypotheses and the overall quality of the research model.
5.1 Measurement Model
The reflective measures were assessed for reliability and validity. The values for item loading,
Cronbach’s alpha, composite reliability and average variance extracted (AVE) were above the respective
thresholds of 0.7, 0.7, 0.7, and 0.5 (Hair et al. 2011), meeting the established guidelines for reliability
and validity of reflective measures (Table 1). We assessed the discriminant validity by verifying that the
square roots of AVEs exceeded inter-construct correlations, the Fornell-Larcker criterion and the
heterotrait-monotrait ratio of correlations (HTMT). The indicators’ factor loadings were higher than all
the cross-loadings and thus indicating adequate discriminant validity (Chin 1998; Fornell & Larcker
1981). Since the AVE’s square root values were much larger than the highest latent variable correlation
in all the cases, the Fornell-Larcker criterion was also fulfilled. Following Henseler et al. (2015), we
also assessed the HTMT. All values for HTMT were below the threshold of 0.85.
We assessed the reliability of the formative constructs of our measurement model by testing the
assumption of multicollinearity. We calculated the variance inflation factor (VIF), which evaluates the
level of variance in the estimated coefficients (Andreev et al. 2009). VIF quantifies the severity of
collinearity among the indicators in a formative measurement model. Table 2 gives an overview of the
VIF values with a maximum VIF of 2.187, suggesting that multicollinearity is not a problem in our
study, even with a more restrictive VIF value of 3.30 (Hair et al. 2011; Petter et al. 2007). Additionally,
we examined the indicator weights and tested for significance. Since two items were reported as not
significant (EXPC_2; INTRUC_3), we analyzed the outer loadings of the items drawing on Hair et al.
(2014). It was found that most outer loadings were equal or above 0.5 and significant. The outer loadings
for EIPC_4, EIPC_5 and EIPC_6 were slightly below 0.5, but they were significant (p < 0.01).
Constructs
Item
IL
CA
CR
AVE
IDC
OWNO
Identification
concerns (IDC)
IDC_1
0.942
0.889
0.947
0.900
0.949
IDC_2
0.955
Intention to disclose
information about
others (INTO)
INTO_1
0.953
0.952
0.969
0.912
-0.435
INTO_2
0.958
INTO_3
0.955
Perceived ownership
of others’ information
(OWNO)
OWNO_1
0.910
0.881
0.923
0.799
-0.042
0.894
OWNO_2
0.830
OWNO_3
0.939
Table 1. Validity and reliability results for the reflective measures.
Construct
VIF
Perceived ownership of others’ information (OWNO)
1.009
External information privacy concerns (EIPC)
1.696
Exposure concerns (EXPC)
2.118
Intrusion concerns (INTRUC)
1.956
Identification concerns (IDC)
2.187
Table 2. Multi-collinearity assessments.
5.2 Structural Model
After confirmation of acceptable properties for the measurement model, we analyzed the structural
model (Figure 2). We applied the bootstrap method to assess path significance testing, following two
steps. First, to test H1 to H5 a PLS regression was undertaken on the path model, using the full sample
of 265 participants. Secondly, to test H6a to H6d, the data set was split into two groups: group A
consisted of participants who experienced prior invasion of internal privacy (131), while group B
included participants without experience of privacy invasion (134) (Tsai & Bagozzi 2014). The
predictive power of the structural model was assessed using R² in the endogenous construct (Chin 1998).
The structural model for the total sample explained 47.3% of the variance regarding the intention to
disclose information about others. Since we only focused on the role of OWNO, EIPC, and ESPC,
without including factors such as perceived benefits of SNS usage (Wilson et al. 2014), this is a
satisfactory result. In addition to evaluating values, we examined Stone-Geisser’s Q² value, which
should exceed the threshold of zero for a certain reflective endogenous latent variable (Hair et al. 2014).
Since we found Q² to be larger than zero for the construct of the intention to disclose information about
others (Q² = 0.417), the structural model shows predictive relevance.
5.2.1 Full Sample Results
Figure 2 provides a summary of the PLS analysis for the full sample. We tested our five hypotheses by
examining the direct effects of OWNO, EIPC, EXPC, INTRUC, and IDC on users’ disclosure intentions.
First, for the relationship between OWNO and the disclosure intention, we found that OWNO is a
significant predictor of users’ disclosure intentions (ß = 0.067, p < 0.10), supporting H1. The results also
support the negative effect of EIPC on the intention to disclose (ß = -0.589, p < 0.01), as we propose in
H2. Moreover, EXPC are a significant predictor of users’ disclosure intentions (ß = -0.082, p < 0.10),
supporting H3. In addition, we found a significant negative effect of INTRUC on users’ disclosure
intentions (ß = -0.103, p < 0.05), which supports H4. However, we did not find a significant relationship
between IDC and users’ disclosure intentions (ß = 0.029, p > 0.10). H5 can therefore not be supported.
Figure 2. Results of PLS analysis.
5.2.2 Moderating Influence of Prior Invasion of Internal Privacy
To test the proposed moderating role of prior invasion of internal privacy, we split the overall sample
into two sub-samples. To achieve this, we conducted a median split on the variable INV. Drawing on
Tsai and Bagozzi (2014), we created two separate structural models for the sub-samples and tested the
moderating effect to identify differences in the coefficients of the hypothesized paths of our research
model. First, we built a summated scale based on the mean value of the individual INV items. We
subsequently used the median value of this scale (median = 2) to assign all participants to one of two
groups (prior invasion of internal privacy vs. no prior invasion of internal privacy). This resulted in 131
participants in the prior-invasion group (A) and 134 participants in the no-prior-invasion group (B).
Figure 3 shows the results for the two sub-samples. For both groups, EIPC show a strong negative effect
on users’ disclosure intentions (group A: ß = -0.523, p < 0.01; group B: ß = -0.688, p < 0.01). H6a can
therefore not be supported. Surprisingly, EXPC show a significant negative effect on users’ disclosure
intentions for group B = -0.139, p < 0.1), but not for group A (ß = -0.109, p > 0.1). Consequently,
H6b is not supported. However, for group A, INTRUC have a strong negative impact on users’
disclosure intentions (ß = -0.170, p < 0.05; ß = -0.078, p > 0.1), supporting H6c. Finally, for both groups,
IDC have no significant negative effect on the intention to disclose information about others on SNSs
(group A: ß = 0.062, p > 0.1; group B: ß = 0.071, p > 0.1). H6d is therefore not supported. Table 3
summarizes the results of hypothesis testing for the total sample and for both groups.
Figure 3. Tested research model with moderator effects.
Hypothesis
Explanatory
variable
Total sample
Group A
(Prior invasion)
Group B
(No prior invasion)
Path
coefficient
Supported
Path
coefficient
Supported
Path
coefficient
Supported
H1
OWNO
0.067*
Yes
0.117**
Yes
0.055
No
H2
EIPC
-0.589***
Yes
-0.523***
Yes
-0.688***
Yes
H3
EXPC
-0.082*
Yes
-0.109
No
-0.139*
Yes
H4
INTRUC
-0.103**
Yes
-0.170**
Yes
-0.078
No
H5
IDC
0.029
No
0.062
No
0.071
No
Significance levels: *** p < 0.01, ** p < 0.05, * p < 0.10
Table 3. Results of hypothesis testing.
6 DISCUSSION AND CONTRIBUTION
The purpose of this paper is to enhance the understanding of the concept of external privacy on SNSs.
