Article

The role of privacy fatigue in online privacy behavior

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

The increasing difficulty in managing one's online personal data leads to individuals feeling a loss of control. Additionally, repeated consumer data breaches have given people a sense of futility, ultimately making them weary of having to think about online privacy. This phenomenon is called “privacy fatigue.” Although privacy fatigue is prevalent and has been discussed by scholars, there is little empirical research on the phenomenon. This study aimed not only to conceptualize privacy fatigue but also to examine its role in online privacy behavior. Based on literature on burnout, we developed measurement items for privacy fatigue, which has two key dimensions —emotional exhaustion and cynicism. Data analyzed from a survey of 324 Internet users showed that privacy fatigue has a stronger impact on privacy behavior than privacy concerns do, although the latter is widely regarded as the dominant factor in explaining online privacy behavior.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Information transparency is about the willingness to provide service and organizational information to users. Evidence suggests that information transparency positively correlates with disengagement behaviour (Choi, Park, & Jung, 2018). For example, The US department of commerce in 2017 found a low performance in e-commerce in the US despite the rapid growth experienced in e-commerce around the time and attributes its low levels of information transparency on commerce sites (U.S. ...
... Subsequent releases, such as Facebook-Cambridge Analytica's case in 2016, further highlight user data collection in hindsight for several reasons like political advertising (Chan, 2020;Doffman, 2019). These phenomena increase concerns with state or government access to disclosed information of users, thus, making information transparency a touchy one (Choi et al., 2018). Where privacy information transparency is lacking, users are forced into the 'black box' of service providers (Choi et al., 2018) and may perceive no effective means of dealing with such information risks situation or engagement (Widjajaa, Jengchung, Sukococ, & Quang-An, 2019). ...
... These phenomena increase concerns with state or government access to disclosed information of users, thus, making information transparency a touchy one (Choi et al., 2018). Where privacy information transparency is lacking, users are forced into the 'black box' of service providers (Choi et al., 2018) and may perceive no effective means of dealing with such information risks situation or engagement (Widjajaa, Jengchung, Sukococ, & Quang-An, 2019). ...
Article
Privacy information transparency is generally considered desirable and should be enabled and upheld. It has gained increasing attention giving the emergence of new information technologies and their affordances for e-governance and governments. This study examines the proposition that privacy information transparency is amiable to mitigating privacy fatigue in e-government. The study identifies the antecedents of privacy information transparency of an e-government website, and its influence on privacy fatigue manifested in emotional exhaustion and cynicism. A survey conducted in Cyprus harnessed user responses, and the data analyzed using a partial least square structural equation analysis method. Findings reveal that; (1) user data collection and data use information aspects of online privacy significantly impact privacy information transparency; and (2) privacy information transparency positively impacts both cynicism behaviour and emotional exhaustion. This study extends the concept of privacy fatigue into e-government and contributes to an empirical evaluation of its relationship with privacy information transparency.
... In these settings, the identity of the users is often masked by pseudonyms or entirely anonymous. Instead, general purpose social media platforms usually encourage the usage of the real identity, although this does not prevent their users from disclosing very private information [12][13][14]. Moreover, the sensitivity of social media texts is harder to detect, because the context of a post play a fundamental role as well. ...
... In conclusion, in our work, we do not make any "anonymity" or "privacy settings" assumption, since it has been shown that users tend to underestimate or simply overlook their privacy risk [12][13][14]. Consequently, we analyze and characterize sensitive posts directly. In a very preliminary version of our work, we tried to give a more generic definition of sensitivity [19]. ...
... In our corpus, sensitivity has a broader definition than self-disclosure and we think that this better captures the actual privacy-sensitive content that can be found in general-purpose social media. More than that, we do not make any anonymity assumption, in line with recent studies on the privacy paradox [12] and privacy fatigue [13] that show that many users tend to underestimate or simply overlook their privacy risk when posting on social media platforms. ...
Article
Full-text available
User-generated contents often contain private information, even when they are shared publicly on social media and on the web in general. Although many filtering and natural language approaches for automatically detecting obscenities or hate speech have been proposed, determining whether a shared post contains sensitive information is still an open issue. The problem has been addressed by assuming, for instance, that sensitive contents are published anonymously, on anonymous social media platforms or with more restrictive privacy settings, but these assumptions are far from being realistic, since the authors of posts often underestimate or overlook their actual exposure to privacy risks. Hence, in this paper, we address the problem of content sensitivity analysis directly, by presenting and characterizing a new annotated corpus with around ten thousand posts, each one annotated as sensitive or non-sensitive by a pool of experts. We characterize our data with respect to the closely-related problem of self-disclosure, pointing out the main differences between the two tasks. We also present the results of several deep neural network models that outperform previous naive attempts of classifying social media posts according to their sensitivity, and show that state-of-the-art approaches based on anonymity and lexical analysis do not work in realistic application scenarios.
... Furthermore, an increasing number of consent requests users have to respond to brings another challenge to engineering consent mechanisms. When there are too many service providers asking a user for consent to data use, at some point the user starts simply granting consent without understanding the consequences (Choi et al., 2018). As a result, this leads the user to the feeling of a loss of control and a sense of 'weariness' towards privacy issues (Choi et al., 2018). ...
... When there are too many service providers asking a user for consent to data use, at some point the user starts simply granting consent without understanding the consequences (Choi et al., 2018). As a result, this leads the user to the feeling of a loss of control and a sense of 'weariness' towards privacy issues (Choi et al., 2018). To that end, critics of the current status quo of consent mechanisms conclude that they struggle to scale (Solove, 2013). ...
... Another issue relates to the consent transaction overload, i.e. a situation when there are too many consent requests for an individual to consider (Cate, 2006;Schermer et al., 2014). Consequently, the increasing difficulty on the user's side in managing their personal data leads to them feeling a loss of control and a sense of 'weariness' towards privacy issues, in which users believe that there is no effective means of managing their personal data (Choi et al., 2018). As a result, excessive consent requests lead to consent fatigue (Schermer et al., 2014), which reflects users' tendency to simply accept a privacy notice without reading it (Choi et al., 2018). ...
Thesis
As the number of online services powered by personal data is growing, the technology behind those services raises unprecedented concerns with regard to users’ privacy. Although there are significant privacy engineering efforts made to provide users with an acceptable level of privacy, often users lack mechanisms to understand, decide and control how their personal data is collected, processed and used. On one hand, this affects users’ trust towards the service provider; on the other, under some regulatory frameworks the service provider is legally required to obtain user’s consent to collection, use and processing of personal data. Therefore, in this thesis, we focus on privacy engineering mechanisms for consent. As opposed to the simple act of clicking ‘I agree’, we view consent as a process, which involves the formation of user’s privacy preferences, the agreement between the user and the service provider and the implementation of that agreement in the service provider’s system. Firstly, we focus on understanding the user’s consent decision-making. Specifically, we explore the role of privacy knowledge in data sharing. To that end, we conduct an experiment, where we inform participants how they stop allowing the collection of their online activity data. We compare the behaviour of two groups with an increased knowledge of data collection: one provided only with actionable information on privacy protection, and one additionally informed about the details of how and by whom the collection is conducted. In our experiment, we observe no significant difference between the two groups. Our results suggest that procedural privacy knowledge on how users can control their privacy has impact on their consent decisions. However, we also found that the provision of factual privacy knowledge in addition to procedural knowledge does not effect users’ prevention intent or behaviour. These outcomes suggest that the information about privacy protection itself may act a stimulus for users to refuse consenting to data collection. Secondly, we investigate the idea of agent-based privacy negotiations between a user and a service provider. To that end, we propose a novel framework for the implementation of semi-automated, multi-issue negotiation. Our findings suggest that such a framework is more suitable for negotiation in the privacy domain that the ‘take-it-or-leave-it’ approach or setting privacy preferences manually, because it allows for a collaborative search for mutually beneficial agreements: users consent to data use more often, consent is more consistent with users’ data-sharing sensitivity and it requires less users’ effort. Moreover, in order for an agent to accurately represent the user, the agent needs to learn the user’s privacy preferences. To address this problem, we compare two approaches to privacy preference elicitation through a user study: one where the preferences are personalised for each user based on their previous consent and one where the user classified into one of the three privacy profiles and later re-classified if their consent decisions reflect a change. We find that the latter approach can represent the user more accurately in the initial negotiation rounds than those of the former. Finally, we look at the implementation of consent on the service provider’s side after the agreement regarding data use has been made. In more detail, we consider a scenario where a user can deny consent to process certain data for certain purposes. To that end, the existing approaches do not allow service providers to satisfy the user’s consent in the optimal way. Therefore, we propose a novel graph-theoretic model for the service provider to store consent, which indicates the kinds of data processing that can be performed under the privacy agreement. Then, we formalise the consent problem as a constraint satisfaction problem on graphs. We provide several algorithms to solve the problem and compare them in terms of their trade off between execution time and quality of the solution. Our algorithms can provide a nearly optimal solution in the face of tens of constraints and graphs of thousands of nodes in a few seconds. The research presented in this thesis contributes to understanding users’ consent decision making and addresses an emerging need for technologies that can help service providers manage users’ consent. We propose ideas for potentially fruitful lines of exploration within this area.
