MASTER THESIS
Understanding the effects of the repeated exposure to Privacy
Related Messages
Faculty of Economics and Business Master of Science in Business Administration
Track: Marketing
Under supervision of: Joris Demmers
Student: Vasile Florin Stet Student number:10872353
Final Version 18.08.2017
1
Statement of originality
This document is written by Student Vasile Florin Stet who declares to
take full responsibility for the contents of this document.
I declare that the text and the work presented in this document is original
and that no sources other than those mentioned in the text and its
references have been used in creating it.
The Faculty of Economics and Business is responsible solely for the
supervision of completion of the work, not for the contents.
2
ABSTRACT
This study looks into the effects of the repeated exposure to privacy related messages on the self disclosure online by focusing on the exposure to cookie notice. This research wants to open a new chapter to the research on why users do not read the privacy related messages. A theoretical framework was built based on studies on privacy paradox, self disclosure and privacy concerns while taking in consideration evidence of desensitization to repeated exposure from psychology as well as from marketing, specifically advertizing. Analyzing the responses of 154 participants collected through an online experiment, no significant statistical evidence was found in order to support the research question. However, at a closer look of the results, there can be observed evidence of desensitization in regard to cookie notices. Even if not statistically significant, the findings are to a certain level encouraging and support the need for further research.
3
Contents
1. INTRODUCTION ... 5
2. LITERATURE REVIEW... 8
2.1 Privacy related messages ... 9
2.1.1 The cookies ... 10
2.1.2 Types of cookies ... 10
2.1.3 The risk of cookie acceptance ... 11
2.2 Data collection ... 13
2.2.1 Data collection from the companies’ perspective ... 13
2.2.2 Data collection from the user perspective ... 14
2.2.3 Privacy Concerns ... 15
2.3 Online privacy ... 15
2.3.1 About online privacy ... 15
2.3.2 Privacy paradox ... 17
2.3.3 Self-disclosure online ... 18
2.3.4 A short overview ... 19
2.4 Literature gap and research question ... 20
2.5 Sensitization and desensitization-effects of the repeated exposure ... 21
2.5.1 Sensitization... 21
2.5.2 Desensitization ... 22
2.6 Hypothesis ... 23
2.7.1 Privacy, Trust and Marketing ... 25
3. METHODOLOGY ... 27
3.1 The sample... 27
3.2 Research design ... 28
3.3 Experimental design ... 28
3.3.1 First part of the experiment ... 29
3.3.2 Second part of the experiment ... 29
3.3.3 The third part of the experiment ... 31
3.4 The procedure ... 31
3.4.1 Pilot study ... 32
3.4.2 The main study ... 32
3.4.3 Mechanical Turk ... 32
4 4. RESULTS ... 35 4.1 Descriptive Analysis ... 35 4.2 Correlation Analysis ... 38 4.3 Regression Analysis ... 40 5. DISCUSSION ... 43 6. IMPLICATIONS ... 46
6.1 Theoretical and Policy Implications ... 46
6.2 Managerial Implications ... 46
7. LIMITATIONS AND FUTURE RESEARCH ... 47
8. CONCLUSION ... 48 9. REFERENCES ... 49 10. APPENDIX ... 57 10.1Appendix 1 ... 57 10.2 Appendix 2 ... 58 10.3 Appendix 3 ... 61
5
1.
INTRODUCTIONThe privacy paradox is a contemporary phenomenon. It occurs when there is a discrepancy between what people say and people do in regard to their privacy. When online, people are exposed to privacy related messages (from here on refers to as PRMs) and by this is referred to Internet cookies, Privacy Policies and Terms and Conditions of Use that ask them to share private information. Studies have shown that most people do not read the privacy related messages (Turow 2003) and by agreeing to them they consent to disclose private information.
The rapid increase in technological development allows organizations to collect, more than ever, data in order to gain user insights (Manyika, Chui, Brown, Burghin, Dobbs, Roxburgh & Byers, 2011). The fast and constant growth of the internet together with the increase in innovation for devices such as smartphones and tablets, play an important role in permitting organizations to come in the possession of private user information (McAfee & Brynjolfsson, 2012). Companies collect information on IP address and internet provider, operating system, ad clicks, browser but also what can be perceived as more personal information such as profile information (name, email address, age, gender), payment details, geo-location or search queries. The collected information is used to construct large data bases referred to as Big Data. On one hand, Big Data comes to bring value to customers and organizations. For example organizations can offer personalized services, or identify customers’ needs and wants and fulfill them through innovation (Manyika et. al, 2011; Saleem & Rashid, 2011) as well as through policy making (Taylor & Schroeder, 2014; Taylor & Broeders, 2015) . From the marketing prospective, Big Data allows companies to get to know their customers or potential customers and offer them better user experience as well as personalized advertising based on their profile. On the other hand, Big Data is a twofold phenomenon. Due to media coverage and a lack of transparency it raises privacy concerns in regard to what data is collected and how, how good is protected as well as to how organizations use this data or to whom it is disclosed (Taylor& Schroeder, 2015). Privacy concerns have intensified in the last decades. The intense media coverage in 1996 regarding the existence and use of internet cookies is one of the events that made people aware of the data collection. Even though they were designed to be an essential but harmless component of the Web, it is the manner the organizations use this technology that allows them to track the user movement online, collect the data and build user profiles (Nissenbaum, 2011). Marketers
6
use this data in order to understand the customer, to identify opportunities and to provide personalized advertizing which might be perceived as intrusive (Tucker & Golfarb, 2011). Therefore it is important to make the consumers aware of the risks that they expose themselves to when navigating on the web, by blindly agreeing to the PRMs. In order to do so, it is crucial to understand what affects their behaviour. The studies conducted mainly focused on the design of the PRMs specifically the type of language used and the length of the text (Tsai, Egelman, Cranor & Acquisti, 2011). The previous research also looks at the positioning of PRM on the webpage as well as the visibility/attractiveness of the pop-ups (Riley, 2014).
In her study that wants to serve as recommendation for improving the EU policy regarding the PRMs, even if somehow aware that there might be risks of constant exposure, Luzak (2014) concludes that based on previous consumer behaviour studies, the information that is provided in regard to cookies should be coordinated across Europe in order to reach a level of consistency. In this way, the user will repeatedly be exposed to the same information, resulting in an increase in the awareness of the user regarding the significance of PRMs (Luzak, 2014). The question that arises is what if the repeated exposure to PRMs plays a role in the users’ decision of not reading the PRMs and just blindly agreeing to them. Therefore, this study wants to build up on what Luzak (2014) states and look further into the effects of the repeated exposure to PRMs in regard to self disclosure online.