Specifically, we sought to achieve three main goals: (1) to examine the role of external privacy on users’
disclosure intentions on an SNS, (2) to show that EIPC and ESPC can serve as proxies to measure
external privacy and (3) to examine the moderating effect of users’ own experiences with internal
privacy invasion on the relation between EIPC/ESPC and their intention to disclose information about
others. To achieve these objectives, this study drew on existing privacy literature as well as on CPM
theory to derive hypotheses and investigated them in an online survey among 265 SNS users.
The results from structural equation modeling show that external privacy concerns reflect in two distinct
concepts: EIPC and ESPC. More specifically, we found that users’ disclosure intentions on an SNS is a
function of informational and social aspects of external privacy concerns and the degree of perceived
ownership of others’ information. The perception of ownership functions as a determinant of users’
disclosure intentions and reflects the positive counterbalance of users’ risk-control calculus (Petronio
2002). On the other hand, EIPC and ESPC affect disclosure decisions negatively. While our theorizing
had suggested ESPC to comprise EXPC, INTRUC, and IDC, the latter did not show any significant
influence on users’ intentions to disclose information about others. This stands in contrast to prior
research on internal privacy in the context of health SNSs (Wang & Midha 2012). A closer look reveals
that this finding is understandable in an SNS context. On health SNSs, anonymity is crucial for users
since they exchange sensitive information on personal diseases. Users therefore perceive identification
concerns. On the contrary, identification is a crucial prerequisite for Facebook usage. The main usage
reason on Facebook is to maintain relationships (e.g. with friends and family) and to socially interact
with each other (Boyd & Ellison 2007). Facebook’s real-name policy also enforces users to reveal their
actual name (Facebook 2015). Disclosed information can however result in embarrassment or privacy
intrusion. That is why users perceive exposure concerns (EXPC) and intrusion concerns (INTRUC)
regarding others’ privacy, which reduce their intention to disclose. These attitudes crucially depend on
whether a user has fallen victim to internal privacy invasion in the past. This study shows that users’
experiences with privacy invasion moderate the abovementioned effects of EIPC and ESPC on
disclosure intention. Specifically, users who have previously experienced an invasion of internal privacy
(group A) limit their disclosure behavior because of INTRUC but not because of EXPC. Users who lack
such experiences (group B) also seem to be aware of ESPC. However, contrary to those users who have
already experienced violations of their privacy (group A), their disclosure behavior is not limited by
INTRUC but instead by EXPC. These findings reveal the previously neglected but highly complex
nature of the relationship between ESPC and INTO. Nonetheless, these results are comprehensible. Once
users have experienced invasion of their internal privacy (group A) they will also be more concerned
about intrusion of external privacy because it is easier for those users to put themselves into the others’
position. Thus, the awareness of external privacy threats depends on users’ first-hand privacy
experiences. Taken together, our findings establish a framework for explaining SNS usage as a result
from disclosure behavior (i.e. INTO). This is achieved by theorizing through the lens of concerns for
external privacy, drawing on CPM theory and combining information and social concerns for external
privacy with a new explanatory variable (i.e. perception of ownership).
This paper makes three major contributions to privacy literature. Our first contribution lies in
highlighting the role of concerns for external privacy in users’ decision-making on disclosing
information about others and ultimately participating on SNSs. This investigation represents a major
and novel theoretical contribution to privacy literature, since it complements prior findings on the effect
of concerns for internal privacy on users’ disclosure behaviors (John et al. 2011). It also represents a
complement to recent findings on collective (Choi & Jiang 2013; Jia & Xu 2015) and interdependent
privacy (Biczók & Chia 2013; Pu & Grossklags 2015). Secondly, this paper shows that EIPC and ESPC
are two different concepts and jointly serve as proxies for external privacy. In addition, our findings
imply that ESPC are not one homogeneous concept but include three components exposure concerns,
intrusion concerns and identification concerns. Hence, our study complements other findings on privacy
beyond the internal perspective (Choi & Jiang 2013; Jia & Xu 2015; Pu & Grossklags 2015). Our third
contribution entails revealing the moderator effect of internal privacy invasion experiences on the
relation between EIPC, ESPC, and users’ disclosure intentions. Specifically, intrusion concerns mainly
affect disclosure intention for users with first-hand experience of internal privacy invasion. Our findings
therefore support prior literature on the role of experience as a crucial factor in causing actual privacy-
related behavior (Awad & Krishnan 2006; Bansal et al. 2016; Bates 1964), notwithstanding internal or
external privacy. In doing so, this study answers several calls by IS scholars (e.g. Biczók & Chia 2013;
Choi et al. 2015a) to examine the role of privacy beyond the concept of internal privacy. Our study
offers a novel complement to existing privacy literature by showing that external privacy represents a
crucial element in the SNS context and needs to be taken into account when analyzing users’ disclosure
behaviors.
Our study also offers important implications for practice. Information disclosure is crucial for any
successful SNS. It paves the way for social interaction, personalized services and advertisement (Chen
2013). SNS operators such as Facebook, for example, thus seek to achieve a large and active user base
(e.g. monthly active users). This study identifies factors that may impede users from actively
participating in social networks: concerns for external (i.e. others’) privacy. To encourage users’
voluntary information disclosure and ensure their active participation, SNS operators should strive to
provide well-designed control mechanisms that guarantee internal as well as external privacy. So far,
privacy control mechanisms on SNS platforms mainly aim at raising users’ awareness of threats for
internal privacy, if at all. Clearly highlighted privacy settings can increase users’ control perception and
incentivize them to actively participate. For SNS operators it is also essential to ensure privacy
protection with regard to informational and social aspects. SNS operators who seek to strengthen their
users’ loyalty could try to be among the first operators that implement mechanisms to protect external
privacy, thereby differentiating themselves from competitors.
7 LIMITATIONS AND CONCLUSION
This paper is not without limitations. Three limitations of this study are notable and provide avenues for
future research on external privacy. First, our findings are based on the case of Facebook. Future studies
could investigate the role of external privacy on disclosure behavior on different SNS platforms to
confirm the generalizability of our results. Secondly, we examined the effects of perceived ownership,
EIPC, ESPC, and the moderating effect of prior internal privacy invasion on the intention to disclose
information about others. We did not analyze users’ de facto behaviors. In prior literature, several
authors have identified the so-called privacy paradox which characterizes the discrepancy between
individuals’ expressed behavioral intentions and their de facto observable behavior (Awad & Krishnan
2006; Norberg et al. 2007). The question is whether the theoretical construct of individuals’ disclosure
intentions is an appropriate proxy for their de facto disclosure behavior. Future studies are encouraged
to examine individuals’ de facto disclosure behaviors. Finally, data analysis and the results of this study
are based on a student sample. Assuming that the likelihood of privacy invasion experiences increases
with age, samples that are based on a more dispersed age structure could generate different results. In
addition to this, the survey was conducted in Germany, where a controversial debate on privacy and data
protection took place recently. Our results may therefore not be representative of users in other countries
and with different cultural backgrounds. Future studies could thus include other groups of participants.
This study is not only among the first in IS to examine the role of external privacy in individuals’
disclosure behaviors on SNS; it also provides concrete measures, namely EIPC and ESPC. Additionally,
we show that internal privacy invasion experiences shape individuals’ perceptions of EIPC as well as
ESPC, and consequently their disclosure intentions. In summary, this study represents an important first
step towards a better understanding of the nature of external privacy and how it affects users’ disclosure
behaviors. It may therefore be a starting point for future studies on external privacy in various contexts.
8 APPENDIX
Construct
Construct indicators (measured on seven-point, Likert-type scale)
Source
Intention to
disclose
information
about others
(INTO)
INTO_1: I am willing to share pictures of my friends on Facebook.
