Idris Adjerid
Alessandro Acquisti
ABSTRACT
In an effort to address persistent consumer privacy concerns, policy makers and the data industry seem to have found common grounds in proposals that aim at making online privacy more "transparent." Such self-regulatory approaches rely on, among other things, providing more and better information to users of Internet services about how their data is used. However, we illustrate in a series of experiments that even simple privacy notices do not consistently impact disclosure behavior, and may in fact be used to nudge individuals to disclose variable amounts of personal information. In a first experiment, we demonstrate that the impact of privacy notices on disclosure is sensitive to relative judgments, even when the objective risks of disclosure actually stay constant. In a second experiment, we show that the impact of privacy notices on disclosure can be muted by introducing simple misdirections that do not alter the objective risk of disclosure. These findings cast doubts on the likelihood of initiatives predicated around notices and transparency to address, by themselves, online privacy concerns.
- Acquisti A. (2004). Privacy in Electronic Commerce and the Economics of Immediate Gratification. Proceedings of the ACM Conference on Electronic Commerce, New York: Association for Computing Machinery, 21--29. Google Scholar
Digital Library
- Acquisti A. (2009). Nudging Privacy: The Behavioral Economics of Personal Information. Security & Privacy, IEEE 7(6): 82--85. Google ScholarDigital Library
- Acquisti A, John L, and Loewenstein G. (2012). The Impact of Relative Standards on the Propensity to Disclose. Journal of Marketing Research, 49(2): 160--174.Google ScholarCross Ref
- Brandimarte L, Acquisti A, and Loewenstein G. (2013). Misplaced Confidences: Privacy and the Control Paradox. Social Psychological and Personality Science, Volume 4, Issue: 3, 340--347. http://spp.sagepub.com/content/early/2012/08/08/1948550612455931.Google ScholarCross Ref
- Broadbent DE. (1958). Perception and Communication. Elmsford, NY, US: Pergamon Press. Volume 340 pp. doi: 10.1037/10037-010.Google Scholar
- DellaVigna S. (2007). Psychology and Economics: Evidence from the Field. NBER Working Paper No 13420.Google Scholar
- Frey JH. (1986). An Experiment with a Confidentiality Reminder in a Telephone Survey. Public Opinion Quarterly. 50, 267--269.Google ScholarCross Ref
- FTC. (2012). Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for businesses and policy makers. http://www.ftc.gov/os/2012/03/120326privacyreport.pdf.Google Scholar
- Hossain T and Morgan J. (2006). Plus Shipping and Handling: Revenue (Non) Equivalence in Field Experiments on eBay. The B. E. Journals in Economic Analysis and Policy: Advances in Economic Analysis and Policy. Volume 6, Issue: 2, 1--27.Google Scholar
- Jensen C and Potts C. (2004). Privacy Policies as Decision-making Tools: an Evaluation of Online Privacy Notices. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM Press, New York, NY, 471--478. Google ScholarDigital Library
- John L, Acquisti A, and Loewenstein G. (2011). Strangers on a Plane: Context-Dependent Willingness to Divulge Sensitive Information. Journal of Consumer Research. Volume 37, Issue: 5, 858--873.Google ScholarCross Ref
- Joinson AN, Woodley A, and Reips UD. (2007). Personalization, Authentication and Self-disclosure in Self-administered Internet Surveys. Computers in Human Behavior. 23, 275--285.Google ScholarCross Ref
- Kahneman D, Knetsch, JL., and Thaler, RH (1990). Experimental Tests of the Endowment Effect and the Coase Theorem. Journal of political Economy, 98:6, 1325--1348.Google ScholarCross Ref
- Kahneman D and Tversky A. (1979). Prospect Theory: An Analysis of Decision Under Risk. Econometrica. Volume 47, Issue: 2, 263--291.Google Scholar
- Kelley PG, Bresee J, Cranor LF, and Reeder RW. (2009). A "Nutrition Label" for Privacy. SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security. Google ScholarDigital Library
- Krazit T. (2010). Google settles Buzz lawsuit for $8.5M. CNET. http://news.cnet.com/8301-30684_3-20015620-265.html.Google Scholar