This research uses the Internet cookies due to their simple design. The focus is on researching to what extent, when the users are repeatedly exposed to PRMs, will sensitize or desensitize them in relationship to the disclosure of private information. There is evidence that people can be desensitized by repeatedly being exposed to a situation. Desensitization is mainly used in psychology, in treating phobias (Bartholow, Bushman &Sestir, 2006) and anxiety (Zettle, 2003) by repeatedly encouraging patients to confront the reason of their fear or anxiety through exposing to them over and over again. In marketing, there is evidence that the repeated exposure to ads decreases their effectiveness.
In the present study, the effects to repeated exposure to PRMs are researched throughout an online experiment in which the participants are randomly assigned to one of the three conditions, being exposed to a different number of PRMs. A number of 154 responses were collected using Amazon Mechanical Turk as source.
7
This study wants to open a new chapter to the privacy paradox research. As above mentioned, much research was conducted in order to understand why users do not read the privacy related messages. Studies analyzed how the message was constructed, the positioning of the popup, the language used etc. The present study wants to contribute to the existent literature by looking if the overexposure to PRMs does not have a negative effect on the user, leading to desensitization. It can help policy makers formulate laws to protect the user. Even more it is relevant for organizations since this is a good approach to create trust. Marketers can therefore understand better people’s behaviour and therefore avoid being perceived as intrusive when collecting data about the users. However, this topic should be further explored in order to fully understand people’s behaviour in regard to their disposition to disclose private information when online.
This paper is structure in the following chapters. In the next chapter a review of the literature is discussed focusing on key concepts such as PRMs, data collection from organizations and user perspective and online privacy. The research gap is identified and the relevant topics of sensitization and desensitization are examined. Next hypothesis are formulated. In the third chapter the methodology and research designed are explained. The results are presented and analyzed in the chapter four. In the next chapter the findings are discussed. This section of this paper is followed by limitations and further research recommendations, implications and finally the conclusion is given.
8 2. LITERATURE REVIEW
In the last decades, the online environment constantly expended and it became of much importance in the daily life of many of us. Since 1999 the number of users increased almost ten times, reaching a little over 3.5 billion users by 2017 at the time of writing this paper (see Fig.1) The economical and technological development of countries around the world, the easy access to technology such as computers, laptops, tablets and the increase in smartphones use allows people to use the internet anywhere and anytime. As a consequence, marketers focused more and more their attention towards the online domain. Understanding consumer behavior in the online environment is crucial for establishing a constructive relationship with the customer and implicitly for the development of organizations. Creating reputation and trust between users and organizations has a positive effect on ecommerce and sales in general (Miyazaki, 2008).
Fig. 1 Number of Internet users per year, in millions (Statista 2017)
Studies have shown that an important role when creating trust is played by people’s perceived level of privacy infringement, being it offline as well as online (Miyazaki, 2008). Many studies were conducted in order to understand the topic of privacy and create rules and regulations for a better protection of users’ privacy (Miyazaki, 2008; Luzak, 2014; Tsai, Egelman, Cranor & Acquisti, 2011; Turow 2003).. However, it is the opinion of the author of this paper that even if many important steps were and still are taken in order to achieve the goal of fully understanding the field of privacy, there is still much to learn and many aspects to be approached. This study focuses just on one of these aspects and tries to understand what effects has the repeated exposure to PRMs on the user. In the PRMs category were included
9
the online messages that ask for the user agreement in order to utilize a service, such as the Internet Cookies, Privacy Policies and Terms and Conditions of Use.
This chapter aims to build the theoretical framework of this research, clarify the importance of this study and incorporate it in the large and important fields of privacy and marketing. First PRMs are explained focusing on internet cookies, followed by the discussion of data collection from the organizations perspective as well as what does that means for the user. Next part will take a look at the users’ privacy concerns, privacy will be defined followed by revealing several relevant insights into self-disclosure as well as the privacy paradox. The following part will focus on the subject matter of this study by talking about the identified research gap and discuss the effects of repetition on users as well as the topics of sensitization and desensitization. The chapter will end by stating the hypothesis and explaining the importance of this study for marketing.
2.1 Privacy related messages
In this study, the PRMs term is used to refer to Terms and Conditions of Use, Privacy Policies and Internet Cookies. In the online environment, they come to regulate the use of websites and the content that is made available on websites. Amongst others, the PRMs come to provide the user with clear details and establish clear boundaries regarding the proprietary rights of the content of the website, copyrights as well as trademarks. At the same time, they come to regulate the user’s conduct and the limitations of use. However, in regard to the present study the most relevant aspects of PRMs are the sections related to the privacy of user. By this is referred to the fact that PRMs provide details in regard to what information is collected by the accessed websites and how, what information the user is required to provide in exchange for services as well as the existence of third party websites that collect user information.
The Terms and Conditions of Use as well as the Privacy Policies are intricate by nature. Often they are lengthy and written in a complex legal language making them not only difficult to read and understand but also very time consuming when it comes to examine them (Tsai et al., 2011). At the same time, studies have shown that most people do not read the privacy related messages (Turow 2003) mostly due to the reasons before mentioned. On the other hand, the internet cookies are relatively short pieces of text that state the use of cookies
10
and in most cases a link to the website’s Privacy Policy. Therefore, it can be said that the cookie popup comes as a bridge to the Privacy Policy if the users are willing to read it.
Due to its simple design, easy accessibility and in most cases high visibility in contrast to the Privacy Policy and Terms and Conditions of Use, the decision was taken for the research of this study to focus on the use of internet cookies. Therefore the attempt of this study to understand the effects of the repeated exposure to PRMs will use the cookie popup as the main element.
2.1.1 The cookies
There are various definitions of what an internet cookie is. The most common and generally accepted one describes an internet cookie as “a piece of text that a Web server can store on a user's hard disk. Cookies allow a Web site to store information on a user's machine and later retrieve it.” Despite the negative connotation that is related to the term internet cookie, they are essential part of the web. According to Oliver Emberton a web expert and founder of Silktide, the basic function of a cookie is to allow the recognition of one’s computer while navigating on a website in order to make it easy for the user when it comes to logging into a website or purchasing something from a webshop (Hill, 2015). They allow the visited website to recognize and remember details about the user (Hill, 2015). At the same time it comes to help the website owner in obtaining information regarding the number of visitors that arrive on the website, how many are new in regard to how many returned to visit the website but also how often the website was visited by a unique user (Brain, 2003). All these come to help the website owner measure the successfulness of the website while providing the user with an easier website navigation experience.