INTO_2: It is probable that I share pictures of my friends on Facebook.
INTO_3: It is likely that I share pictures of my friends on Facebook.
Adapted
from
Malhotra
et al.
(2004)
External
informational
privacy
concerns
(EIPC)
EIPC_1: It usually bothers me to share pictures of my friends on Facebook.
EIPC_2: I am concerned that Facebook is collecting too many pictures of my
friends.
EIPC_3: I am concerned that unauthorized people may access the pictures of
my friends that I shared on Facebook.
EIPC_4: I am concerned that the pictures I share on Facebook may be kept in
a non-accurate manner.
EIPC_5: I am concerned that Facebook may use the pictures of my friends I
shared for other purposes without notifying me or getting my authorization.
EIPC_6: I am concerned that Facebook may sell friends’ pictures I shared to
other companies.
Adapted
from Xu et
al. (2008)
Social privacy
concerns
exposure
concerns
(EXPC)
EXPC_1: I am concerned that as a result of my picture-sharing on Facebook,
others can make inferences about the physical attributes of my friends.
EXPC_2: I am concerned that as a result of my picture-sharing on Facebook,
others can draw conclusions that could make my friends feel embarrassed.
EXPC_3: I am concerned that as a result of my picture-sharing on Facebook,
others can draw conclusions that could make my friends feel embarrassed.
EXPC_4: I am concerned that as a result of my picture-sharing on Facebook,
others can draw conclusions that could make my friends feel humiliated.
Adapted
from
Solove
(2006)
Social privacy
concerns
intrusion
concerns
(INTRUC)
INTRUC_1: I feel that as a result of my picture-sharing on Facebook, others
know more about my friends than what I am comfortable with.
INTRUC_2: I believe that as a result of my picture-sharing on Facebook,
information about my friends that I consider private is now more readily
available to others than I would want it to be.
INTRUC_3: I feel that as a result of my information-sharing on Facebook,
information about my friends is out there that, if used, will invade their
privacy.
INTRUC_4: I feel that as a result of my information-sharing on Facebook, my
friends' privacy has been invaded by others that collect the data.
Adapted
from Xu et
al. (2008)
Social privacy
concerns
identification
concerns
(IDC)
IDC_1: I am concerned that my friends can be identified based on the pictures
I share on Facebook.
IDC_2: I believe that as a result of my picture-sharing on Facebook, it is much
easier for others to identify my friends.
Adapted
from
Chellappa
and Sin
(2005)
Prior invasion
of internal
privacy (INV)
INV_1: I have already felt myself to be a victim of privacy violation on
Facebook.
INV_2: I have already had bad experiences with violation of my privacy on
Facebook.
INV_3: I have already experienced violation of my privacy on Facebook.
Adapted
from
Bansal and
Gefen
(2010)
Perceived
ownership of
others’
information
(OWNO)
OWNO_1: The pictures of my friends I share on Facebook are my data.
OWNO_2: I feel a high degree of personal ownership for the pictures of my
friends I share on Facebook.
OWNO_3: I sense that the pictures of my friends I share on Facebook are
mine.
Adapted
from Van
Dyne and
Pierce
(2004)
References
Acquisti, A., John, L.K. and Loewenstein, G. (2012). The impact of relative standards on the
propensity to disclose. Journal of Marketing Research, 49 (2), 160-174.
Alashoor, T., Keil, M., Liu, L. and Smith, J. (2015). How values shape concerns about privacy for self
and others. In Proceedings of the 36th International Conference on Information Systems (ICIS),
Fort Worth, Texas, USA.
Altman, I. (1975). The environment and social behavior: Privacy, personal space, territory, and
crowding. Brooks/Cole Publishing Company, Monterey, California.
Andreev, P., Heart, T., Maoz, H. and Pliskin, N. (2009). Validating formative partial least squares
(pls) models: Methodological review and empirical illustration. In Proceedings of the 30th
International Conference on Information Systems (ICIS), Phoenix, Arizona, USA.
Angst, C.M. and Agarwal, R. (2009). Adoption of electronic health records in the presence of privacy
concerns: The elaboration likelihood model and individual persuasion. MIS Quarterly, 33 (2), 339-
370.
Awad, N.F. and Krishnan, M.S. (2006). The personalization privacy paradox: An empirical evaluation
of information transparency and the willingness to be profiled online for personalization. MIS
Quarterly, 30 (1), 13-28.
Bansal, G. and Gefen, D. (2010). The impact of personal dispositions on information sensitivity,
privacy concern and trust in disclosing health information online. Decision Support Systems, 49
(2), 138-150.
Bansal, G., Zahedi, F.M. and Gefen, D. (2016). Do context and personality matter? Trust and privacy
concerns in disclosing private information online. Information & Management, 53 (1), 1-21.
Bates, A.P. (1964). Privacy a useful concept? Social Forces, 42 (4), 429-434.
BBC News (2015). German police warn parents over Facebook pictures of children,
http://www.bbc.com/news/technology-34539059 (visited on 23.02.2016).
Biczók, G. and Chia, P.H. (2013). Interdependent privacy: Let me share your data, In Financial
cryptography and data security, Sadeghi, A.-R. (ed.). Springer, Berlin Heidelberg, 338-353.
Boyd, D.M. and Ellison, N.B. (2007). Social network sites: Definition, history, and scholarship.
Journal of Computer-Mediated Communications, 13 (1), 210-230.
Chellappa, R.K. and Sin, R.G. (2005). Personalization versus privacy: An empirical examination of
the online consumer’s dilemma. Information Technology and Management, 6 (2-3), 181-202.
Chen, J., Ping, W., Xu, Y. and Tan, B.C. (2009). Am i afraid of my peers? Understanding the
antecedents of information privacy concerns in the online social context. In Proceedings of the 30th
International Conference on Information Systems (ICIS), Phoenix, Arizona, USA.
Chen, R. (2013). Living a private life in public social networks: An exploration of member self-
disclosure. Decision Support Systems, 55 (3), 661-668.
Chennamaneni, A. and Taneja, A. (2015). Communication privacy management and self-disclosure on
social media - a case of Facebook. In Proceedings of the 21st Americas Conference on Information
Systems (AMCIS), Puerto Rico, USA.
Child, J.T., Pearson, J.C. and Petronio, S. (2009). Blogging, communication, and privacy
management: Development of the blogging privacy management measure. Journal of the American
Society for Information Science and Technology, 60 (10), 2079-2094.
Child, J.T. and Petronio, S. (2011). Unpacking the paradoxes of privacy in cmc relationships: The
challenges of blogging and relational communication on the internet, In Computer-mediated
communication in personal relationships, Webb, K. W. L. (ed.). Peter Lang, New York, 21-40.
Chin, W.W. (1998). The partial least squares approach to structural equation modeling. Modern
Methods for Business Research, 295 (2), 295-336.
Choi, B.C., Jiang, Z., Xiao, B. and Kim, S.S. (2015a). Embarrassing exposures in online social
networks: An integrated perspective of privacy invasion and relationship bonding. Information
Systems Research, 26 (4), 675-694.
Choi, B.C., Lee, N.T. and Land, L.P.W. (2015b). The effects of general privacy concerns and
transactional privacy concerns on Facebook apps usage. In Proceedings of the 19th Pacific Asia
Conference on Information Systems (PACIS), Singapore.
Choi, C.F.B. and Jiang, Z.J. (2013). Trading friendship for value: An investigation of collective
privacy concerns in social application usage. In Proceedings of the 35th International Conference
on Information Systems (ICIS), Milan, Italy.