... Cynicism represents negative feelings and attitudes towards any person or issue (Andersson, 1996;Choi et al., 2018). Cynicism, which mostly enhances unfulfilled expectations in any environment, occurs when the user faces difficulty, lack of hope, and disappointing situations (Choi et al., 2018) and has mostly been examined in the psychology and organizational literature, especially in the dyadic relationship to date (e.g. ...
... Cynicism represents negative feelings and attitudes towards any person or issue (Andersson, 1996;Choi et al., 2018). Cynicism, which mostly enhances unfulfilled expectations in any environment, occurs when the user faces difficulty, lack of hope, and disappointing situations (Choi et al., 2018) and has mostly been examined in the psychology and organizational literature, especially in the dyadic relationship to date (e.g. Anderson, 1996;Dean et al., 1998;Johnson & O'Leary-Kelly, 2003;Lutz et al., 2020). ...
... Thompson et al. (1999) stated that difficulties and unmet expectations can lead to distrust. In a similar vein, since cynicism is also derived from unfulfilled and frustrated expectations (Choi et al., 2018), it can lead to distrust (Wrightsman, 1966). Moreover, it has been highlighted that mistrust is positively associated with privacy cynicism (Lutz et al., 2020). ...
Article
This study aims to understand the drivers behind the usage habits of voice assistants (VAs). To do so, we extend the Technology Acceptance Model in conjunction with the concept of privacy cynicism, a cognitive process that remains understudied in the academic literature. The model is validated using PLS analysis through Smart-PLS. Data gathered via MTurk includes 265 actual VAs users. It is observed that ease of use and perceived usefulness have a positive impact on attitude towards the usage of VAs, while privacy cynicism has a negative impact. Moreover, it is found that privacy cynicism has a positive impact on trust based on the usage of VAs. Interestingly, attitudes towards the usage of VAs does not fully explain the consumers' VA usage habits.
... As individuals increasingly lose control of their personal information in the expanding contemporary online environment, privacy cynicism may become an important reason that privacy attitudes and behaviors diverge. Recent work on privacy cynicism indicates that privacy cynicism may directly decrease the extent to which individuals protect their online privacy (Choi et al., 2018;Hoffmann et al., 2016;Lutz et al., 2020). In the current work, we take a different approach by arguing that privacy cynicism moderates the decision process that determines privacy behaviors. ...
... 1128). Choi et al. (2018) were the first to measure the concept of privacy cynicism in a survey-based study and defined cynicism as "an attitude toward [privacy] that is characterized by frustration, hopelessness, and disillusionment" (p. 43). ...
... Considering the role of privacy cynicism as a justification mechanism that prevents individuals from acting against experienced privacy threats (Hoffmann et al., 2016), we ask to what extent privacy cynicism might determine the decision-making process that ultimately leads to privacy protection behaviors (e.g., blocking cookies, altering default privacy preferences, reading privacy policies, etc.). In line with Lutz (2020), who find support for a negative effect of privacy cynicism on self-reported privacy protection behaviors, and Choi et al. (2018), who demonstrate that privacy cynicism negatively predicts intentions to protect one's online privacy, we expect that higher Dutch, representative of population Perceived severity and response efficacy do predict protection behavior, but vulnerability and self-efficacy do not. ...
Article
Full-text available
In the era of data-driven communication, managing one’s online privacy is a necessary, yet burdensome challenge. While individuals have concerns about firms’ data collection practices, they sometimes appear to disclose personal information for relatively small rewards. We demonstrate that privacy cynicism—an attitude toward privacy protection characterized by frustration, hopelessness, and disillusionment—explains this paradox by moderating the relationship between the appraisal of privacy threats and privacy coping behaviors on one side, and privacy protection behaviors on the other side. Results of a U.S. national survey ( N = 993) show that privacy cynicism is negatively related to privacy protection behaviors and significantly moderates relationships of perceived vulnerability, response efficacy, disclosure benefits, and response costs on protection behaviors. Hence, this work has important implications for communication theory by extending existing models of privacy management behaviors, as well as for communication practice, by stressing the importance of creating awareness about privacy cynicism.
... Privacy paradox refers to the discrepancy between privacy concerns and privacy behaviours, where users are aware of their privacy risks but disclose more information than they intend to (Norberg et al., 2007). Privacy fatigue refers to the reduced intention of privacy protection due to the increasing complexity of privacy configurations (Choi, Park, & Jung, 2018;Keith, Maynes, Lowry, & Babb, 2014;Acquisti, Friedman, & Telang, 2006;Stanton, Theofanos, Prettyman, & Furman, 2016). ...
... Such discrepancies are often caused by the inconveniency, the feeling of have nothing to lose and biased risk-benefit calculations within the scope of privacy paradox (Norberg et al., 2007). The other group of the internet users are aware of the privacy implications and risks, however lost interest in managing data privacy due to the complexity and difficulty that are related to privacy fatigue (Choi et al., 2018;Keith et al., 2014;Acquisti et al., 2006;Stanton et al., 2016). ...
... The combination of these effects causes users to disclose more personal data to data collectors. Choi et al. (2018) argued that such feeling causes psychological stress and fatigue to internet users. Hence, users behave protectively but with a sense of fatigue and disengaging and eventually lose their interest in managing their cyber privacy out of cynicism and emotional exhaustion. ...
Thesis
Full-text available
Today we live in the information era and we encounter digital contracts daily. While signing off these contracts, our personal data and privacy implications are at stake. Previous studies suggested that discrepancies between privacy concerns, intentions, and behaviours exist, and such discrepancies are related to each individual’s cultural background. This study aimed to collect and analyse Chinese and Austrians’ privacy concerns, intentions, and behaviours. Furthermore, this study compared the differences in their behaviours in terms of paradoxical behaviours and related to regulatory and cultural backgrounds by adopting the descriptive research method, a mix of qualitative and quantitative methods. The analysis of the results discovered privacy intentions, concerns, and behaviours and identified the cause of differences between Chinese and Austrian participants from multiple aspects. As observed from participants, privacy concerns and behaviours consist of multiple factors such as the regulatory background, privacy risks and cultural influences. Neither the Chinese nor the Austrian participants reconcile exactly to the behaviour patterns as studies suggested. Strong influences from privacy risks are observed from the Chinese group. For the Austrian group, strong impacts from the regulatory background is discovered.
... This position is based on, for example, the view that, given the headway made in the digital age, personal and private data vulnerabilities have expanded. Similarly, Choi, Park, and Jung [11] stated that information privacy is already applicable in many forms that aim to secure personal user data. These researchers further indicated that information privacy might be applied through various means, including encryption, data and information masking, or authentication-each to guarantee that data are accessible to only those with approved access. ...
... The third heuristic, which measures the presentation of relevant information that belongs to each transaction, revealed that the highest severity rating was given to Snapchat (17). Twitter's rating (11) for this heuristic was closer to that of WhatsApp (9). Generally, Twitter provides a short explanation for each setting and a link to "learn more," as shown in Fig. 4. Conversely, while neither Snapchat nor WhatsApp provides a link to additional explanations for each setting, WhatsApp performs slightly better because it does not have jargon that could result in some users being unaware of the consequences of certain actions. ...
Article
Full-text available
With the increased use of social networkingplatforms, especially with the inclusion of sensitive personalinformation, it has become important for those platforms to haveadequate levels of security and privacy. This research aimed toevaluate the usability of privacy in the WhatsApp, Twitter, andSnapchat applications. The evaluation was conducted based onthe structured analysis of privacy (STRAP) framework. Sevenexpert evaluators performed heuristic evaluations and appliedthe 11 STRAP heuristics to the privacy policy statements andsettings provided in the WhatsApp, Twitter, and Snapchatapplications. This study provides useful information fordesigners and developers of social media applications as well asusers of the apps. In particular, the results indicate that Snapchathad the highest severity rating, followed by Twitter andWhatsApp. Moreover, the most notable severity rating for all the apps was regarding the ability to revoke consent, where all of the apps had a very high number of usability problems.
... The technical difficulties that individuals experience in hiding their data may cause them not to think about this issue, experience a feeling of boredom about online privacy, and have problem protecting their online identities (Choi, Park & Jung, 2018). The line of literature on Facebook users, unearth that most of the users are unaware of the surveillance and violation of their privacy, but they have doubts about online privacy (Choi, Park & Jung, 2018;Kalaman, 2017). ...
... The technical difficulties that individuals experience in hiding their data may cause them not to think about this issue, experience a feeling of boredom about online privacy, and have problem protecting their online identities (Choi, Park & Jung, 2018). The line of literature on Facebook users, unearth that most of the users are unaware of the surveillance and violation of their privacy, but they have doubts about online privacy (Choi, Park & Jung, 2018;Kalaman, 2017). Research conducted by Rainie and Madden (2015) on users' attitudes towards online privacy and anonymity revealed that most users do not consider or are unaware of the available tools that can improve their online privacy, thus indicating a low level of their attitudes. ...