2.1.2 Types of cookies
In order to better understand the Internet cookies, it has to be mentioned that they can be categorized by duration or by the domain that owns them.
By duration the cookies are divided in:
Session cookies are designed to expire the moment the web browser is closed. They are mostly used on e-commerce websites and allow the website to track the user’s shopping cart and the products it contains while navigating on the website (European Commission, 2016).
11 Permanent cookies are designed to remain operational even after the web browser is closed. These types of cookies are used to store login details such as login name but most importantly the password. In this way it is easier and faster for the user when revisiting the website to log in without being needed to re-enter the details. However, even if they are named permanent cookies, the law stipulates that they must have an expiration date and that they must have a maximum life span of six months (European Commission, 2016).
By the domain that own them:
First-party cookies are set on the user’s computer by the visited website (European Commission, 2016).
Third-party cookies, as the name suggests, are installed by third-parties websites with the purpose of gathering information that can be used to obtained insights into user’s details, online behaviour, preferences, etc. They are used mostly by advertising companies as well as Big Data and Business Analytics companies in their efforts to gather as much user data as possible (European Commission, 2016).
2.1.3 The risk of cookie acceptance
As before mentioned the cookies are an essential part of the internet. They were designed to be a useful tool for websites owners in improving the online user/customer experience as well as a tool to help them evaluate the website performance. However, the internet cookies became a threat to the privacy of users in the moment that the companies realized how to use them in order to find and record the tracks that a users leaves when using the internet. This allows companies to construct databases about individual users, groups of users, etc. This data bases can contain any type of information, from demographic details to political orientation, sexual preferences, etc. (Hann, Hui, Lee& Png, 2002).
Data is collected by the visited website as well as by third parties. The visited website places on the user’s computer, a cookie called first-hand cookie which contains a unique ID. This ID allows the website to recognize the user as well as track and store in its database information such as his or her movement on the various pages of that particular website including the items and ads the visitor clicked on. At the same time it stores the details that visitor has provided such as demographic information, email address, name, etc. When navigating on a webshop, it allows the website to store in its database each item that the
12
customer adds to the shopping cart. Basically, all the information that a user provides to a website under one form or another, it is stored in the websites database and linked to ones computer via a unique ID that is assigned to the user through a cookie. Due to the amount of information collected and the personal nature of it, questions regarding the use of this data as well as the safety storage of it might arise (Miyazaki, 2008).
However, probably the most disputed cookies are the third party cookies. Just as the name suggests, these are placed on the visitor’s computer by other entities rather than the website owner. They allow the collection of information regarding users’ habits, preferences, etc. This is possible mainly due to the nature of these cookies that permits tracking the user movements on multiple websites. One of the best ways to portray this cross-site profiling is by using an advertising company as example. Employed by various websites to provide ad banners, they have the possibility to place on these, small files that will, at their turn, place a cookie on the visitor’s computer. Being present on various websites it will allow the advertising company tracking one’s movement on the web. In this way, a user profile can be created that eventually can be linked to the user’s real name, address or telephone number, etc. Personalizing the collected data together with the large amount of data these companies can collect allows them to possess a high valuable product that is very attractive to marketers and therefore it can be sold to various companies. (Henkwood, 2003)
In a study conducted between 15 and 19 September 2014 by Information Commissioner’s Office (ICO) from UK in collaboration with similar privacy regulator institutions from other seven European countries, 478 websites were analyzed. These websites were chosen from the most visited 250 websites in each country. At the same time, the website where chosen from three areas: e-commerce, media and public sector, areas “which were considered by the WP29 to present the greatest data protection and privacy risks to EU citizens.” In the period of time that the websites were examine a total number of 16,555 cookies were identified. The results show that websites placed on average a number of 34 cookies. From these, approximately 70% were third party cookies. At the same time, 86% of the cookies were persistent cookies some of them being set to expire after 10 or 100 years and in three cases even after more than 8,000 years. (ICO, 2015)
Similar outcome were obtained in a study conducted by Soltani et al. (2010) study which looked at the use of cookies by the top 100 websites. The results show that 98 websites
13
make use of cookies, placing on average a number of 36.75 cookies (Soltani, Canty, Mayo, Thomas& Hoofnagle, 2010).
2.2 Data collection
Due to the technological developments as well as the expansion and growth of internet the relationship between organizations and their customers changed. The interaction and communication changed as well as the level of exchange of information and how this is done. As seen before, navigating online automatically implies a certain level of transfer of information. In this day and age the best currency is information and implicitly data is power. This is mirrored in the way marketing has changed and developed. The digital marketing industry is worth $62 billion (Dwoskin 2013), and Internet advertising, which reached $43 billion in 2013, is central to marketing strategies (Beales and Eisenach 2014).
2.2.1 Data collection from the companies’ perspective
The combination between the existence of the free market and the rapid development of the internet resulted in allowing the later to become the most important channel for commerce (Featherman, Miyazaki& Sprott, 2010). The internet has become a place for e-commerce. This has reshaped completely how companies do business, posing new challenges for marketers to reach potential customers, create value and build loyalty. At the same time, companies face new and different challenges on how to deal with the competition and therefore in how companies try to gain and keep a share of the market. The shift of balance from traditional offline commerce to e-commerce brought important changes in how companies communicate with the target audience in order to reach their marketing and retail objectives. At the same time, it comes to help companies reach a wider public at lower prices. In order to achieve these goals, organizations track more and more the consumers’ movement online. Advertising is, as it has always been, an important tool for the marketers. In order for the online advertising to be effective, Morimoto and Chang (2006) found out that it has to be precisely directed towards the customer or user. Collecting information over the user preferences, search history and websites visited, brings value to companies in order to advertise their products.
As a result, the customer relationship management (CRM) has gained importance. This is defined as “a combination of people, processes and technology that seeks to
14
understand a company's customers” (Chen & Popovich, 2003). This allows organizations to focus their marketing efforts on the most important customers by delivering value and between others, personalized products and services (Chen & Popovich, 2003).
At the same time, as above mentioned, user information itself is a valuable product. Advertising companies as well as business analytic companies make use of data collected in order to construct what is known as Big Data. Next to companies such as Google or Facebook, the Big Data industry involves hundreds of companies such as Corelogic or Intelius that not many consumers heard about but which possess data about almost all users. According to Mckinsey Global Institute, in the United States, the Big Data is 300 billion dollars worth industry employing approximately three million people. (CNN, 2012)
Therefore, data collection not only brings value to companies in particular by lowering the marketing costs , identify customer needs and increase the efficiency of advertising but at the same time, it is a massive and constant growing industry that can be very profitable.