Cohen, J.E. (2000). Examined lives: Informational privacy and the subject as object. Stanford Law
Review, 1373-1438.
Culnan, M.J. (1993). "How did they get my name?": An exploratory investigation of consumer
attitudes toward secondary information use. MIS Quarterly, 17 (3), 341-363.
Dinev, T., Bellotto, M., Hart, P., Russo, V., Serra, I. and Colautti, C. (2006). Privacy calculus model in
e-commercea study of italy and the united states. European Journal of Information Systems, 15
(4), 389-402.
Facebook (2015). What names are allowed on Facebook, Help Centre,
https://www.facebook.com/help/112146705538576 (visited on 18.02.2016).
Fornell, C. and Larcker, D.F. (1981). Evaluating structural equation models with unobservable
variables and measurement error. Journal of Marketing Research, 18 (1), 39-50.
Gefen, D., Straub, D. and Boudreau, M.-C. (2000). Structural equation modeling and regression:
Guidelines for research practice. Communications of the Association for Information Systems, 4
(1), 2-79.
Hair, J.F., Ringle, C.M. and Sarstedt, M. (2011). Pls-sem: Indeed a silver bullet. Journal of Marketing
Theory and Practice, 19 (2), 139-152.
Hair, J.F.J., Hult, G.T.M., Ringle, C.M. and Sarstedt, M. (2014). A primer on partial least squares
structural equation modeling (pls-sem). SAGE Publications, Thousand Oaks.
Henseler, J., Ringle, C.M. and Sarstedt, M. (2015). A new criterion for assessing discriminant validity
in variance-based structural equation modeling. Journal of the Academy of Marketing Science, 43
(1), 115-135.
Hu, T., Poston, R.S. and Kettinger, W.J. (2011). Nonadopters of online social network services: Is it
easy to have fun yet. Communications of the Association for Information Systems, 29 (1), 441-458.
Jia, H. and Xu, H. (2015). Measuring individuals’ concerns over collective privacy on social
networking sites. In Proceedings of the 36th International Conference on Information Systems
(ICIS), Fort Worth, Texas, USA.
John, L.K., Acquisti, A. and Loewenstein, G. (2011). Strangers on a plane: Context-dependent
willingness to divulge sensitive information. Journal of Consumer Research, 37 (5), 858-873.
Johnston, A.C. and Warkentin, M. (2010). Fear appeals and information security behaviors: An
empirical study. MIS Quarterly, 34 (3), 549-566.
Kehr, F., Wentzel, D. and Kowatsch, T. (2014). Privacy paradox revised: Pre-existing attitudes,
psychological ownership, and actual disclosure. In Proceedings of the 35th International
Conference on Information Systems (ICIS), Auckland, New Zealand.
Laufer, R.S., Proshansky, H.M. and Wolfe, M. (1973). Some analytic dimensions of privacy, In
Environmental psychology: People and their physical settings, Proshansky, H. M., Ittelson, W. H.
and Rivlin, L. G. (eds.). Holt McDougal, New York.
Malhotra, N.K., Kim, S.S. and Agarwal, J. (2004). Internet users' information privacy concerns
(IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15 (4), 336-
355.
Morlok, T., Matt, C. and Hess, T. (2016). Negative externe Effekte bei der Nutzung mobiler Endgeräte
- Zur Rolle der Privatsphäre Dritter im Entscheidungskalkül des Nutzers. In Proceedings of the
Multikonferenz Wirtschaftsinformatik (MKWI), Ilmenau, Germany.
Norberg, P.A., Horne, D.R. and Horne, D.A. (2007). The privacy paradox: Personal information
disclosure intentions versus behaviors. Journal of Consumer Affairs, 41 (1), 100-126.
Petronio, S. (1991). Communication boundary management: A theoretical model of managing
disclosure of private information between marital couples. Communication Theory, 1 (4), 311-335.
Petronio, S. (2002). Boundaries of privacy: Dialectics and disclosure. State University of New York
Press, Albany.
Petronio, S. (2010). Communication privacy management theory: What do we know about family
privacy regulation? Journal of Family Theory & Review, 2 (3), 175-196.
Petter, S., Straub, D. and Rai, A. (2007). Specifying formative constructs in information systems
research. MIS Quarterly, 31 (4), 623-656.
Pew Research Center (2013). Social media update 2013,
http://www.pewinternet.org/files/2013/12/PIP_Social-Networking-2013.pdf (visited on
22.02.2016).
Phelps, J., Nowak, G. and Ferrell, E. (2000). Privacy concerns and consumer willingness to provide
personal information. Journal of Public Policy and Marketing, 19 (1), 27-41.
Pierce, J.L., Kostova, T. and Dirks, K.T. (2001). Toward a theory of psychological ownership in
organizations. Academy of Management Review, 26 (2), 298-310.
Pu, Y. and Grossklags, J. (2015). Using conjoint analysis to investigate the value of interpendent
privacy in social app adoption scenarios. In Proceedings of the 36th International Conference on
Information Systems (ICIS), Fort Worth, Texas, USA.
Qian, H. and Scott, C.R. (2007). Anonymity and selfdisclosure on weblogs. Journal of Computer
Mediated Communication, 12 (4), 1428-1451.
Ringle, C.M., Wende, S. and Becker, J.-M. (2015). Smartpls 3, www.smartpls.com (visited on
16.02.2016).
Smith, H.J., Dinev, T. and Xu, H. (2011). Information privacy research: An interdisciplinary review.
MIS Quarterly, 35 (4), 989-1016.
Smith, H.J., Milberg, S.J. and Burke, S.J. (1996). Information privacy: Measuring individuals'
concerns about organizational practices. MIS Quarterly, 20 (2), 167-196.
Solove, D.J. (2006). A taxonomy of privacy. University of Pennsylvania Law Review, 154 (3), 477-
564.
Solove, D.J. (2007). The future of reputation: Gossip, rumor, and privacy on the internet. Yale
University Press, New Haven & London.
Tsai, H.-T. and Bagozzi, R.P. (2014). Contribution behavior in virtual communities: Cognitive,
emotional, and social influences. MIS Quarterly, 38 (1), 143-163.
Tsai, J.Y., Egelman, S., Cranor, L. and Acquisti, A. (2011). The effect of online privacy information
on purchasing behavior: An experimental study. Information Systems Research, 22 (2), 254-268.
Van Dyne, L. and Pierce, J.L. (2004). Psychological ownership and feelings of possession: Three field
studies predicting employee attitudes and organizational citizenship behavior. Journal of
Organizational Behavior, 25 (4), 439-459.
Wang, Y. and Midha, V. (2012). User self-disclosure on health social networks: A social exchange
perspective. In Proceedings of the 33rd International Conference on Information Systems (ICIS),
Orlando, Florida, USA.
Wilson, D.W., Proudfoot, J.G. and Valacich, J.S. (2014). Saving face on Facebook: Privacy concerns,
social benefits, and impression management. In Proceedings of the 35th International Conference
on Information Systems (ICIS), Auckland, New Zealand.
Xu, C.M., Benbasat, I. and Cavusoglu, H. (2012a). Trusting those who trust you: A study on trust and
privacy on Facebook. In Proceedings of the 33rd International Conference on Information Systems
(ICIS), Orlando, Florida, USA.
Xu, H., Dinev, T., S., H. J. and Hart, P. (2008). Examining the formation of individual's privacy
concerns: Toward an integrative view. In Proceedings of the 29th International Conference on
Information Systems (ICIS), Paris, France.