Article
Full-text available
This research aims to examine the privacy behaviors of university students on social networking sites. For this purpose, first of all, students’ online privacy literacy (OPL) levels on social networking sites were determined. Then it was examined whether these levels differ according to students’ gender, frequency of using social networking sites, and the frequency of changing their privacy settings. Also, the relationship between university students’ OPL levels on social networking sites and their purposes of using social networking sites and the relationship between university students’ OPL levels on social networking sites and social network privacy behaviors were examined. Correlational research and causal-comparative research models were used in the study. The research study group consists of 314 undergraduate students studying in different faculties of a state university. The data of the research were obtained online in the spring semester of 2019-2020. Personal information form, Privacy Settings Experience Questionnaire, Online Privacy Literacy Scale, and Social Privacy Behaviors Questionnaire were used as data collection tools in the research. Descriptive statistics, MannWhitney U test, Kruskal-Wallis H test, and Spearman’s Rank-Order Correlation were used to analyze the data obtained in the study. The results showed that university students have a high level of OPL. Besides, female students have higher OPL levels than male students, and their OPL levels are similar according to the social networking sites used and the frequency of changing the privacy settings on these sites. In addition, it was determined that there was a low level of positive correlation between students’ use of social networking sites to follow the agenda and news, like posts or comment on posts, and their privacy behaviors on Facebook and OPL levels on social networking sites.
... Their goal is to address the privacy paradox in two ways: On the one hand, by trying to reduce biases and increase transparency at the point of disclosure, e.g. by not asking for customer data after cognitively taxing tasks (Alashoor and Baskerville 2015; Barth et al. 2019) or by using just-in-time alerts to pro-actively warn users about the context of their disclosure before doing so (Sundar et al. 2020). On the other hand, the recommendations aim at reducing the actual risk of unwanted disclosure, e.g. by restricting data collection to specific time periods or contexts (Williams et al. 2016) or by focusing data collection only on highly specific but relevant data points (Choi et al. 2018). Outside the sample, literature concerned with data security and anonymisation already offers a wealth of concrete and implementable recommendations to address the privacy paradox by improving collection processes (see e.g. ...
... Therefore, should a company wish to sustainably address the privacy paradox, it would have to move beyond the reactive thinking of privacy law compliance. In doing so, companies can hope to differentiate themselves from other industry actors (Martin and Murphy 2017, p. 151), streamline data collection processes (Choi et al. 2018), acquire a future-oriented human resource pool (Bulgurcu et al. 2017) and improve an important part of each customer's journey. ...
Article
Full-text available
The discrepancy between informational privacy attitudes and actual behaviour of consumers is called the “privacy paradox”. Researchers across disciplines have formulated different theories on why consumers’ privacy concerns do not translate into increased protective behaviour. Over the past two decades multiple differing explanations for the paradox have been published. However, authors generally agree that companies are in a strong position to reduce consumers’ paradoxical behaviour by improving their customers’ informational privacy. Hence, this paper aims at answering the question: How can companies address the privacy paradox to improve their customers’ information privacy? Reviewing a sample of improvement recommendations from 138 papers that explore 41 theories in total, we determined that companies can generally align their privacy practices more closely with customers’ expectations across 4 inter-connected managerial processes: (1) strategic initiatives, (2) structural improvements, (3) human resource management, and (4) service development. The findings of this systematic literature review detail how companies can address both the rational and irrational nature of the privacy decision-making process. Furthermore, we propose a dynamic model able to identify weaknesses and strengths in companies’ privacy orientation.
... This may also be due to the fact that privacy controls reportedly do not fulfil the needs of the users (Lau et al., 2018). The findings also suggest that the users continue to use the service due to privacy fatigue (Choi et al., 2018). Users realise that any other company would also use their data for online advertising and tend to become cynical about their personal data collection (Lau et al., 2018). ...
Preprint
Full-text available
Personalisation refers to the catering of online services to match consumer's interests. In order to provide personalised service, companies gather data on the consumer. In this situation, consumers must navigate a trade-off when they want the benefits of personalised information and services while simultaneously wish to protect themselves from privacy risks. However, despite many individuals claiming that privacy is an essential right to them, they behave contradictorily in online environments by not engaging in privacy-preserving behaviours. This paradox is known as the personalisation-privacy Paradox. The personalisation-privacy paradox has been studied in many different scenarios, ranging from location-based advertising to online shopping. The objective of this study is to investigate the personalisation-privacy paradox in the context of smart speakers. Based on an exploratory study with young Irish consumers, this study suggests a difference between the users and non-users of smart speakers in terms of their perception of privacy risks and corresponding privacy-preserving behaviours. In so doing, it also explains the existence of the personalisation-privacy paradox and offers insights for further research.
... Coincidentally, theories of human action, such as the theory of planned behavior (Ajzen, 1991(Ajzen, , 2002, not only include attitudinal and socionormative components as influences on the perceived favorability of behavior; they also introduce beliefs about corresponding control perceptions. In a study of Korean online users, Choi et al. (2018) conceptualized privacy fatigue, including privacy cynicism (Hoffmann et al., 2016), as an influential predictor of diminished control beliefs regarding online privacy behavior, which increase intentions to disclose information and drive disengagement in situations where personal data are misused. ...
Article
Full-text available
Many people engage in extensive use of networked digital systems despite concerns over their privacy, a phenomenon called the “online privacy paradox.” Although privacy calculus research has argued that the benefits of usage usually outweigh the expected privacy losses, it is unclear why people come to this conclusion. We argue that users treat decisions about digital media use as intertemporal choices; that is, they mentally shift into the future the potential damage connected with risk-taking while being convinced of the immediate enjoyment of the benefits of technology use. An online survey conducted among German users for three use cases—e-commerce, online political participation, and self-tracking—indicated that users expect benefits to materialize earlier than associated costs and that the earlier the benefits occur, the higher the amount of benefits users expect. The expected time of the occurrence of benefits and risks explains digital media use in addition to cost–benefit calculations, suggesting a time-discounting bias.
... These include perceived vulnerability, perceived severity, security self-efficacy, response costs, response efficacy (Mwagwabi et al., 2018;Liang and Xue, 2010) and subjective and descriptive norm (Anderson and Agarwal, 2010), which have all been shown to all influence security intentions or behaviours. Similarly, perceptions such as concerns about the collection of personal information (Choi et al., 2018;, perceived privacy risk and subjective norm (Lin and Wang, 2020) have been shown to influence privacy protection intentions and behaviour. ...
Article
Purpose Information technology users often fail to adopt necessary security and privacy measures, leading to increased risk of cybercrimes. There has been limited research on how demographic differences influence information security behaviour and understanding this could be important in identifying users who may be more likely to have poor information security behaviour. This study aims to investigate whether there are any gender differences in security and privacy behaviours and perceptions, to identify potential differences that may have implications for protecting users’ privacy and securing their devices, software and data. Design/methodology/approach This paper addresses this research gap by investigating security behaviours and perceptions in the following two studies: one focussing on information security and one on information privacy. Data was collected in both studies using anonymous online surveys. Findings This study finds significant differences between men and women in over 40% of the security and privacy behaviours considered, suggesting that overall levels of both are significantly lower for women than for men, with behaviours that require more technical skill being adopted less by female users. Furthermore, individual perceptions exhibited some gender differences. Originality/value This research suggests that potential gender differences in some security and privacy behaviours and perceptions should be taken into account when designing information security education, training and awareness initiatives for both organisations and the broader community. This study also provides a strong foundation to explore information security individual differences more deeply.
... Future analyses on individuals' motivation and intention to make use of the RtDP could also consider theoretical concepts, such as the privacy calculus-analysing the effects of personal beliefs on intention, privacy paradox-explaining the gap between privacy concerns and actual behaviour, or even privacy fatigue-reflecting individuals' weariness towards privacy issues [6,10,19]. Some of these concepts are particularly interesting when investigating the virtually non-existent reaction to data scandals, such as Cambridge Analytica. ...
Article
Full-text available
For almost three years, the General Data Protection Regulation (GDPR) has been granting citizens of the European Union the right to obtain personal data from companies and to transfer these data to another company. The so-called Right to Data Portability (RtDP) promises to significantly reduce switching costs for consumers in digital service markets, provided that its potential is effectively translated into reality. Thus, of all the consumer rights in the GDPR, the RtDP has the potential to be the one with the most significant implications for digital markets and privacy. However, our research shows that the RtDP is barely known among consumers and can currently only be implemented in a fragmented manner—especially with regard to the direct transfer of data between online service providers. We discuss several ways to improve the implementation of this right in the present article.
... The resulting lack of effective security behaviors can leave systems more vulnerable to attacks. Choi et al. (2018) explain that as data breaches increase in frequency individuals may feel tired of taking actions to prevent data loss and will stop devoting energy to safeguarding information [9]. This is because the "fatigued" individuals believe the safeguard cost is greater than the safeguard effectiveness. ...