The information collection is not done uniformly. Organizations may collect information that they have access to or information that they need in order to reach their objectives. However, in general, the companies collect information over: search queries, time and date, location, profile information, phone number, operating system, internet provider, IP address, email address, device information, browser used, ad clicks and ad names and when needed, data from various external sources generally referred to as third party data for a more accurate profiling. The use of cookies allows the gathering of much of this information that when combined to other data collection techniques, leads to the building of user profiles. 2.2.2 Data collection from the user perspective
When it comes to the consumer, the use of cookies, as before mentioned, is useful when navigating on the internet. It brings value to the user in terms of navigation experience, time saving and ease of use by recognizing the user, remembering log in details, automatically filling in details, etc. (Miyazaki, 2008) However the use of cookies just as the data collection is a twofold phenomenon. On one hand it brings value and on another hand it can be perceived intrusive and raise concerns regarding userprivacy (Miyazaki, 2008).
15 2.2.3 Privacy Concerns
Simultaneously with the development of technology, there is an increase in privacy concerns (Miyazaki, 2008). Studies have shown that more and more many people are concerned about their privacy when navigating online (Taddicken, 2014). Many Internet users believe their privacy is not well protected by the existing Internet laws and systems (Hoffman & Podgurski, 2007). The data collected raises privacy concerns because the process of collection is opaque. The information that the companies gather is not only from users that self disclose information through registration, online shopping, etc. The information is collected from basically everybody that merely navigates on the internet. (Caudill& Murphy, 2000) All these affect the perception of the user when it comes to online privacy. Consumers are concerned that they don’t have control over their personal data after it has been provided or collected by companies and specifically about how this data is used by organizations as well as the systems used are secure enough to protect the data (Liu, Marchewka, Lu &Yu, 2004).
2.3 Online privacy
2.3.1 About online privacy
An important element in creating trust and reputation is represented by respecting the privacy of the people that make use of companies’ services (Hann et al., 2002). Exactly 60 years ago, Alan Westin, an authority in consumer data privacy and data protection, defined privacy in his book Privacy and Freedom as " the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others" (Westin 1967, p. 7). Over the years, the topic of privacy and how can it be defined and its implications for organizations and consumers was researched in various theoretical and empirical studies (Miyazaki, 2008; Lipton,2010; Nissembaum, 2011). The most important aspect that arises when defining privacy is the control, the control over their information and decision of disclosure. “Privacy represents the control of transactions between person(s) and other(s), the ultimate aim of which is to enhance autonomy and/or minimize vulnerability” (Margulis, 1977). This definition remains valid even in the present days when due to technological advancements the online environment became the main channel for information gathering. More recently, Hann et al. (2007) describe privacy as the
16
control of information about oneself, including the self-disclosure of information added to the disclosure of the same information to third parties.
When looking at the above definitions of privacy, it can be seen that the perceived user control is a common factor and plays an important role in people attitude towards organizations. However, the development of internet technologies allowed an increase of communication between the online actors. The amount of information that users disclose about themselves as well as about others has dramatically increased with the birth and expansion of online social networks, online communities, webshops, etc. Information is disclosed intentionally, e.g. by signing in on a website, or unintentionally e.g. being tagged by a friend in a photo on Facebook. The range of information that can be collected is immense. However, while on one hand this represents an opportunity for companies, on the other hand it comes with great challenges on how organization deal with data collection while take notice of and respect the privacy of the user. Scholars deducted from studies that transparency and choice is the way to approach the matter of privacy. Organizations have to provide clear notice of what data is collected and what it is used for. After conducting careful research by visiting various websites, it was observed that the majority of the organizations provide on their websites information regarding what data is collected and what it is used for. However, when it comes to the topic of user choice, it was observed that most websites make use of the take it or leave it technique. This, in the opinion of the author of this paper does not represent a real choice for the user since it does not allow the navigation of the website without accepting the cookie use. Fig.2 and Fig. 3 are examples of how the cookie notices are presented. The question that comes to mind is why users accept not having the option to decline the use of cookie?
From the legal perspective, there are various laws that try to protect to a certain extent the privacy of users however there is no general or global directive. Regulations vary per country or regions. E.g. the European Union Data Protection Directive.
17
Figure 3. Cookie popup DeTelegraaf Website (De Telegraaf, 2017)
At this point it is worth to be mentioned that privacy is a very complex topic that has been much studied. However, mentioning and describing the many aspects and components of privacy is beyond the objective of this study.
2.3.2 Privacy paradox
During the years, many studies have research the complex topic of privacy. In 1999 Lardner discovered in his research that over 40% of consumers have concerns over their privacy. The results of a survey published in 2009 and conducted by Turow and his colleagues, show that when it comes to the US adult population, 66% declared that they do not agree with receiving personalized advertising. Furthermore, when informed of the way data is collected in order for organizations to be able to create personalized advertising, the percent of the people declaring that they do not agree with it was recorded to be between 73% and 86%. In addition, their findings show that adults, being young or old, have high levels of aversion in regard to being observed in the online or offline environment. The strong reactions from the users in the cases of Facebook or Google Buzz privacy policies are more examples of users’ online privacy concerns. In these cases and just how research has shown, online
18
users are concerned not only on what companies do with the data collected but also how they protect it (Buchanan, Paine, Joinson & Reips, 2007; Culnan and Williams 2009).
In trying to adapt the definition of privacy to the online environment, scholars in their published papers refer to privacy concerns as the level to which users are worried about the way websites collect and use users’ private data (Malhotra et al. 2004; Son and Kim 2008).
Even though people state being concerned in regard to the on-line privacy, there is a discrepancy between what people say and what people do. For example, the social networks users care about their privacy and consider it as being important (Barnes, 2006; Debatin et al., 2009). However, there are not many cases when the privacy concerns influence the social networks users’ online behavior related to what one posts (Acquisti & Gross, 2006; Debatin et al., 2009) or even to the fact that they disclose freely private data in exchange to have an account. Another example is the use of cookies and the cookies consent request when navigating a website or using an app. It was shown that in general the users ignore the cookie and the information it provides (Kristol, 2001; Turow, 2003). Even if people know about the existence of the cookies, the majority are not aware of the risks taken when accepting them (Miyazaki, 2008). Through cookies, the online activity of the user can be tracked and thus a profile of the consumer can be built (Miyazaki, 2008).