Xu, H., Teo, H.H., Tan, B.C.Y. and Agarwal, R. (2012b). Effects of individual self-protection,
industry self-regulation, and government regulation on privacy concerns: A study of location-based
services. Information Systems Research, 23 (4), 1342-1363.
Yoo, C.W., Ahn, H.J. and Rao, H.R. (2012). An exploration of the impact of information privacy
invasion. In Proceedings of the 33rd International Conference on Information Systems (ICIS),
Orlando, Florida, USA.
... Otherwise, they were asked to complete another survey containing questions about the performance of the app and on the following privacy-related constructs: perceived risks (RSK), perceived control (CTRL), perceived benefits (BEN), and external information privacy concerns (EIPC). All constructs were previously elaborated and validated by other authors (i.e., EIPC by Morlok [32] and the rest by Krasnova et al. [26]) and measured using a 7-point Likert scale ranging from 1 = "strongly disagree" to 7 = "strongly agree". A summary of all employed constructs can be found in the Appendix. ...
... Such concerns play an important role in OSN platforms like Instagram since users can easily compromise the privacy of other individuals when sharing group pictures. Hence, it is to expect that those with higher EIPC would be more reluctant to share information or pictures portraying others [32]. Nevertheless, our results are still preliminary and call for additional research efforts. ...
... In all cases the coefficient was higher than 0.70, which suggests that the items of each construct scale have a relatively high internal consistency (values higher than 0.7 are usually considered "acceptable"). As mentioned in Section 4, all constructs were originally introduced by Krasnova et al. [26], except for External Information Privacy Concerns (EIPC) which was elaborated by Morlok [32]. It should be noted that the Perceived Benefits (BEN) construct encompasses Convenience (CON), Relationship Building (RB), Self-Representation (SR), and Enjoyment (EN) (we have aggregated these benefits into a single BEN score). ...
Preprint
Online self-disclosure is perhaps one of the last decade's most studied communication processes, thanks to the introduction of Online Social Networks (OSNs) like Facebook. Self-disclosure research has contributed significantly to the design of preventative nudges seeking to support and guide users when revealing private information in OSNs. Still, assessing the effectiveness of these solutions is often challenging since changing or modifying the choice architecture of OSN platforms is practically unfeasible. In turn, the effectiveness of numerous nudging designs is supported primarily by self-reported data instead of actual behavioral information. This work presents ENAGRAM, an app for evaluating preventative nudges, and reports the first results of an empirical study conducted with it. Such a study aims to showcase how the app (and the data collected with it) can be leveraged to assess the effectiveness of a particular nudging approach. We used ENAGRAM as a vehicle to test a risk-based strategy for nudging the self-disclosure decisions of Instagram users. For this, we created two variations of the same nudge and tested it in a between-subjects experimental setting. Study participants (N=22) were recruited via Prolific and asked to use the app regularly for 7 days. An online survey was distributed at the end of the experiment to measure some privacy-related constructs. From the data collected with ENAGRAM, we observed lower (though non-significant) self-disclosure levels when applying risk-based interventions. The constructs measured with the survey were not significant either, except for participants' External Information Privacy Concerns. Our results suggest that (i) ENAGRAM is a suitable alternative for conducting longitudinal experiments in a privacy-friendly way, and (ii) it provides a flexible framework for the evaluation of a broad spectrum of nudging solutions.
... aligning the rational, irrational and structural privacy conditions with the customers' expectations), companies could gain a strategic advantage in the market today (Li et al. 2019;Seo et al. 2018). These capabilities have already been linked to higher trust and customer satisfaction (Dehghanpouri et al., 2020;Eastlick et al. 2006;Featherman et al. 2010;Wu et al. 2012), willingness to share data (Dinev and Hart 2006;Hui et al. 2007;Morlok 2016), damage control for data breaches (Malhotra and Malhotra 2011) and even firm performance . ...
... However, other recommendations within this code cover incentives, rewards, or nudges designed to influence customers' motivation to proactively pursue protective measures regarding their privacy. Often and clearly highlighting the social value of using privacy controls might incentivise customers to protect themselves and others (Morlok 2016). The same could be achieved by piquing users' curiosity by an incremental release of information about privacy protection (Kitkowska et al. 2020). ...
... Our understanding of the privacy paradox has grown over the past two decades beyond the dichotomous view of rationality vs. irrationality. However, the nature Fig. 8 Connections between service development codes and appearance of the paradox is highly context-and personality-sensitive (Bansal et al. 2016;Dinev et al. 2012;James et al. 2015;Morlok 2016;Plangger and Montecchi 2020;Waters and Ackerman 2011). This is reflected in the increased use of the 'Antecedents-Privacy Concerns-Outcomes' (APCO) model (Dinev et al. 2015) outside of IS research streams and in the fact that more than half of all analysed papers utilise two or more theories to explain the privacy paradox (see Fig. 9). ...
Article
Full-text available
The discrepancy between informational privacy attitudes and actual behaviour of consumers is called the “privacy paradox”. Researchers across disciplines have formulated different theories on why consumers’ privacy concerns do not translate into increased protective behaviour. Over the past two decades multiple differing explanations for the paradox have been published. However, authors generally agree that companies are in a strong position to reduce consumers’ paradoxical behaviour by improving their customers’ informational privacy. Hence, this paper aims at answering the question: How can companies address the privacy paradox to improve their customers’ information privacy? Reviewing a sample of improvement recommendations from 138 papers that explore 41 theories in total, we determined that companies can generally align their privacy practices more closely with customers’ expectations across 4 inter-connected managerial processes: (1) strategic initiatives, (2) structural improvements, (3) human resource management, and (4) service development. The findings of this systematic literature review detail how companies can address both the rational and irrational nature of the privacy decision-making process. Furthermore, we propose a dynamic model able to identify weaknesses and strengths in companies’ privacy orientation.
... When users decide to disclose information online, they weigh costs vs. benefits, and the balance determines what information should be considered public vs. private (Chennamaneni and Taneja, 2015). From this perspective, users create boundaries to determine the contexts and circumstances that specific information should be disclosed (Morlok, 2016). As such, individuals expect that information disclosed will be protected such that their privacy expectations are met. ...
Article
Purpose While social networking sites (SNS) have many positive aspects, they can have several adverse outcomes, among which privacy violations are a vital concern. The authors first posit that concerns regarding privacy violations can drive attempts to reduce SNS use. Next, the authors note that these violations can have two sources: peers and the social media provider. Thus, there is a need to understand how this complex system of privacy concerns affects use reduction decisions. To do so, this paper aims to examine the separate and joint roles of institutional and peer privacy concerns in driving SNS use reduction. Design/methodology/approach Based on privacy calculus theory, the authors propose a theoretical model to explain SNS use reduction, with institutional and peer privacy concerns as independent variables. The authors empirically examine the research model using a sample of 258 SNS users. Findings This study reveals that institutional and peer privacy concerns independently increase one's intention to reduce SNS use and that institutional privacy concern strengthen the relation between peer privacy concern and the intention to reduce SNS use. Originality/value Research thus far has not examined how the two facets of privacy work in tandem to affect 'users' decisions to change their behaviors on SNS platforms. Considering the unique and joint effect of these facets can thus provide a more precise and realistic perspective. This paper informs theories and models of privacy and online user behavior change.
... Morlok (2016). ...