Chapter
Full-text available
One of the challenges accompanying the global rise in aging populations is the increase in demand for care services. With an increase in age, the need for medical support also grows, which may lead to unplanned and frequent visits to the doctor. Recent developments in Smart technologies and the Internet of Things (IoT) will play an important role in designing suitable home healthcare support services for older adults and enable self-care for people as they age at home. The current COVID-19 pandemic has accelerated the push for telehealth technology solutions including remote patient monitoring for senior adults who are medically or socially vulnerable. Remote health services are being promoted as a means of preserving the patient-healthcare provider relationship at times when an in-person visit is not practical or feasible, especially during COVID-19 and beyond. Smart technologies and IoT could potentially improve health outcomes and save lives. This paper will explore issues and challenges in introducing smart technologies and IoT into the homes of older adults, as well as explore features of the technology and potential outcomes that could allow older adults to remain autonomous, independent, safe, and encourage aging in place. The paper also identifies technology gaps and areas for future research.
... When considering the manipulation checks, we observe that the majority of participants across groups had been manipulated as intended ( =56.4%, 1 =53.3%, 2 =58.9%, 3 =64.2%, 4 =58.8%, 5 =48%, 6 =53.4%, 7 =60.3%). As we are aware of the habit of users in the field to go through consent notices quickly to enter the desired website as fast as possible (Choi et al. 2018), it is not surprising that, on average, 43.23% of the participants failed the simple manipulation check. However, we decided to retain unmanipulated participants in our analysis, since they make hypothesis testing more robust by adding unexplained variance to the regression results (Straub et al. 2004). 2 In contrast to Table 1, in Table 2 we can only observe the consent decisions of completely anonymous, but therefore more users per group. ...
Conference Paper
Full-text available
Cookie consent notices (CCNs) became ubiquitous on websites ever since authorities, including the EU, adopted comprehensive privacy regulations. Empirical studies have demonstrated that, with decreasing permission to use consumer data, website operators increasingly choose CCN design architectures that nudge users unwittingly into giving extensive consent. We investigate in a field experiment a viable alternative to these practices that induces a more deliberate user choice. Employing the theoretical lens of Dual Process Cognition Theory, we compare the effects of a covert nudge (System 1 intervention) on consent decisions to more overt incentives (System 2 intervention). Our field data from 613 participants reveal that CCNs using an overt monetary incentive increase a consent rate more than a covert digital nudge. Beyond that, combined interventions yielded strongest effects. The results underscore that pricing cookie placement might lead to more satisfying outcomes for firms, users and regulators than a sole right to deny tracking.
... They may be unable to correctly weigh the risks and benefits of using a specific mobile application, harming their privacy as a result. In the long term, such behavior has the potential to increase levels of stress and could even result in so-called privacy fatigue phenomena (Choi, Park, and Jung, 2018). ...
Article
Full-text available
Mobile social media have become a widespread means to participate in everyday social and professional life. These platforms encourage the disclosure and exchange of personal information, which comes with privacy risks. While past scholarship has listed various predictors and consequences of online privacy concerns, there has been to date no empirical investigation of a conceivable relationship with perceived stress. Using a longitudinal panel study, we examined the reciprocal relationship between mobile social media privacy concerns and perceived stress. Results supported the hypothesis that mobile social media privacy concerns at T1 are associated with higher perceived stress at T2. However, we found no evidence for the reverse association, that is, perceived stress at T1 was not related to mobile social media privacy concerns at T2. The findings are discussed based on two models—the “Antecedents privacy concerns outcomes” model and the “Privacy calculus” model.
... In focus group interviews with 40 young adults, their own research shows how feelings of resignation and pragmatic, cynical attitudes provide further explanations for why internet users' privacy concerns do not immediately translate into protective behavior or less disclosure (Hargittai & Marwick, 2016). Similarly, privacy fatigue, conceptualized by Choi, Park and Jung (2018) as composed of emotional exhaustion and cynicism, was shown to result in a greater intention to provide personal information and to be a more important predictor of privacy behavior than privacy concerns for a sample of 324 internet users. ...
... Code of the People's Republic of China(2021) information have been greatly improved.Followed by, data is shared for many times and used for uncertain purposes.This case increases the difficulty in applying the principle of informed consent so that the traditional protection model oriented to informed consent is confronting with great challenge (Fan, 2016).To evade legal risk and meet legal requirement for informed consent, business entities often list tedious and obscure privacy policies that are difficult to be read and understood by users (McDonald & Cranor, 2008).In order to use the product or service, user has to passively accept the privacy policies so that the policies become non-sense and cannot provide personal information subject substantial guarantee (Choi, Park, &Jung, 2018).In need of using massive dynamic data, for instance using mobile phone signaling related big data to make planning for intelligent city (Manfredini, Pucci, & Tagliolato, 2014), obtaining informed consent of the information subject is less feasible in practice. Hence, only on the principle of informed consent, it has already been difficult to adapt to the current economic and social development trends and not available to effectively balance the interests between personal information subjects, business entities and public managers. ...
Article
In the era of big data, personal information has been widely shared and used, which facilitates personal life, social production and public management but also brings the risk of personal information abuse.Personal information has multiple values involving with personality dignity and freedom, economic use, and public management. Meanwhile, the stakeholders relevant to personal information have become more and more diverse, leading to increasingly urgent demand for sharing and using personal information. With the great improvements in the processing efficiency and transmission rate of personal information, it has become much easier to share personal information, which makes the application of the principle of informed consent more difficult. In this circumstance, "Rational Expectation"rule becomes a new option of personal information protection in the era of big data. By assessing the risk of personal information sharing with matrix method in application contexts, it discusses the criteria of risk control under rational expectation rule. If the risk assessed is at the level of low risk, the sharing and use of personal information in this context complies with the rational expectation rule; If the risk assessed is at the level of medium risk, it is necessary to take measures timely and actively to reduce the risk and reassess the risk; If the risk assessed is at the level of high risk, the rational expectation rule is not applicable, the personal information controller should significantly inform the information subject and obtain consent before sharing the personal information. If there are multiple risk points in the application context, when and only when each risk level judged must be low risk, the rational expectation rule can be applied. Based on the rational expectation rule, we can achieve the balance of interests among personal information protection, digital economic development and public interest maintenance, so as to coordinate the promotion of digital innovation, economic development and social progress, and realize the unity of effective protection and rational use of personal information.
... In presenting the notion of privacy calculus, it is clear that a customer's decision to shop online is simultaneously influenced by a set of contrary factors that incorporate the perceptions that inhibit customers and the perceptions that enable customers to purchase online . Privacy inhibitors are the perceptions that deter customers from disclosing information and purchasing online-two key inhibitors, which we use in our conceptualization, are privacy concerns and risk (Choi et al., 2018;Keith et al., 2016;Taddaei & Contena, 2013). Privacy concerns are defined as customers' concerns about possible loss of privacy due to information disclosure to a specific shopping site (Xu et al., 2011a). ...
Article
Full-text available
Despite the explosion of selling online, customers continue to have privacy concerns about online purchases. To alleviate such concerns, shopping sites seek to employ interventions to encourage users to buy more online. Two common interventions used to promote online sales are: (1) recommendations that help customers choose the right product either based on historic purchase correlations or recommendations suggested by the retailer; and (2) discounts that increase the value of products. Building on privacy calculus, we theorize about how and why key, representative combinations of recommendations and discounts influence the effects of inhibitors and enablers on online purchase intention. Our research design incorporated recommendations coming from different sources for the recommendation (retailer and other customers’ preferences) product relatedness (related products with historic purchases correlated to the focal product and unrelated products with no historic purchase correlation to the focal product) and two types of discounts (regular and bundle). Participants completed a browsing task in a controlled online shopping environment and completed a survey (n = 496). We found mixed results of moderating effects of recommendations and product relatedness on the effect of inhibitors and enablers on purchase intention. Although recommendations did not enhance the effects of inhibitors, they did enhance the effects of enablers on online purchase intention. We also found that product relatedness did not enhance the effect of privacy enablers on online purchase intentions. The results also showed that discounts enhance the effects of enablers, and that discounts can counteract the moderating effect of recommendations on the relationship between inhibitors and purchase intention under certain circumstances. We discuss theoretical and practical implications.
... Source Tanimoto et al., 2017 Researchers noted that cybersecurity objectives in insolation hardly result in employee burnout (Choi & Jung, 2018); however, when dealing with a hyperactive cybersecurity threat environment (ENISA, 2021), COVID-19 and disaggregated work are sustained stressors and factors that can result in burnout. Business decision-makers need to assess their employees' work from a holistic perspective to determine if the potential workloads and organizational environments are capable of causing burnout. ...
Article
Full-text available
Stress, burnout, and security fatigue continue as slight destroyers of strong cybersecurity and significant human factors concerns. The persistence of these human performance issues is concerning given the lack of mitigation and integration of human factors practitioners to mitigate these adverse risk circumstances. Security fatigue is not a new phenomenon but the evolving nature of cybersecurity results in various sub-categories of security fatigue; thus, making it a difficult problem to solve. Stress and burnout are major causes of short tenures in senior roles for security executives. Business decision-makers lack the expertise to explore the negative influences of stress, burnout, and security fatigue on cybersecurity. Technology-led cycles are organizations' primary course of action to mitigate cybersecurity threats, resulting in complexity debt and making businesses more vulnerable to attacks. Human factors professionals can identify high-friction areas that degrade human performance and implement initiatives to reduce the risk. Human performance degradation in cybersecurity is a critical risk factor and requires immediate attention, given that cybercriminals continue to exploit human weaknesses to gain access to sensitive and critical infrastructure.
