An investigation into personal data sensitivity in the Internet of Everything—insights from China

Abstract

The ubiquitous monitoring and collection capabilities of the IoE, as well as its innovative scenarios, have led to changes in the content and type of personal data. Personal data sensitivity, as a standard for measuring privacy attitudes, can provide a reference for the design and improvement of privacy systems. This study aims to evaluate individuals’ personal data sensitivity in the IoE context, to better understand individuals’ current privacy attitudes. This study uses a questionnaire survey to study personal data sensitivity and the antecedents affecting personal data sensitivity among 1921 Chinese citizens. Research suggests that, within the spectrum of 41 personal data categories, identifiers such as ID numbers and home addresses are deemed highly sensitive. Furthermore, within the IoE context, emerging types of personal data, including behavioural and facial recognition data, also demonstrate significant sensitivity. With respect to sensitivity levels, personal data can be categorized into four tiers: very highly sensitive data, highly sensitive data, medium sensitive data, and low sensitive data. The study also finds that perceived privacy risks, privacy concerns, and social influences have a significant impact on personal data sensitivity, and there are differences in public perception of personal data sensitivity among different genders, ages, and educational levels.

Full text

ARTICLE
An investigation into personal data sensitivity in
the Internet of Everything—insights from China
Weidong Li 1,2, Yalin Qin1,2, Changjie Chen1,2 & Meng Wang 1,2 ✉
The ubiquitous monitoring and collection capabilities of the IoE, as well as its innovative
scenarios, have led to changes in the content and type of personal data. Personal data
sensitivity, as a standard for measuring privacy attitudes, can provide a reference for the
design and improvement of privacy systems. This study aims to evaluate individuals’personal
data sensitivity in the IoE context, to better understand individuals’current privacy attitudes.
This study uses a questionnaire survey to study personal data sensitivity and the antecedents
affecting personal data sensitivity among 1921 Chinese citizens. Research suggests that,
within the spectrum of 41 personal data categories, identifiers such as ID numbers and home
addresses are deemed highly sensitive. Furthermore, within the IoE context, emerging types
of personal data, including behavioural and facial recognition data, also demonstrate sig-
nificant sensitivity. With respect to sensitivity levels, personal data can be categorized into
four tiers: very highly sensitive data, highly sensitive data, medium sensitive data, and low
sensitive data. The study also finds that perceived privacy risks, privacy concerns, and social
influences have a significant impact on personal data sensitivity, and there are differences in
public perception of personal data sensitivity among different genders, ages, and educational
levels.
https://doi.org/10.1057/s41599-025-04580-x OPEN
1School of Journalism and Information Communication, Huazhong University of Science and Technology, Wuhan, Hubei Province, China.
2
These authors
contributed equally: Weidong Li, Yalin Qin, Changjie Chen, Meng Wang. ✉email: yunaimeng@hust.edu.cn
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x 1
1234567890():,;
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Introduction
In the Internet of Everything (IoE) environment, the contents
and everything”and “collecting all personal data”. The IoE is
considered a huge, complex network ecosystem composed of
objects, digital devices, digital individuals, digital enterprises,
digital governments, data resources, and other elements con-
nected by digital platforms and digital processes (Li 2020).
Compared with the Internet of Things (IoT), which connects
aspects such as sensors and devices, the IoE has a wider range of
connected objects and can interact strongly with individual and
social environments (Martino et al. 2017; Wang et al. 2023),
translating the real world ubiquitously and holographically into a
digital world. In particular, Everything to Person (E2P) service
providers based on various scenarios such as personal work,
travel, medical treatment, and entertainment scenes allow for
ubiquitous data gathering and combination (Harari et al. 2016;
Ioannou et al. 2020). These E2P service providers commit to
analysing “who you are, what you are doing, what you think, and
what you need”and creating more personalised and targeted user
profiles or “digital identities”(Mathews-Hunt 2016), which can
provide more customised and tailored services to expand their
user base.types of personal data are expanding and transforming
in unprecedented ways. The essence of IoE is “connecting
While the convenience of various services provided by IoE is
built on the wide collection and utilisation of users’personal data
(Li et al. 2017), privacy and security risks become accordingly
apparent once data breaches and abuse occur (Wang et al. 2023).
Gradually, individuals value the importance of privacy due to
mounting, serious privacy concerns and have become more
prudent in their online adoption and data provision behaviour
(Lyu et al. 2024; Ayaburi and Treku 2020; Hajli and Lin 2016).
Individuals’attitudes and behaviours towards data privacy
depend not only on who collects information and why but also on
what type of information is being treated as sensitive (Valdez and
Ziefle2018). Therefore, in the IoE environment, the new contents
and types of personal data, the type of personal data considered
sensitive, and the antecedents of sensitivity require further
research. The question then arises: what personal data is deemed
sensitive, and what determines the perception of this sensitivity?
To address these issues, regulatory bodies have initiated
mechanisms for the classification of personal information. Reg-
ulations and laws such as the European General Data Protection
Regulation (GDPR), Standards for Privacy of Individually Iden-
tifiable Health Information in the US, the Amended Act on the
Protection of Personal Information of Japan, and the Personal
Information Protection Law of China have been subsequently
issued and perceive sensitive personal data as special categories of
personal data that are directly related to the significant rights and
interests of individuals. These regulations and laws suggest that
the distinction between sensitive and general personal data may
be on the table in future privacy legislation. However, as sensitive
personal data involves the individual’s property rights, dignity,
and freedom, the judgement on personal data sensitivity should
not merely be determined by laws, regulations, or standards
issued by government; the individual’s sensitivity towards their
personal data of all types should be considered. Ohlhausen (2014)
noted that public policy initiatives regarding privacy choices
should incorporate feedback and attitudes from individuals
themselves. Furthermore, “sensitivity”varies between individuals
and is subjective, being based on individual psychological and
cognitive characteristics. Demographic differences (Markos et al.
2017; Kang et al. 2022), perceived privacy risks (Robinson 2017),
privacy concerns (Gopal et al. 2018), and social influence may
lead to personal data being considered sensitive (Ohm 2014;
Rumbold and Pierscionek 2018). These challenges have necessi-
tated an understanding of users’perspectives on personal data
sensitivity, both within local contexts and on a global scale,
providing a reference for the design and improvement of privacy
systems.
Recent studies have attempted to conduct such inquiries (Tao
et al. 2024; Schomakers et al. 2019; Kang et al. 2022), previous
privacy studies have focused more on traditional personal data,
primarily addressing basic demographic information such as
name, e-mail address, or financial information such as credit card
details (Malhotra et al. 2004). Very few studies have focused on
the IoE context. The intelligence of IoE technology is changing
our lives; in particular, IoE technologies such as deep learning,
artificial intelligence, and big data require the sharing of multiple
new types of personal data (Wang et al. 2023), such as facial data,
online behavioural data, or spiritual data. Research has shown
that these new types of personal data pose greater and more
insidious risks of privacy breaches, and users are more cautious
about them (Wang et al. 2023; Farayola et al. 2024). Additionally,
existing studies have primarily focused on user samples from the
United States and Europe (e.g., Markos et al. 2017; Schomakers
et al. 2019), lacking insights into many other countries and
regions with rapidly growing IoE user bases. For instance, in
2023, the number of internet users in China increased to 1.079
billion, with an internet penetration rate of 76.4%, forming the
world’s largest and most vibrant digital society (China Internet
Development Research Institute 2023). Therefore, considering the
IoE context and the global nature of data businesses, clarifying the
new contents and types of personal data, and understanding
Chinese users’perceptions of sensitivity towards different per-
sonal data, is worthwhile for both regulatory authorities and
digital service providers reliant on data flows.
Based on these myriad considerations, this study aims to clarify
the content and type of personal data in the IoE environment and
further investigate the sensitivity of personal data and the ante-
cedents that contribute to the sensitivity through empirical ana-
lysis, attempting to provide a Chinese perspective on personal
data sensitivity. The anticipated results of this study are expected
to offer novel perspectives and insights in the global field of
privacy protection, providing decision-makers with a scientific
basis and strategies for managing personal data sensitivity.
Additionally, this research will identify endogenous and exo-
genous factors of individuals’perceived sensitivity to personal
data, enabling data service providers in practical applications to
better understand and respect user privacy needs, thereby
expanding their user base and market influence (Lappeman et al.
2023).
Theoretical background and related work
The following section defines the concept of information privacy
and highlights the importance of sensitivity of information for
understanding privacy attitudes and behaviours. Additionally, the
following section outlines individual and cultural influences on
privacy perceptions.
The content and type of personal data in the IoE era
In the context of the IoE, the content and type of personal data
are constantly expanding. Personal data includes raw machine
data and metadata, as well as abstract personality characterisation
data (Wiese et al. 2017). According to the security level, personal
data is divided into general personal data and sensitive personal
data. However, there are various opinions on what personal data
actually includes, which personal data is sensitive, and what the
structure of personal data should be, especially in the IoE context.
Defining these terms is an important prerequisite for further
analysing personal data security and privacy issues.
ARTICLE HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x
2HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

