THE INFLUENCE OF RESIGNATION ON THE PRIVACY CALCULUS IN THE CONTEXT OF SOCIAL NETWORKING SITES: AN EMPIRICAL ANALYSIS

Individuals conduct a privacy calculus before they disclose information by weighing benefits with privacy risks of disclosure. In line with the privacy calculus, if benefits outweigh privacy risks individuals disclose information, otherwise they do not. However, research has also challenged the privacy calculus because individuals also disclose information even in light of low benefits and high privacy risks. Given explanations refer to 1) altering the perceptions of benefits and privacy risks or 2) altering the effect of benefits and privacy risks on disclosure. Whereas studies focusing on the first part have provided explanations for why the privacy calculus is sometimes not confirmed, studies on the second part do not do so. This study is therefore considering the second part and is integrating an individual’s level of resignation to protect one’s privacy in the context of social networking sites. We consider resignation as a reaction of individuals to given privacy threats. Results show that when including resignation the effect of benefits becomes stronger and the effect of privacy risks becomes weaker. Implications for theory include that resignation helps in explaining why individuals disclose information even when only small benefits and high privacy risks are present

A Behavioral Economics Perspective on the Formation and Effects of Privacy Risk Perceptions in the Context of Privacy-Invasive Information Systems

In recent years, more and more information systems are proliferating that gather, process and analyze data about the environment they are deployed in. This data oftentimes refers to individuals using these systems or being located in their surroundings, in which case it is referred to as personal information. Once such personal information is gathered by an information system, it is usually out of a users’ control how and for which purpose this information is processed or stored. Users are well aware that this loss of control about their personal information can be associated with negative long-term effects due to exploitation and misuse of the information they provided. This makes using information systems that gather this kind of information a double-edged sword. One can either use such systems and realize their utility but thereby threaten ones’ own privacy, or one can keep ones’ privacy intact but forego the benefits provided by the information system. The decision whether to adopt this type of information system therefore represents a tradeoff between benefits and risks. The vast majority of information systems privacy research to date assumed that this tradeoff is dominated by deliberate analyses and rational considerations, which lead to fully informed privacy-related attitudes and behaviors. However, models based on these assumptions often fail to accurately predict real-life behaviors and lead to confounding empirical observations. This thesis therefore investigates, in how far the risk associated with disclosing personal information to privacy-invasive information systems influences user behavior against the background of more complex models of human decision-making. The results of these investigations have been published in three scientific publications, of which this cumulative doctoral thesis is comprised. These publications are based on three large-scale empirical studies employing experimental approaches and being underpinned by qualitative as well as quantitative pre-studies. The studies are guided by and focus on different stages of the process of perceiving, evaluating and mentally processing privacy risk perceptions in considerations whether to disclose personal information and ultimately use privacy-invasive information systems. The first study addresses different conceptualizations of privacy-related behaviors, which are oftentimes used interchangeably in privacy research, despite it has never been investigated whether they are indeed equivalent: Intentions to disclose personal information to an information system and intentions to use an information system (and thereby disclose information). By transferring the multiple-selves-problem to information systems privacy research, theoretical arguments are developed and empirical evidence is provided that those two intentions are (1) conceptually different and (2) formed in different cognitive processes. A vignette-based factorial survey with 143 participants is used to show, that while risk perceptions have more impact on disclosure intentions than on usage intentions, the opposite holds for the hedonic benefits provided by the information system. These have more impact on usage intentions than on disclosure intentions. The second study moves one step further by addressing systematically different mental processing of perceived risks and benefits of information disclosure when considering only one dependent variable. In particular, the assumption that the perceived benefits and risks of information disclosure possess additive utility and are therefore weighted against each other by evaluating a simple utility function like “Utility = Benefit – Cost” is investigated. Based on regulatory focus theory and an experimental pre-study with 59 participants, theoretical arguments are developed, that (1) the perception of high privacy risks evokes a state of heightened vigilance named prevention-focus and (2) this heightened vigilance in turn changes the weighting of the perceived benefits and risks in the deliberation whether to disclose personal information. Results from a second survey-based study with 208 participants then provide empirical evidence, that perceptions of high risks of information disclosure in fact evoke a prevention focus in individuals. This prevention focus in turn increases the negative effect of the perceived risks and reduces the positive effect of the perceived benefits of information disclosure on an individuals’ intention to disclose personal information. Instead of investigating the processing of risk perceptions, the third study presented in this thesis focuses on the formation of such perceptions. The focus is therefore on the process of selecting, organizing and interpreting objective cues or properties of information systems when forming perceptions about how much privacy risk is associated with using the system. Based on an experimental survey study among 233 participants the findings show, that individuals in fact have difficulties evaluating privacy risks. In particular, (1) the formation of privacy risk perceptions is dependent on external reference information and (2) when such external reference information is available, individuals are enabled to form more confident risk judgments, which in turn have a stronger impact on an individual’s privacy-related behavior. These findings suggest a reconceptualization of privacy risks as not only being characterized by an extremity (how much risk is perceived) but also the dimension of confidence in ones’ own risk perception. Overall, the research findings of the three studies presented in this thesis show, that widely accepted assumptions underlying information systems privacy research are severely oversimplified. The results therefore contribute significantly to an improved understanding of the mental processes and mechanisms leading to the acceptance of privacy-invasive information systems