... Hence, in AdChain consumers regain control over their own data, which can mitigate the feelings of resignation and fatigue currently common among them (Choi et al., 2018). Another major benefit for advertisers is that user data does not need to be stored locally, but rather real-time attributes could be pulled from blockchain wallets on the fly. ...
Preprint
Full-text available
In this paper we aim to provide a primer to blockchain technology and explain ways that it has been applied (or can be applied) to the field of advertising research and practice. We situate this primer inside a critical look at the evolution of digital advertising that has largely been driven by immediate technological need for the maximization of profit rather than considerations for societal wellbeing. We discuss arenas in which the current state of digital advertising has not well positioned to maximize societal wellbeing and has built a consumer distrust of digital advertising, specifically with regards to the areas of privacy invasion, value to consumers, technology companies’ power, inaccuracy of personalization, and misinformation spread. Throughout this paper we discuss how blockchain technologies can be used as a research environment for testing new paths for digital advertising that could tackle these issues and be healthier for society. We also provide overview of avenues for future research on blockchain technology application in the digital advertising ecosystem.
... Due to companies' ever-expanding capability of using consumer personal data, privacy vulnerability becomes a vital topic in consumer research. Previous research on consumer vulnerability focuses on the online context with computer-human interactions, such as e-commerce and online shopping (Aiello et al., 2020;Bandara et al., 2020), social media platforms (Mosteller & Poddar, 2017;Oghazi et al., 2020), location-based services (Junglas et al., 2017), smart services (services supported by the internet of things such as smart homes and smart banking) (Frik & Gaudeul, 2020;Mani & Chouk, 2019), and internet browsing and searching (Choi et al., 2018). Consumers' vulnerability arises when they feel that their personal information could be at risk due to companies' collection, storage, and use of their personal information. ...
Conference Paper
Full-text available
Previous research on consumer data privacy focuses on the online context without direct face-to-face interactions. Our research investigates consumer data privacy in an offline context, COVID-19 contact tracing at hospitality venues, that involves face-to-face interactions. We conducted 29 interviews to explore the human factors that influence consumers' vulnerability toward information requests. The findings exhibit four human factors: familiarity of the venue, compulsion, popularity of compliance behavior, and professionalism of frontline employees. Our research extends the literature on consumer data privacy from online to offline contexts and strengthens the understanding of how human factors influence consumer privacy vulnerability. This research also provides practical implications for governments and businesses on reducing consumers' privacy vulnerability.
... In e-commerce, Dinev et al. [25] proposed that privacy concerns refer to users' concerns about opportunistic behaviors related to personal information submitted to the Internet. Choi et al. [28] further argued that privacy concerns are users' concerns about the possible negative effects of the misuse of the information. Moreover, some scholars have developed the measurement of privacy concerns. ...
Article
Full-text available
Sharing accommodation (SA) has gained rapid growth in the last decade. To offer better service to users, the platform and hosts have to extensively collect and utilize confidential user data and information. With the extensive collection and utilization of personal user information, there are potential problems of data abuse and leakage, which makes users’ privacy concerns an important and unavoidable issue for repeated purchases and the sustainable development of SA. Privacy concerns are thus not only an important antecedent of purchase behaviors, but also an important conditional variable that will have impacts on the formation of trust and user purchase behaviors. However, the moderating effect of privacy concerns on trust formation has rarely been examined in the SA literature. To fill this knowledge gap, drawing on trust transfer theory and trust literature, this study builds a theoretical model to examine the relationships of three types of institution-based trust (i.e., trust in the SA platform, trust in the user community, and trust in the host community) and their effects on continuous use intention. Moreover, this study explores the moderating effect of privacy concerns on institution-based trust transfer in the context of SA. We then collected data through a questionnaire survey from experienced users of two reputable SA platforms in China, and empirically tested the research model with 470 valid responses. The results show that trust in the user community positively affects trust in the SA platform and trust in the host community; trust in the SA platform and trust in the host community positively affect users’ continuous use intention. Meanwhile, privacy concerns negatively moderate the relationship between trust in the user community and trust in the SA platform, as well as the relationship between trust in the user community and trust in the host community. The findings confirm the moderating role of privacy concerns in the trust transfer process, complementing existing research on trust transfer theory and trust.
... Several constructs have been addressed about privacy in communication: trust (e.g., Frye & Dornisch, 2010;Kamboj et al., 2018;Malhotra et al., 2004), self-efficacy (e.g., Mosteller & Poddar, 2017;Poddar et al., 2009;Yoon et al., 2020), perceived control (e.g., Hajli & Lin, 2016;Sheehan & Hoy, 2000;Taylor et al., 2009), fatigue and information overload (especially on social media; e.g., Choi et al., 2018;Luqman et al., 2017;Maier et al., 2015), perceived benefits, including hedonism (e.g., Cowan et al., 2021). ...
Article
Full-text available
Digital technologies have transformed every aspect of marketing and have brought consumer privacy front and center of research and discourse over the last two decades. Whereas companies and consumers have arguably benefited through the availability and use of data made possible by digitalization, consumer privacy‐related concerns raise compelling questions that researchers, companies, and policymakers are addressing. In this review paper, we review privacy related to digital technologies in marketing, highlighting the constantly evolving nature of the field. We provide an overview of the rich contributions made by the articles in the special issue on digital technologies and privacy, and the original insights they provide for researchers and practitioners in four domains—communication, retailing, pricing, and product personalization. We identify and outline future research directions in each of these four domains to expand our understanding of privacy at the intersection of psychology and marketing by motivating new scholarly research and providing actionable insights to managers and policymakers.
... Consumers adapt to these practices to keep their attitude positive toward app usage. However, when consumers feel that App owners require unnecessary or sensitive information, they may think of withdrawing the transaction (Choi et al., 2018). This shows the negative attitude toward app usage. ...
Article
Full-text available
The COVID-19 pandemic has changed lives in an unprecedented way. The most notable and urgent requirement to combat the epidemic was to transform the way human interacts with each other. The adherence to maintaining social distance has given an upsurge to the increased usage of mobile app users. This change in human interaction for fulling their basic to social to work needs through the intervention of app usage has led to privacy concerns by users. By keeping in view the changing dynamics of the way society works, this study is an endeavor to investigate gender differences of ad intrusive and privacy concerns on app usage behavior. Employing a quantitative research design, 371 respondents were surveyed using through an online structured questionnaire. Data were analyzed by using partial least square structural equation modeling (PLS-SEM). Results suggest that advertising intrusiveness and privacy concerns are significant in determining the consumer’s attitude toward App usage, and a positive attitude toward App usage results in App usage behavior. However, gender’s moderating role in attitude toward app usage and app usage behavior is insignificant for this study. The study provides a more comprehensive understanding and complements prior insights on ads intrusiveness and privacy concerns toward app usage.
... We hope to gain insightful feedback from users that would allow us to evaluate and improve MPO's usability. In addition, researchers have associated complex privacy settings with the emergence of the privacy fatigue phenomenon [43], [44]. Consequently, our future plan involves investigating how the design of MPO's privacy configuration can help in mitigating privacy fatigue among smart home users. ...
Conference Paper
Full-text available
Security and privacy concerns present the most significant obstacles to consumer adoption of Internet-of-Things (IoT) devices. A lack of transparency and control complicates user trust in IoT. Additionally, a growing history of misuse and abuse exists in IoT. Notably, smart TVs have periodically scanned and collected users' private information without consent. Due to a hybrid of distributed ecosystems within IoT, users cannot easily implement traditional access control over their devices as data flows within different nodes for storage and processing. We propose MQTT-Based Privacy Orchestrator (MPO) to implement traditional access control on IoT devices. MPO enforces privacy preferences by implementing access control at an MQTT broker. We open-source and provide MPO as an add-on to the popular Home Assistant open-source home automation framework to support widespread adoption. We conducted experimental evaluations to validate the functionality and examine the performance of MPO. Our performance evaluation generated more than 16,686 messages, which MPO delivered in under a second. Our work demonstrates a practical solution to facilitate users' privacy preferences and enforce access control for MQTT-based devices.
... The unrelenting requirements of giving consent to contractual demands, have caused a 'privacy fatigue' (H. Choi, Park, & Jung, 2018), and online apathy regarding privacy (Hargittai & Marwick, 2016), accelerating data pollution and its negative externalities. ...
