Online privacy paradox : different consumer mindsets

(1)

ONLINE PRIVACY PARADOX

Sharina Wieringa

10970665

University of Amsterdam

MSc Business Administration – Marketing track

Joris Demmers

Version 3

30 March 2016

(2)

Online Privacy Paradox | 1

Statement of originality

This document is written by Student Sharina Wieringa who declares to take full responsibility for the contents of this document. I declare that the text and the work presented in this

document is original and that no sources other than those mentioned in the text and its references have been used in creating it.

The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.

(3)

Table of content

Statement of originality ... 1

List of tables and figures Tables ... 3

Acknowledgements ... 4 Abstract ... 5 1. Introduction ... 6 1.1 Literature gap ... 8 1.2 Research question ... 8 1.3 Relevance ... 8 2. Literature review ... 10 2.1 Privacy paradox. ... 10

2.2 Privacy paradox potential reasons ... 11

2.3 Concrete or Abstract mindset? ... 12

3. Data and method ... 15

3.1 Method ... 15

3.2 Measures ... 16

3.2.1 Behavioral Identification Form (BIF) ... 17

3.2.3 Privacy protection behavior level ... 18

3.3 Statistical tests ... 19

3.3.1 Correlation test ... 19

3.3.2 ANOVA test - condition groups and BIF score. ... 19

4. Results ... 21

4.1 Correlation test - concern level score and privacy protection behavior level ... 21

4.2 ANOVA test – condition groups and BIF score... 22

5. Discussion ... 25

5.1 Privacy paradox ... 25

5.2 Difference in mindsets. ... 26

6. Conclusions ... 28

6.1 Summary ... 28

6.2 Limitations and further research ... 28

Appendix A ... 30

Appendix B ... 36

Appendix C ... 40

(4)

List of tables and figures

Tables

Table 1 - Correlation concern level score and privacy protection behavior level ... 21 Table 2 - Descriptives: Mean, Standard Deviation, Sample size of all condition groups - BIF score ... 23 Table 3 - Planned contrast tests among all condition groups and their BIF scores ... 24

Figures

(5)

Acknowledgements

Firstly, I would like to express my sincere gratitude to my supervisor Joris Demmers for the continuous support of my MSc thesis study, for his patience, motivation, and knowledge. His guidance helped me during the time of study and writing the thesis.

Besides my supervisor, I would give a special thanks to Martine Vogel who reviewed this thesis study before submitting. And last but not least, I would like to thank all the participants who have helped me in executing this study. Without the help of the participants, I would not have been able to conduct this research.

(6)

Abstract

This study provides an answer to the following research question: is there a relation between consumers’ privacy protecting intentions and behavior online and what difference in mindset occurs between these two conditions? The participants of this study were randomly allocated into two experimental groups. The concern group (n=32) completed a privacy concern survey and two weeks later were asked to perform relevant privacy protection tasks. The behavior group (n=35) were only asked to perform the privacy protection tasks. All groups filled out the Behavioral Identification Form (BIF) by Vallacher & Wegner (1989) to measure their mindset, i.e. concrete or abstract. A control group (n=32) partook in the BIF to benchmark the mindset norm and to check whether the privacy concern survey manipulated the participants into an abstract mindset. This study finds that there is no significant correlation between the consumers’ intentions and actual behavior regarding the protection of their online privacy and, therefore, suggests support for the online privacy paradox. The findings suggest that participants who were exposed to a privacy concern survey had a more abstract mindset than participants who were not. The main implications of this study are that consumers’ concerns about their online privacy is not a reliable predictor for their online privacy protecting behavior, and additionally, that the participants during the privacy concern tasks were in a more concrete mindset. Therefore it can be assumed that consumers will share more personal information than they intend to do.

(7)

1. Introduction

Since the second half of the 1990s, using the internet for different purposes has become a habit in consumer´s daily life. Online shopping and the use of social media are nowadays a common activity. This development of the internet has brought significant risks regarding the privacy of the online user. However it seems that consumers are easily sharing their personal information, e.g. full names and e-mail address, for small rewards or conveniences on the internet (Jupiter Research, 2002). This happens even if these same consumers say they are concerned about their online privacy (Norberg, et al., 2007).

Studies (Norberg, et al., 2007; Jupiter Research, 2002; Acquisti & Grossklags, 2004) have shown that there is a major inconsistency between the customers’ intentions regarding privacy protection and their actual behavior. This phenomenon is called the ‘privacy paradox´ (Norberg, et al., 2007; Jupiter Research, 2002; Acquisti & Grossklags, 2004). However this phenomenon have not been revealed yet in online context, even though privacy sensitive situations occur frequently in the online environment (Pierson & Heyman, 2011).