Perceived privacy risk in the Internet of Things: determinants, consequences, and contingencies in the case of connected cars

The Internet of Things (IoT) is permeating all areas of life. However, connected devices are associated with substantial risks to users’ privacy, as they rely on the collection and exploitation of personal data. The case of connected cars demonstrates that these risks may be more profound in the IoT than in extant contexts, as both a user's informational and physical space are intruded. We leverage this unique setting to collect rich context-immersive interview (n = 33) and large-scale survey data (n = 791). Our work extends prior theory by providing a better understanding of the formation of users’ privacy risk perceptions, the effect such perceptions have on users’ willingness to share data, and how these relationships in turn are affected by inter-individual differences in individuals’ regulatory focus, thinking style, and institutional trust

Too Crowded to Disclose! Exploring the Relationship Between Online Crowdedness and Self-Disclosure

Nowadays, people communicate with many others online. Of the online sites, product review pages have become an important communication medium on which consumers share information about a product. Drawing upon this trend, we examined the factors that affect reviewers’ self-disclosure behavior. Prior studies have found that privacy behaviors such as self-disclosure are affected by diverse contextual factors. In this study, we propose that online crowdedness is an important contextual factor for self-disclosure behavior. Using review data from the largest online apparel rental site in the U.S., we empirically explored the relationship between online crowdedness and self-disclosure behavior. The result shows that online crowdedness can discourage self-disclosure behavior

A Forward-Looking Conceptualization of Information Privacy

Privacy is a fluid and ever-evolving concept, studied across multiple fields and with numerous definitions. Privacy research in information systems (IS) is extensive yet has not traveled far beyond the IS realm and fully engaged in the broader conversations being had with regards to privacy. This research seeks to define a larger sense of privacy that integrates the many working definitions across fields, along with related concepts, and to develop an alternative framework that can account for the constant technological and socio-technical changes through which to engage in privacy research. One such framework is developed and tested, grounded in the idea of the relative distribution of digital information decision rights across groups within a society, demonstrating the utility for future-oriented research that allows for active theorization that can adapt to rates of technological progress and resulting socio-technical changes

Examining Consumers’ Selective Information Privacy Disclosure Behaviors in an Organization’s Secure e-Commerce Systems

The study is an examination of the antecedents to the paradoxical changes in the consumers’ intended and actual personal information disclosure behaviors in online transactions or in e-commerce environments. The argument is that a consumer’s information privacy paradox is based on the consumer’s cognitive predisposition. The study adopted the conceptual underpinning inherent in the Privacy Regulation Theory (PRT) and translated them into information privacy context, as the consumer’s desired state of information privacy, information privacy self-interest, information privacy permeability, and information privacy equipoise constructs, to examine the causal relationship among the constructs and between a consumer’s selective personal information disclosure behavior variable. The theoretical model was advanced based on the conceptual framework in PRT and was validated using Structural Equation Modeling. In addition, the study conducted hypothesis testing and factor analysis using Confirmatory Factor Analysis in order to determine the existence of statistical significance and causality. The result indicates that the consumers’ willingness to transact online and disclose their personal information depend largely on the degree of their need signal (self-interest), and to some extent, their awareness and concern of the online merchant’s capacity to collect their personal information, irrespective of their previously declared or undeclared intent to transact and disclose personal information, or despite their desired natural state of information privacy. In other words, the existence of the information privacy paradox stems from the fact that a consumer’s intention to disclose personal information online depends on the person’s natural or desired state of information privacy, whereas the customer’s actual personal information disclosure behavior depends on his or her information privacy equipoise

Adaptive Privacy Management System Design For Context-Aware Mobile Devices

While mobile technologies can provide great personalized services for mobile users, they also threaten their privacy. Such personalization-privacy paradox are particularly salient for context aware technology based mobile applications where user's behaviors, movement and habits can be associated with a consumer's personal identity. In this thesis, I studied the privacy issues in the mobile context, particularly focus on an adaptive privacy management system design for context-aware mobile devices, and explore the role of personalization and control over user's personal data. This allowed me to make multiple contributions, both theoretical and practical. In the theoretical world, I propose and prototype an adaptive Single-Sign On solution that use user's context information to protect user's private information for smartphone. To validate this solution, I first proved that user's context is a unique user identifier and context awareness technology can increase user's perceived ease of use of the system and service provider's authentication security. I then followed a design science research paradigm and implemented this solution into a mobile application called "Privacy Manager". I evaluated the utility by several focus group interviews, and overall the proposed solution fulfilled the expected function and users expressed their intentions to use this application. To better understand the personalization-privacy paradox, I built on the theoretical foundations of privacy calculus and technology acceptance model to conceptualize the theory of users' mobile privacy management. I also examined the role of personalization and control ability on my model and how these two elements interact with privacy calculus and mobile technology model. In the practical realm, this thesis contributes to the understanding of the tradeoff between the benefit of personalized services and user's privacy concerns it may cause. By pointing out new opportunities to rethink how user's context information can protect private data, it also suggests new elements for privacy related business models