Thesis
Full-text available
Data sharing and data harvesting practices not only infringe the privacy rights of individuals but cause significant harms to others as well. Emissions of personally sensitive behavioural data are leaked into the digital economy causing damage to social practices and destabilizing political and informational ecosystems. Data pollution is like industrial pollution, and environmental law suggestions can offer solutions to the problem. Will a Pigouvian tax on data extraction limit or constrain the negative externalities of data pollution? This explorative research aims to investigate whether a data pollution tax can operate as a regulatory instrument to curb data pollution and whether citizens support this measure. Do citizens support a data pollution tax designed so that harms to others, affecting their core human capabilities, will be taxed as a matter of principle? Suppose excessive (corporate) data sharing and extraction practices that cause harm to others will be taxed. Do individuals expect that persons and corporations will change their data transmission practices? Our survey findings show that (United States) citizens consider that harms caused by data pollution should be taxed. Respondents will also substantially decrease their data pollution behaviour once a tax is imposed. However, and to our surprise, our research findings also lay bare a possible ‘bad behaviour paradox’: the more significant the harm caused by some instances of data pollution, the less willing people are to change behaviour relative to the tax imposed.
... 11). Recent research, which specifically addresses CPM in the context of young people's social media use, finds a kind of "privacy fatigue" (Choi, 2018), in which privacy turbulences are consciously accepted rather than purposefully avoided. De Wolf speaks of a "networked defeatism" that occurs as adolescence progresses, referring to a fatalistic attitude as regards the loss of control of private information (2020, p. 1059). ...
Article
Full-text available
The overall aim of the study is to trace the interaction between the composition of the media repertoire and the everyday world of adolescents, also looking at privacy management in the course of acquiring digital communication media as part of the media repertoire. In order to do justice to this complexity, young people were not considered as a uniform demographic group, but were divided into three stages. Through this differentiation, a recursive process is to be worked out that makes it possible to also include contextual influencing factors such as peer group, family environment etc. and to expand previous findings on the media repertoire of young people. As a result of this approach, a multi-stage development process was elaborated as well as the privacy management of digital communication media of young people.
Article
Full-text available
İnternetin yaygınlaşması ve yaşamın bir parçası haline gelmesiyle sürekli çevrimiçi ulaşılabilir olma durumu mahremiyet problemini oluşturmaktadır. Çevrimiçi mahremiyet kavramı internete bilgi toplamak, görüş bildirmek ve eğlence gibi amaçlarla bağlanan kişilerin bu süreçte bilgilerinin korunması için alınabilecek tedbirler olarak ifade edilebilir. Bu araştırmanın amacı üniversite öğrencilerinin çevrimiçi mahremiyet farkındalıklarının bireysel ve müdahale faktörleri açısından incelenmesidir. Araştırma yöntemini nedensel-karşılaştırmalı desen oluşturmaktadır. Araştırmanın çalışma grubunun oluşturulmasında uygun örnekleme yöntemi kullanılmıştır. Araştırmanın çalışma grubunu Türkiye’de iki devlet üniversitesinden farklı bölümlerde öğrenim görmekte olan 552 öğrenci oluşturmaktadır. Araştırma verileri, demografik bilgi formunun yanı sıra Çevrimiçi Mahremiyet Farkındalığı, Dijital Okuryazarlık ve Sanal Ortam Kişiler Arası Güven ölçekleri ile toplanmıştır. Bu çerçevede toplanan veriler üzerinde; betimsel analizler, t-testi, anova, korelasyon ve regresyon analizleri kullanılarak incelenmiştir. Araştırma sonucuna göre; üniversite öğrencilerinin çevrimiçi mahremiyet farkındalıkları, dijital okuryazarlık düzeyleri ve sanal ortam kişiler arası güven düzeylerinin yüksek olduğu sonucuna ulaşılmıştır. Üniversite öğrencilerinin çevrimiçi mahremiyet farkındalıklarının, cinsiyet ve eğitim gördükleri bölümün bilişimle ilgili olup olmaması açısından farklılaşmadığı görülmüştür. Bununla birlikte çevrimiçi mahremiyet farkındalığı ile dijital okuryazarlık, sanal ortam kişiler arası güven, yaş, internet kullanım yılı ve mobil cihaz kullanım yılı arasında pozitif ve anlamlı ilişkiler olduğu; çevrimiçi mahremiyet farkındalığı ile sosyal medya kullanım yılı arasında anlamlı bir ilişki olmadığı sonucuna ulaşılmıştır. Yapılan regresyon analizine göre ise çevrimiçi mahremiyet farkındalığını yordayan tek değişkenin dijital okuryazarlık olduğu tespit edilmiştir. Araştırma sonucunda ulaşılan bulgular ilgili alanyazına göre tartışılmıştır.
Chapter
Cybersecurity in consumer, corporate, and military settings, continues to be a growing concern in the modern and technologically driven world. As Wiederhold (2014) puts it, “the human factor remains the security’s weakest link in cyberspace.” A literature review related to human response to cybersecurity events reveals three phases involved in the cybersecurity response process, including: (1) Susceptibility, the phase preceding an event, which primarily encompasses behaviors that impact vulnerability to a cybersecurity event; (2) Detection of the event when it occurs; and (3) Response to the event after it occurs. In order for an individual to effectively protect themselves and their organizations from cybersecurity breaches, they must understand and be sensitive to the susceptibility of their devices, and when a potential breach occurs, must exhibit rapid and effective response. The goal of this effort was to examine the human factors surrounding non-expert response to a cybersecurity vulnerability or event and create a framework based on the literature. Recommendations for what steps can be taken to better prepare individuals to respond to cyber events is provided.
Article
Communication privacy research has employed a plethora of theoretical approaches to explain the information disclosing behavior of users. To explain information disclosure intentions in mHealth apps, this article integrates the attitude-behavior model of privacy decisions with approaches on the role of heuristics and the impact of habitual app use. Specifically, we examine the relationship between privacy attitudes, privacy concerns, app habits, and social norm cues with the intention to disclose three types of information (personal, budget, health) in two types of mHealth apps. Testing our model in an online survey including an experimental manipulation of social norm cue strength (high/ medium/ low) among N = 475 smartphone users, our findings underline the importance of privacy attitudes for the intention to disclose information, but also point out the influence of app habits and the role of subjective evaluations of social norm cues.
Chapter
Full-text available
In an attempt to curtail and prevent the spread of Covid-19 infection, social distancing has been adopted globally as a precautionary measure. Statistics shows that 75% of appointments most especially in the health sector are being handled by telephone since the outbreak of the Covid-19 pandemic. Currently most patients access health care services in real time from any part of the World through the use of Mobile devices. With an exponential growth of mobile applications and cloud computing the concept of mobile cloud computing is becoming a future platform for different forms of services for smartphones hence the challenges of low battery life, storage space, mobility, scalability, bandwidth, protection and privacy on mobile devices has being improved by combining mobile devices and cloud computing which rely on wireless networks to create a new concept and infrastructure called Mobile Cloud Computing (MCC). The introduction of Mobile cloud computing (MCC) has been identified as a promising approach to enhance healthcare services, with the advent of cloud computing, computing as a utility has become a reality thus a patient only pays for what he uses. This paper, presents a systematic review on the concept of cloud computing in mobile Environment; Mobile Payments and Mobile Healthcare Solutions in various healthcare applications, it describes the principles, challenges and opportunity this concept proffers to the health sector to determine how it can be harnessed is also discussed.
Chapter
Intelligent voice assistants (IVA) are on the rise: They are implemented into new smart mobile and stationary devices such as smartphones, smart watches, tablets, cars, and smart speakers. Being surrounded by always-on microphones, however, can be perceived as a threat to one’s privacy since audio recordings are saved in the cloud and processed for e.g., marketing purposes. However, only a minority of users adapts their user behavior such as self-disclosure according to their privacy concerns. Research has attempted to find answers for this paradoxical outcome through concepts such as the privacy calculus or the privacy cynicism. Moreover, literature revealed that a large group of users lacks privacy awareness and privacy literacy preventing them from engaging in privacy-preserving behavior. Since previous studies in the scope of IVAs focused primarily on interviews or cross-sectional studies testing models predicting user behavior, desiderata for elevating future research are presented. This leads to a more user-centric approach incorporating e.g., a motivational-affective perspective and investigation of causalities.
Article
Organisations have begun testing last mile drone delivery and will likely push to use it more in the near future. This research examines the influence of privacy, legislation, organisational trust, and usefulness on consumers’ intention to adopt last mile drone delivery services. Partial Least Squares – Structural Equation Modelling is used to evaluate the measurement and structural models. Sample data were collected from Amazon Mechanical Turk using an online survey. The analysis shows that as perceived privacy risk increases, the intention to adopt drone delivery service decreases. Additionally, privacy disposition influences privacy concerns and that both privacy concerns and legislative protections each influence perceived privacy risk. Further, perceived usefulness has the greatest influence on consumers’ intention to adopt drones for delivery. Even more, as consumers see drone delivery as more useful, their perceived privacy risk is reduced. Trust further influences consumers’ intention to adopt drones for delivery.
Article
Scholars have drawn increasing attention to the implications of the dark side of social media for users’ online subjective well-being (OSWB). We develop a research framework based on the limited-capacity model to examine the relationship between OSWB and social media fatigue. Moreover, we explore the associations between specific aspects related to network heterogeneity and social media fatigue for social media users in the United States of America (USA). Further, we examine the mediating effect of network heterogeneity on the association between OSWB and social media fatigue. We utilised a cross-sectional research design to collect data from Prolific Academic (N = 320) and analysed the data through structural equation modelling. The results indicate that OSWB is positively correlated with the network heterogeneity aspect of self-disclosure and negatively correlated with social comparison. OSWB, moreover, is negatively correlated with fatigue, while privacy concerns and self-disclosure are positively correlated with fatigue. Further, of the network heterogeneity aspects we considered, only social comparison is a partial mediator for the relationship between OSWB and social media fatigue. The findings provide insights into the pathways through which social media users’ OSWB and network heterogeneity can induce social media fatigue, raising critical implications for theory and practice.