Chapter
Full-text available
Zusammenfassung Die immer stärkere Durchdringung von Wirtschaft und Gesellschaft mit digitalen Technologien führt dazu, dass Daten in bislang ungekanntem Maß (teil-) automatisch erhoben, gespeichert und verarbeitet werden. Gleichzeitig ist es einfacher möglich, Daten aus unterschiedlichen Quellen miteinander zu verknüpfen und auszuwerten. Der so geschaffene Zugang zu großen Datenbeständen kann das Entscheidungsverhalten von Unternehmen und Verbrauchern verändern, mitunter sogar auch über die Grenzen von physischer und digitaler Welt hinweg. In einer derartigen „Datenökonomie“ entstehen zahlreiche Möglichkeiten für Unternehmen und Konsumenten. So etwa können Unternehmen durch personenbezogene Daten mehr über bestehende und potentielle Konsumenten erfahren oder mit personenbezogenen Daten als ökonomisch handelbares Gut auf Datenmärkten partizipieren. Konsumenten können durch die Preisgabe ihrer Daten profitierten, etwa indem sie von verbesserten Angeboten profitieren oder Daten als Zahlungsmittel nutzen. Die personenbezogenen Daten haben somit sowohl für die Konsumenten als auch für die anfragenden Unternehmen einen Wert und gleichzeitig einen damit verbundenen Preis. Es zeigt sich somit ein facettenreiches Bild hinsichtlich der zugrunde liegenden Austauschbeziehung zwischen Unternehmen und Konsumenten. Dieser Beitrag verfolgt das Ziel, anhand einzelner exemplarischer Kontexte, das ökonomische Verständnis von Privatheit als Wechselspiel zwischen Anbieter und Nachfrager aufzuzeigen und insbesondere mittels aktueller Erkenntnisse zu erweitern. Aus unternehmenszentrierter Perspektive wird der Datenhandel mit personenbezogenen Daten sowie die unternehmensinterne Verwendung von Daten zwecks Auswertung dargestellt. Aus verbraucherorientierter Perspektive wird die Zahlungsbereitschaft für den Verzicht auf die Weitergabe von Daten sowie die Bereitschaft zur Offenlegung von Daten betrachtet.
... Morlok (2016). ...
Chapter
Full-text available
Zusammenfassung Der Beitrag erläutert die Aspekte des Daten- und Privatheitsschutzes durch Systemgestaltung. Auf eine einleitende Erläuterung der Systemgestaltung folgt eine Darstellung des Risikobegriffs der DSGVO. Der Risikobegriff als zentraler Bestandteil und wesentliche Neuerung im harmonisierten Datenschutzrecht stellt zugleich den Maßstab für die Anforderungen an die Systemgestaltung dar. Der sog. risikobasierte Ansatz ist dabei nicht nur für eine Betrachtung der Datenschutzrisiken der betroffenen Personen maßgeblich, sondern erfordert eine umfassende Berücksichtigung sämtlicher aus Datenverarbeitungsvorgängen resultierenden Risiken für die Rechte und Freiheiten natürlicher Personen. Eine solche Beurteilung setzt voraus, dass die Verantwortlichen die spezifischen Grundrechtsrisiken ihrer Datenverarbeitungsvorgänge identifizieren können. Daher stellt der Beitrag einen Ansatz der Risikoerkennung vor, der auf einer systematischen Darstellung der jeweiligen Datenverarbeitung aufbaut und diese mit einer zeitlichen Systematisierung möglicher Grundrechtsausübung verknüpft, die eine solche Risikoerkennung für die Verantwortlichen erleichtern kann. Sodann werden die maßgeblichen Kriterien für die Bewertung der Risiken vorgestellt. Hierbei kommt es auf die Art, den Umfang, die Umstände und die Zwecke der jeweiligen Verarbeitung personenbezogener Daten an. Auf der Grundlage der so erkannten und bewerteten Risiken können Verantwortliche im Vorfeld einer Datenverarbeitung eine datenschutzkonforme Systemgestaltung sicherstellen. Dies umfasst sowohl die Umsetzung der Anforderungen an Datenschutz durch Technikgestaltung, d. h. die Implementierung technischer und organisatorischer Maßnahmen auf Grundlage der erkannten Risiken und Datenschutzgrundsätze, als auch die Berücksichtigung datenschutzfreundlicher Voreinstellungen. Zuletzt werden Spannungsfelder datenschutzrechtlicher Sachverhalte angesprochen. Die Querverbindungen und Auswirkungen datenschutzfreundlicher Verarbeitungsverfahren auf etwa Aspekte der Informationsfreiheit (im Kontext öffentlicher Stellen), des Umweltschutzes, des Datenzugangs und des Kartellrechts werden beleuchtet. Mit einer Folgenabschätzung sowie einer frühzeitigen und systematischen datenschutzfreundlichen Systemgestaltung lassen sich in der Regel Lösungen finden, die sämtliche Anforderungen in ausreichendem Maße berücksichtigen.
... Morlok (2016). ...
Chapter
Full-text available
Zusammenfassung Dieses Kapitel fokussiert den digitalen Fußabdruck einer Person, der typischerweise größer wird und der immer elaborierteren Auswertungsmöglichkeiten zugeführt wird. Die Autor:innen begründen die Vergrößerung des Fußabdrucks mit drei miteinander verschränkten technischen Trends: Hyperkonvergenz der Informationstechnologie, Hyperkonnektivität sowie mehr und mehr entstehende dynamische Informations-Ökosysteme. Um gezielt Gestaltungsvorschläge für privatheitsfreundliche Systeme entwickeln zu können, so die weitere Argumentation, müssen zunächst Angriffs- und Bedrohungspotenziale, die aus diesen Trends entstehen, betrachtet werden. Diese werden an Hand von vier Beispielen erläutert: Datenschutz im Domain Name System, bei mobilen Diensten wie Dating-Apps und Lern-Apps, bei vernetzten und smarten Objekten wie Smart-TVs oder Smart Cars sowie in öffentlichen, freien WLANs. Die Autor:innen zeigen mittels Generalisierung der gegebenen Beispiele das mögliche Spannungsverhältnis zwischen dem Innovationspotential von Digitalisierung und den wirtschaftlichen Interessen von Unternehmen auf der einen Seite sowie den Privatheitsinteressen der Nutzenden auf der anderen Seite auf. Dieses Spannungsverhältnis spiegelt auch der bestehende rechtliche Rahmen wieder. Die Autor:innen zeigen aber auch, dass Innovation und Privatheit durchaus vereinbar sind, beispielsweise wenn gerade mit und durch technische Innovationen geeignete „Privacy-enhancing Technologies“ (PETs) entwickelt und genutzt werden. Wie dies aussehen kann, wird an Hand von drei konkreten technischen Umsetzungsbeispielen (Me&MyFriends; WallGuard und Metaminer) illustriert. Me&MyFriends ist ein Selbstbewertungstool für Nutzer:innen, welches es ermöglicht, auf Basis von transparent gemachten Beziehungsgraphen detailliertes Wissen über hinterlassene digitale Spuren bei der Nutzung von Online Social Media zu erlangen. WallGuard dient der präventiven Erkennung von Social-Media-Beiträgen, die möglicherweise ein späteres Bereuen nach sich ziehen könnten. MetaMiner ist ein nutzerzentriertes Framework, das eine Verbesserung der Transparenz über die Netzwerkinteraktionen des mobilen Geräts ermöglicht. Gemeinsam ist den drei Gestaltungsvorschlägen, dass sie aufzeigen, wie wirkungsvoll Transparenz über den persönlichen digitalen Fußabdruck für den Schutz der informationellen Selbstbestimmung sein kann.
... Morlok (2016). ...
