Private Information in a Social World: An Exploration of Consumers’ Concern for Privacy on Social Networking Sites

It is well understood that consumer transactions are operationalized in terms of a single utilitarian exchange where goods or services are given in return for money or other goods (Bagozzi 1975). But with the advent of commerce and other consumer activities on the Internet, a secondary exchange occurs, in which consumers also make a non-monetary, intangible exchange of their personal information (Culnan and Milberg 1998) and therefore, put their personal privacy at risk (Culnan and Bies 2003). Hence, while the Internet offers consumers access to a vast quantity of information at minimal effort and cost to enable better, more efficient decision-making (Alba et al. 1997; Bakos 1991; Widing and Talarzyk 1993), consumers are vulnerable when it comes to their online information. Many are unsure of (Sheenan and Hoy 1999) and have little control over how information is collected, stored, shared, purchased, stolen, and/or misused by government, corporate, public and private agencies, beyond the original purpose for information collection (Nowak and Phelps 1992; 1995; Milne and Culnan 2004; Buchanan et al. 2010).

Some academic studies have considered consumers’ privacy in various online settings such as web browsing and online commerce (e.g. Sheehan and Hoy 1999; Malhotra, Kim and Agarwal 2004; Buchanan et al. 2006; Eastlick, Lotz and Warrington 2006; Pan and Zinkhan 2006; Tsai et al. 2011). However, new media technologies are radically altering our social environments, including fundamental understandings of concepts such as privacy (Baym et al. 2012). Despite the rapid growth of social media in recent years, little academic research has explored consumers’ concern for privacy when choosing to sign up for and participate in social networking sites. Since Facebook’s inception in 2004, the popular social networking site has grown from just one million registered users to one billion (Zuckerberg 2012). During these eight years of explosive growth, marketers have started to realize the lucrative opportunities for brand presence and advertising on social media platforms such as Facebook (Foster, West and Francescucci 2011). Indeed, many marketers consider user information to be important in creative a competitive advantage in online environments (Andrade, Kaltcheva and Weitz 2002; Schoenbachler and Geoffrey 2002; Sijun, Beatty and Foxx 2004). The media has drawn much attention to the idea that consumers are concerned with their online privacy (Milne, Labrecque and Cromer 2009), but consumers continue to readily share their personal information. Consumers disclose personal information to social networking sites in exchange for membership and the opportunity to connect with other members. In this way, one commodity (personal information) is traded for another (membership).

Given that a major concern of many consumers is that the Internet is likely to violate users’ privacy (Maignan and Lukas 1997; Benassi 1999), it is unclear whether consumers are truly aware of, understand, or are concerned about how their personal information is being used by these social networking sites. Although the Federal Trade Commission (FTC) has established the Self-Regulatory Principles for Online Behavioral Advertising (FTC 2009), which provide suggested information disclosure policies for companies to follow, companies are not required by federal law to abide by these Principles; they are merely suggestions. The state of California has enacted the California Online Privacy Protection Act of 2003 (Cooley Godward LLP 2004), which requires commercial websites that collect personally identifiable information from users of the site who live in California to post and comply with a privacy policy. However, for websites that do disclose such information, it is unclear how the presentational mode of the privacy policies affects consumers’ perceptions of the security and usefulness of the social networking site.

The purpose of this research is to understand consumers’ concern with their privacy on social networking sites and how this concern affects consumers’ acceptance of such sites. Such research is relevant to marketing and communications scholars, in order to better understand consumer privacy, as well as to policy makers who seek to protect consumer well being.

Consumer Privacy

Consumer privacy is rooted in the work of Westin (1967), who defined privacy as individual control over disclosure and subsequent uses of their personal information. More recently, privacy has been defined as “consumers’ ability to control when, how, and to what extent their personal information is to be transmitted to others,” (Goodwin 1991; Phelps, Nowak, and Ferrell 2000; Milne and Culnan 2004). Given the above definitions, it appears that privacy can be considered a two-dimensional construct that deals with 1) control over information (i.e., disclosure) and 2) information use (i.e., intrusion). Although many consumers are unsure of how retailers collect, save, and use their personal data (Sheehan and Hoy 1999), most consumers are willing to give up some privacy simply to participate in a consumer society (Milne 2000; Phelps, Nowak, and Ferrell 2000). As such, it is increasingly apparent that personal data have become a commodity, which makes it more susceptible to exploitation.