Article
Purpose This study aims to explore the emotion-based mediator of information security fatigue in the relationship between employees’ information security–related stress (SRS) and information security policy (ISP) compliance intention and the effects of psychological capital (PsyCap) on relieving SRS and promoting compliance. Design/methodology/approach The authors tested a series of hypotheses by applying partial least squares–based structural equation modeling to survey data from 488 employees in Chinese enterprises. Findings The results suggest that the relationship between SRS and ISP compliance intention is fully mediated by information security fatigue. Employees’ SRS promotes their information security fatigue, which reduces their intention to follow ISPs. In addition, employees with high PsyCap may experience low levels of SRS and information security fatigue, which promotes their willingness to comply with ISPs. Originality/value This study extends knowledge by introducing information security fatigue and PsyCap to the field of information security management, and it calls attention to the effects on information security behaviors of employee emotions and positive psychological resources in an organization. The authors reveal the emotion-based mediating effect of information security fatigue and the positive influence of PsyCap in information security management.
Chapter
Effective messaging for organizational communication on social media like Twitter depends on certain message features and characteristics. These characteristics contribute to making organizational messages amenable to desirable engagement actions. Thus, an implementation of these features will create value for organizational communication on social media. Given the recent developments in text-mining and analysis capabilities, it is possible to extract and combine textual content to attain valuable insights and predictions. This chapter investigates the characteristics of textual content shared by interest group organizations. It does this by first classifying these messages into a dichotomous group of high and low effective messages. It then employs a computerized content analysis procedure to extract the characteristics underlying high effective messages. Five thousand, seven hundred and forty-one Twitter posts of 123 interest group organizations (IGOs) were analyzed. Largely, high effective messages reveal an average of 9 verbs and 3.5 nouns per message, average of 37 words per message and 13.5 words per sentence. They also possessed an informal tone and are written in a direct style. Practically, this examination offers useful guidelines for creating organizational messages that are likely to draw desirable engagement reactions in the form of increased dissemination and comments from Twitter audiences.
Article
Full-text available
During the global COVID-19 pandemic, many people were physically separated from their romantic or sexual partners and added sexting to their sexual repertoire. Sexting involves the exchange of sensitive data and thus necessitates personal and interpersonal privacy management strategies such as information control and privacy boundary communication. This study investigates the psychological predictors of sexting-related privacy management. In an online survey with 494 young adults, we tested demographic, psychological, and behavioral correlates of sexting-related privacy management. Negative binomial regressions revealed that age, gender, and asynchronous sexting frequency positively predicted sexting-related privacy management. COVID-19-related social isolation moderated the positive effect of asynchronous sexting frequency: Asynchronous sexting frequency had a positive effect on sexting-related privacy management only in individuals with low or mean COVID-19-related social isolation. For those who perceived high COVID-19-related social isolation, asynchronous sexting frequency had no positive effect. This suggests that in a context of social isolation, even frequent sexters are willing to sacrifice their privacy. Relationship status, privacy concerns, rejection sensitivity, and synchronous sexting frequency were not related to sexting-related privacy management. The results highlight the various effects of COVID-19-related social isolation.
Article
Digital health data is important to keep secure, and patients' perception around the privacy of it is essential to the development of digital health records. In this paper we present people's perceptions of the communication of data protection, in relation to their personal health data and the access to it; we focused particularly on people with chronic or long-term illness. Based on their use of personally accessible health records, we inquired into their explicit perception of security and sense of data privacy in relation to their health data. Our goal was to provide insights and guidelines to designers and developers on the communication of data protection in health records in an accessible way for the users. We analyzed their approach to and experience with their own health care records and describe the details of their challenges. A conceptual framework called "Privacy Awareness' was developed from the findings and reflects the perspectives of the users. The conceptual framework forms the basis of a proposal for design guidelines for Digital Health Record systems, which aim to address, facilitate and improve the users' awareness of the protection of their online health data.
Article
Research on the privacy paradox shows that ICT users have serious concerns about their online privacy but often do not behave accordingly. Most insights, however, are based on research among lay users. It is unclear whether users with high expertise on online privacy and cybersecurity would show similar discrepancies between concerns and behavior. We therefore interviewed 20 privacy and cybersecurity experts about their views on online privacy regarding mobile apps. Despite their technical knowledge, results showed that the experts’ perceptions and reported behaviors resembled those of lay users. A lack of specialized knowledge therefore does not seem to be a plausible explanation for the privacy paradox among mobile app users.
Article
Biobank participants are often unaware of possible uses of their genetic and health information, despite explicit descriptions of those uses in consent forms. To explore why this misunderstanding persists, we conducted semi-structured interviews and knowledge tests with 22 participants who had recently enrolled in a research biobank. Results indicated that participants lacked understanding of privacy and data-sharing topics but were mostly unconcerned about associated risks. Participants described their answers on the knowledge test as largely driven by their trust in the healthcare system, not by a close reading of the information presented to them. This finding may help explain the difficulties in increasing participant understanding of privacy-related topics, even when such information is clearly presented in biobank consent forms.
Article
Full-text available
Purpose Social media addiction has been an ongoing topic of debate for platform developers, well-being and mental health experts. There is a limited understanding of the factors leading to the addiction of young social media users, the consequences of experiencing addiction, and the measures/mechanisms used by parents and platform providers to limit/prevent problematic social media use amongst young users. This systematic review aims to provide a comprehensive overview of the literature concerning these issues. Design/methodology/approach The Preferred Reporting Items for Systematic Reviews (PRISMA) protocol was used to evaluate and present the results. A total of 45 studies were screened and independently reviewed against predetermined criteria for eligibility. Findings The results revealed four categories of young users' addiction to social media networks (social, technological, behavioural and mental). Several prevention approaches directed at parents and platform providers were discussed. Originality/value This study offers important insights for health policy makers, platform providers, parents and researchers on designing interventions addressing social media addiction amongst young users. It also provides an in-depth understanding of the conceptualization of social media addiction and suggestions on possible actions to prevent it.
Research
Full-text available
After numerous revisions of the initial draft of the ePrivacy Regulation, the Portuguese presidency finally submitted a draft that all EU Member States agreed on. We would like to take the opportunity of the beginning of the trilogue to point out a serious technical flaw in the current draft. This flaw lies in the ambiguous relationship between the ePrivacy Regulation and the GDPR. As such, this ambiguity calls into question the applicability of several decisive provisions of the GDPR; first and foremost, the data protection by design approach and co-regulation instruments such as codes of conduct and certificates. The electronic communications sector is characterised by two key aspects in particular: its rapid pace of technological development and the dependency of users on the trustworthiness of electronic communication providers. Since third parties mediate the data subjects’ communication, data subjects on their own can only exercise limited control over their privacy, freedom, equality, etc. Based on our interdisciplinary research focusing on personalised content and tracking technologies, we observe that the current draft of the ePrivacy Regulation itself does not provide a level of protection that could be considered effective in meeting the needs of electronic communications users. Effective protection could however be provided by applying the aforementioned GDPR-provisions. It would therefore be contradictory for the ePrivacy Regulation to jeopardize through its ambiguous interplay with the GDPR the application of the very GDPR provisions that are best suited to keep up with the needs of the data subjects. In our opinion, to avoid this ambiguity, the legislator has two options: Either the legislator may specifically clarify the application of the data protection by design approach and other related provisions (in particular the processing principles, data subjects' rights and certification mechanisms) in the ePrivacy Regulation. Or, more fundamentally, the legislator may clarify, firstly, in Art. 1 sect. 3 that "insofar as the Regulation does not provide for more specific rules, the provisions of the GDPR shall apply". Secondly, the legislator has to clarify in the specifying provisions of the ePrivacy Regulation which GDPR provisions they exactly specify and to what extent (e.g. restriction of the legal basis or the requirement of strict identity of purpose); in this way, the legislator can avoid unclear specifications leading to the exclusion of GDPR standards that the legislator did not intend to exclude. With this study, we would also like to recommend to the legislator an expansion of its legislative methods to include those of other disciplines, such as user experience research and visual design. While legislation should still draw from the legal considerations involved in the legislative information process, we suggest that this process would benefit considerably if supplemented with empirical studies and design methods such as those presented in this paper. Accordingly, the legislator could test which regulations produce which effects in practice, thereby increasing the effectiveness and the rationality of laws. In conclusion, we argue for more evidence-based lawmaking through design.