2.3.3 Self-disclosure online
When it comes to privacy, an important role is played by the self-disclosure. Defined as “the process of communicating about the self to other person” (Wheeless& Groth, 1976) self-disclosure was much studied and divided into three categories: disclosure to another person, disclosure to a group and disclosure to organizations. At the same time, with the development and increased usage of computer technology and internet, researchers have studied the level of self-disclosure in situations of face to face and computer mediated communication. The results show that using a computer increases the level of self-disclosure when communicating to another person as opposed to face to face communication. Therefore people are more inclined to provide private information when using a computer and when there is no form of visual communication. At the same time, Jourard (1964) states that the level of self-disclosure is described by the breadth and depth of the information provided. The former corresponds to the amount of information provided and the later to the honesty and accuracy of the information.
19
However, studies have shown that while the use of a computer as mean of communication has been proven to be beneficial for the disclosure of personal information, when online, users are reluctant in providing this type of information when they are asked to do so by organizations and websites. The topic became attractive to researchers, since self-disclosure is crucial for organizations in order to be able to provide online services, for marketers to efficiently advertize products and services as well as for building trust in terms of privacy, in order to establish a good online relationship with customers and users and implicitly boost the e-commerce. Self-discloser boosts interaction.
Studies have shown that online, when people perceive that the information required to be disclosed is in accordance with their privacy concerns, the level of self disclosure decreases. Therefore, probably the most important finding is that anonymity is central to increase self-disclosure on the web and to reduce privacy concerns. Gandey(2000) states that self-disclosure should also reflect the easiness with witch a user can be identified as a “ real person”. Anonymity allows precisely that by encouraging users to express views, opinions and reactions being them popular or not. It allows people be their true self and disclose the information of their choice (Goffman, 1959).
2.3.4 A short overview
In this paper the term PRM refers to cookies, terms and conditions of use and privacy policies. These ask for agreement from the user in order to legally or properly use a service or product.
Studies have shown that part of the reasons for the privacy paradox described above, range from people not being aware of the risk that they are exposing themselves to (Debatin et al., 2009), to people making trade-offs due to the complexity of the PRMs and how are designed (in regard to length, words and language used, etc.) as well as lack of comprehension, need, time pressure or social pressure (Luzak, 2014, LaRose and Rifon 2007). Most of the time, people do not even read the warning messages (Turow 2003). Much research has been done on how these policies should be designed or what they should contain in order to stimulate the user to read these policies before using the service. The purpose of
20
these studies is to understand users’ behavior as well as to increase the user awareness regarding the risks when agreeing to PRMs and disclosing private data (Luzak, 2014; Turow 2003).
Most of the PRMs are written in a complex legal language and come to protect the marketer rather than offering the user a clear and informative outline of the policies (Lukaz, 2014). If people find the information as being irrelevant and especially if time consuming, this will result in processing the information less accurately (Magat et al., 1988). At the same time, these messages/policies are mostly very long, providing high amounts of information. This might lead to an overdose of information that will affect the users’ comprehension of the PRMs (Magat et al., 1988). Various studies have concluded in recommendations over how governmental and other institutions, e.g. European Union, should develop policies that would force companies to improve their PRMs in order to clearly present the implications of agreeing with these policies regarding the consumer’s privacy (LaRose et al., 2007; Luzak, 2014)
Luzak (2014) concludes that based on previous consumer behavior studies, the information that is provided in regard to cookies should be coordinated across Europe in order to have the same message. In this way, the user will be repeatedly exposed to the same information, having as result an increase in the awareness of the users regarding the significance of PRMs. (Luzak, 2014).
2.4 Literature gap and research question
Looking at all of above, this study wants to build on what Luzak (2014) stated and research if indeed exposing the users to the same message will have as effect user sensitization when it comes to repeatedly exposing them to the same PRM message. What if the repeated exposure to PRMs and to the same information has a role in affecting the user’s decision of not reading the PRMs and just blindly agreeing with them? Therefore the question that arises is: Does the repeated exposure to PRMs sensitizes or desensitizes the user? Adapting to this study, the question to ask is: does the repeated exposure to internet cookies sensitizes or desensitizes the user?
Therefore, the research question is: How does repeated exposure to privacy related messages affects consumers’ self disclosure on-line?
21 2.5 Sensitization and desensitization-effects of the repeated exposure
2.5.1 Sensitization
Sensitization is defined as “the neuronal process in which repetitive exposure to a stimulus results in an increase response.” (Barnes, 1988). As part of the learning theory, sensitization is basically supposed to help the subjects learn through repetition. The Business Dictionary defines it as “[the] attempt to make oneself or others aware of and responsive to certain ideas, events, situations, or phenomenon.” (Business Dictionairy). Applying it to this study it is meant that by repeatedly exposing the user to the same message, it will create awareness, make them realize to what PRMs they agree to and help them understand to what privacy risks they are exposing themselves to.
Mostly studied in medicine and used as a causal factor to explain a variety of diseases such as addiction or allergies, the concept of sensitization is also used in marketing. As an example, a variation of it, cross-sensitization, helped marketers understand that consuming one product activates the wish or craving to consume another product that is complement to the first one such as pizza and cola or milk and cookies. (Morewedge, Huh & Vosgerau, 2010). In their experiment conducted in three countries, USA, China and India, they asked participant to consume or imagine consuming a product. The findings show that this concept can be exploited when pairing the right complement products with the right culture. At the same time the results show that in these cases, people are willing to pay more for the complement product but also consume more of it. Furthermore, the findings show how the effectiveness of advertising and presentation in the case of complementary products can be improved.
Another form of sensitization found in marketing is customer sensitization. Next to educating and engaging the customer, it is part of the practices of the sales efforts of a company by exposing repeatedly the consumer to various stimuli depending on the product or service and industry.
22
In their study on how to improve the business performance of Vietnamese exporters in a fast changing economy towards a market-oriented economy, Nguyen and Nguyen (2008) use the term of cultural sensitization as an important element that the Vietnamese exporters should embrace in order to improve their economic relationship with importers from other countries. This element is an interesting and important concept in the international B2B environment, presenting ethnocentrism as a negative factor in this case.
2.5.2 Desensitization
One of the factors that accounts for the above mentioned behavior could be desensitization. This term has been used in other studies to explain the compliant user behavior. As an example it can be used the study of Harris et al. (2015), about the influences on mobile application installation. One of the conclusions of this study is that after a time, the users become desensitized when it comes to installing applications that request excessive permission and they do not reject the apps anymore. Trust in the market as well as the fact there were no perceived negative effects played a role in their decision making to download these apps.