From the perspective of information science, personal data can
be defined as data that describes the individual’s attributes,
movement status, and relations. Personal data itself exists
objectively and is increasingly being digitised and stored with the
advancement of technology. To some extent, the aggregation of
personal data can form a complete ‘digital individual’. This type
of personal data is often characterised by the digitisation of
personal characteristics and behaviours, meaning that the essence
of personal data is ‘digital individual’data. ‘Digital individual’
data mainly consists of data that characterises the natural and
behavioural attributes of individuals.
The data that characterises individual natural attribute char-
acteristics is mainly used to describe “who the person is”,
including natural attribute data, spiritual attribute data, and social
attribute data (Li, 2022). Natural attributes mainly describe the
‘person’in the material world; spiritual attributes mainly describe
the ‘person’in the spiritual world; and social attributes mainly
describe the ‘person’in real society. Firstly, natural attribute data
mainly describes the physiological characteristics, physical char-
acteristics, and health status of individuals. In the traditional
social environment, human natural attribute features are typically
classified as private and are rarely collected digitally. However, in
the IoE era based on artificial intelligence, individuals’physiolo-
gical and physical characteristics are increasingly being digitised.
Personal data that has been or is currently being digitised include
facial data, human body data, and fingerprint data. In a general
sense, all physical human aspects that constitute the ‘physiological
person’have the tendency to be digitised. The development of
facial recognition technology and human body recognition
technology has enabled humans to perceive and collect more and
more facial and human data. Secondly, spiritual attribute data
refers to a person’s emotions, psychological status, and ideas.
These data are to some extent the most difficult to monitor, but
with the development of the IoE and artificial intelligence tech-
nology, some new media application platforms are attempting to
scientifically monitor individual psychological and emotional data
(Wang et al. 2023). Thirdly, social attribute data is increasingly
being digitised, collected, stored, and shared on a large scale with
the help of various digital application platforms. The social
attributes of an individual mainly include personal identity data
and relationship data. Identity data largely refers to data that can
identify or represent identity, including real identity data and
online identity data. The real identity data mainly manifests as
basic human demographical descriptions, such as age, income,
education, and employment. This data may reflect social status.
Online identity data typically refers to data that can define and
characterise an individual’s identity in a virtual society. The
digital form mainly includes login accounts and passwords on
various application platforms, as well as network information (IP
addresses) bound to online identities. In addition, the social
attribute of an individual lies in their social relationships. Dif-
ferences between individuals can be expressed due to the different
social groups and social statuses they belong to. In the IoE era,
relationship data can be presented through various social network
materials, including friend relationships and communication
relationships.
The data that characterises personal behavioural attributes
mainly include two aspects: one is the digital record of real social
behaviour and the other is the online social behaviour data of
individuals as internet users (Li 2022). With the development of
the IoE, real space and virtual space are merging with each other,
and the boundary between personal real behaviour and online
behaviour is gradually blurring, making distinctions between
these spaces increasingly difficult. Thus, online social behaviour
data can reflect real social behaviour, including individual beha-
viour data on various online digital application platforms. In the
IoE era, the application models of intelligent new media mainly
include the artificial intelligence and information acquisition
application model; artificial intelligence and e-commerce appli-
cation model; artificial intelligence and communication and
interaction application model; intelligent life and entertainment
application model; and smart city and intelligent government
application models. Correspondingly, the types of online social
behaviour data of individuals include personal information
acquisition behaviour data, business behaviour data, life and
entertainment behaviour data, and administrative data.
“Privacy datification”and “Data Privacyization”in the
IoE era
Privacy is a multifaceted and nebulous concept (Wang et al.
2024), encompassing dimensions such as freedom of thought,
control over one’s body, solitude at home, control over personal
information, freedom from surveillance, protection of personal
reputation, and protection from searches and interrogations
(Solove, 2024). Consequently, definitions of privacy generally
revolve around the key concepts of freedom, control, and self-
determination.
The rapid proliferation of IoE technologies and their wide-
spread adoption has enveloped our lives with a plethora of smart
devices, which continuously gather our personal data (Wang et al.
2023), encompassing location information, behavioural patterns,
and health status. These data have become commodified, utilized
for delivering personalized services, refining product functional-
ities, and executing precise marketing strategies. However, this
practice has also precipitated the risk of privacy breaches, posing
a significant threat to individual freedom and dignity (Wang et al.
2023).
In response, the concept of privacy has become a widespread
public sentiment, leading to the further development of privacy
notions. Concepts such as information privacy (Solove and
Schwartz 2020), data privacy (Farayola et al. 2024), smart privacy
(Meg 2015), and integrated privacy (Gu 2020) have been
introduced.
The history of privacy shows a close relationship with tech-
nological advancement; modern information technology has
shifted the focus of privacy from being a personal domain free
from interference to being about control over personal data.
Privacy now exhibits two new characteristics: “privacy datifica-
tion”and “data privacyization”(Mai 2016). The connotation of
privacy has moved from “tolerance”to “sharing,”so addressing
the issue of “privacy”is essentially about how individuals disclose
and share their personal data to others, and to what extent.
How to measure personal data privacy: personal data
sensitivity
The personal data sensitivity serves as a crucial contextual factor,
influencing security and privacy concerns as well as individual
behaviour. This recognition motivates how individuals disclose
and share personal data with others, and also impacts individuals’
willingness to protect their privacy (Kim et al. 2019; Schomakers
et al. 2022).
At present, a clear definition of personal data sensitivity is not
present in the literature. Personal data sensitivity is typically
understood through ideas of public expectation and legal inter-
pretation. It is generally believed that personal data sensitivity is
an attribute of personal data (Dinev et al. 2013) which refers to
the level of concern individuals feel about providing a certain type
of data in a specific situation (Weible 1993); potential psycholo-
gical, physiological, and material losses (Mothersbaugh et al.
2012); personal perception or evaluation of data value (Wacks
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x ARTICLE
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x 3
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

1989); and the negative impact of a data breach (Bansal and
Gefen 2010).
The concept of personal data sensitivity has long been at the
core of data protection frameworks. Countries generally attach
importance to the protection of sensitive personal data and have
made different legal interpretations. As early as 1970, the concept
of sensitive data appeared in the Personal Information Protection
Act of Heisenberg, Germany. German scholars defined it as
information with highly personal attributes, important for iden-
tifying an individual, and with the risk of causing harm or dis-
crimination. Afterwards, various laws defined the scope of
sensitive personal data types through enumeration. As Article 6 of
the 1981 Council of Europe Personal Data Convention stipulates
that personal data related to race, political views, religion or other
beliefs, health, or criminal convictions shall not be automatically
processed unless appropriate safeguards are provided by domestic
law (Wong 2007), subsequent legislation such as the GDPR and
Brazil’s General Data Protection Act, the amendments to the
California Privacy Rights Act of 2020 (CPRA), and the Personal
Information Protection Act of China in 2024 have added new
categories such as ‘ethnic origin’,‘philosophical beliefs’,‘trade
union membership’,‘the processing of genetic data, biometric
data’, and ‘sexual orientation’with an open scope. Overall,
national laws have listed sensitive personal data, but do not define
sensitive personal data, and there are differences in the specific
types of coverage.
From a diachronic user perspective, personal identification
information is typically perceived as highly sensitive, but this
cognition is influenced by the usage environment and evolves
with technological advancements. For instance, studies in 1999
(Ackerman et al. 1999), 2004 (Malhotra et al. 2004), and 2007
(Hui et al. 2007) often categorized passwords, financial account
numbers, and ID card numbers as sensitive information, while
personal preferences such as television show preferences were
considered the least sensitive. However, more recent studies from
2017 to 2024 indicate that users are concerned about personal
preference data, such as shopping behavior, which they believe
could reveal psychological aspects of their privacy (Milne et al.
2017; Markos et al. 2018; Schomakers et al. 2019; Kang et al. 2022;
Tao et al. 2024). In conclusion, personal data sensitivity is a
subjective perception that stems from the environmental char-
acteristics of an individual at a particular time, and its significance
is contingent upon the type of data and individual differences.
The antecedents of personal data sensitivity and research
hypotheses
Privacy behavior is affected both by endogenous motivations (for
instance, subjective preferences) and exogenous factors (for
instance, changes in user interfaces) (Acquisti et al. 2015). Simi-
larly, personal data sensitivity is also affected both by endogenous
motivations and exogenous factors (Bansal and Gefen 2010;
Dinev et al. 2015; Martino et al. 2017). Endogenous motivations
refer to subjective characteristics such as cognitive level and
personal experience, while exogenous factors describe the specific
environment that an individual relies on, such as their social
network relationships (Martin and Zimmermann 2024). This
study mainly focuses on exogenous factors such as demographic
differences, privacy experiences, perceived privacy risks, privacy
concerns, and exogenous factor (social influence), which are
considered important predictive factors in data sensitivity and
privacy literature.
Privacy experience
When faced with similar situations, individuals’attitudes and
values may differ due to differences in previous experiences
(Bansal and Gefen 2010; Xu et al. 2011; Wang et al. 2019; Su et al.
2018). Privacy experience is defined as an individual’s experience
of privacy infringement. Previous studies have found that pre-
vious privacy experiences influence personal data sensitivity (Tao
et al. 2024), and considering an individual’s privacy experiences
can better explain attitudes and behaviours related to privacy (Xu
et al. 2011). For example, some scholars have explored the
potential for privacy experiences to break the implicit “social
contract”formed between users and personal data service pro-
viders (Culnan 2000); additionally, the violation of the “social
contract”can cause users to worry about their privacy and
security of personal data (Pedersen, 1982; Pavlou and Gefen
2005), thereby negatively affecting the sensitivity of personal data.
Research has shown that the privacy experiences of others can
also affect the sensitivity of personal data. For example, mounting
facial data breach incidents have led to an increase in individuals’
sensitivity to facial data (Sepas-Moghaddam et al. 2019; Ghaffary,
2019; Mehmood and Selwal 2020; Nandakumar and Jain 2015).
Therefore, if individuals experience privacy breaches, hear of, or
are exposed to the potential abuse of personal data collected from
the internet, they tend to believe that they will also become vic-
tims of privacy violations. This belief causes individuals to
become more sensitive to relevant personal data. Therefore, we
propose the following hypothesis:
H1. Privacy experience positively affects personal data
sensitivity.
Perceived privacy risks
The perceived privacy risk mainly derives from individuals’
anxiety regarding potential harm and feelings of being offended
rather than real data abuse or economic and reputational losses
(Martin et al. 2017). Research has shown that perceived privacy
risks can trigger high privacy concerns among individuals, which
in turn increases sensitivity to personal data (Martino et al. 2017;
Schomakers et al. 2019). Previous studies have confirmed that, in
personal data sharing, the greater the perceived risk to individuals
the more sensitive the data is considered to be (Mählmann et al.
2017; Milne et al. 2017; Phelps et al. 2000). For example, due to
the stronger predictive power of genetic data compared to health
data, individuals have a greater perception of privacy risks
regarding genetic data and therefore believe that genetic data is
more personalised and sensitive. Based on this discrepancy, we
believe that the greater an individual’s perception of privacy risks
to personal data, the more sensitive the data will be considered.
Accordingly, we hypothesise the following:
H2. Perceived privacy risk positively affects personal data
sensitivity.
Privacy concern
Privacy concern refers to individuals’concerns about the poten-
tial loss of privacy caused by the disclosure of personal data
(Asplund and Nadjm-Tehrani 2016; Ioannou et al. 2020),
including unauthorised secondary use and access, information
error, breach, and abuse (Smith et al. 1996; Ozturk et al. 2017;
Asplund and Nadjm-Tehrani, 2016), and is considered a major
influencing factor in personal data sensitivity. Previous studies
have shown that when individuals feel threatened and need to
protect their privacy, their concern for privacy appears to trigger
higher data sensitivity perceptions. Individuals have high con-
cerns about the future use of shared health data, as they are
concerned that as increasing amounts of health data are obtained,
the data may be used for purposes other than those originally
described, making individuals more sensitive to health data
(Aitken et al. 2016). In addition, Milne et al. (2017) also con-
firmed that individuals are concerned about the social risks that
ARTICLE HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x
4HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