Chapter
Full-text available
Zusammenfassung Der Beitrag wendet sich dem ambivalenten Zusammenspiel von Privatheit und Digitalität zu, indem er deren Relevanz für Diskurse und Praktiken der Selbstbestimmung ausleuchtet und auf die soziotechnischen Transformationen dieses Zusammenspiels bezieht. Privatheit und Digitalität werden dabei als gesellschaftlich mitkonstituierte Sozialformen, Assemblagen oder Kommunikationsverhältnisse perspektiviert, die von historisch sich wandelnden soziokulturellen Einflussgrößen durchzogen sind. Um die skizzierte Perspektive einzunehmen werden wir zunächst die einschlägigen soziologischen Wissensbestände zu einer kursorischen Darstellung gesellschaftstheoretischer Perspektiven auf Privatheit verdichten. Daraufhin wenden wir uns den soziologischen Digitalisierungsforschungen zu, die die Konzeptualisierung von Privatheit nicht unberührt lassen. Hierbei wird v. a. herausgearbeitet, dass das soziologische und gesellschaftstheoretische Bild von Privatheit um Aspekte des Technischen und Materiellen erweitert werden muss. Theoretisch entsprechend eingestellt werden wir sodann eine Analyse von Selbstbestimmung unter soziodigitalen Verhältnissen präsentieren, die sich an vier zentralen Problemfeldern von Privatheit und Digitalität entfaltet: Die soziale Prämierung von Sichtbarkeit; soziale Konsequenzen digitaler Verhaltensformung; die soziale Dynamik datenökonomischer Erlösmodelle; sowie die Auswirkungen, die sich aus alldem für die Entscheidungsfreiheiten von Nutzenden ergeben. Im Fazit des Beitrags werden Konsequenzen für eine demokratische und an Selbstbestimmung orientierte Gestaltung von Privatheit benannt. Hierbei zeigt sich ein erheblicher Bedarf an einer Politik der Gestaltung und Regulierung von soziodigitalen Infrastrukturen, die eine Datenökonomie befördert, welche sich der demokratischen Kontrolle, Mitbestimmung und v. a. der Kritik öffnet. Zentrale Kompetenz individueller, wie kollektiver Selbstbestimmung wird damit die Fähigkeit zur Kritik der normierenden Gehalte und Effekte soziodigitaler Infrastrukturen. Diese muss aus den soziodigitalen Verhältnissen und praktischen Situationen selbst erwachsen und die Pluralität von Rechtfertigungsordnungen moderner Gesellschaften einbeziehen, um so die Kontingenz bestehender normativer Ordnungen erfahrbar und alternative Infrastrukturgestaltungspfade begehbar zu machen: Nur wenn die Infrastrukturen gewährleisten, dass der Faden zur kritischen Praxis nicht reißt, kann Privatheit unter soziodigitalen Bedingungen Ort der Selbstbestimmung bleiben.
... Morlok (2016). ...
Chapter
Full-text available
Zusammenfassung Die globale Digitalisierung nahezu aller Lebensbereiche gefährdet zunehmend die individuelle und demokratische Selbstbestimmung und erfordert umso stärker ihren normativen Schutz. Doch die Bedingungen für diesen Schutz haben sich radikal geändert. Konzepte, Institutionen und Instrumente, die für diesen Schutz in den 1970er Jahren für die Gefährdung durch kommunale Gebietsrechenzentren entworfen wurden, genügen nicht mehr für den Schutz gegenüber globalen digitalen Infrastrukturen, die das alltägliche Leben bestimmen. Der Beitrag analysiert die Herausforderungen für das Grundrecht auf Datenschutz und informationelle Selbstbestimmung, untersucht das aktuelle Schutzkonzept der Datenschutz-Grundverordnung und seine Governance-Struktur, diskutiert Schutzverbesserungen in dem neugeschaffenen Regelungsumfeld und erörtert mögliche neue Konzepte und Instrumente zum Grundrechtsschutz in der globalen digitalen Transformation. Als besondere Herausforderungen der relevanten Grundrechte werden technische und gesellschaftliche Entwicklungen in Form von neuen Datenquellen, virtuellen Infrastrukturen, Big Data und Künstlicher Intelligenz identifiziert. Das aus den relevanten Grundrechten abgeleitete Schutzkonzept des Datenschutzrechts wird auf Ebene von Einwilligung, Transparenz, Zweckbindung, Datenminimierung und auf Ebene der Betroffenenrechten durch diese Entwicklungen ausgehöhlt. Die Datenschutz-Grundverordnung hat zwar Verbesserungen bewirkt, jedoch bleiben die bestehenden Probleme in ihrem Kern vielfach ungelöst. Es ist deshalb auch nach dem Geltungsbeginn der Datenschutz-Grundverordnung eine Weiterentwicklung des Governance-Rahmens erforderlich. Hier sind neben der Europäischen Kommission auch nationale Gesetzgeber, Behörden und Gerichte gefragt. Notwendig ist sowohl eine Fortentwicklung der Datenschutz-Grundverordnung als auch eine strukturelle Modernisierung des Datenschutzrechts. Als Konzepte und Instrumente zur Bewältigung der beschriebenen Herausforderungen bieten sich die rechtliche Gestaltung grundrechtsriskanter Techniksysteme, eine Objektivierung des Grundrechtsschutzes, die Etablierung von Infrastrukturverantwortung sowie eine Globalisierung des Grundrechtsschutzes an.
... Morlok (2016). ...
Chapter
Full-text available
Zusammenfassung Die Nutzung des Internets führt auf der einen Seite zu unzähligen Erleichterungen des täglichen Lebens, kann auf der anderen Seite allerdings auch zu Verletzungen der persönlichen Privatsphäre führen, da viele Firmen private Daten der Nutzenden sammeln. Noch sind Nutzende allerdings primär selbst in der Verantwortung, diese Privatheitsrisiken zu minimieren, da selbst strenge Datenschutzverordnungen wie die europäische DSGVO die Verantwortung für zahlreiche Entscheidungen bei den Nutzenden sehen. Daher ist es von großer Wichtigkeit, die persönlichen Motive für das Anwenden oder nicht Anwenden von Schutzmaßnahmen zu verstehen, um Nutzende gegebenenfalls unterstützen zu können. Vor diesem Hintergrund analysiert dieser Beitrag sieben empirische Untersuchungen und ordnet deren Hauptergebnisse in den empirischen Kontext bezüglich des Selbstdatenschutzes ein. Generell scheinen Nutzende motiviert zu sein, die eigene Privatsphäre online zu schützen, wobei einfach anzuwendende Schutzmaßnahmen häufiger verwendet werden als komplexere Strategien. Des Weiteren deuten die Studien darauf hin, dass das generelle Schutzverhalten bzw. die Schutzmotivation von einer Vielzahl unterschiedlicher psychologischer Faktoren beeinflusst werden. Einen besonders wichtigen Einfluss hat dabei die Wahrnehmung von Privatheitsrisiken, wobei auch weitere Variablen einen positiven Einfluss auf den Selbstdatenschutz haben, wie zum Beispiel die empfundene Effizienz des Schutzverhaltens, ein Bedürfnis nach höherem Privatheitsschutz oder eine ausgeprägtere Privatheitskompetenz. Allerdings gibt es auch Faktoren, die sich negativ auf das Schutzverhalten auswirken können, wie zum Beispiel Resignation, also der Glaube, dass Datenschutz nicht zu mehr tatsächlicher Privatheit führe. Schließlich deuten einige Ergebnisse der Untersuchungen darauf hin, dass ein probates Mittel für ein umsichtigeres Privatheitsverhalten im Netz die Schaffung von Transparenz sein kann. Dabei hat sich als wichtig herausgestellt, dass relevante Informationen möglichst kurz gehalten werden, damit Nutzende nicht überfordert sind. Besonders förderlich für Schutzverhalten sind außerdem Informationen darüber, welche Privatheitsrisiken bestehen und wie man diese effizient vermeiden kann. Vor dem Hintergrund der zusammengetragenen Ergebnisse scheint es besonders sinnvoll, Nutzende mit Wissen auszustatten, welche negativen Konsequenzen verschiedene Verhaltensweisen im Netz haben können und wie man sich effizient vor diesen Konsequenzen schützen kann.