- Liang KY and Zeger SL. (1986). Longitudinal Data Analysis Using Generalized Linear Models. Biometrika. Volume:73, Issue:1, 13--22.Google Scholar
- McDonald A and Cranor L. (2009). The Cost of Reading Privacy Policies. I/S: A J. Law and Policy Inform. Soc. Volume 4, Issue:3, 543--568.Google Scholar
- Oppenheimer DM, Meyvis T, and Davidenko N.(2009). Instructional Manipulation Checks: Detecting Satisficing to Increase Statistical Power. Journal of Experimental Social Psychology. Volume 45, Issue 4, 867--872.Google ScholarCross Ref
- Organisation for Economic Cooperation and Development (OECD), OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (Sep. 23, 1980).Google Scholar
- Phelps J, Nowak G, and Ferrell E. (2000). Privacy Concerns and Consumer Willingness to Provide Personal Information. Journal of Public Policy & Marketing. 19:1, 27--41.Google ScholarCross Ref
- Posner R. (1981). The Economics of Privacy. American Economic Review. Volume:71, Issue:2, 405--409.Google Scholar
- Reitman R. (2012). FTC Final Privacy Report Draws a Map to Meaningful Privacy Protection in the Online World. Electronic Frontier Foundation https://www.eff.org/deeplinks/2012/03/ftc-final-privacy-report-draws-map-meaningful-privacy-protection-online-worldGoogle Scholar
- Santalesa R. (2011). What's Next for thè FTC's Proposed Privacy Framework? Information Law Group. http://www.infolawgroup.com/2011/03/articles/data-privacy-law-or-regulation/whats-next-for-the-ftcs-proposed-privacy-framework.Google Scholar
- Simon HA. (1955). A Behavioral Model of Rational Choice. Quarterly Journal of Economics. Volume 69, Issue:1, 99--118.Google ScholarCross Ref
- Singer E, Hippler H, and Schwarz N. (1992). Confidentiality Assurances in Surveys: Reassurance or Threat? International Journal of Public Opinion Research. 4:3, 256--268.Google ScholarCross Ref
- Stigler GJ. (1980). An Introduction to Privacy in Economics and Politics. Journal of Legal Studies. Volume 9, 623--44.Google ScholarCross Ref
- Thaler, R. H., & Sunstein, C. R. (2008). Nudge: Improving decisions about health, wealth, and happiness. Yale University Press.Google Scholar
- The White House. (2012). Consumer Data Privacy in a Networked World. http://www.whitehouse.gov/sites/default/files/privacy-final.pdf.Google Scholar
- Tsai J, Egelman S, Cranor L, and Acquisti A. (2011). The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Information Systems Research. Vol. 22, Issue:2, 254--268. Google ScholarDigital Library
- Wakefield A and Fleming J. 2009. The Sage International Dictionary of Policing. Sage Publications, London.Google Scholar
- Weisband S and Kiesler S. (1996). Self-disclosure on Computer Forms: Meta-analysis and Implications. Proceedings of the SIGCHI Conference on Human factors in computing systems, 3--10. Google ScholarDigital Library
Index Terms
- Sleights of privacy: framing, disclosures, and the limits of transparency
Recommendations
A Gap in Perceived Importance of Privacy Policies between Individuals and Companies
CONGRESS '09: Proceedings of the 2009 World Congress on Privacy, Security, Trust and the Management of e-BusinessAlthough several studies have examined individuals’ privacy concerns and companies’ privacy policy disclosures, only a few studies examined whether customers’ privacy concerns are adequately addressed in companies’ privacy policy disclosures. This study ...
E-P3P privacy policies and privacy authorization
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic SocietyEnterprises collect large amounts of personal data from their customers. To ease privacy concerns, enterprises publish privacy statements that outline how data is used and shared. The Platform for Enterprise Privacy Practices (E-P3P) defines a fine-...
Privacy policy disclosures of behavioural tracking on consumer health websites
ASIST '13: Proceedings of the 76th ASIS&T Annual Meeting: Beyond the Cloud: Rethinking Information BoundariesMany Internet users are seeking health information online, encountering significant privacy risks in the process. Historically, these risks are associated with personally identifiable information, but behavioural tracking presents a new and increasing ...
Comments