Article
Full-text available
Little is known about the context sensitivity of users' online security perceptions and behaviors to national and individual attributes, and there is inadequate research about the spectrum of users' behaviors in dealing with online security threats. In addressing this gap, this paper draws on two complementary theoretical bases: (1) the contextualization of the protection motivation theory (PMT) to online security behavior and (2) a polycontextual lens for the cross-national comparison of users' security behaviors in the United States and China. The conceptualized model is tested based on 718 survey observations collected from the United States and China. The results support our model and show the divergence between the United States, an exemplar of modern Western society, and China, an exemplar of traditional Eastern society, in forming threat perceptions and in seeking help and avoidance as coping behaviors. Our results also uncovered the significant moderating impacts of espoused culture on the way perceptions of security threats and coping appraisals influence security behaviors. Our findings underline the importance of context-sensitive theory building in security research and provide insights into the motivators and moderators of individuals' online security behaviors in the two nations.
Article
Full-text available
The rapid spread of technological innovations like mobile data services (MDS) has made mobile computing a fact of everyday life for many people. Therefore, we need to understand the contribution of mobile computing to overall quality of life (QoL). Employing the satisfaction hierarchy model and bottom-up spillover theory, this study proposes a theoretical model in the context of MDS that connects user satisfaction (a traditional outcome variable of IT) with contribution to QoL (a new outcome variable for mobile computing) in a range of life domains. The validity of the proposed model and outcome variable was tested through three empirical studies conducted in Korea. User satisfaction with MDS was found to affect the contribution of MDS to QoL in eleven life domains, and these contributions in turn influenced the overall contribution of MDS to QoL. The paper ends with a discussion of the study's implications and limitations.
Article
Full-text available
Many large and small decisions we make in our daily lives-which ice cream to choose, what research projects to pursue, which partner to marry-require an exploration of alternatives before committing to and exploiting the benefits of a particular choice. Furthermore, many decisions require re-evaluation, and further exploration of alternatives, in the face of changing needs or circumstances. That is, often our decisions depend on a higher level choice: whether to exploit well known but possibly suboptimal alternatives or to explore risky but potentially more profitable ones. How adaptive agents choose between exploitation and exploration remains an important and open question that has received relatively limited attention in the behavioural and brain sciences. The choice could depend on a number of factors, including the familiarity of the environment, how quickly the environment is likely to change and the relative value of exploiting known sources of reward versus the cost of reducing uncertainty through exploration. There is no known generally optimal solution to the exploration versus exploitation problem, and a solution to the general case may indeed not be possible. However, there have been formal analyses of the optimal policy under constrained circumstances. There have also been specific suggestions of how humans and animals may respond to this problem under particular experimental conditions as well as proposals about the brain mechanisms involved. Here, we provide a brief review of this work, discuss how exploration and exploitation may be mediated in the brain and highlight some promising future directions for research.
Article
Full-text available
We developed a multidimensional coping inventory to assess the different ways in which people respond to stress. Five scales (of four items each) measure conceptually distinct aspects of problem-focused coping (active coping, planning, suppression of competing activities, restraint coping, seeking of instrumental social support); five scales measure aspects of what might be viewed as emotional-focused coping (seeking of emotional social support, positive reinterpretation, acceptance, denial, turning to religion); and three scales measure coping responses that arguably are less useful (focus on and venting of emotions, behavioral disengagement, mental disengagement). Study 1 reports the development of scale items. Study 2 reports correlations between the various coping scales and several theoretically relevant personality measures in an effort to provide preliminary information about the inventory's convergent and discriminant validity. Study 3 uses the inventory to assess coping responses among a group of undergraduates who were attempting to cope with a specific stressful episode. This study also allowed an initial examination of associations between dispositional and situational coping tendencies.
Article
Based on focus group interviews, we considered how young adults’ attitudes about privacy can be reconciled with their online behavior. The “privacy paradox” suggests that young people claim to care about privacy while simultaneously providing a great deal of personal information through social media. Our interviews revealed that young adults do understand and care about the potential risks associated with disclosing information online and engage in at least some privacy-protective behaviors on social media. However, they feel that once information is shared, it is ultimately out of their control. They attribute this to the opaque practices of institutions, the technological affordances of social media, and the concept of networked privacy, which acknowledges that individuals exist in social contexts where others can and do violate their privacy.
Article
Warning messages are fundamental to users’ security interactions. Unfortunately, they are largely ineffective, as shown by prior research. A key contributor to this failure is habituation: decreased response to a repeated warning. Previous research has only inferred the occurrence of habituation to warnings, or measured it indirectly, such as through the proxy of a related behavior. Therefore, there is a gap in our understanding of how habituation to security warnings develops in the brain. Without direct measures of habituation, we are limited in designing warnings that can mitigate its effects. In this study, we use neurophysiological measures to directly observe habituation as it occurs in the brain and behaviorally. We also design a polymorphic warning artifact that repeatedly changes its appearance in order to resist the effects of habituation. In an experiment using functional magnetic resonance imaging (fMRI; n = 25), we found that our polymorphic warning was significantly more resistant to habituation than were conventional warnings in regions of the brain related to attention. In a second experiment (n = 80), we implemented the four most resistant polymorphic warnings in a realistic setting. Using mouse cursor tracking as a surrogate for attention to unobtrusively measure habituation on participants’ personal computers, we found that polymorphic warnings reduced habituation compared to conventional warnings. Together, our findings reveal the substantial influence of neurobiology on users’ habituation to security warnings and security behavior in general, and we offer our polymorphic warning design as an effective solution to practice
Article
Security fatigue has been used to describe experiences with online security. This study identifies the affective manifestations resulting from decision fatigue and the role it plays in users' security decisions. A semistructured interview protocol was used to collect data (N = 40). Interview questions addressed online activities; computer security perceptions; and the knowledge and use of security icons, tools, and terminology. Qualitative data techniques were used to code and analyze the data identifying security fatigue and contributing factors, symptoms, and outcomes of fatigue. Although fatigue was not directly part of the interview protocol, more than half of the participants alluded to fatigue in their interviews. Participants expressed a sense of resignation, loss of control, fatalism, risk minimization, and decision avoidance, all characteristics of security fatigue. The authors found that the security fatigue users experience contributes to their cost-benefit analyses in how to incorporate security practices and reinforces their ideas of lack of benefit for following security advice.
Article
Data breach incidents are on the rise, and have resulted in severe financial and legal implications for the affected organizations. We apply the opportunity theory of crime, the institutional anomie theory, and institutional theory to identify factors that could increase or decrease the contextual risk of data breach. We investigate the risk of data breach in the context of an organizations physical location, its primary industry, and the type of data breach that it may have suffered in the past. Given the location of an organization, the study finds support for application of the opportunity theory of crime and the institutional anomie theory in estimating the risk of data breach incidents within a state. In the context of the primary industry in which an organization operates, we find support for the institutional theory and the opportunity theory of crime in estimating risk of data breach incidents within an industry. Interestingly though, support for the opportunity theory of crime is partial. We find that investment in information technology (IT) security corresponds to a higher risk of data breach incidents within both a state and an industry, a result contrary to the one predicted by the opportunity theory of crime. A possible explanation for the contradiction is that investments in IT security are not being spent on the right kind of data security controls, a fact supported by evidence from the industry. The work has theoretical and practical implications. Theories from criminology are used to identify the risk factors of data breach incidents and the magnitude of their impact on the risk of data breach. Insights from the study can help IT security practitioners to assess the risk environment of their firm (in terms of data breaches) based on the firm's location, its industry sector, and the kind of breaches that the firm may typically be prone to.
Article
Employee cynicism is an attitude characterized by frustration, hopelessness, and disillusionment, as well as contempt toward and distrust of business organizations, executives, and/or other objects in the workplace. This paper uses theory on contract violation to help integrate the diverse literature on cynicism and develop plausible propositions concerning some of the predictors and moderators of employee cynicism. First, the pertinent theory and research on cynicism is reviewed. Four specific domains of research are discussed in terms of their relevance to cynicism in an organizational setting. Next, the literature on psychological and implied contracts and their violation is presented as a framework for the study of employee cynicism. Finally, hypothetical linkages between cynicism and specific characteristics of the contemporary workplace are explored, offering propositions for future research.
Article
Classic and contemporary methods for analyzing construct validity are compared and contrasted through reanalyses of data from the organizational research literature to establish a basis for assessing the validity of measures used in organizational research. Campbell and Fiske's (1959) criteria are found to be lacking, particularly in their assumptions, diagnostic information, and power. Confirmatory factor analysis (CFA) is shown to overcome most limitations inherent in Campbell and Fiske's procedures. Nevertheless, two potential shortcomings are identified with the CFA method: the confounding of random error with measure-specific variance and the inability to test for interactions between traits and methods. Three alternative methods are presented for addressing the former issue, and the direct product model is described as a solution to the latter. The techniques considered herein go farther than currently used procedures for enhancing our ability to ascertain the validity of variables commonly studied in organizational research.
Article
This longitudinal study examined antecedents and consequences of psychological burnout among 362 teachers and school administrators. Antecedents included red tape, disruptive students and lack of supervisor support. Consequences of burnout included heart symptoms and depressive mood. Respondents completed questionnaires sent to them at their schools at two points in time, one year apart. LISREL analyses indicated that the predictors had significant relationships with burnout levels one year later, and that burnout served as a mediator between the predictors and emotional and physical health outcomes.