However, examples of desensitization were studied for a long time. Probably the earliest case of desensitization was observed by Pavlov in his study on dogs. During his experiments on dogs’ behavior, Pavlov started from the supposition that there are things that a dog does not need to learn, such as salivation when it sees food. One of the observations was that the dog began to react in terms of increase in salivation to the sound of footsteps of the assistant responsible with bringing food to the dog. Therefore the dog was responding to a neutral stimulus. This was the base of the famous bell experiment that leads to the classical conditioning theory. Pavlov observed that the dog, after being repeatedly exposed to the sound of a bell, associated the ring of it with food and every time the bell rang, the salivation process began, involuntarily.
Desensitization has a practical use in psychology being used in the treatment of anxiety (Zettle, 2003) and phobias (Bartholow, Bushman &Sestir, 2006; Bandura, Blanchard &Ritter, 1969). Bandura et al.(1969) conduct an experiment to study the effectiveness of desensitization when it comes to treating snake phobia. The overall conclusion was that all the various types of conditions to which the subjects were assigned, being them symbolic or
23
involving direct contact, managed to desensitize the participants through repeated exposure and therefore to reduce the levels of fear.
The Helsinki Experiment is another valid example to desensitization. In this experiment, the subjects agreed to be, during six months, under home surveillance in multiple ways: video, network traffic, personal computers and smartphones, Bluetooth and WI-FI usage as well as usage of media centers. The conclusion of the experiment was that the subjects reached various levels of getting used to being under surveillance thus the repeated exposure to it led to desensitize the participants to the experiment. (Oulasvirta, Pihlajamaa, Perkiö, Ray, Vähäkangas, Hasu, ... & Myllymäki(2012)
In marketing, the repeated exposure to advertizing it has been found to have a desensitizing effect on customers. Studies have shown that depending on the number of exposures, the advertizing can be effective or in the case of too many exposures, it can be less effective and in some cases even detrimental to the brand. Various studies have shown that Berlyne’s (1970) two-factor theory is what best explains the effect of repeated exposure. What he basically states is that repetition is more effective if the consumers are exposed up to a moderate rate of message repetition. Berlyne (1970) identifies habituation and tedium as factors that affect the effectiveness of repetition. Habituation occurs when people learn to decrease or stop reacting to a stimulus after being repeatedly exposed to. Tedium is defined as a state of boredom or annoyance. Thus at lower levels of repetition, people react positively at the unfamiliarity of the message while processing it but once there is an increase in repetition, due to the lack of message novelty, the state of tedium begins to settle in and habituations levels grow. These factors lead to desensitizing the consumer when it comes to repeated exposure to advertizing.
2.6 Hypothesis
The cookies are ubiquitous on the online environment. Almost every website makes use of cookies for a better customer experience as well as for obtaining valuable information regarding website usage and user data. Even if designed to be a positive feature of a website (Hill, 2015), the usage of the cookie technologies by organizations to collect information and build large data bases, being it anonymous or not, raises privacy concerns (Nissenbaum, 2011). However, studies have shown that people behave irrationally when it comes to their privacy online. Even if a large amount of people state that they have concerns in that regard,
24
not many are the ones that take measures in order to improve their level of privacy. When it comes to self-disclosure, organizations can find ways to encourage that. At the same time, studies have shown that excessive repetition can lead to desensitization. In regard to this, when referring to the internet cookies it can be observed that they are used extensively, and since the message informing of cookie use appears on the majority of websites, it can be said that there is a high level of repeated exposure to the user.
Taking all the above in consideration, the following hypothesis were formulated:
H1. There is a direct relationship between the number of exposures to cookie pop-ups and the likelihood of accepting an intrusive cookie popup. In other words, the more a user is exposed to cookie popups the more the likelihood of disclosing more personal information increases. H2. Privacy concern plays a moderation role in the relationship between the number of exposures to cookie popups and the likelihood of accepting an intrusive cookie popup. As mentioned above, a high percentage of the users state that they have concerns regarding their privacy when online. This hypothesis wants to test if privacy concern affects the level of desensitization of the users in regard to the disclosure of personal information more precisely if the degree of desensitization is different at various levels of repeated exposure.
H3. The level of privacy concern does not affect the self disclosure online. Based on the Privacy paradox, this hypothesis states that even at high levels of privacy concern, the participants will disclose high levels of private information. Basically, this hypothesis wants to test how much of the model is explained by the privacy paradox. It measures the discrepancy between what the participants at this study say in regard to their privacy concerns and what they actually do regarding private information disclosure.
H2 H3
25 2.7 Importance for Marketing
2.7.1 Privacy, Trust and Marketing
The combination between the existence of the free market and the rapid development of the internet resulted in allowing the later to become an important channel for commerce. (Miyazaki, 2008). Known as e-commerce, has brought companies new opportunities to increase sales but at the same time, it brought many challenges. The development of e-commerce and the constant improvement of its performance became one of the main objectives of the modern marketing, involving many elements. Privacy has been identified to be a major, if not the most critical, impediment to e-commerce, mainly because, as before mentioned, most consumers are concerned on what data is collected, how it is used as well as if it is kept safe (Miyazaki, 2008).
At the same time, there are many studies that show that there is a strong link between privacy and trust when it comes to e-commerce businesses (Miyazaki, 2008). A positive perception on privacy leads to creation of trust which at its turn has a strong influence on behavioural intentions when it comes to purchasing products on-line. It can be said that there is a correlation between marketing, privacy, trust and purchase intention since in the online environment, the marketing actions can affect the perception on privacy. This claim is also based on the fact that studies have shown that privacy is an active and constantly changing domain and that many people, when making decisions online, are influenced by situational factors rather than by their privacy concerns (Debatin et al., 2009; Smith et al. 2011).
It is in the opinion of the author of this paper that one of those situational factors could be represented by the use of cookies, privacy policy or the data collection.
Trust creation is crucial for marketing in its effort to create reputation, attract and retain customers and increase sales (Morgan and Hunt, 1994). By having as much knowledge as possible over peoples’ perception of privacy, privacy concerns and privacy infringement
26
organizations can prevent at least to a certain extent problems of legal nature as well as situations that might affect the fragile and complex subject of trust (Acquisti et al., 2013). Depending on the results of this experiment, companies should realize that just using privacy notices in order to deal with users’ privacy expectations is not enough. Organizations should be proactive in revealing what exactly are they doing in regard to data collection, data usage and data protection since transparency leads to building trust. The more trustworthy a brand is, the more willing the consumers will be to disclose private information data (Hann et al., 2007).
At the same time understanding the effects of repetition can prove to be helpful for organizations in terms of costs. If indeed repetition has a desensitizing effect on the user and therefore creating a sort of immunity to the message, organizations can choose to more efficiently spend the budget allocated to advertizing. Instead of spending on showing the same ad more often, they can invest in creating a new ad (message) to present to the customer.