Several online tools are increasingly being used by websites to retract customers’ personal information. Examples of such online tools are the use of social media login and website cookies. A social media login is a website whom offers consumers to login using their social media account, e.g. Facebook or LinkedIn. These social media companies are then easily able to track and collect consumer data after login for promotion and other marketing-related purposes. This results in a risk for the customers’ privacy. However, the assumption is that most consumers choose the social media login because it is most convenient.

´Cookies’ are another online tool. This tool is used to discover a customer’s

intentions and shopping behavior at a website. Many internet websites ask to accept ‘cookies’ in order to guarantee an improvement for your website experience. However, ‘cookies’ are,

(8)

similar to social media login, used for other marketing purposes. Cookies can track your online behavior and this results in a risk for the customers´ privacy.

Due to the pseudo-convenience benefits of these online tools, and increased deception attached, privacy protection online becomes more essential. In order to explain this research study clearer, several important steps are listed. First, it is important to test if a privacy paradox exist in an online environment. Therefore this study will test the relation between consumers’ online privacy protecting intentions and behavior. This test is expected to indicate whether consumer intentions is a predictor for the willingness to share their personal

information with the companies in an actual online setting.

Secondly, the consumers’ mindset in the concern and behavior condition is of great importance. Construal Level Theory (CLT) assumes that people “mentally construe objects that are psychologically near in terms of low-level, detailed, and contextualized features, whereas at a distance they construe the same objects or events in terms of high-level, abstract, and stable characteristics” (Trope, et al., 2007, p. 83). This theory will therefore assume that when consumers have a low-level, concrete mindset, they will focus on the near future and easily accessible benefits. They will most likely choose for convenience and share their personal information more easily. On the other hand, consumers with a high-level, abstract mindset will focus on the future consequences and will therefore more likely protect their privacy.

(9)

1.1 Literature gap

Much research has been conducted about the privacy paradox (e.g. Norberg, et al., 2007; Jupiter Research, 2002; Acquisti & Grossklags, 2004), however little research has covered whether this phenomenon also exists online. This paper will measure whether there is an online privacy paradox and if a difference in mindset occurs between the concern and behavior conditions.

1.2 Research question

The following research question has been developed:

Is there a relation between consumers’ privacy protecting intentions and behavior online and what difference in mindset occurs between these two conditions?

In order to find the answer to this question a convenience sample has been used. The

participants are randomly allocated to either a concern or behavior group. The concern group completed a privacy concern survey and two weeks later were asked to perform relevant privacy protection tasks. The behavior group were only asked to perform the privacy protection tasks. This has been done to measure the difference in mindsets and to test an online privacy paradox. This quantitative study is executed with the help of a survey and online privacy protection tasks. A more detailed description of the measures and conditions used, is written in chapter 3.

1.3 Relevance

Companies use social media and other online tools in their marketing strategy. The more personal customer information is shared, the more likely the managers will be able to target

(10)

them with the right products/services. This will result in efficient relationship management with their customers, which may satisfy their customers more. This study hope to reveal whether an online privacy paradox exists and whether there are differences in mindset between the concern and behavior group. CLT (Trope, et al., 2007) assumes that when consumers are in a concrete mindset when engaging in online behavior, they will be more willing to share their personal information. This study’s results will provide managerial implications. For example, managers may be able to use this study’s results to increase the likelihood of customers sharing the required personal information.

Previous research has shown that the privacy paradox is present. However little research exist about whether an online privacy paradox exist. The assumption is that the consumers who will fill out a privacy concern survey will have a different mindset than when they perform the online privacy tasks. This study will test this with the two different

conditions: concern and behavior. Determining the existence of the online privacy paradox and understanding the differences in mindsets, will contribute to current relevant literature.

The following section will discuss the literature review, followed by the data collection and the methods used. Subsequently, the results and discussion will be analyzed. Finally, the conclusions will be presented.

(11)

2. Literature review

2.1 Privacy paradox.

This literature review will explain what the privacy paradox is, followed by an explanation of the researched reasons for the privacy paradox. Finally, the link between the privacy paradox and whether a difference in mindset results in a difference in behavior will be clarified. Norberg, et al., (2007) refer to the the privacy paradox as the inconsistencies between individuals' intentions to disclose personal information and individuals' actual disclosure behaviors. The authors mention that consumers do express their concerns about the

consequences for their privacy when disclosing personal information, however the research proves that their actual behavior is different. Norberg et al. (2007) state that “people are less than selective and often cavalier in the protection of their own data profiles”. Jupiter Research (2002) found that individuals are willing to make a cost/benefit analysis to trade-off privacy for convenience at the moment of actual behavior. Moreover, “even people with negative perceptions about disclosing certain personal information will actually release their

information when directly requested”, (Norberg, et al., 2007). In addition to that, Acquisti and Grossklags (2004) state that even if individuals were concerned about their privacy they were reluctant to pay when several services offered to provide protection for their personal

information. These studies solely refer to privacy paradox in an offline environment and no connection has been made to the online environment. This leads to the first hypothesis:

H1: There is no relation between the consumers’online privacy proctecting intentions and their actual online privacy protecting behavior.