Privacy Disclosure

Privacy disclosure can be defined as marketers’ notification of consumers about what information is collected from them and by what entity appears to allay privacy concerns (Sheehan and Hoy 2000). Marketers should disclose the uses of the information they ask consumers to provide and should provide consumers the opportunity to opt out of lists to reduce privacy concerns (Nowak and Phelps 1995). Often, marketers include privacy notices on websites to help the consumer decide whether or not to disclose information to an online marketer or to engage with the website at any level (Culnan and Milberg 1998). Such notices provide consumers with information about the organization’s information practices in attempts to reduce their perceived risk of information disclosure and build their trust (Milne and Culnan 2004).

However, privacy statements are generally written “with the threat of privacy litigations in mind rather than commitment to fair data handling practices” (Pollach 2007). In other words, companies’ privacy policies are written so that they will be covered in case of a legal dispute, not necessarily so that consumers are able to understand them. For instance, Google is a well-known search engine that organizes information and is used by Internet users in 181 countries to this access information (Google 2012). Google’s privacy policies frequently use the modality marker “may” to downplay the frequency of how many times something occurs (Bodle 2011). For example, “We [Google] may combine the information you submit under your account with information from other Google services or third parties.” Such a statement can be misleading to consumers because the use of the word “may” makes it sound like Google may or may not consumers’ information, although in reality, it is likely that they will.

Furthermore, Google articulates its privacy policy using educational, user-generated videos on its own video-streaming product, YouTube. In doing so, Google attempts to replace the official, legalistic language often used in privacy statements with a language more familiar to the average Google user. However, it can be argued that the added simplicity does not thoroughly articulate the details of Google’s privacy policies (Bodle 2011). The question remains whether the presentational mode of privacy statements and policies on social networking sites truly makes a difference in users’ awareness and understanding of the effects of sharing personal information on a social networking site.

References

Alba, Joseph, John Lynch, Bart Weitz, Chris Janiszewski, Richard Lutz, Alan Sawyer, and Stacy Wood (1997), “Interactive Home Shopping: Consumer, Retailer, and Manufacturer Incentives to Participate in Electronic Marketplaces,” Journal of Marketing, 61 (July), 38-53.

Andrade, Eduardo B., Velitchka Kaltcheva, and Barton Weitz (2002), “Self-Disclosure on the Web: The Impact of Privacy Policy, Reward, and Company Reputation,” Advances in Consumer Research, 29, 350-353.

Bagozzi, Richard P. (1975), “Marketing as an Exchange,” Journal of Marketing, 39 (October), 32-39.

Bakos, J. Yannis (1991), “A Strategic Analysis of Electronic Marketplaces,” MIS Quarterly, 15 (3), 295-310.

Baym, Nancy, Scott W. Campbell, Heather Horst, Sri Kalyanaraman, Mary Beth Oliver, Eric Rothenbuhler, René Weber, and Katherine Miller (2012), “Communication Theory and Research in the Age of New Media: A Conversation from the CM Café,” Communication Monographs, 79 (2), 256-267.

Benassi, Paola (1999), “TRUSTe: An Online Privacy Seal Program,” Communications of the ACM, 42 (2), 56-59.

Bodle, Robert (2011), “Privacy and Participation in the Cloud: Ethical Implications of Google’s Privacy Practices and Public Communications,” in The Ethics of Emerging Media, Bruce E. Drushel and Kathleen German, New York, The Continuum International Publishing Group, 155-174.