27 3. METHODOLOGY
In order to test the hypothesis whether the repeated exposure to PRMs has an influence on the internet users, data was collected using an online experiment. This chapter contains the description of how the data was collected. In the first part, the sample of the study is described. It is followed by the description of the research design. In this part it is explained the experiment used including the variables, the measures and the measure items. In the last part of this chapter, it is described the process by which the data was collected.
3.1 The sample
All the internet users, worldwide represent the population of this study. According to Internet Live Stats, in 2014 the number of internet users was of approximately three billion while in 2017 it is estimated that it already reached over 3.5 billion users. As of November 2014, more than half of the users are with ages between 15 and 34, almost equally distributed between two group ages: 15-24 years old (26.5%) and 25-34 years old (26.7%) (Statista, 2014). These figures represent a huge population therefore no sampling frame could be retrieved. As a result, the sampling selection method used was random non-probability sampling, more specific convenience sampling.
In order to enhance the possibility of having a representative sample to facilitate the generalization of the findings of this study, one of the main objectives during the data collection process was to achieve a larger sample as possible. The minimum number of participants that is requited as sample size is one hundred and fifty. This number represents 50 participants per condition, number requested by the study institution, larger than 30, the minimum number of participants recommended by Saunders & Lewis (2012).
The experiment, as it will be explained in the next paragraph, has three parts. It was active between July 23, 2016 and July 30, 2016. In this period of time, a number of 285 participants began the experiment. After evaluating the responses, 131 of them have been deleted due to non-completion of the experiment, respondents’ ID duplication and/or due to gaps in the recorded responses due to software problems. As a result, 154 responses were suitable for the analysis. Out of these, 52.6% were male and 47.4% were female. The participants were between the ages of 19 and 75. The mode of age of the sample was 26. The mean of age category was 33.5. When it comes to the respondents’ country of residence, the
28
list includes 20 countries. The majority of the respondents reside in three countries: United States with 47.4%, India with 23.4% and the Netherlands with 15.5%.
3.2 Research design
The purpose of this study is to research if the repeated exposure to PRMs affects the user and if yes, in what way, in regard to self disclosure online. Thus, the most appropriate method for collecting data was by using a quantitative research through an online experiment. The decision to use an online experiment was based on the research conducted by Reips (2000) published in his book Psychological Experiments on the Internet. His findings show that there are many advantages of using an online experiment. It facilitates the access to a larger number of respondents as well as more diverse from the demographic and cultural point of view. At the same time, it takes the experiment to the participant therefore reduces the influence of the author of the experiment, encourages the voluntary participation and increases the openness of the respondents. It increases the generalization of the findings and provides a greater external validity. The online experiment reduces or eliminates the issues related to operational management of the research and reduces costs (Reips, 2000).
Online surveys were used in combination with a three conditions controlled experiment. As before mentioned, the independent variable is the repeated exposure to PRMs and it is manipulated throughout the three conditions as seen in Table. The stated level of privacy concern is the moderator variable.
Table 1. Level of exposure per condition
Condition 1 Condition 2 Condition 3 Number of PRMs
exposed to
6 Popup 3 Popup 1 Popup
3.3 Experimental design
Due to the nature of this study, in this online experiment the participants were asked to evaluate the attractiveness of various templates of a website building platform, namely Wordpress. Since the goal of the study is to research how the repeated exposure to PRMs affects the user regarding self-disclosure when navigating online, the participants could not be
29
informed from the beginning of the real purpose of the study. The experiment is composed of three parts (Figure 5).
Figure 5. Experiment design
3.3.1 First part of the experiment
First, the participants were asked to fill in a questionnaire (Appendix 2) containing demographic questions requesting to state their age, gender and country of origin as well as information regarding the use of computer/laptop/tablet offline and online. The participants were asked to state on average per day, how many hours they spend using the computer as well as how many hours they spend online. Lastly, a question regarding the type of software used was asked.
3.3.2 Second part of the experiment
3.3.2.1 The websites
For the second part of the experiment six websites were created using Wordpress as platform (see Appendix 1). For the rest of the paper they will be referred to as S1, S2, S3, S4,
30
S5 (support websites for S6) and S6. For each website, a different template was used. This was done in order to correspond with the assignment that the participants were asks to perform. The websites will be explained bellow.
3.3.2.2 The popups
In order to accomplish the real purpose of the study, a popup was created for each website. When designing it, it was ensured that the participants will not be able to dismiss the popup without accepting or declining what was specified in the popup. This was done by a) eliminating the close button; b) not allowing the popup window to be dismissed by clicking somewhere else on the page and c) not allowing scrolling in the background. The text of the popup was identical for the first five websites (referred to from here on as P1) (see Figure 6) in order to correspond with what Luzak (2014) states and different, more intrusive regarding personal data disclosure on the S6 website (referred to as P2) (see Figure 7). By this it was intended to simulate a real environment in order to reduce biases.
Before designing the popup, a study was conducted in order to decide on the appropriate text that the popups should contain. The participants were 22 students from the University of Amsterdam. They were handed in a paper questionnaire asking to select which of the seven cookie notices provided, they perceive as more intrusive. No further questions were asked regarding their knowledge concerning cookies, following the reasoning that when people are navigating online, they simply come upon the cookie use notices. From the 22 participants, 14 have chosen the P2 as the most intrusive cookie and zero participants saw P1 as the most intrusive cookie.
31
Figure 7. Popup P2
3.3.3 The third part of the experiment
For the last part of the experiment a questionnaire was created (Appendix 3). The only question asked was regarding the participants’ level of privacy concern. Lastly, using a debriefing, the participants were informed about the real subject of this experiment as well as what data was collected of them. At the same time, the participants were assured that their privacy will be respected and data will not be shared.
3.4 The procedure
As above mentioned, the experiment started with the participants responding to various questions. After completing the first questionnaire, they were randomly assigned to one of the three conditions and directed to the corresponding website (see Figure 5). In the first condition, the participants were exposed to six popups and therefore were sent to the S1 website. In the second condition, they were exposed to three popups and therefore sent to website S4. In the third condition, also the control condition, the participants were directed to the last website, S6. As seen in Figure 5 the websites were link between each other. Therefore, when on a website, the participants were asked to search for “CLICK HERE TO CONTINUE” button in order to advance to the next step. From the website S6 the participants were directed to the last part of the experiment, the third part, which is composed of one question questionnaire and the debriefing.