Essays on enterprise social media: moderation, shop floor integration and information system induced organizational change

The digital transformation increases the pressure on innovation capabilities and challenges organizations to adapt their business models. In order to cope with the increased competitiveness, organizations face two significant internal challenges: Enabling internal digital collaboration and knowledge sharing as well as information system-induced change. This dissertation will investigate seven related research questions divided in two main parts. The first part focuses on how an organization can foster digital knowledge exchanges and collaboration in global organizations. Enterprise social media has attracted the attention of organizations as a technology for social collaboration and knowledge sharing. The dissertation will investigate how organizations can moderate the employee discourse in such platforms from a novel organizational perspective and provide insights on how to increase the encouragement for employees to contribute and assure content quality. The developed framework will provide detailed moderation approaches. In addition, the risk of privacy concerns associated with organizational interference in the new digital collaboration technologies are evaluated. The second part of the dissertation shifts the focus to the shop floor environment, an area that has faced substantial digital advancements. Those advancements change the organizational role of the shop floor to a more knowledge work-oriented environment. Firstly, a state of research regarding technology acceptance and professional diversity is presented to create an enterprise social media job-characteristic framework. Further, a unique and longitudinal shop floor case study is investigated to derive organizational challenges for enterprise social media and potentials for empowerment. To validate the future shop floor environment needs use cases for the shop floor are derived and a user profile is established. The case study is extended by expert interviews to focus on conceptualizing organizational information systems-induced change. In this regard, the role of work practices, organizational and employee mindset and information system change are integrated into a holistic organizational change model that targets employee empowerment. This dissertation provides a comprehensive overview of enterprise social media from an organizational management and shop floor perspective. It contributes to understanding new digital needs at the shop floor and the information systems-induced change journey towards digital employee empowerment

Essays on Crowdfunding Adoption and Behavior

The aim of this dissertation is to examine aspects of crowdfunding adoption and behavior. Accordingly, the overarching research question answered by this dissertation is: what influences crowdfunding backers’ contribution intentions and behaviors? The dissertation answers this question while focusing on dimensions of trust, community, and technological acceptance. The dissertation is made up of three studies with one conceptual article (study 1), and two empirical studies (study 2 and 3). The conceptual study marries marketing and trust literatures and contextualizes their implications for the crowdfunding context. The result is the development of a framework of trust-based marketing strategies for crowdfunding campaigns, building on the understanding of the critical role played by trust in crowdfunding adoption by prospective backers. The empirical studies (i.e., study 2 and 3), are based on the analyses of empirical data collected from actual platform users, while using Structural Equation Model techniques. These studies examine the antecedents of backers’ contribution intentions and behavior, specifically in the context of reward crowdfunding in Finland. Study 2 explains backers’ intention and behavior by testing the extensive version of the technology acceptance model (TAM). It confirms the relevance of the TAM model for properly capturing influential antecedents of backers’ financial contribution intentions and behavior and further elaborates on the specific influences of backers’ experiences and voluntariness, which challenge existing conceptualizations from other information and communication technology -related contexts. Study 3 builds on the view of crowdfunding as an embedded phenomenon in online communities, to develop a community-based crowdfunding framework for explaining backers’ contribution intentions and behaviors, while highlighting the roles of community identification and community trust.publishedVersio

Time Orientation, Rational Choice and Deterrence: an Information Systems Perspective

The present study examines General Deterrence Theory (GDT) and its parent, Rational Choice Theory (RCT), in an information security setting, assessing the behavioral intent to violate organizational policy under varying levels of certainty, severity and celerity of negative sanction. Also assessed is the individual computer user\u27s time orientation, as measured by the Consideration of Future Consequences (CFC) instrument (Strathman et. al, 1994). How does rational consideration of violation rewards influence the impact of sanctions on individuals? How does time orientation impact intent to violate security policy? How do these operate in an IS context? These questions are examined by assessing the responses of university students (N = 443) to experimental manipulations of sanctions and rewards. Answering vignettes with the factorial survey method, intent to violate is assessed in a setting of Internet piracy of electronic textbooks while being monitored by computer security systems. Findings show that, although traditional GDT variables and reward impact intent to violate, CFC does not cause the hypothesized moderating effect on these variables. However, post-hoc analysis reveals a direct effect of time orientation on behavioral intent, as well as a weak moderating effect opposite of the hypotheses, indicating increased time orientation positively moderates, rather than negatively moderates, the impact of reward on intent to violate. Implications for theory and practice, and future research directions, are discussed