(12)

2.2 Privacy paradox potential reasons

Acquisti and Grossklags (2004) defined several reasons for why the privacy paradox exists. The first reason is that consumers are uninformed about when their personal information can be obtained in a online situation. Acquisti, et al. (2015) state that “advancements in

information technology have made the collection and usage of personal data often invisible”. The consumers therefore make decisions online based on incomplete information.

Considering that incomplete knowledge about privacy violation is the basis of the consumers’decisions, consumers act respectful or not for their online privacy, in certain situations based on the influence of their social environment (Lewis, et al., 2008)

The second reason for the privacy paradox is that when consumers are aware of when their privacy might be violated, they will not be able to make a proper cost-benefit analysis. Acquisti and Grossklags (2004) refer to this bounded rationality as “the inability to calculate probabilities and amounts for risks and related costs for the various possible individual strategies, but also the inability to process all the uncertain and stochastic information related to information securtiy costs and benefits.” Several aspects might influence the decision to disclose personal information, even when these aspects do not give a relevant overview of the potential risks. Larose and Rifon (2007) state that “privacy warnings increased perceptions of the risks associated with information practices and decreased disclosures”, whereas Wu, et al. (2012) claim that the presence of a privacy policy will reduce the perceived risks on the website and will increase their information disclosure. Even consumers with high technical knowledge and awareness of online surveillance have a limited privacy protection behavior (Park, 2011). These statements shows that there is not only a inconsistency in how consumers perceive their privacy, but also an inconsistency in the literature. Consumers are easily

misguided and will not have a clear view to make a rational cost-benefit analysis of when to disclose their personal information

(13)

The third reason is the assymetric discounting of benefits in terms of time distance i.e. proximal and distant time spans. Acquisti and Grossklags (2004) state that “ a person’s

relative preference for well-being at an earlier date over a later date gets stronger as the earlier date gets closer”. Youn (2009) revealed that “perceived risks of information disclosure

increased privacy concerns, whereas perceived benefits offered by information exchange decreased privacy concerns.” Debatin, et al. (2009) complemented this finding by stating “the gratification of using a social media network like Facebook tend to outweigh the perceived threats to privacy.” Consumers might act differently compared to their initial intentions when they experience an increase in the offered benefits of using, for example, their Facebook account, which will decrease the perceived privacy risks in the future. Xu, et al. (2010) mention that personalization can somehow override privacy concerns. Consumers’ value for instant personalization was almost two times more influential than their concerns for privacy at a later stage (Xu, et al., 2010).

2.3 Concrete or Abstract mindset?

In order to link the gap between the consumers’ online privacy protecting intentions and behavior to the corresponding mindset, this thesis will test in which respective condition the mindset will be more abstract/concrete. Ho, et al. (2015) report that CLT states that the same event or object can be represented as different levels of concreteness or abstraction. An event construed at a relatively high level is more abstract, than an event construed at a lower construal level, which is more concrete. CLT is also a framework that links the level of abstraction/concreteness and distance. Trope, et al. (2007) claims that 4 types of

psychological distance exist: social distance, spatial distance, hypothetical distance and temporal distance. The relevant type of psychological distance in this thesis study is temporal distance. Moreover, Trope, et al. (2007) state that consumers who focus on the short-term time horizon will have a low-level and therefore more concrete mindset than consumers who

(14)

will focus on the long-term. Therefore, when consumers are in an abstract mindset they will think about the long-term benefits, and in contrast, when they are in a concrete mindset, they will think about the short-term benefits. In terms of this thesis study, Trope, et al.’s (2007) theory, suggests that the participants in the behavior condition will focus on the short-term benefits when performing the online privacy protection tasks and will therefore be in a more concrete mindset than the participants in the concern condition, who are exposed to the privacy concern survey. Additionally, Torelli and Kaikati (2009) posit that values are abstract representations of ideal end states, which are important and lasting beliefs or ideals for the consumer. These values are more likely to influence behavior when people are in an abstract mindset. This previous statement suggests that when consumers are in an abstract mindset, the value privacy might have a greater influence on their behavior than when consumers are in a more concrete mindset. Vallacher and Wegner (1989) state that in comparison with the CLT theory, humans who consider their actions in terms of details consider their actions as concrete. Others who consider their actions in larger meanings of the action, perceive their actions as more abstract.

The mere-measurement effect supports the concept that asking general intent questions about how consumers might protect their privacy, influences behavior by changing the

accessibility of attitudes toward specific options (Morwitz & Fitzsimons, 2004). The mere-measurement effect indicates that proposing questions about a distant time span topic, like privacy, will make the consumers aware of this topic. Therefore the mere-measurement effect states that general intent questions will place privacy in the mind of the consumer. This could lead consumers to thinking about the long-term benefits of protecting their online privacy, which automatically leads to a more abstract mindset because of high temporal distance.

The assumption is that the concern group who will be asked about their privacy concerns, will have a more abstract mindset than the behavior group who will be performing

(15)

online privacy protection tasks. The first group’s mindset will be triggered to think about the long term benefits of protecting their privacy which will lead to a more abstract mindset. The second group will have a low construal level goal – e.g. using the website, login etc. – and will therefore think about the short-term benefits which lead to a more concrete mindset. This assumption proposes the following hypothesis:

H2: Participants in the concern condition will have a more abstract mindset, than the participants in the behavior condition.

(16)

3. Data and method

The data method used for this study is the quantitative method survey. The following sections will further explain the method, measures and statistical tests executed.

3.1 Method

This study used a mixed design. There are 3 groups (concern, behavior and control group), where the variable online privacy protection behavior is measured between subjects. The 1st group (concern group) is measured within subjects at 2 moments. At the 1st moment (A) the privacy protection intentions were measured and at the 2nd moment (B) the

consumers’ online privacy protecting behavior was measured (Figure 1). The population used in this study are consumers, who regularly use the internet. Through the use of a convenience sample, respondents were randomly selected and categorized into 1 of the 2 groups (concern or behavior group). The concern group is used to measure the relation between online privacy protecting intentions and actual online privacy protecting behavior, 32 participants first filled out an official privacy concern survey (TRUSTe, 1998)(Appendix A). After 2 weeks these same participants were asked to make 3 different privacy decisions on a website (Appendix C) that was specifically designed for the purpose of this study (Demmers, 2016). After each of the two tasks this concern group filled out a Behavioral Identification Form (BIF) (Vallacher & Wegner, 1989) (Appendix B) to measure whether the mindset was different when filling out the concern survey or making the online privacy decisions.

As an additional test, to reinforce the results of mindset, a second group of 35 participants, the behavior group, were directly directed to the website (Demmers, 2016), without filling out a privacy concern survey. The website provided the behavior group with the same privacy decisions as the concern group and this behavior group also filled out the BIF.

(17)

Finally, to test whether the differences in mindset were attributable to a more abstract mindset in the concern group or a more concrete mindset in the behavior condition, a third group the control group was added. In the control group, a group of 32 participants only filled out the BIF (Vallacher & Wegner, 1989).

Figure 1- Mixed design graphical representation

3.2 Measures

The survey requests specific demographics such as gender, age and occupation, which are nominal and ratio variables. For the more specific questions in the survey regarding privacy, either a 7-point or 5-point Likert scale is used. Although Likert scales are theoretically considered ordinal data, for the purpose of this study, and similar to other studies, the Likert scale data will be assumed to be at an interval level (E.g. Baek, et al. (2013)). The questions for the survey are used from TRUSTe (1998) to ensure high reliability of privacy concern questions and measures. Moreover the questions are kept in English to make sure that there was no problem of an incorrect translation or the meaning of the actual question.

(18)

3.2.1 Behavioral Identification Form (BIF)

The Behavioral Identification Form (BIF), developed by Vallacher & Wegner (1989), will be used to understand the relation between the abstract/concrete mindset of the consumer and their corresponding behavior. The BIF measures whether the consumer is in a more concrete or abstract mindset (Appendix B) with 25 statements. The BIF was validated

(Cronbach’s alpha = 0.84), which in terms implies that the model is highly reliable (Vallacher & Wegner, 1989).

The answers to the statements of the BIF are measured by counting the abstract answers given. Each abstract statement will add 1 point and which ultimately calculates a final BIF score. This BIF score determines the participant’s level of abstract/concrete mindset (scale from 0 to 25, with 0 being most concrete and 25 being most abstract).

3.2.2 Concern level score

In order to measure a certain privacy concern level among the participants of the concern group, several questions from the privacy concern survey by TRUSTe (1998) are transformed in to a concern level score. The answers to the questions were counted to a total concern level score from 1 to 16 (1 being least concerned, 16 being highly concerned) for each participant in the concern group. For the purpose of this study, these numbers, or level of concern, given to the participants will be referred to as concern level score. Since the

questions used for this concern level were in a different scale ordering, a recoding is performed.

The questions which measured the participants’ concern level most are used to produce a concern level score. One of the questions (6.3, 6.6, 6.7) examined the level of concern with regard to the ability of monitoring online what the consumer is doing, the fear of personal information will be stolen and the misuse of personal information, respectively. The

(19)

second question (17) , regarding the concern level, requested information about the importance of consent with regard to websites who sell/share the consumers’ personal information, tracking consumers’ movement on the internet, the specific website, and online

purchases. This question is more specifically related to the importance of consent of a website gathering in-depth personal consumer profiles, and the personalization of the online

experience to the consumer’s personal preferences. The last question (21) used takes into account the increase in concern of privacy breach on the internet compared to traditional forms of communication. The question considers different forms of privacy breach i.e. fearing of information theft, unfamiliarity with how technology works and how information is used, not being able to see the website information receiver. Moreover this question tested if one of the reasons of this increase in concern was caused by the consumers’ privacy or someone in their environment was being been violated (Appendix A).

Subsequently, the concern level scores were calculated. In order to standardize the concern level scores and make them comparable, the concern level scores for each of the questions were counted and divided by the amount of answer choices in each question. The answers to the questions were counted to a total concern level score from 1 to 16 (1- being least concerned and 16- being highly concerned) for each participant in the concern group.

3.2.3 Privacy protection behavior level

The online behavior, referred to in this study as privacy protection tasks, of the concern group were measured in order to gain support for hypothesis 1. A score had to be developed to measure the protection level of their online behavior. Three different online privacy protection tasks were conducted concerning the following: (1) accepting/rejecting online cookies, (2) Facebook/LinkedIn login or registering on the website, (3) filling out a phone number or not, in order to win an Apple watch. If consumers agreed to accept online

(20)

cookies, use Facebook/LinkedIn to login or filled out their phone number in order to win an Apple watch, their behavior was considered as less protective behavior. This less protective consumer behavior has been measured with a score of 0. When consumers rejected the online cookies, choose to register on the website to login, or did not fill out their phone number, their behavior was considered to be a more protective type of behavior and was measured with a number 1.

After measuring all online privacy protection tasks, all participants had a

corresponding privacy protection behavior level score from 0 to 3 (0 being the least protective and 3 being the most protective behavior).

3.3 Statistical tests 3.3.1 Correlation test

A correlation test was conducted in SPSS to see if a relation exists between the consumer’s intentions in protecting their privacy and their actual behavior on the website (Demmers, 2016). The variables measured in this correlation are two developed variables i.e. the concern level score and the privacy protection behavior level score. In order to test for the support of hypothesis 1, a bivariate correlation has been executed.

3.3.2 ANOVA test - condition groups and BIF score.

To test hypothesis 2, a one-way ANOVA is conducted with planned comparisons since very specific comparisons arise from the hypothesis. The independent variable for this ANOVA is the group condition. The independent variable is make up of 4 conditions, or levels, i.e. (1) concern group 1st survey, (2) behavior group, (3) control group, (4) concern group 2nd survey. The dependent variable is the BIF score which determines whether the participant has a concrete or abstract mindset. Based on the hypotheses three specific contrasts will be made:

(21)

1) Concern group 1st BIF score – Concern group 2nd BIF score 2) Concern group 1st_{BIF score – Behavior groups’ BIF score}

In order to test whether the differences in mindset in the concern condition attributed to a more abstract mindset, a third contrast will be made:

(22)

4. Results

This chapter will discuss the results of the 2 executed tests mentioned above, namely correlation test and one-way ANOVA with planned comparisons. It will provide the answers to the stated hypotheses and the statistical overviews of the tests executed.

4.1 Correlation test - concern level score and privacy protection behavior level

A Pearson Correlation was performed to assess if there is a bivariate relation between the concern level score of the participants in the concern group, measured from their 1st survey, and the online privacy protection behavior level, determined from the 2nd survey. There was no significant correlation (see Table 2) found between the two variables (r=0.082, N=32, p= 0.654).

This outcome supports hypothesis 1 i.e. there is no correlation between the

consumers’online privacy proctecting intentions and their actual online privacy protection behavior. No correlation between the consumer’s intentions and their actual behavior, indicate that the consumer concern about online privacy is not a reliable predictor of consumers’ online privacy protection behavior. Therefore, if privacy protection intentions are relatively high, this will not have a significant correlation with the privacy protection behavior, neither positive nor negative. This outcome is in line with the (online) privacy paradox.

Table 1 - Correlation concern level score and privacy protection behavior level

Concern level _score Privacy protection _{behavior level}

Concern level score

Pearson

Correlation 1 0,082

(23)

4.2 ANOVA test – condition groups and BIF score

In order to see if there is support for the second hypothesis, a one-way between subjects ANOVA was conducted to compare the effect of (Independent Variable) group condition on (Dependent Variable) BIF score. Planned contrasts are used since the overall one-way ANOVA only tests the null hypothesis that all condition groups have identical mean values. Hypothesis 2 requires specific comparisons to see if there is difference between two particular groups. Three different comparisons are made to measure this hypothesis. The BIF score of the concern group of the 1st survey moment are compared with the results of the concern group’s 2nd_{survey. In addition, the results of the concern group 1}st_{survey moment}

were compared to the behavior group, in order to see if there was a major difference in mindset. To ensure that the privacy concern survey is the factor that accounts for a higher abstract mindset within the concern group, a comparison has been made between the BIF score of the concern group at the first moment and the control group.

The first step taken was to check the statistics of the IV’s different conditions, the 1st

survey concern group (N= 32, SD=4.39, M=17.13) had the highest mean among all four groups. The second group concerned the behavior group (N=35, SD= 4.97, M=14.71), the third group belonged to the control condition (N=32, SD=5.19, M=14.62) and had the lowest mean. The fourth and last group belonged to the 2nd survey concern group and had the second largest mean (N=32, SD=5.81, M=16.06). The descriptives show that there are differences among the means of the different groups (See Table 2). These descriptives are in line with what is expected and tested with the hypotheses.

(24)

Online Privacy Paradox | 23 Table 2 - Descriptives: Mean, Standard Deviation, Sample size of all condition groups - BIF score

Furthermore, a test of homogeneity of variances was performed in order to test if the variances in the groups can be assumed equal. A Levene statistic test was used to test this homogeneity of variances. The Levene statistic test shows that the assumption of

homogeneity of variances is met (F= [3,127] = 0.487, p=0.692). It can therefore be assumed that the variances among the groups are equal.

The overall ANOVA test presents that there was no significant difference between the conditions and the BIF score (F= [3,127] = 1.773, p= 0.156). This result indicate that there are no significant overall differences between the mindsets of participants in the different

conditions. However, a test of planned contrasts indicate more in-depth results for the specific comparison hypothesis 2 expects. Hypothesis 2 states that participants in the concern

condition are expected to have a more abstract mindset than the participants in the behavior condition. This study also measured whether the privacy concern survey triggered the concern condition participants into having a more abstract mindset. A last planned comparison is made between the mindset of the concern condition’s 1st survey and 2nd moment. In order to test these hypotheses, planned post-hoc comparisons were run using a significance p-value of 0.05. Results indicate that there is no significant difference between the mindsets of the concern group after their 1st and 2nd surveys (t=0.831, p= 0.408). However, the participants in the concern group 1st survey have marginally significant higher levels of BIF score than participants in the behavior group (t= 1.927, p= 0.056). The results also show that the

(25)

the control group (t= 1.955, p=0.053). Both of these latter results are marginally significant, therefore there is no prove to give support to hypothesis 2. However, even though this finding is inconclusive, the results still suggest that there is difference in mindset between the

condition groups (Yadolah, 2008). Further research is needed to gain support for hypothesis 2.

Table 3 - Planned contrast tests among all condition groups and their BIF scores

1. Concern 1st 2. Behavior 3. Control 4. Concern 2nd

(26)

5. Discussion

This chapter will discuss the main findings of this paper. It will present the answer to the research question and provide the answers to the different hypotheses tests.

5.1 Privacy paradox

This study is aimed at investigating the relationship between consumer’s intentions and actual behavior regarding online privacy protection. The difference between the two variables, intention and behavior, is referred to in research the privacy paradox (e.g. Norberg, et al., (2007)). An additional aim of this study was to discover whether consumers exposed to a privacy concern survey, developed by TRUSTe (1998), have a more abstract mindset than people who were not exposed to this privacy concern survey, belonging to the behavior group. Moreover, this study measured whether the privacy concern survey triggered a different mindset. The research question, as stated at the start of this paper, is: is there a relation

between consumers’ privacy protecting intentions and behavior online and what difference in mindset occurs between these two conditions?

With the results of the previous conducted correlation test, it is found that there is no bivariate relation between the concern level score. This had been measured with the 1st survey when being exposed to the TRUSTe (1998) (Appendix A) privacy concern survey and the privacy protection behavior level, measured by the 2nd survey by the form of online privacy protection tasks (Appendix B). Since no significant correlation was found between the two variables, it can be concluded that the consumers’ concerns about online privacy in the intention phase is an unreliable predictor for the consumers’ online privacy protecting behavior. Similar to previous studies (e.g. Acquisti & Grossklags, 2004; Jupiter Research, 2002; Norberg, et al.,2007), which provide support for the existence of the offline privacy paradox, the results of this thesis study also provide support for the existence of the online privacy paradox. These results give an answer to the first part of the research question and

(27)

gain support for the first hypothesis. These findings provide essential managerial insights, as companies now know that even if consumers’ intend to not share their personal information, that this intention is not a reliable predictor for their actual sharing behavior.

5.2 Difference in mindsets.

After the online privacy paradox was validated by this study, it was important to discover if a different mindset would influence this process. CLT (e.g. Trope, et al.(2007); Ho, et al. (2015)) states that, on the one hand, an abstract mindset means consumers focus on

the long-term consequences and implications, and therefore, an abstract concept such as privacy will be taken into more consideration. It is therefore assumed that consumers with an abstract mindset will be less likely to share their personal data. On the other hand, consumers with a concrete mindset focus more on short-term goals and will therefore think less about the long-term consequences of online privacy. This study therefore assumes that consumers with a concrete mindset will be more likely to share their personal information. Unfortunately, the results of this study were marginally significant to accept hypothesis 2. However, even though inconclusive findings have been found, these marginal results suggest that there might be a difference between mindsets between the participants in the concern and behavior group. In order to prove that consumers with a concrete mindset are more likely to share their personal information even though their intentions were different, more research is needed.

A control group had been asked to fill out the BIF, to see if the privacy concern survey triggered a more abstract mindset in the concern group. The results indicate that there is a marginally significant difference between the mindset of the concern group and the control group. Even though inconclusive results have been found, the marginally significant results suggest that consumers exposed to the privacy concern survey were properly manipulated into having a more abstract mindset than participants who did not fill out the privacy concern survey. This effect is explained by the mere-measurement effect (Morwitz & Fitzsimons,

(28)

2004) described in the literature review of this study. However, more research is necessary to find whether consumers in the concern group are more aware of their privacy when asked about it, than the participants in the behavior group whom only performed the online privacy tasks. Unfortunately, no significant difference in mindset was found between the 1st survey moment and the 2nd moment of the concern group. A potential reason for this could be that the two weeks in between the two moments were too short to find any significant difference. Another potential reason could be that the participants were pre-exposed to the first survey when being asked to complete the second. This could have retriggered their thoughts about protecting their privacy and could therefore lead to no significant difference in mindset. The behavior group was marginal significantly more concrete than the concern group. No significant relationship was found between the intentions and behavior of the concern group’s participants. Therefore it can be assumed that it is still expected that more people will actually share their information at the performing moment, than what can be measured by the consumers’ intention. If consumers are more likely to share their personal information online, this may help managers create databases and in-depth customers profiles to better serve customers ‘needs, which may lead to higher conversion rates.

(29)

6. Conclusions

This chapter will give a short summary of the results and will present limitations of this study, followed by recommendations for further research.

6.1 Summary

The results show that the privacy paradox is present in the online consumer

environment. Consumers have different intentions regarding their privacy protection behavior than how they ultimately behave online. This study also discovered that consumers in the concern group had a marginal significantly more abstract mindset than consumers who participated in the behavior group. A potential reason for this difference in mindset is

explained by the mere-measurement effect (Morwitz & Fitzsimons, 2004). It may be that the privacy concern survey manipulated and triggered the consumers´ perceptions and willingness to protect their online privacy. The main implications of this study are that consumers’

concern about their online privacy is not a reliable predictor for their online privacy protecting behavior. Moreover, the participants engaging in the behavior tasks were in a marginal

significant more concrete mindset and therefore it can be assumed that consumers will share more personal information than they intend to do. However, more research is needed to find significant results for this statement.

6.2 Limitations and further research

This study has several limitations. Since a non-probability sample was used, a very high generalizability cannot be guaranteed. Moreover participants may have been biased by the survey-setting, and therefore may have responded differently than their real (non-survey) online behavior. For example, participants may have felt they needed to answer the questions in order to help to execute this study, instead of behaving as usually. More significant results could have been obtained if there was a larger sample size, which in turn would have increase

(30)

the reliability of the study. Also, a larger time frame between the two survey moments of the concern group may have yielded more significant results. However, due to time constraints and a lack of resources this was not attainable. Since the behavior tasks of the study were executed on a website specifically designed for this study, by Demmers (2016), participants may have behaved differently than if they had been exposed to the same decision on familiar websites. Finally, the behavior privacy protection tasks provided participants with information about how their personal information could be used after sharing their information. This could have given an extra warning to the participants, which is not always the case on other

websites.

Future research should focus on different manipulations to create a more abstract or concrete mindset for the participants and see if this changes the participants’ behavior and whether that shows significant results. The potential reason why privacy protecting intentions change at the behavior moment is an insightful topic for further research. Finally, more research should be executed regarding the influence of privacy warnings of websites on the consumers’ mindset and therefore data sharing behavior.

(31)

Appendix A

(32)

(33)

(34)

(35)

(36)

(37)

Appendix B

Survey Behavioral Identification Form by (Vallacher & Wegner, 1989). Measured in all groups.

(38)

(39)

(40)

(41)

Appendix C

Different online privacy tasks

1.

(42)

(43)

References

Acquisti, A., Brandimarte, L. & Loewenstein, G., 2015. Privacy and human behavior in the age of information. Science , 347(6221), pp. 509-514.

Acquisti, A. & Grossklags, J., 2004. Privacy attitudes and privacy behaviors. The Economics

Of Information Security, pp. 165-178.

Baek, Y. M., Kim, E.-m. & Bae, Y., 2013. My privacy is okay, but theirs is endangered: Why comparative optimism matters in online privacy concerns. Computers in Human Behavior, Volume 31, pp. 48-56.

Debatin, B., Lovejoy, J. P., Horn, A.-K. & Hughes, B. N., 2009. Facebook and Online Privacy: attitudes, behaviors and unintended consequences. Journal of Computer-Mediated

Communication, Volume 15, pp. 83-108.

Demmers, J., 2016. Joris Demmers research website. [Online] Available at: www.jorisdemmers.com

Ho, C. K., Ke, W. & Liu, H., 2015. Choice decision of e-learning system: Implications from construal level theory. Information & Management, Volume 52, pp. 160-169.

Holland, B., 2010. Privacy paradox 2.0. Widener Law Journal, Volume 19, pp. 893-932. Jupiter Research, 2002. Seventy percent of US consumers worry about online privacy, but few

take protective action. [Online]

Available at: http://www.jmm.com/ xp/jmm/press/2002/pr_060302.xml [Accessed 1 july 2015].

Larose, R. & Rifon, N. J., 2007. Promoting i-Safety: Effects of Privacy Warnings and Privacy Seals on Risk Assessment and Online Privacy Behavior. The Journal of Consumer Affairs, 41(1), pp. 127-149.

Lewis, K., Kaufman, J. & Christakis, N., 2008. The Taste for Privacy: An Analysis of College Student Privacy Settings in an Online Social Network. Journal of Computer-Mediated

Communication, Volume 14, pp. 79-100.

Morwitz, V. G. & Fitzsimons, G. J., 2004. The Mere-Measurement Effect: Why Does Measuring Intentions Change Actual Behavior?. Journal of Consumer Psychology, 14(1-2), pp. 64-74.

Norberg, P. . A., Horne, D. R. & Horne, D. A., 2007. The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors. The journal of Consumer Affairs, Volume 41, pp. 100-126.

Park, Y. J., 2011. Digital literacy and privacy behavior online. Communication Research, 40(2), pp. 215-236.

Pierson, J. & Heyman, R., 2011. Social media and cookies: challenges for online privacy.

Emerald Insight, Info, 13(6), pp. 30-42.

Saeri, A. K. et al., 2014. Predicting Facebook Users’ Online Privacy Protection: Risk, Trust, Norm Focus Theory, and the Theory of Planned Behavior. The Journal of Social Psychology, Volume 154, pp. 352-369.

(44)

Torelli, C. J. & Kaikati, A. M., 2009. Values as Predictors of Judgments and Behaviors: The Role of Abstract and Concrete Mindsets. Journal of Personality and Social Psychology, 96(1), pp. 231-247.

Trope, Y., Liberman, N. & Wakslak, C., 2007. Construal Levels and Psychological Distance: Effects on Representation, Prediction, Evaluation, and Behavior. Journal of Consumer

Psychology, 17(2), pp. 83-95.

TRUSTe, 1998. Online Privacy Questionnaire - TRUSTe. [Online] Available at: http://www.cc.gatech.edu/gvu/user_surveys/survey-1998-04/questions/privacy.html

Vallacher, R. R. & Wegner, D. M., 1989. Levels of personal agency: Individual variation in action identification. Journal of Personality and Social Psychology, Volume 57, pp. 660-671. Wu, K.-W., Huang, S. Y., Yen, D. C. & Popova, I., 2012. The effect of online privacy policy on consumer privacy concern and trust. Computers in Human Behavior, Volume 28, pp. 889-897.

Xu, H., Luo, X., Caroll, J. M. & Rosson, M. B., 2010. The personalization privacy paradox: an exploratory study of decision making process for location-aware marketing. Decision

support systems, Volume 51, pp. 42-52.

Yadolah, D., 2008. The Concise Encyclopedia of Statistics. s.l.:Springer.

Youn, S., 2009. Determinants of Online Privacy Concern and Its Influence on Privacy Protection Behaviors Among Young Adolescents. Journal of Consumer Affairs, 43(3), pp. 389-418.