may arise from the leakage of their home address and may classify
their home address as sensitive. In short, individuals with strong
privacy concerns place more emphasis on protecting their
information privacy space and are more sensitive to personal
data. Accordingly, we hypothesise the following:
H3. Privacy concern has a positive impact on personal data
sensitivity.
Demographic differences
Individual differences affect privacy concerns and perceived risks,
thereby affecting individuals’level of privacy sensitivity (Tao et al.
2024; Martino et al. 2017; Schomakerset et al. 2019). Previous
studies have indicated that age can influence individuals’toler-
ance of or thresholds for privacy threats in online environments
(Goldfarb and Tucker 2012; DeSilver 2013). Individuals’elders
can contribute to the development of higher personal data sen-
sitivity in cases where an individual feels threatened and needs to
preserve their personal privacy space. Additionally, Wang et al.
(2020) claim that women are more concerned about collecting
private information than men, resulting in a higher level of data
sensitivity. Moreover, individuals with higher privacy education
levels are more protective of their privacy space as they are more
sensitive to and cautious with personal data processes and per-
ceive these processes as privacy intrusions. In view of this, we
propose the following hypotheses:
H4a. Age positively affects personal data sensitivity.
H4b. Compared to men, women have higher personal data
sensitivity.
H4c. Education level positively affects personal data sensitivity.
Social influence
According to behavioural science theory, social influence refers to
an individual changing their thoughts, emotions, and behaviours
due to the influence of others in their social network (Singh et al.
2024). Social influence is considered one of the key factors in
privacy behaviour and attitude research (Mishra et al. 2023;
Mendel and Toch 2017; Cheung et al. 2015). The huge and
complex network formed by the IoE has greatly changed the
methods and scope of personal data processing. Individuals feel
anxious and uncertain when collecting, using, and disseminating
personal data. They make judgements by referring to the opinions
of members of their social networks, thus creating a bandwagon
effect. Many studies have found that social influences have a
significant impact on people’s privacy sensitivity, as people
typically adjust their attitudes, beliefs, and behavioural patterns in
response to their social networks (Singh et al. 2024). Based on the
review of relevant literature in sociology and psychology, some
scholars believe that social influence mainly consists of two types
of influences. The first type of influence involves subjective norms
formed by internalising external expert information into one’s
own cognitive beliefs through the mechanism of descriptive
norms (imitation); Venkatesh et al. (2012) argue that individuals
are influenced by society, including family, friends, and experts,
which can greatly influence their perceived risk and uncertainty.
The second type of influence involves individual image and
identity confirmation. For example, individuals who are more
concerned about others’ideas and follow trends find it easier to
generate “public conformity”to obtain more positive reviews and
maintain their personal image (Singh et al. 2024; Mendel and
Toch, 2017). Many studies have also confirmed that social
influence has a positive impact on privacy sensitivity (Youn and
Shin 2019). Therefore, this study uses subjective norms and
individual image to measure social influence and makes the fol-
lowing hypotheses:
H5a. Subjective norms positively affect personal data
sensitivity.
H5b. Individual image positively affect personal data
sensitivity.
Research methods
The selection of personal data in the IoE era. The measurement
of personal data sensitivity has a predetermined premise: the
connotation and structure of personal data. Consequently, this
study firstly establishes a comprehensive list of personal data and
then analyses the public perception of personal data sensitivity. In
the IoE era, the data of “digital individuals”mainly consists of
data that characterises individual natural attributes and data that
characterises individual behavioural attributes (Li 2022). The data
that characterises individual natural attributes mainly includes
natural attribute data, spiritual attribute data, and social attribute
data. The data that characterises personal behavioural attributes
includes personal information acquisition behaviour data, busi-
ness behaviour data, intelligent life and entertainment behaviour
data, and administrative data. Therefore, this study categorises
personal data in the IoE era into seven subcategories.
The selection of personal data was based on previous literature
(Martino et al. 2017; Schomakers et al. 2019; Rumbold et al. 2018;
Goodman and Flaxman 2017; Turn 1976; Winegar and Sunstein
2019; Tao et al. 2024) and sensitive data categories listed in data
protection regulations such as the GDPR, those of EU countries,
the United States, China, and the United Kingdom. Through
brainstorming discussions with 17 colleagues, a comprehensive list
of 41 personal data items was eventually developed (see Fig. 1).
The specific process is as follows:
We conducted three rounds of the brainstorming method,
which is an open decision-making approach where a group of
people find a solution to a problem together and then express
their own views without objection or criticism. Hosts and
recorders controlled and documented the storm process. During
the first round of brainstorming, all members identified the types
of personal data and discussed the classification of personal data
in the IoE and according to their real-life experiences. During the
second round of brainstorming, we listed 74 information types on
paper cards, according to the prior literature. The participants
discussed, evaluated, and improved ideas to achieve continuous
creative collaboration. Some personal data was dropped, such as
pet names and zip codes. Some personal data was added, such as
‘smart home data’, which is largely collected in the current IoE
era. The first and second rounds of brainstorming were held over
one day. After one week, we conducted the third round of
brainstorming for further adoption and affirmation. After each
round of brainstorming, a summary group led by a professor and
supplemented by a moderator and recorder organised the
discussion results, summarised and evaluated each group’s
discussion, and finalised the chosen list of items (Fig. 1and
Appendix 1).
Data collection and procedure. This study adopts a ques-
tionnaire survey method to collect the required data. We employ
a questionnaire survey method to study personal data sensitivity
due to its efficiency in collecting data on a large scale, which is
suitable for revealing general patterns of perception. Simulta-
neously, compared to interviews and experimental methods,
questionnaire surveys are more economical in terms of cost, time,
and resources, and they do not impose a significant burden on
respondents. This approach to data collection is common for
information sensitivity studies and has been proven to be effective
(Milne et al. 2017; Tao et al. 2024). Regarding ethical con-
siderations, all procedures performed in studies involving human
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x ARTICLE
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x 5
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

participants followed the ethical standards of the institutional
and/or national research committee and with the 1964 Declara-
tion of Helsinki and its later amendments or comparable ethical
standards. The developed online survey did not collect any
identifiable information (e.g.name, personal email, telephone
number, or ID) for confidentiality and anonymity.
To ensure good reliability and validity of the questionnaire,
96 samples were selected for pre-testing from November 10th to
17th, 2022 to meet the needs of scale revision. The overall
reliability of the questionnaire is high (Cronbach’sα=0.893). In
the pre-testing phase, we prioritized respondent feedback,
refining questionnaire ambiguities. Notably, we added clarifica-
tions for terms like “DNA”and “voiceprint”to facilitate accurate
responses. For assessing privacy concerns, we crafted nine non-
redundant items spanning information collection, error/breach
risks, unauthorized access, and control issues, ensuring precise
measurement of each concern.
The formal survey period was from November 25th to
December 10th, 2022. Data were collected through an online
questionnaire survey, and the participants were recruited through
a commercial online access panel hosted by Beijing Dataway
Horizon Co., Ltd (an online user panel of 3 million Chinese adult
7.65
7.48
7.36
7.06
6.92
6.92
6.74
6.73
6.71
6.71
6.61
6.61
6.57
6.57
6.45
6.38
6.33
6.32
6.32
6.27
6.24
6.21
6.21
6.20
6.2
6.02
6.02
6.01
5.93
5.89
5.83
5.74
5.69
5.69
5.26
5.18
5.05
5.03
5.02
4.95
4.93
2.67
2.33
2.45
2.59
2.49
2.45
2.48
3.25
2.54
2.98
2.47
2.52
2.48
2.94
2.50
2.51
2.64
2.47
2.47
2.54
2.55
2.74
2.52
2.54
2.55
2.53
2.51
2.57
2.52
2.56
2.55
2.52
2.60
2.66
2.82
2.75
2.84
2.80
2.88
2.92
2.95
ID number
Mobile phone number
Home address
Financial account and password
IP address
License plate number
Real estate registraon data
DNA
Credit data
Fingerprint
E-mail address
Tax registraon data
Social security data
Facial data
Smart speaker recording…
Social network profile
Birth registraon data
Payment records
Living data recorded by smart homes
Data recorded in various…
Logiscs records
Digital signature
Medical history
Shopping records
Sports acvity data recorded…
Income level
Drug purchase records
Browse history
Occupaon
Voiceprint
Evaluaon records
Online quesoning records
Forward data
Like data
Polical affiliaon
Personality test answer (in app)
Height
Weight
Sexual orientaon
Religion
Sleep quality
The sensivity of personal data
Mean SD
Personal data items
Fig. 1 The ranking of personal data sensitivity. Perceived sensitivity of all 41 personal data types.
ARTICLE HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x
6HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