Buchanan, Tom, Carina Paine, Adam B. Joinson, and Ulf-Dietrich Reips (2006), “Development of Measures of Online Privacy Concern and Protection for Use on the Internet,” Journal of the American Society for Information Science and Technology, 58 (2), 157-165.

——–, ——–, Thomas M. Heffernan, Andrew C. Parrott, Jonathan Ling, Jacqui Rodgers, and Andrew B. Scholey (2010), “A Short Self-Report Measure of Problems with Executive Function Suitable for Administration via the Internet,” Behavioral Research Methods, 42 (3), 709-714.

Cooley Godward LLP (2004), “California Online Privacy Protection Act of 2003,” (accessed October 1, 2012), [available at http://www.cooley.com/files/ALERT-Cal_OPPA.pdf].

Culnan, Mary J. and Robert J. Bies (2003), “Consumer Privacy: Balancing Economic and Justice Considerations,” Journal of Social Issues, 59 (2), 323-342.

——–, ——– and Sandra J. Milberg (1998), The Second Exchange: Managing Customer Information in Marketing Relationships, Unpublished manuscript.

Eastlick, Mary Ann, Sherry L. Lotz, and Patricia Warrington (2006), “Understanding Online B-to-C Relationships: An Integrated Model of Privacy Concerns, Trust, and Commitment,” Journal of Business Research, 59, 877-886.

Federal Trade Commission (2009), “FTC Staff Report: Self-Regulatory Principles for Online Behavioral Advertising,” (accessed October 5, 2012), [available at http://www.ftc.gov/os/2009/02/P085400behavadreport.pdf].

Foster, Mary K., Bettina West, and Anthony Francescucci (2011), “Exploring Social Media User Segmentation and Online Brand Profiles,” Journal of Brand Management, 19 (1), 4-17.

Goodwin, Cathy (1991), “Privacy: Recognition of a Consumer Right,” Journal of Public Policy & Marketing, 10 (1), 149-166.

Google (2012), “About Google,” (accessed October 7, 2012), [available at https://www.google.com/intl/en/about/].

Maignan, Isabelle and Bryan A. Lukas (1997), “The Nature and Social Uses of the Internet: A Qualitative Investigation,” Journal of Consumer Affairs, 31 (2), 346-371.

Malhotra, Naresh K., Sung S. Kim, and James Agarwal (2004), “Internet Users’ Information Privacy Concerns (IUIPC): The Construct, The Scales, and a Causal Model,” Information Systems Research, 15 (4), 336-355.

Milne, George R. (2000), “Privacy and Ethical Issues in Database/Interactive Marketing and Public Policy: A Research Framework and Overview of the Special Issue,” Journal of Public Policy and Marketing, 19 (1), 1-6.

——–, ——– and Mary J. Culnan (2004), “Strategies for Reducing Online Privacy Risks: Why Consumers Read (or Don’t Read) Online Privacy Notices,” Journal of Interactive Marketing, 18 (3), 15-29.

——–, ——– Lauren I. Labrecque, and Cory Cromer (2009), “Toward and Understanding of the Online Consumer’s Risky Behavior and Protection Practices,” Journal of Consumer Affairs, 43 (3), 449-473.

Nowak, Glen J. and Joseph Phelps (1992), “Understanding Privacy Concerns: An Assessment of Consumers’ Information Related Knowledge and Beliefs,” Journal of Direct Marketing, 6 (4), 28-39.

——–, ——– and ——– ——– (1995), “Direct Marketing and the Use of Individual-Level Consumer Information: Determining How and When ‘Privacy’ Matters,” Journal of Direct Marketing, 9 (3), 46-60.

Pan, Yue and George Zinkhan (2006), “Exploring the Impact of Online Privacy Disclosures on Consumer Trust,” Journal of Retailing, 82 (4), 331-338.

Phelps, Joseph, Glen Nowak, and Elizabeth Ferrell (2000), “Privacy Concerns and Consumer Willingness to Provide Personal Information,” Journal of Public Policy & Marketing, 16 (3), 2-16.

Pollach, Irene (2007), “What’s Wrong with Online Privacy Policies?” Communications of the ACM, 50 (9), 103-108.

Schoenbachler, Denise D. and Gordon L. Geoffrey (2002), “Trust and Customer Willingness to Provide Information in Database-Driven Relationship Marketing,” Journal of Interactive Marketing, 16 (3), 2–16.

Sheehan, Kim B. and Mariea G. Hoy (1999), “Flaming, Complaining, Abstaining: How Online Users Respond to Privacy Concerns,” Journal of Advertising, 28 (3), 37-51.

Sijun, Wang, Sharon E. Beatty, and William Foxx (2004), “Signaling the Trustworthiness of Small Online Retailers,” Journal of Interactive Marketing, 18 (1), 53-69.

Tsai, Janice Y., Serge Egelman, Lorrie Cranor, and Alessandro Acquisti (2011), “The Effect of Online Privacy Information on Purchasing Behavior: An Experiemental Study,” Information Systems Research, 22 (2), 254-268.

Westin, Alan F. (1967), Privacy and Freedom. New York: Atheneum.

Widing, Robert E. and W. Wayne Talarzyk (1993), “Electronic Information Systems for Consumers: An Evaluation of Computer-Assisted Formats in Multiple Decision Environments,” Journal of Marketing Research, 30 (2), 125-141.

Zuckerberg, Mark (2012), “One Billion People on Facebook,” (accessed October 4, 2012), [available at http://newsroom.fb.com/News/One-Billion-People-on-Facebook-1c9.aspx].

Public vs. Private: Who’s to Know?

Beldad, de Jong, and Steehouder (2011) raise some interesting points in their review of the literature related to information privacy. First, it is apparent that privacy and control go hand in hand. That is, one’s perceived privacy seems to have everything to do with the amount of control he or she possesses and would like to maintain over his or her personal information. While this differs by individual, personal data has also become a commodity, which, in my opinion, is what makes research on information privacy both challenging and interesting. Some people seem to provide access to their personal information quite freely, while others exercise great caution in determining which information to provide publicly. Furthermore, we live in an age where personal information is often not only required by governing bodies and companies, but also by other individuals (i.e., mobile application developers) in order to reap certain benefits. Sure, we consumers can use cues such as online privacy statements, third-party seals of approval, and security mechanisms, but in a society where personal data has been commoditized, how can we really know whom to trust?

I was pleasantly surprised to read Bodie’s (2011) article about Google’s privacy policy communications. I found Bodie’s take to be refreshing, given all the positive media hype that often surrounds Google. I agree that it can deceitful for companies to shift privacy protection responsibilities to the user and to use misleading linguistic forms, as mentioned in the article. Furthermore, Google’s practice of “obscurity through simplicity” and implementing different supplemental privacy policies for fifty products is doing a disservice to its users. However, I also feel that users should take responsibility for the technologies they use, similar to the way people must take responsibility for their use of any product, service, or system. To me, this is part of being a “smart consumer”.

The debate between Ford (2011; 2012) and Jurgenson and Rey (2012) about publicity and privacy as a continuum or dialectic is a curious one to consider. Ford’s (2011) distinction between spatial and personal privacy was particularly interesting. Although it may be true that “…in order to maintain personal privacy, we need private spaces in which to keep our information private” (Ford 2011), Ford (2011; 2012) and Jurgenson and Rey (2012) contend that this barrier is breaking down. I understand the points made by Jurgenson and Rey; however, it makes more sense to me to consider the modern relationship between publicity and privacy as a continuum. As noted by Ford (2011), social media users reveal much about their private lives to the public realm of the Internet. Moreover, in her rebuttal piece (2012), she makes the point that the social media technology itself impacts how users manage access to that content. As such, it appears that a continuum exists, ranging from highly private, where information is very restricted and controlled by the user, to highly public, where information is very open and not controlled by the user. In my opinion, this continuum is the best way to think about the relationship between public and private as we plunge headfirst into a digitally- and socially- connected world.