... The concerns regarding personal information theft and misuse are experienced by the general internet (Zhou & Li, 2014). Indeed, when an individual discloses information the belongs to someone else, that person tends to disregard the issue of personal safety potentially lurking (Morlok, 2016). Additionally, sharenting practice raises another layer of issue of parental responsibility in guarding children's safety that might be compromised because of the children's personal information disclosure (Wagner & Gasche, 2018). ...
Article
The practice of publishing photos and videos containing children’s private information on social media—also known as sharenting—is popular among parents in Jakarta. Embarking from the debate about privacy paradox in which it is believed that privacy concern does not predict someone’s behaviors in managing his/her private information online, this research aims to reveal the considerations underlying parental decisions when sharing their children’s private information through social media and their perceived risk toward their children’s online safety. Using a qualitative approach, the researcher conducted interviews with 20 parents in Jakarta with at least one child younger the 13 years. The result suggests that the perceived benefit of sharenting exceeds its perceived risks. The study also found four reasons why parents exercise sharenting: to document their children’s development, to gain social support from their followers on social media, and to overcome loneliness as new parents and the low self-efficacy of parents in protecting children’s privacy on the internet. Unsurprisingly sharenting through social media has become a growing trend among parents. This finding thus will be useful as a groundwork to develop an intervention program regarding relevant sharenting in the context of Jakarta, Indonesia.
Conference Paper
Full-text available
In this globally connected world, maintaining information privacy has become an issue to both individuals and societies. People from different cultural backgrounds not only perceive the importance of privacy differently but also may differ in terms of how they assess the sensitivity of private information, which might consequently affect their disclosure behaviors. Studying privacy concerns through cultural-values has received some attention but several gaps exist that call for further investigations. In this research-in-progress, we extend this research area by adopting Schwartz's theory to study the critical roles that personal and social values play in shaping concerns about privacy. Specifically, we plan to examine the impact of values on concerns about privacy for both self and others, and how these concerns influence self-disclosure behaviors. We aim to test our research model in different cultures (U.S., Europe, and Asia) while accounting for different contexts (social networks, online retail websites, and health websites).
Article
Full-text available
Provides a nontechnical introduction to the partial least squares (PLS) approach. As a logical base for comparison, the PLS approach for structural path estimation is contrasted to the covariance-based approach. In so doing, a set of considerations are then provided with the goal of helping the reader understand the conditions under which it might be reasonable or even more appropriate to employ this technique. This chapter builds up from various simple 2 latent variable models to a more complex one. The formal PLS model is provided along with a discussion of the properties of its estimates. An empirical example is provided as a basis for highlighting the various analytic considerations when using PLS and the set of tests that one can employ is assessing the validity of a PLS-based model. (PsycINFO Database Record (c) 2012 APA, all rights reserved)
Article
Full-text available
With the rise of social networking sites (SNSs), individuals not only disclose personal information but also share private information concerning others online. While shared information is co-constructed by self and others, personal and collective privacy boundaries become blurred. Thus there is an increasing concern over information privacy beyond the individual perspective. However, limited research has empirically examined if individuals are concerned about privacy loss not only of their own but their social ties’; nor is there an established instrument for measuring the collective aspect of individuals’ privacy concerns. In order to address this gap in existing literature, we propose a conceptual framework of individuals’ collective privacy concerns in the context of SNSs. Drawing on the Communication Privacy Management (CPM) theory (Petronio, 2002), we suggest three dimensions of collective privacy concerns, namely, collective information access, control and diffusion. This is followed by the development and empirical validation of a preliminary scale of SNS collective privacy concerns (SNSCPC). Structural model analyses confirm the three-dimensional conceptualization of SNSCPC and reveal antecedents of SNS users’ concerns over violations of the collective privacy boundaries. This paper serves as a starting point for theorizing privacy as a collective notion and for understanding online information disclosure as a result of social interaction and group influence.
Article
Full-text available
Information technology executives strive to align the actions of end users with the desired security posture of management and of the firm through persuasive communication. In many cases, some element of fear is incorporated within these communications. However, within the context of computer security and information assurance, it is not yet clear how these fear-inducing arguments, known as fear appeals, will ultimately impact the actions of end users. The purpose of this study is to investigate the influence of fear appeals on the compliance of end users with recommendations to enact specific individual computer security actions toward the mitigation of threats. An examination was performed that culminated in the development and testing of a conceptual model representing an infusion of technology adoption and fear appeal theories. Results of the study suggest that fear appeals do impact end user behavioral intentions to comply with recommended individual acts of security, but the impact is not uniform across all end users. It is determined in part by perceptions of self-efficacy, response efficacy, threat severity, and social influence. The findings of this research contribute to information systems security research, human computer interaction, and organizational communication by revealing a new paradigm in which IT users form perceptions of the technology, not on the basis of performance gains, but on the basis of utility for threat mitigation.
Conference Paper
Full-text available
Mobile Endgeräte mit Kamerafunktion erlauben es ihren Nutzern, bildliche Daten der Umgebung und somit auch von Dritten zu erfassen. Dies impliziert jedoch negative externe Effekte, da die Erfassung Dritter ein Eindringen in deren Privatsphäre darstellen kann. Bisherige Forschung hat sich vor allem darauf konzentriert, wie sich ein wahrgenommenes Eindringen in die eigene Privatsphäre auf das individuelle Technologienutzungsverhalten auswirkt. Da die Privatsphäre Dritter bei der Nutzung mobiler Endgeräte jedoch ebenfalls betroffen sein kann, ist es notwendig, deren Rolle im Entscheidungskalkül des Nutzers zu analysieren. Dieser Research-in-Progress Beitrag erweitert auf Basis der Communication Privacy Management Theory die bestehende Privatsphäre-Literatur um das Konzept der Privatsphäre Dritter. Der Beitrag liefert theoretische und methodische Grundlagen für die Untersuchung, wie sich die Wahrnehmung eines Eindringens in die Privatsphäre Dritter auf die individuelle Nutzungsintention der Technologienutzer auswirkt.
Article
The statistical tests used in the analysis of structural equation models with unobservable variables and measurement error are examined. A drawback of the commonly applied chi square test, in addition to the known problems related to sample size and power, is that it may indicate an increasing correspondence between the hypothesized model and the observed data as both the measurement properties and the relationship between constructs decline. Further, and contrary to common assertion, the risk of making a Type II error can be substantial even when the sample size is large. Moreover, the present testing methods are unable to assess a model's explanatory power. To overcome these problems, the authors develop and apply a testing system based on measures of shared variance within the structural model, measurement model, and overall model.
Article
A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM), by Hair, Hult, Ringle, and Sarstedt, provides a concise yet very practical guide to understanding and using PLS structural equation modeling (PLS-SEM). PLS-SEM is evolving as a statistical modeling technique and its use has increased exponentially in recent years within a variety of disciplines, due to the recognition that PLS-SEM’s distinctive methodological features make it a viable alternative to the more popular covariance-based SEM approach. This text includes extensive examples on SmartPLS software, and is accompanied by multiple data sets that are available for download from the accompanying website (www.pls-sem.com).