users) (Xu et al. 2023). Stringent quality control measures were
implemented, assigning each respondent a unique access link that
could only be used for a single response. IP address and cookie
tracking were employed to avoid duplicate entries. Additionally, a
minimum completion time of 7 minutes was enforced for each
questionnaire to ensure thorough responses.
We utilize the most recent census data and the 2019 1‰
Population Census as a benchmark to calculate quotas for each
demographic group (National Bureau of Statistics of China 2020):
in terms of gender, the proportion of males is 51.24%, and that of
females is 48.76% (gender quotas allow for a ± 2% deviation). In
terms of age, the proportions are as follows: 18–24 years old (9%),
25–34 years old (24%), 35–44 years old (20%), 45–54 years old
(22%), and 55 years old and above (25%) (age quotas allow for
a ± 5% deviation). All respondents are financially incentivized.
We determine the sample size using the statistical formula: n =
Z² *σ² / d². Given the sensitivity of the data, to better differentiate
data sensitivity, we calculate the sample size at a 99% confidence
level (Z =2.68, σ=0.5, d =3%), resulting in a required sample
size of 1849. This study collects a total of 2337 survey
questionnaires. After excluding questionnaires with conflicting
or identical answers, we obtain 1921 valid questionnaires, with a
validity rate of approximately 82.20%, meeting the data
requirements.
Variable measurement. The questionnaire was divided into four
parts. The first part measured the privacy experience. The first
question asked the following: “Have you ever had personal data
leaked in your daily life and work (such as phone numbers, online
browsing records, etc.), resulting in frequent receiving of various
spam advertisements, harassing phone calls, etc.?”(1 denoted
“Yes”and 2 denoted “No”). The second part measured the sen-
sitivity of 41 personal data points. This study follows the method
used by previous scholars to measure sensitivity (Schomakers
et al. 2019), requiring respondents to evaluate personal data from
very insensitive to very sensitive with a score of 1 to 10, respec-
tively. The second question asked the following: “If you are
required to provide the following personal data items, how
SENSITIVE would you consider this personal data?”(1 denoted
“not sensitive”and 10 denoted “very sensitive”). The third part
mainly measured the antecedents of sensitivity; this section used a
five-point Likert scale (1 denoted “strongly disagree”, 5 denoted
“strongly agree”). A perceived privacy risk scale was derived from
studies by Zlatolas et al. (2015) and to measure overall risk per-
ception related to personal privacy. The measurements of privacy
concern were adopted from studies by Korzaan and Boswell
(2008), measuring the level of personal attention to privacy when
personal data is collected and used. The measurements of social
influence were adapted from Venkatesh and Davis’s(2000) stu-
dies, which measures the degree to which individuals are influ-
enced by subjective norms and individual image when perceiving
personal data sensitivity. The fourth part mainly investigated the
demographic information of the respondents, including six items:
gender, age, occupation, monthly income and education level. We
have listed the variable scales in Appendix 2.
Sample. The sample quotas are generally aligned with China’s
demographic information (National Bureau of Statistics of China
2020). As shown in Table 1, the gender ratio among these 1921
respondents is relatively balanced, with 984 male respondents
accounting for 51.2% and 937 female respondents accounting for
48.8%; the age distribution is concentrated between 18 and 34
years old, with a total of 906 respondents accounting for 47.16%.
Under the new technological background of the IoE, individuals
in this age group are the main active group participating in online
behaviour. Regarding education level, the majority of respondents
are high school, vocational college, and undergraduate students
accounting for 20.2%, 26.6%, and 42%, respectively. In addition,
60.54% of respondents have an average monthly income
exceeding 5000 RMB.
Data analysis and results
Validity and reliability of constructs. This study employed SPSS
26.0 for descriptive analysis, confirmatory factor analysis, and
hypothesis testing. This study adopt Cronbach’sαcoefficient for
reliability analysis of the scale; the value of Cronbach’sαfor
privacy concerns was 0.889, the value of Cronbach’sαfor social
influence is 0.737, the value of Cronbach’sαfor perceived privacy
risk is 0.896, and the value of Cronbach’sαfor 41 personal data
items is 0.966, which are all greater than 0.7, indicating that the
scale in this study has good reliability.
The scales use in this study are all derived from previous
mature scales and modified appropriately based on the research
context, thus ensuring high content validity of the scales. When
conducting construct validity analysis, an exploratory factor
analysis (EFA) is performed to test the scale. We select principal
axis factoring with Promax rotation and the Kaiser criterion for
our analysis. This approach is preferred over principal compo-
nent analysis as it allows for the extraction of concise factors
aligned with current research (Brown 2009a). The choice of
Promax rotation, an oblique method, is based on the assumption
of significant factor intercorrelation (Brown 2009b). The
application of the Kaiser criterion, a standard practice in EFA
(Brown 2009c), further supports our methodological decisions.
The resultant EFA demonstrates a strong fit, indicated by a KMO
Table 1 Demographic characteristics of the sample
(N =1921).
Variable Category Frequency Percentage (%)
Gender Male 984 51.2%
Female 937 48.8%
Age 18–24 262 13.64%
25–29 429 22.33%
30–34 215 11.19%
35–39 167 8.7%
40–44 209 10.8%
45–49 145 7.5%
50–54 167 8.69%
55–59 116 6.04%
60–64 141 7.34%
≥65 70 3.64%
Education
level
No certificate 11 0.6%
Primary school 28 1.5%
Middle school 152 7.9%
High school/
secondary Vocational
school
388 20.2%
Higher Vocational
College
511 26.6%
Undergraduate 807 42%
Graduate and above 24 1.2%
Monthly
income
(RMB)
2000 Yuan and below 190 9.9%
2001–5000 Yuan 568 29.57%
5001–8000 Yuan 565 29.41%
8001–10,000 Yuan 262 13.64%
10,001–15,000 Yuan 240 12.49%
15,001–30,000 Yuan 77 4.01%
30,001–50,000 Yuan 16 0.8%
Above 50,000 Yuan 3 0.2%
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x ARTICLE
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x 7
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

value of 0.726 and a chi-square value significant at the 0.05 level
(chi-square =87604.082, Sig < 0.001) (Hair et al. 2010).
Descriptive results on personal data sensitivity in China. The
average sensitivity ratings for 41 personal data types are displayed
in Fig. 1, sorted as descending from the most to least sensitive
data. From the Chinese perspective, ID number represented the
most sensitive data type, with a very high perceived sensitivity
(M=7.65), followed closely by mobile phone number
(M=7.48). The least sensitive items are religion (M=4.95) and
sleep quality (M=4.93). The average sensitivity of 41 personal
data items is 6.1, with a maximum of 7.65 and less than 8,
indicating that the Chinese participants generally demonstrated
low sensitivity to personal data.
The descriptive analysis results (Table 2) show that participants
considered data that characterises individual behavioural attri-
butes (M=6.21) more sensitive than data that characterises
individual natural attributes (M=5.96). More specifically,
participants believe that social attribute data (M=6.77) and
administrative data (M=6.59) are more sensitive, while spiritual
attribute data (M=5.07) and information acquisition behaviour
data (M=5.78) are not very sensitive.
Cluster analysis. For each of the 41 personal data items, we firstly
calculate the average value (S) of personal data sensitivity. Sec-
ondly, we develop an indicator of personal data sensitivity (PDS)
with an average value between 0 and 100, SI =(10-S)/10 *100
(according to Markos et al. 2017). In this study, we employ the
k-means clustering method and achieve comparable clustering
results using hierarchical cluster methods. Four clusters are
labelled as: very highly, highly, medium, and low sensitive data
(see Fig. 2). 3 personal data are perceived as very highly sensitive
(M =7.5, SD =2.2), 11 as highly sensitive (M =6.74, SD =1.94),
20 as medium sensitive (M =6.1, SD =1.87), and the remaining
7 as low sensitive (M =5.1, SD =2.4) (see Table 3).
Hypothesis testing. We initially employ multiple linear regres-
sion in SPSS 26.0 software to examine the relationships between
personal data sensitivity and multiple independent variables
(privacy experience, privacy concerns, social influence, perceived
privacy risks, age, gender, and education level).
Subsequently, we categorize personal data sensitivity into four
levels (e.g., extremely high sensitivity, high sensitivity, moderate
sensitivity, and low sensitivity), and use multinomial logistic
regression within SPSS26.0 to assess the impact of the independent
variables on the four clusters. Table 4reports the regression results.
Privacy experience has no impact on any personal data clusters.
Privacy concern and perceived privacy risks have a strong positive
impact on all data types, indicating that people who value privacy
more believe that most personal data is more sensitive. Subjective
norm has an impact on all data types, but sensitivity to low
sensitive data is not significant. This suggests that for data that is
less sensitive, individuals’privacy decisions are more likely to be
based on personal values and experiences rather than societal
expectations. Individual image has an impact on all data types,
but sensitivity to very highly and highly sensitive data is not
significant. This is likely because for data that is highly sensitive,
individuals’privacy decisions are more influenced by intrinsic
values and perceptions of privacy risks.
Additionally, age, gender, and educational level also affect
individuals’perceptions of the sensitivity of data across different
levels of sensitivity. Age shows an impact on very highly, highly
and low sensitive data, suggesting that as individuals age, they
may become more cautious about privacy. Gender can influence
the perceived sensitivity, and male respondents found medium
and low sensitive data is to be more sensitive than female
respondents. Education level do not significantly predict
perceived sensitivity and those with higher education level found
medium and low sensitive data to be more sensitive than
respondents with lower education levels, indicating that indivi-
duals with more education level are more aware of the potential
risks associated with all types of personal data, not just the most
sensitive ones.
Discussion
Key findings of personal data sensitivity. This study presents a
spectrum of overall sensitivity regarding personal data in the IoE
era from the Chinese perspective, categorizing it into four clus-
ters: very highly, highly, medium, and low sensitive data. Each
cluster has its own subtleties, with the very highly sensitive data
being irrevocable once compromised, the highly sensitive data
posing risks of identity theft, the medium sensitive data poten-
tially leading to discrimination, and the low sensitive data varying
in sensitivity based on cultural and social contexts. This clustering
of personal data into sensitivity levels underscores the varying
degrees of concern that Chinese respondents have for different
types of personal information in the IoE era (Wang et al. 2024;
Kang et al. 2022).
We also find that Chinese respondents appeared to believe that
the sensitivities of ID number, mobile phone number, and home
address were far higher than religious belief, sleep quality, sexual
orientation, and weight, which is consistent with existing research
conclusions (Schomakers et al. 2019; Kang et al. 2022). These
findings indicate that personal identification information is the
most sensitive (Schomakers et al. 2019). Personally identifiable
information (PII) refers to information that can be identified or
located as belonging to an individual when used alone or in
conjunction with other relevant data. If PII contains an attribute
that can uniquely identify an individual, this attribute is a unique
identifier, such as the national ID number, which is generally
considered highly sensitive.
This study also reveals some notable differences. Individuals
have shown increased sensitivity towards their home addresses,
contrasting with previous beliefs that home addresses were not
considered sensitive. This shift in perception may stem from new
concerns about personal safety. In contemporary times, more
people, particularly women, are living alone than ever before. The
advancement of GPS technology now allows for real-time and
precise location tracking, enabling easy and direct finding of
individuals in the physical world, posing a highly relevant
physical risk and instilling a significant sense of insecurity
regarding personal safety, thus increasing the caution with which
individuals disclose their home addresses (Milne et al. 2017). The
study also finds that income levels are perceived as less sensitive
in the Chinese cultural context, differing from Western cultural
Table 2 Mean and SD of personal data types.
Mean SD
Natural attribute data 6.03 1.89
Spiritual attribute data 5.07 2.49
Social attribute data 6.78 1.82
Information acquisition behaviour data 5.78 2.28
Business behaviour data 6.15 2.18
Life and entertainment behaviour data 6.31 2.16
Administrative data 6.59 2.17
Data that characterises individual natural attributes 5.96 1.76
Data that characterises individual behavioural attributes 6.21 1.91
41 types of personal data 6.10 1.76
ARTICLE HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x
8HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

perspectives. In Chinese society, discussions about personal
income are common and are typically not considered sensitive
data (TC260 2021).
Furthermore, the study notes the heightened sensitivity of new
personal data in the IoE environment. The continuous evolution
of IoE technology is transforming modern life (Wang et al. 2023),
particularly with the widespread adoption of smart home devices
that enable the collection and analysis of a vast amount of
personal data (Li, 2022; Schomakers et al. 2022). Due to the
innovative nature of these application scenarios, research on
Fig. 2 Identifying four clusters of personal data by sensitivity. Clustering of 41 personal data.
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x ARTICLE
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x 9
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

personal data collected by smart products is still lacking. We
include these new personal data in our study and find that
individuals exhibit a certain degree of sensitivity to them, such as
recordings of home conversations by smart speakers (M =6.45),
which is significantly higher than the average (M =6.1). This
reveals public concerns about technology’s deep integration into
daily life and the fear of potential misuse of personal privacy
(Singh et al. 2024). It reflects the evolving expectations of
individuals regarding privacy and their acceptance of data use, as
well as the increasing demand for the protection of personal data
as technology advances.
Sensitivity ranking of seven types of personal data. This study’s
results rank, from a sensitivity level perspective, the privacy level
from high to low as follows: social attribute data (M=6.78),
administrative data (M=6.59), life and entertainment behaviour
data (M=6.31), business behaviour data (M=6.15), natural
attribute data (M=6.03), information acquisition behaviour data
(M=5.78), and spiritual attribute data (M=5.07).
The social attributes of an individual mainly include their real
identity data, real relationship data, online identity data, and
online relationship data. With the help of various digital
application platforms, individuals’social attribute characteristics
continue to be digitally collected, stored, and shared on a large
scale. Social attribute data can centrally highlight the status of a
person’s social capital and resources, which is to some extent a
very important aspect of personal privacy (Li 2022). In addition,
with the deepening of smart city and smart government
application models, a large amount of personal data is recorded
on various government application platforms. Administrative
data generally involves personal privacy and has high matching,
such as credit data and social security data. If these data are
leaked, they can pose a potential threat to personal property or
reputation. Behavioural data refers to the operational records and
behavioural data of individuals on various online digital
application platforms, including life and entertainment beha-
vioural data, business behavioural data, and information acquisi-
tion behavioural data. By collecting behavioural data, companies
can clearly describe user profiles, provide more relevant
information, and provide personalised and customised products
and services to meet individual needs and interests; however,
these targeted solutions have raised privacy concerns as
Table 3 Identified clusters of very highly, highly, medium, and low sensitive data.
Very highly sensitive
data
Highly sensitive data Medium sensitive data Low sensitive data
14. ID number 1. Fingerprint 4. Medical history 2. Height
16. Mobile phone number 3. DNA 5. Voiceprint 6. Weight
18. Home address 7. Facial data 8. Drug Purchase Record 9. Sexual orientation
17. License plate number 15. Digital signature 10. Political affiliation
19. E-mail address 20. Income level 11. Religion
22. IP address 21. Occupation 12. Personality test answer (in
app)
23. Login account and
password
24. Social network profile 13. Sleep quality
38. Social security data 25. Browse history
39. Real estate registration data 26. Like data
40. Tax registration data 27. Forward data
41. Credit data 28. Online questioning records
29. Payment records
30. Shopping records
31. Logistics records
32. Evaluation records
33. Living data recorded by smart homes
34. Sports activity data recorded by intelligent
wearable devices
35. Smart speaker recording for home conversations
36. Data recorded in various game application
platforms
37. Birth registration data
Table 4 Regression results for all data and four clusters.
All data Very highly sensitive data Highly sensitive data Medium sensitive data Low sensitive data
ββ β β β
Privacy experience −0.003 0.018 −0.014 0.018 −0.051
Perceived privacy risks −2.333*** 0.043* −0.091*** −0.245*** −0.253***
Privacy concerns 0.178*** 0.220*** 0.294*** 0.139*** 0.085**
Subjective norm 0.082** 0.111*** 0.086** 0.081** 0.046
Individual image 0.098*** 0.036 0.016 0.105*** 0.104***
Age −0.001 −0.092*** −0.173*** 0.037 0.092**
Gender (1=male) 0.089*** 0.037 −0.014 0.098*** 0.081***
Education level 0.079 0.037 −0.010 0.086** 0.131***
*p < 0.05, **p < 0.01, ***p < 0.001.
ARTICLE HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x
10 HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

individuals feel their privacy is violated (Ioannou et al. 2020;
Dwivedi et al. 2021; Mathews-Hunt 2016). Biometric data refers
to the digital representation of physical features that identify
individuals in the IoE environment (Ioannou et al. 2020; Wang
et al. 2023). This type of personal data may be more sensitive
because of characteristics such as uniqueness, identification,
replicability, irreversibility of damage, and relevance of informa-
tion (Wang et al. 2023; Morosan 2019). The sensitivity of spiritual
attribute data is relatively low, as digital technology-oriented
media accelerates the flow of human emotions and extends the
real boundaries of human empathy emotions (Wu and Li, 2021).
Social media has become a visible space for people to present,
record, and share personal, emotional content in their daily lives.
As a result, people are less sensitive to data related to spiritual
attributes and show a more open and inclusive mind (Li 2022).
The antecedents of personal data sensitivity. This study also
explored the antecedents of personal data sensitivity. The results
show that perceived privacy risks and privacy concerns sig-
nificantly affect the level of personal data sensitivity. These results
enrich existing privacy literature, confirming that personal char-
acteristics are an important predictor of personal data sensitivity
(Ioannou et al. 2020; Baker-Eveleth et al. 2022; Benamati et al.
2017). However, privacy experiences do not significantly affect
personal data sensitivity. In the context of numerous privacy
incidents, complex provisions (Hargittai and Marwick 2016), a
combination of difficult-to-manage technical affordances, net-
work privacy, and constantly changing settings, individuals may
express feelings of cynicism (Lyu et al. 2024) or apathy (Hargittai
and Marwick 2016) towards privacy concerns, making them more
insensitive (Moritz et al. 2021).
At the same time, individual sensitivity is to some extent
influenced by demographic characteristics. Through our regres-
sion analysis, we demonstrate that age affects personal data
sensitivity. As may be expected, older ages presented a higher
perceived sensitivity, especially regarding very highly sensitive
data and highly sensitive data. Previous studies have also found
that older individuals have a greater risk of information overload
and stronger personal data sensitivity (Markos et al. 2017). We
also find that, compared to female, male respondents consider
medium and low sensitive data is to be more sensitive. Medium
sensitive data contains more personal data of behavioural types,
and females share their personal data more on some shopping
and entertainment platforms to obtain customised services or
consumption opportunities, which may reduce their sensitivity to
medium sensitive data. In addition, educational level can explain
some individual differences (Schomakers et al. 2019; Markos et al.
2017). For example, individuals with high education levels
generally use the internet for a long time and are exposed to a
large amount of information. They have a relatively mature and
comprehensive understanding of personal data privacy (DeSilver
and Drew 2013).
Furthermore, this study confirms that social influence
significantly affects personal data sensitivity. We have found that
the public’s personal data sensitivity is usually affected by their
social network. The development of IoE technology and social
media have greatly changed the way in which individuals receive
information, making individuals consciously or unconsciously
form judgements based on the opinions of the majority (Singh
et al. 2024). Especially regarding opaque personal data processing
on platforms, individuals usually lack sufficient knowledge and
equivalent information (Wang et al. 2023), and usually combine
the statements of people around them and expert suggestions
with their own privacy cognition systems to form judgements
about personal data sensitivity. Therefore, in practice, social
influence can be actively utilised to improve individuals’personal
data sensitivity and stimulate personal privacy protection
behaviours.
Theoretical contributions. This study focuses on the perception
of personal data sensitivity among Chinese users in the IoE era,
and further explores the differential effects of some antecedents. It
is also one of the first studies to extend the perception of user
personal data sensitivity in the Asian IoE context.
Firstly, exploring the perception of personal data sensitivity
among IoE users requires a comprehensive understanding of the
antecedents of endogenous and exogenous factors. This study
finds that users’endogenous factors (age, gender, privacy issues,
perceived privacy risks) and exogenous social influences sig-
nificantly affect the sensitivity of personal data. On the one hand,
endogenous factors significantly influence the sensitivity of
personal data. On the other hand, personal cognition is more
susceptible to exogenous social influence. Individuals tend to
show public consistency in their attitudes towards certain issues
due to the expectations of friends, family, relatives, and society,
deeply accepting such attitudes. This change is rooted in personal
beliefs and values (Singh et al. 2024). Particularly in the context of
Chinese collectivism, an important feature of “relationships”is
that they are guided and regulated by “public integration”and
social pressure (He et al. 2022), thus affecting the perception of
personal data sensitivity. These results enrich existing privacy
literature, and future research will explore the differential impact
of personal and extrinsic factors on the privacy-related percep-
tions of different users.
Secondly, as in previous studies, personal data privacy is not a
single-dimensional concept but encompasses multiple layers and
dimensions (Wang et al. 2024; Solove and Schwartz 2020). This
study’sfindings suggest that categorizing personal data items into
low, medium, high, and very high privacy segments is more
appropriate, which aligns with the existing literature that
highlights the need for a more nuanced approach to data privacy
(Tao et al. 2024; Schomakers et al. 2019; Markos et al. 2017). By
revealing that different types of personal data may be influenced
by different factors, such as perceived privacy risks and concerns,
this study deepens the understanding of how personal data is
perceived and valued by individuals. Our findings emphasize that
in the IoE environment, research on personal data privacy should
be more detailed and specific, considering the specific personal
data items and their privacy segments, which helps to better
understand the complexity and diversity of personal privacy.
Practical implications. We construct a ranking of personal data
sensitivity. The ranking can help data governance bodies and data
service providers better understand personal data sensitivity and
may assist decision-making and privacy-protection.
For data governance, the development of privacy policies is a
multidimensional decision-making process involving risk assess-
ment, public awareness, cultural differences, legal frameworks,
and technological development. Firstly, the development of
privacy policies should be based on a thorough assessment of
the potential risks of personal data, while also considering the
public’s understanding and acceptance of privacy protection
(Alemany et al. 2022; Kang et al. 2022). For instance, our study
indicates that home addresses are often misclassified in terms of
sensitivity, which underscores the need for policymakers to stay
attuned to changing public perceptions and update privacy
definitions accordingly (TC260 2021). Additionally, privacy
policies must be tailored to the cultural and social context. In
China, for instance, the public may have lower sensitivity to
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x ARTICLE
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x 11
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

religion, sexual orientation, and political relationship information
compared to other cultures.
Overall, data governance institutions need to establish a flexible
mechanism to quickly respond to new privacy risks and
challenges. At the same time, the regulatory system should
maintain stability and predictability but also be subject to regular
review and updates to reflect technological and market changes.
For this purpose, regulatory bodies should work closely with
industries, academia, and research institutions to better under-
stand technological trends and potential risks. Additionally, data
governance institutions must be acutely aware of dynamic
changes in social consciousness and assess hidden risks through
public opinion surveys and social media analysis. Through this
comprehensive and dynamic approach, privacy policies can
protect personal privacy while promoting social stability and
public security.
For data service providers, this ranking can be used in several
ways. Firstly, the ranking can help clarify the varying degrees of
sensitivity among different datasets, enabling providers to
pinpoint which types of data require more stringent privacy
measures (Lappeman et al. 2023). For the most sensitive data,
providers should enforce strict prior consent rules, while less
sensitive data can be managed with opt-out options. Secondly, the
ranking serves as a valuable tool for cross-border data service
providers, helping them to reassess and adjust their personal data
management policies to comply with local regulations and user
expectations in different countries (Kang et al. 2022).
Moreover, with the rapid development of IoE technology, data
service providers should pay special attention to managing the
collection of data, entertainment data, and lifestyle behavioural
data. Because the large-scale collection of these data poses a threat
to personal privacy (Li 2022). Providers should ensure that the
collection, transmission, storage, and use of these data follow
appropriate privacy protection measures, especially in smart
application scenarios (Kang et al. 2022). Finally, data service
providers should establish a dynamic privacy protection strategy
and regularly review and update privacy policies to ensure
consistency with the latest privacy protection standards and best
practices. Through these specific measures, data service providers
can not only comply with personal data protection regulations
but also foster user trust, gaining an advantage in the competitive
market (Lappeman et al. 2023).
Conclusions and limitations
The sensitivity of personal data serves as a critical indicator for
measuring public privacy perceptions, providing important gui-
dance for the construction and improvement of privacy protec-
tion systems. In this study, we clarify the new contents and
characteristics of personal data in the IoE environment and assess
users’perceptions of personal data sensitivity to gain a deeper
insight into the public’s current privacy concepts. The results
indicate that among the 41 types of personal data, there are sig-
nificant differences in sensitivity. Sexual orientation and religion
exhibit relatively low sensitivity, while information directly rela-
ted to personal identification, such as ID numbers and addresses,
are highly sensitive. Additionally, the study finds that in the IoE
environment, new types of personal data, such as behavioural and
facial data, also exhibit high sensitivity, reflecting the increasing
public concern about the privacy challenges brought about by
technological development.
Furthermore, personal data can be categorized into four clusters
of sensitivity: very highly sensitive data, highly sensitive data,
medium sensitive data, and low sensitive data. The study also
reveals that users’perceptions of personal data sensitivity in the IoE
environment are influenced by intrinsic factors (perceived privacy
risks, privacy concerns, gender, age, and educational level) and
extrinsic factors (social influence). These findings emphasize the
need for more detailed and specific research on personal data
privacy in the IoE context, considering specific personal data items
and their respective privacy segments, which can better understand
the complexity and diversity of personal data privacy.
Finally, this study is subject to certain limitations that require
further investigation. Firstly, the age and education level of the
respondents in this study were widely distributed. Future
research can focus on specific groups, such as teenaged, middle-
aged, and elderly people, and can also add cultural, geographical,
political, and other factors to enrich the heterogeneity of the
study (Krasnova et al. 2012). Secondly, this study focused on
identifying the perceptual sensitivity of different personal data
types without considering contexts. In the current complex
interactive environment of the IoE, individuals cannot know how
personal data is transmitted, and the context in which data is
used can change without individuals being made aware of the
change. In addition, previous research has confirmed that risk
assessment is at the core of perceived sensitivity (Milne et al.
2017; Schomakers et al. 2019). Therefore, we do not consider the
context, which is suitable in the current IoE environment.
However, many scholars still believe that privacy cognition and
behaviour are highly dependent on context (Rohunen et al. 2018;
Kokolakis 2017). For example, platform type, as an important
contextual factor, has been shown to have a significant impact on
users’privacy perception and disclosure (Tang and Lin 2017;Yu
et al. 2020). Therefore, it is worth exploring whether individuals
have different sensitivities to different personal data, taking into
account factors such as the purpose of the information processor
and the processing context.
Data availability
The datasets are available from the corresponding author Meng
Wang on reasonable request.
Received: 21 June 2023; Accepted: 19 February 2025;
References
Ackerman MS, Cranor LF, Reagle J (1999) Privacy in e-commerce: examining user
scenarios and privacy preferences. In Proceedings of the 1st ACM Conference
on Electronic Commerce (pp. 1-8)
Acquisti A, Brandimarte L, Loewenstein G (2015) Privacy and human behavior in
the age of information. Science 347(6221):509–514. https://doi.org/10.1126/
science.aaa1465
Aitken M, de St Jorre J, Pagliari C et al. (2016) Public responses to the sharing and
linkage of health data for research purposes: a systematic review and thematic
synthesis of qualitative studies. BMC Med Ethics 17(1):1–24
Alemany J, Val ED, García-Fornes A (2022) A review of privacy decision-making
mechanisms in online social networks. ACM Comput Surv (CSUR) 55(2):1–32
Asplund M, Nadjm-Tehrani S (2016) Attitudes and perceptions of IOT security in
critical societal services. IEEE Access 4:2130–2138
Ayaburi EW, Treku DN (2020) Effect of penitence on social media trust and
privacy concerns: The case of Facebook. Int J Inf Manag 50:171–181
Baker-Eveleth L, Stone R, Eveleth D (2022) Understanding social media users’
privacy-protection behaviors. Inf Comput Secur 30(3):324–345
Bansal G, Gefen D (2010) The impact of personal dispositions on information
sensitivity, privacy concern and trust in disclosing health information online.
Decis Support Syst 49(2):138–150
Benamati JH, Ozdemir ZD, Smith HJ (2017) An empirical test of an Antecedents -
Privacy Concerns-Outcomes model. J Inf Sci 43(5):583–600. https://doi.org/
10.1177/0165551516653590
Brown JD (2009a) Principal components analysis and exploratory factor analysis -
Definitions, differences, and choices. Shiken: JALT Test Evaluation SIG
Newsl 13(1):26–30
Brown JD (2009b) Choosing the right type of rotation in PCA and EFA. Shiken:
JALT Test Evaluation SIG Newsl 13(1):20–25
ARTICLE HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x
12 HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Brown JD (2009c) Choosing the right number of components or factors in PCA
and EFA. Shiken: JALT Test Evaluation SIG Newsl 13(1):19–23
Cheung C, Lee ZWY, Chan TKH (2015) Self-disclosure in social networking sites:
the role of perceived cost, perceived benefits and social influence. Internet Res
25(2):279–299
China Internet Development Research Institute (2023) World Internet Develop-
ment Report. Beijing: Commercial Press
Culnan MJ (2000) Protecting privacy online: Is self-regulation working? J Public
Policy Mark 19(1):20–26
DeSilver D (2013) “Young Americans and Privacy: It’s Compli-cated,”Pew
Research Center (June 20), http://www.pewresearch.org/fact-tank/2013/06/
20/young-americans-and-privacy-its-complicated
Dinev T, Xu H, Smith JH et al. (2013) Information privacy and correlates: an
empirical attempt to bridge and distinguish privacy-related concepts. Eur J
Inf Syst 22(3):295–316
Dinev T, McConnell AR, Smith HJ (2015) Informing privacy research through
information systems, psychology, and behavioral economics: Thinking out-
side the“APCO”box. Inf Syst Res 26(4):639–655. https://doi.org/10.1287/isre.
2015.0600
Dwivedi YK, Hughes L, Ismagilova E et al. (2021) Artificial Intelligence (AI):
Multidisciplinary perspectives on emerging challenges, opportunities, and
agenda for research, practice and policy. Int J Inf Manag 57:101994
Farayola OA, Olorunfemi OL, Shoetan PO (2024) Data privacy and security in it: a
review of techniques and challenges. Comput Sci IT Res J 5(3):606–615
Ghaffary S (2019) Amazon is trying to regulate itself over facial recognition software
before congress does. Vox. https://www.vox.com/technology/2019/2/7/18216125/
amazon-regulation-facial-recognition-software. Accessed 13 May 2023
Goldfarb A, Tucker C (2012) Shifts in privacy concerns. Am Econ Rev
102(3):349–353
Goodman B, Flaxman S (2017) European Union regulations on algorithmic
decision-making and a “right to explanation. AI Mag 38(3):50–57
Gopal RD, Hidaji H, Patterson RA, Rolland E, Zhdanov D (2018) How Much to
Share with Third Parties? User Privacy Concerns and Website Dilemmas.
MIS Q 42(1):143–164
Gu LP (2020) Integrated privacy: A new type of privacy in the era of big data.
Nanjing Soc Sci 04:106-111+122
Hair JF, Black W, Babin B, Anderson R, Tatham R (2010) Multivariate data
analysis (6th ed.). Pearson Prentice Hall
Hajli N, Lin X (2016) Exploring the security of information sharing on social net-
working sites: The role of perceived control of information. J Bus Ethics
133(1):111–123
Harari GM, Lane ND, Wang R et al. (2016) Using smartphones to collect beha-
vioral data in psychological science: Opportunities, practical considerations,
and challenges. Perspect Psychol Sci 11(6):838–854. https://doi.org/10.1177/
1745691616650285
Hargittai E, Marwick A (2016) What can I really do? Explaining the privacy
paradox with online apathy. Int J COMMUN-US 10:3737–3757
He P, Lovo S, Veronesi M (2022) Social networks and renewable energy technology
adoption: empirical evidence from biogas adoption in China. Energy Econ
106:105789
Hui K, Teo HH, Lee ST (2007) The value of privacy assurance: An exploratory field
experiment. MIS Q 31(1):19–33
Ioannou A, Tussyadiah I, Lu Y (2020) Privacy concerns and disclosure of biometric
and behavioral data for travel. Int J Inf Manag 54:102122. https://doi.org/10.
1016/j.ijinfomgt.2020.102122
Kang J, Lan J, Yan H et al. (2022) Antecedents of information sensitivity and
willingness to provide. Mark Intell Plan 40(6):787–803. https://doi.org/10.
1108/MIP-02-2022-0065
Kim D, Park K, Park Y, Ahn JH (2019) Willingness to provide personal infor-
mation: Perspective of privacy calculus in IoT services. Comput Hum Behav
92:273–281
Kokolakis S (2017) Privacy attitudes and privacy behavior: A review of current
research on the privacy paradox phenomenon. Comput Secur 64:122–134
Korzaan ML, Boswell KT (2008) The influence of personality traits and information
privacy concerns on behavioral intentions. J Comput Inf Syst 48(4):15–24
Krasnova H, Veltri NF, Günther O (2012) Self-disclosure and privacy calculus on
social networking sites: The role of culture. Bus Inf Syst Eng 4(3):127–135
Lappeman J, Marlie S, Johnson T, Poggenpoel S (2023) Trust and digital privacy:
willingness to disclose personal information to banking chatbot services. J
Financ Serv Mark 28(2):337
Li WD (2022) Privacy security of personal data cloud communication in the
internet of everything. Acad Front 7:78–89. https://doi.org/10.16619/j.cnki.
rmltxsqy.2022.14.008
Li WD (2020) The connotation, elements and composition of the Internet of
Everything. Acad Front 6:40–45
Li H, Luo X, Zhang J, Xu H (2017) Resolving the privacy paradox: Toward a
cognitive appraisal and emotion approach to online privacy behaviors. Inf
Manag 54(8):1012–1022
Lyu T, Guo Y, Chen H (2024) Understanding people’s intention to use facial
recognition services: the roles of network externality and privacy cynicism.
Inf Technol People 37(3):1025–1051
Mählmann L, Schee Gen Halfmann S et al. (2017) Attitudes towards personal
genomics and sharing of genetic data among older swiss adults: A qualitative
study. Pub Health Genomics 20(5):293–306
Mai JE (2016) Big data privacy: The datafication of personal information. Inf Soc
32(3):192–199
Malhotra NK, Kim SS, Agarwal J (2004) Internet users’information privacy con-
cerns (IUIPC): The construct, the scalle, and a causal model. Inf Syst Res
15(4):336–355
Markos E, Labrecque LI, Milne GR (2018) A new information lens: The self-
concept and exchange context as a means to understand information sensi-
tivity of anonymous and personal identifying information. J Interact Mark
42:46–62. https://doi.org/10.1016/j.intmar.2018.01.004
Markos E, Milne GR, Peltier JW (2017) Information sensitivity and willingness to
provide continua: a comparative privacy study of the united states and brazil.
J Public Policy Mark 36:79–96. https://doi.org/10.1509/jppm.15.159
Martin K, Borah A, Palmatier RW (2017) Data privacy: Effects on customer and
firm performance. J Mark 81(1):36–58
Martin KD, Zimmermann J (2024) Artificial Intelligence and its Implications for
Data Privacy. Curr Opin Psychol 101829
Martino BD et al. (2017) Internet of everything: Algorithms, methodologies,
technologies and perspectives. Springer, Singapore, (Eds.)
Mathews-Hunt K (2016) CookieConsumer: Tracking online behavioural advertis-
ing in Australia. Comput Law Security Rep. 32(1):55–90. https://doi.org/10.
1016/j.clsr.2015.12.006
Meg J (2015) Privacy Without Screens & the Internet of Other People’s Things
(April 3, 2015). Idaho Law Review, 2015, Available at SSRN: https://ssrn.com/
abstract=2614066
Mehmood R, Selwal A (2020) Fingerprint biometric template security schemes:
attacks and countermeasures. In: Singh PK, Kar AK, Singh Y, Kolekar
MH,Tanwar S (eds) Proceedings of ICRIC. Springer International Publish-
ing,Cham, pp. 455–467
Mendel T, Toch E (2017). Susceptibility to Social Influence of Privacy Behaviors:
Peer versus Authoritative Sources. In Proceedings of the 2017 ACM Con-
ference on Computer Supported Cooperative Work and Social Computing
(CSCW ‘17). Association for Computing Machinery, New York, NY, USA,
581–593. https://doi.org/10.1145/2998181.2998323
Milne GR, Pettinico G, Hajjat FM et al. (2017) Information sensitivity typology:
Mapping the degree and type of risk consumers perceive in personal data
sharing. J Consum Aff 51(1):133–161. https://doi.org/10.1111/joca.12111
Mishra A, Baker-Eveleth L, Gala P et al. (2023) Factors influencing actual usage of
fitness tracking devices: Empirical evidence from the UTAUT model. Health
Mark Q 40(1):19–38. https://doi.org/10.1080/07359683.2021.1994170
Moritz B et al. (2021) Making sense of algorithmic profiling: user perceptions on
Facebook. Inf Commun Soc 1–17. https://doi.org/10.1080/1369118X.2021.
1989011
Morosan C (2019). Disclosing facial images to create a consumer’s profile. Int J
Contemp Hosp Manag ahead-of-p(ahead-of-print),3149–3172. https://doi.
org/10.1108/ijchm-08-2018-0701
Mothersbaugh DL, Foxx WK, Beatty SE et al. (2012) Disclosure antecedents in an
online service context: The role of sensitivity of information. J Serv Res
15(1):76–98
Nandakumar K, Jain AK (2015) Biometric template protection: bridging the per-
formance gap between theory and practice. IEEE Signal Process Mag
32(5):88–100. https://doi.org/10.1109/MSP.2015.2427849
National Bureau of Statistics of China (2020). The Seventh National Population
Census Bulletin (No. 5). https://www.stats.gov.cn/sj/pcsj/rkpc/d7c/202303/
P020230301403217959330.pdf
Ohlhausen MK (2014) Privacy challenges and opportunities: The role of the federal
trade commission. J Public Policy Mark 33(1):4–9
Ohm P (2014) Sensitive information. South Calif Law Rev 88:1125–1196. https://
heinonline.org/HOL/LandingPage?handle=hein.journals/scal88&div=
39&id=&page Available online
Ozturk AB, Nusair K, Okumus F et al. (2017) Understanding mobile hotel booking
loyalty: an integration of privacy calculus theory and trust-risk framework.
Inf Syst Front 19(4):753–767
Pavlou PA, Gefen D (2005) Psychological contract violation in online market-
places: Antecedents, consequences, and moderating role. Inf Syst Res
16(4):372–399
Pedersen DM (1982) Personality correlates of privacy. J Psychol 112(1):11–14
Phelps J, Nowak G, Ferrell E (2000) Privacy concerns and consumer willingness to
provide personal information. J Public Policy Mark 19(1):27–41
Robinson C (2017) Disclosure of personal data in ecommerce: A cross-national
comparison of Estonia and the United States. Telemat Inf 34(2):569–582
Rohunen A, Markkula J, Heikkilä M (2018) Explaining diversity and conflicts in
privacy behavior models. J Comput Inf Syst 60(4):378–393
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x ARTICLE
HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x 13
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

Rumbold JMM, Pierscionek BK (2018) What are data? A categorization of the data
sensitivity spectrum. Big Data Res 12:49–59. https://doi.org/10.1016/j.bdr.
2017.11.001
Schomakers EM, Lidynia C, Ziefle M (2022) The role of privacy in the acceptance
of smart technologies: Applying the privacy calculus to technology accep-
tance. Int J Hum–Computer Interact 38(13):1276–1289
Schomakers EM, Lidynia C, Müllmann D, Ziefle M (2019) Internet users’per-
ceptions of information sensitivity-insights from germany. Int J Inf Manag
46:142–150. https://doi.org/10.1016/j.ijinfomgt.2018.11.018
Sepas-Moghaddam A, Correia P, Nasrollahi K et al. (2019) A double-deep spa-
tioangular learning framework for light field based face recognition. IEEE
TransCircuits Syst Video Technol 30(12):4496–4512. https://doi.org/10.1109/
TCSVT.2019.2916669
Singh G, Bhatt S, Jhamb D (2024) Impact of privacy, technology readiness, and
perceived crowding on adoption of telemedicine services. Int J 15(4):455–478
Smith HJ, Milberg SJ, Burke SJ (1996) Information privacy: Measuring individuals’
concerns about organizational practices. MIS Q 20(2):167–196. https://doi.
org/10.2307/249477
Solove DJ (2024) Artificial intelligence and privacy. Available at SSRN
Solove DJ, Schwartz PM (2020) Information privacy law. Aspen Publishing
Su P, Wang L, Yan J (2018) How uses’Internet experience affects the adoption of
mobile payment: A mediation model. Technol Anal Strategie Manag
30(2):186–197
Tang JH, Lin YJ (2017) Websites, data types and information privacy concerns: A
contingency model. Telemat Inf 34:1274–1284
Tao S, Liu Y, Sun C (2024) Understanding information sensitivity perceptions and
its impact on information privacy concerns in e-commerce services: Insights
from China. Comput Secur 138:103646
TC260 (2021) “Cybersecurity practices guidelines –guidelines for categorisation
and classification of network data”, available at: https://www.tc260.org.cn/
upload/2021-12-31/1640948142376022576.pdf (accessed 17 March 2023)
Turn R (1976, June) Classification of personal information for privacy protection
purposes. In Proceedings of the June 7-10, 1976, national computer con-
ference and exposition (pp. 301-307)
Valdez AC, Ziefle M (2018) The users perspective on the privacy-utility trade-offs in
health recommender systems. International Journal of Human-computer Studies
Venkatesh V, Davis FD (2000) A theoretical extension of the technology accep-
tance model: Four longitudinal field studies. Manag Sci 46(2):186–204
Venkatesh V, Thong JYL, Xu X (2012). Consumer acceptance and use of infor-
mation technology: extending the unified theory of acceptance and use of
technology. MIS Q 157-178
Wacks R (1989) Personal Information: Privacy and the La. Clarendon Press,
Oxford
Wang M, Qin Y, Liu J, Li W (2023) Identifying personal physiological data risks to
the Internet of Everything: the case of facial data breach risks. Hum Soc Sci
Commun 10(1):1–15
Wang L, Sun Z, Dai X et al. (2019) Retaining users after privacy invasions: The
roles of institutional privacy assurances and threat-coping appraisal in
mitigating privacy concerns. Inf Technol People 32(6):1679–1703
Wang L, Wang LY, Sun Z (2020) The mechanism of privacy invasion on experi-
ence on internet users self-disclosure. Syst Eng Theory Practical 40(01):79–92
Wang Y, Zhu J, Liu R, Jiang Y (2024) Enhancing recommendation acceptance:
Resolving the personalization–privacy paradox in recommender systems: A
privacy calculus perspective. Int J Inf Manag 76:102755
Weible RJ (1993) Privacy and Data: An Empirical Study of the Influence and Types
and Data and Situational Context upon Privacy Perceptions (doctoral dis-
sertation). Department of Business Administration, Mississippi State Uni-
versity.[Google Scholar]
Wiese J, Das S, Hong JI, Zimmerman J (2017) Evolving the ecosystem of personal
behavioral data. Hum–Comput Interact 32(5-6):447–510
Winegar AG, Sunstein CR (2019) How much is data privacy worth? A preliminary
investigation. J Consum Policy 42:425–440
Wong R (2007) Data protection online: Alternative approaches to sensitive data. J
Int’L Com L Tech 2:9
Wu F, Li JM (2021) Virtual reality: Exploring the technological implementation
path of empathy communication. J Southwest Minzu Univ(Humanities Soc
Sci Ed) 7:178–184
Xu H, Dinev T, Smith J et al. (2011) Information privacy concerns: Linking individual
perceptions with institutional privacy assurances. J Assoc Inf Syst 12(12):1
Xu P, Krueger B, Liang F, Zhang M, Hutchison M, Chang M (2023) Media framing
and public support for China’s social credit system: An experimental study.
New Media Soc 0(0). https://doi.org/10.1177/14614448231187823
Youn S, Shin W (2019) Teens’responses to Facebook newsfeed advertising: The effects
of cognitive appraisal and social influence on privacy concerns and coping
strategies. Telemat Inf 38:30–45. https://doi.org/10.1016/j.tele.2019.02.001
Yu L, Li H, He W, Wang FK, Jiao S (2020) A meta-analysis to explore privacy
cognition and information disclosure of internet users. Int J Inf Manag
51:102015
Zlatolas LN, Welzer T, Heričko M, Hölbl M (2015) Privacy antecedents for SNS
self-disclosure: The case of Facebook. Comput Hum Behav 45:158–167.
https://doi.org/10.1016/j.chb.2014.12.012
Acknowledgements
This research was funded by the National Social Science Foundation of China (Major
Programme, Grant No. 22ZDA078).
Author contributions
MW, WL, YQ and CC contribute equally to this research; MW, WL and YQ conceived of
the idea, implemented the formula and carried out the case studies; WL and MW
contributed to the idea, implementation and case study design; MW and YQ interpreted
the results based on the survey; WL, MW and CC coordinated the study and revised it
critically for important intellectual content; MW led the writing of the manuscript with
contributions from all co-authors.
Competing interests
The authors declare no competing interests.
Ethical approval
This study adhered to institutional research guidelines and the Declaration of Helsinki
ethical principles. Ethical approval was exempted by the School of Journalism and
Information Communication, Huazhong University of Science and Technology
(November 2022) based on three criteria: (1) deployment of non-invasive, observational
methods in public settings involving anonymized data collection, (2) implementation of
rigorous data protection protocols following ISO/IEC 27001 standards, and (3) absence
of psychological or physical intervention risks. All participants were consenting adults
(≥18 years) who provided informed consent through questionnaire completion, with data
anonymization ensuring no personal identifiers were retained throughout the research
process.
Informed consent
Participants were informed about the aim of the study, confidentiality of information,
voluntary participation, and ability to opt out of the study if needed. Participants were
informed through the question “Do you accept participation in this survey”. If they chose
to “I accept to participate”, they could proceed the next page of the measures. All
participants gave their agreement to participate in the study and consented to processing
of their data.
Additional information
Supplementary information The online version contains supplementary material
available at https://doi.org/10.1057/s41599-025-04580-x.
Correspondence and requests for materials should be addressed to Meng Wang.
Reprints and permission information is available at http://www.nature.com/reprints
Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.
Open Access This article is licensed under a Creative Commons
Attribution-NonCommercial-NoDerivatives 4.0 International License,
which permits any non-commercial use, sharing, distribution and reproduction in any
medium or format, as long as you give appropriate credit to the original author(s) and
the source, provide a link to the Creative Commons licence, and indicate if you modified
the licensed material. You do not have permission under this licence to share adapted
material derived from this article or parts of it. The images or other third party material
in this article are included in the article’s Creative Commons licence, unless indicated
otherwise in a credit line to the material. If material is not included in the article’s
Creative Commons licence and your intended use is not permitted by statutory
regulation or exceeds the permitted use, you will need to obtain permission directly from
the copyright holder. To view a copy of this licence, visit http://creativecommons.org/
licenses/by-nc-nd/4.0/.
© The Author(s) 2025
ARTICLE HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | https://doi.org/10.1057/s41599-025-04580-x
14 HUMANITIES AND SOCIAL SCIENCES COMMUNICATIONS | (2025) 12:311 | https://doi.org/10.1057/s41599-025-04580-x
Content courtesy of Springer Nature, terms of use apply. Rights reserved.

1.
2.
3.
4.
5.
6.
Terms and Conditions
Springer Nature journal content, brought to you courtesy of Springer Nature Customer Service Center GmbH (“Springer Nature”).
Springer Nature supports a reasonable amount of sharing of research papers by authors, subscribers and authorised users (“Users”), for small-
scale personal, non-commercial use provided that all copyright, trade and service marks and other proprietary notices are maintained. By
accessing, sharing, receiving or otherwise using the Springer Nature journal content you agree to these terms of use (“Terms”). For these
purposes, Springer Nature considers academic use (by researchers and students) to be non-commercial.
These Terms are supplementary and will apply in addition to any applicable website terms and conditions, a relevant site licence or a personal
subscription. These Terms will prevail over any conflict or ambiguity with regards to the relevant terms, a site licence or a personal subscription
(to the extent of the conflict or ambiguity only). For Creative Commons-licensed articles, the terms of the Creative Commons license used will
apply.
We collect and use personal data to provide access to the Springer Nature journal content. We may also use these personal data internally within
ResearchGate and Springer Nature and as agreed share it, in an anonymised way, for purposes of tracking, analysis and reporting. We will not
otherwise disclose your personal data outside the ResearchGate or the Springer Nature group of companies unless we have your permission as
detailed in the Privacy Policy.
While Users may use the Springer Nature journal content for small scale, personal non-commercial use, it is important to note that Users may
not:
use such content for the purpose of providing other users with access on a regular or large scale basis or as a means to circumvent access
control;
use such content where to do so would be considered a criminal or statutory offence in any jurisdiction, or gives rise to civil liability, or is
otherwise unlawful;
falsely or misleadingly imply or suggest endorsement, approval , sponsorship, or association unless explicitly agreed to by Springer Nature in
writing;
use bots or other automated methods to access the content or redirect messages
override any security feature or exclusionary protocol; or
share the content in order to create substitute for Springer Nature products or services or a systematic database of Springer Nature journal
content.
In line with the restriction against commercial use, Springer Nature does not permit the creation of a product or service that creates revenue,
royalties, rent or income from our content or its inclusion as part of a paid for service or for other commercial gain. Springer Nature journal
content cannot be used for inter-library loans and librarians may not upload Springer Nature journal content on a large scale into their, or any
other, institutional repository.
These terms of use are reviewed regularly and may be amended at any time. Springer Nature is not obligated to publish any information or
content on this website and may remove it or features or functionality at our sole discretion, at any time with or without notice. Springer Nature
may revoke this licence to you at any time and remove access to any copies of the Springer Nature journal content which have been saved.
To the fullest extent permitted by law, Springer Nature makes no warranties, representations or guarantees to Users, either express or implied
with respect to the Springer nature journal content and all parties disclaim and waive any implied warranties or warranties imposed by law,
including merchantability or fitness for any particular purpose.
Please note that these rights do not automatically extend to content, data or other material published by Springer Nature that may be licensed
from third parties.
If you would like to use or distribute our Springer Nature journal content to a wider audience or on a regular basis or in any other manner not
expressly permitted by these Terms, please contact Springer Nature at
onlineservice@springernature.com