As before mentioned, the experiment was composed of three parts containing two questionnaires and six websites. The websites were built using Wordpress as platform. The questionnaires were created in English, using Qualtrics. This online software has been chosen due to its effective tools of data collection as well as its flexibility when it comes to the choice of creating questions, easiness to use and effective randomization. Another benefit that using Qualtrics presents is that the results can be exported into various file types, including SPSS that was used for the data analysis. One last reason for choosing this software has to do with
32
its compatibility with the plug-ins used for data collection on the websites that were specially built for this study.
3.4.1 Pilot study
Before launching the main study, a pilot study was conducted. It was launched on July 20, 2016 using as respondents five master students from the University of Amsterdam. These students were asked to evaluate the experiment without knowing its real purpose. No incentive whatsoever was offer. The assessment brought out a few spelling mistakes, some needed rephrasing as well as some cosmetic recommendations to one of the website in order to make it less confusing when using a mobile phone to complete the experiment. This pilot study was also used to see if the data is correctly recorded on the websites. After ensuring that all the components work correctly and the recommendations were applied, the main study was launched.
3.4.2 The main study
The main study was launched on the July 23, 2016. Initially it was distributed using the social media website Facebook. Due to a low participants’ turnover and a relatively high dropping rate, with 35 participants completing the experiment out of 50, the decision to pay for respondents it was taken. This was done using Amazon Mechanical Turk website and it allowed reaching a more diverse audience. On July 30, 2016 the experiment was taken off-line due to lack of registering new participant activity.
3.4.3 Mechanical Turk
The decision to use MechanicalTurk as a source of respondents was taken after conducting the proper research. It was taken in consideration the demographic factors of the probable participants, variety and age diversity, the quality of the responses, as well as identifying factors which could affect the validity of this experiment.
When it comes to demographic factors, studies have shown that the MechanicalTurk respondents are divers in terms of geographical location, being from 50 different countries as well as in terms of age, ranging between 18 and 81 years old (Buhrmester, Kwang &Gosling, 2011; Paolacci, Chandler& Ipeirotis, 2010). From this point of view, the sample that might be
33
obtained could be more significant than in normal conditions of using social media (Facebook) connections.
At the same time there were concerns regarding the quality of the responses due to the fact that respondents get paid per completed questionnaire. Even if the thought that the respondent would complete fast the questionnaire in order to get paid, there are safety measures in place which allows the author to first check the quality of the answers before deciding to pay the respondent. At the same time, research showed that MechanicalTurk respondents are not always financially driven. In the experiment conducted by Buhrmester et al. (2011) respondents completed a 30 min long task for barely 2 cents. Furthermore, when comparing the results of their study at different levels of payment per questionnaire, they concluded that the quality was not affected by the low compensation level. Furthermore the finding show that by psychometric standards, the data collected was at least as good as the required standards for published research (Buhrmester et al, 2011).
The fact that there is no contact between the researcher and the participant can be seen as a factor that improves the internal validity of the research. At the same time the cost are relatively low since the researcher can decide how much to pay the participants for completing the task. However, some bias might appear due to the possibility that the participant might have completed similar tasks in the past.
3.4.4 Measures
The Dependent Variable is the probability of acceptance of P2. Website S6 contains the more intrusive popup P2. This popup is used to measure the probability of acceptance. In other words the website S6 measures (records) how many participants accept or decline the most intrusive popup P2. The scale used was a binary (nominal) variable which assumed the value one (1) if the P2 was accepted and value two (2) if the P2 was declined. Previous studies have concluded that in most cases the users are not aware of the risks they are exposing themselves by accepting these popups and they do not read the privacy related messages. By asking the participants to provide more information, the level of acceptance of the popup P2 measures the level of desensitization. By this is meant the desensitization to the popup and its message. The popups were simple by design and the language and the message used were not complex allowing them to be clear, easy to read and understand.
34
The first Independent Variable is the number of exposures represented by the Condition variable. The scale used was a numeric (nominal categorical) variable which assumed the value one (1) for Condition one (1), six exposures, value two (2) for Condition two (2), three exposures and value three (3) for Condition three (3), no repeated exposure. This variable represents the various levels of repeated exposure used in this study. The decision was taken to use three levels of exposure in order to measure if the desensitization of the users takes place, at what level of repeated exposure and at what intensity. Condition three was used as the base for comparison, the participants being directed to the website S6 only.
The third variable measured for moderation was the Independent Variable Level of Privacy concern. The scale used was interval ratio. The scale of the variable was designed in such a way that a low number means a low level of privacy concerns and a high number assumes a high level of privacy concerns. Even if an ordinal scale it can be consider as a continuous under the assumption that the level of users’ privacy concerns can be a linear continuous scale. In the second questionnaire the participants were asked to state their level of privacy concern. There is a dual purpose followed. First to see if and to what extent the privacy concerns influence desensitization and second by linking this to the level of acceptance of the popup P2, to measure the privacy paradox in this model, the level of discrepancy between what people say and what people do.
Even if the distinction between the variables Probability of acceptance and Level of privacy concern is quite clear, there might be said that they basically measure the same thing. For clarification, the variable Level of privacy concern measure what people state that their level of privacy concern is while the variable Probability of acceptance measures what people do in regard to accepting the cookie P2. Another way to look at these variables is in terms of the privacy paradox. Level of privacy concerns is what people say they do and Probability of acceptance represents what they actually do.
35 4. RESULTS
4.1 Descriptive Analysis
In Table 2 the descriptive statistics are reported. It gives details about the means, medians, standard deviations, minimum, maximum and sum, skeweness and kurtosis, interquartile range and the number of observations of the variables.
Descriptive Analysis
Table 2: Descriptive statistics
N Accept Denied Min Max Sum Mean Median Interquartile Range SD Skewness Kurtosis
Age 154 19 75 5159 33.5 11.318 1.382 1.739 Age (ln) 154 2.944 4.317 533.312 3.463 3.401 0.425 0.302 0.691 -0.064 What is your gender? 154 0 1 73 0.474 Level of privacy concern 154 1 3 337 2.188 2 1
How many hours do you spend daily using a computer, laptop and /or
tablet (on average) 154 1 17 7.256 7 5 3.251 .315 -.272
How many hours do you spend daily on internet (on average) 154 1 17 6.020 5.000 4 3.235 0.690 0.160 PopupS1_Recode 49 42 7 0 1 7 PopupS2_Recode 49 42 7 0 1 7 PopupS3_Recode 49 41 8 0 1 8 PopupS4_Recode 99 79 20 0 1 20 PopupS5_Recode 99 76 23 0 1 23 PopupS6_Recode 154 115 39 0 1 39 Notes:
