Master Thesis
M.Sc. Business Studies – Marketing Track
Privacy concerns:
comparing third party- and co-regulatory privacy
seals to enhance consumers’ online privacy
Keywords: Big Data, business intelligence, privacy policy, third-party privacy policy seals, co-regulatory privacy policy seals, legislation, trust, purchase behavior, perceived privacy empowerment,
privacy concern
Name: Sanne Zwetsloot
Student number: 10676252
Thesis supervisor: Drs. Frank Slisser Second supervisor: Dr. K. Venetis
Executive Summary
Scandals, espionage, lies and growing worldwide fear. Over the last year, people see this more and more as a real threat: the issue of online data privacy. Also companies struggle with this because people show growing fear to ordering products online since their personal data that they have to give a company in order to pay can be misused. One possible solution to protect customers’ privacy is showing privacy policies, but who reeds those? Third-party privacy policy seals could be the solution to this problem, but they are mainly profit focused. In this study, a fictitious co-regulatory privacy policy will be developed and will bet test against a third-party policy on Trust, Purchase Behavior, Perceived Privacy Empowerment and Privacy Concerns. Testing a co-regulatory privacy seal has not been done before; the results are therefore very interesting to the existing academic literature. However not all significant, the results show that the respondents are more positive in terms of Trust and Purchase Behavior when they viewed the co-regulatory privacy seal. This makes this research very interesting and makes it important to further test this subject.
Disclaimer of this thesis:
Statement of originality
This document is written by Student Sanne Zwetsloot, who declares to take full responsibility for the contents of this document.
I declare that the text and the work presented in this document is original and that no sources other than those mentioned in the text and its references have been used in creating it. The Faculty of Economics and Business is responsible solely for the supervision of completion of the work, not for the contents.
CONTENT TABLE
1. INTRODUCTION p.4
- Research question p.5
2. THEORETICAL FRAMEWORK p.7
2.1. Collection of personal data p.7
2.2. How about the issue of privacy? p.9
2.3. Privacy policies p.12
2.4. What is trust? p.22
2.5. Consumers’ purchase behaviour p.25
2.6. Perceived privacy empowerment p.28
2.7. Privacy concern p.30
2.8. Conceptual model p.32
3. METHOD p.33
3.1. Research approach, study type & strategy p.33
3.2. Experiment and experimental design p.33
3.3. Description of sample study p.35
3.4. Measurement scale p.37
4. ANALYSIS OF THE RESULTS p.38
4.1. Descriptive Statistics p.38
4.2. Computing scale reliability & validity p.38
4.3. Correlation Matrix p.40
4.4. Hypotheses testing p.42
4.5. Summary of the results p.48
5. DISCUSSION p.50
5.1. Empirical findings & implications p.50
5.2. Limitations and future research p.54
5.3. Conclusion p.57
6. REFERENCES p.60
1. Introduction:
Big Data is a buzz many should have heard about and refers to the mining of information on the Internet in order to get to know more about your customers. It has developed so recently that researchers argue that no good definition of it is available yet, (Jackson, 2013; Ovadia, 2013). Marketers are showing growing attention to this phenomenon since enormous advantages can be gained by using this information in a correct way, (Fowler et al., 2013). However, a big issue of big data is privacy, (Westin, 1967 in Featherman, Miyazaki & Sprott, 2010). People show more and more concerns towards this issue, and not being able to communicate high levels of privacy protection by showing privacy policies to your customers could result in losses, (Hawthorne, 2011; Wu, Huang, Yen & Popova, 2012; Miyazaki & Fernandez, 2001 in Featherman et al., 2010;). However, a problem seems to appear: people rarely read these privacy policies because of their length and complex content, (Tsai, Egelman, Cranor & Acquisti, 2011; Joinson et al., 2010). Third-party privacy policy seals could be the solution to this problem since they measure privacy more effectively and consistently because their practices are in line with the FIP standards, (Kim & Kim, 2010). Unfortunately, there are some issues regarding to this privacy policy seals that are explained by Rodrigues et al. (2013) and Peterson, Meinert, Criswell II & Crossland (2007); a lack of awareness and the fact that these third-party companies are self-regulatory (which means that they do not operate under law) and focused on making profit, which questions their reliability and trustworthiness. Rodrigues et al. (2010) suggest a co-regulatory approach whereby different stakeholders set desired common objectives and standards to protect and maintain privacy whereby the third-party audits the way the industry is adhering to these standards.
Advantages of communicating a privacy policy seal are an increase in trust which enhances the customer-company relationship and a change in purchase behavior in a way that people tend to buy something from a website that communicates high levels of privacy,
(Smith, 2008; Tsai et al., 2011). People want to stay in control of the information that they provide to an online company. Therefore, when a privacy policy seal can enhance this, consumers’ perceived privacy empowerment (one’s control of information), could increase which leads to an increase in trust, (Kim & Kim, 2011). However, these relationships could be less positive when someone has high privacy concerns, (Wu et al., 2012).
This study will investigate how a co-regulatory privacy policy seal and third-party privacy policy seal can contribute to the relationship between a privacy policy and trust, purchase behavior and perceived privacy empowerment. From there, it will be clear whether a co-regulatory seal is better for websites to create trust, purchase behavior and perceived privacy empowerment than a third-party seal. Additionally, attention will be given to whether a privacy policy has a direct relationship with trust and purchase behavior or whether trust mediates this relationship. The same mediating role for perceived privacy empowerment between the relationship of a privacy policy seal and trust will be investigated in this paper. In conclusion, attention will be given to the influence of one’s privacy concerns on these relationships. These different seals will be tested by creating a fictitious online website where people pretend to buy something online while answering various questions.
From the information above, the following research question can be formulated: What is the effect of a privacy policy seal on consumers’ trust, purchase behavior and perceived privacy empowerment?
The following sub questions can be derived from this research question: 1. What are privacy policies and a privacy policy seals?
2. What are trust and perceived privacy empowerment?
3. What is the difference between a third-party- and a co-regulatory privacy policy seal on trust, purchase behavior and perceived privacy empowerment?
The main contribution of this research is to give an insight in the best type of privacy policy seal on a website and whether a co-regulatory seal could work. This could be very useful for managers since the goal is to show that it has a significant influence on trust, purchase behavior and privacy policy empowerment, which are factors that are very relevant for a company.
In this research, first a broad overview of the existing theory available will be presented in the theoretical framework. From this theory, various hypotheses will be formed. Thereafter the methodology regarding the experiment will be given followed by a complete analysis. The results will be concluded and discussed in the last section of this thesis.
Theoretical contribution: Up to this point, there aren’t many articles available about
third-party privacy policy seals. This subject reached the interest of Kim, Ferrin & Rao, 2007, Rodrigues et al., (2013), Kim&Kim, 2010. The articles that describe this phenomenon agree that a third-party privacy policy seal has advantages over regular privacy policy on trust and purchase intention. These articles also argue that these third-party seals have some disadvantages, (Rodrigues et al. (2013); Peterson, Meinert, Criswell II & Crossland (2007) and Miyazaki & Krishnamurthy (2002)). Insight in a possible solution, a co-regulatory third-party privacy policy seal, is therefore of great value given its theoretical contribution.
Managerial contribution: This subject is also of very useful for managers since the growing
importance of this topic. As mentioned above, it is widely known that most people do not read the privacy policies that companies offer on their website while it is also known that people care about these privacy issues. Broader insight in this paradox and advice in how to create a privacy policy seal that shows that consumers’ privacy is protected could be of great use for managers since it can increase customer’s trust, purchase behavior and perceived privacy empowerment.
2. Theoretical Framework:
2.1 The collection of online personal data
For many years now, firms have discovered that the use of IT has created new ways for firms to improve and exploit customer relationships, in a way that has never been done before, (Phan & Vogel, 2010). Especially in today’s uncertain and highly competitive world, firms are experimenting with environmental changes and have discovered that the quality and timeliness of an organization’s so called ‘’business intelligence’’ can make the difference between profit and loss but also survival and bankruptcy, (Ranjan, 2008). Knowing the specific needs of a customer can determine how successful a company can be, (Fowler, Pitta and Leventhal, 2013). As companies want to know more about their customers to exploit the relationships, they use business intelligence to gather and mine this information, (Pan & Vogel, 2010).
2.1.1 Business Intelligence
‘’Business Intelligence (further referred to as BI) is the conscious, methodical transformation of data from any and all data sources into new forms to provide information that is business-driven and result-oriented. It will often encompass a mixture of tools, databases, and vendors in order to deliver an infrastructure that not only will deliver the initial solution, but also will incorporate the ability to change with the business and current marketplace’’, (Fowler et al., 2013).
From where does a company gather this information? Typical information items a firm can obtain are e-mail addresses, list of e-mail contacts, topics discussed online, subjects that the user search for online and many other items. These databases help an organization to understand a specific customer’s needs by accessing a profile of a customer. So concluding,
information technology enhances an easier collection and storage of relevant personal data, (Fowler et al., 2013). Data is one of the assets of an organisation these days; it builds the competitive advantage that ensures corporate success. It also enhances comprehension, understanding and profit from the experience they encompass using BI, (Fowler et al., 2013).
2.1.2 Big Data
A recent development that underscores the power of information to satisfy a customer is Big Data. This topic has become a buzz in the last years and is has developed so recently that researchers argue that no good definition of it is available yet, (Jackson, 2013; Ovadia, 2013; However, several descriptions are available about this concept and they all come to about the same thing. Big data is a ‘dataset whose size is beyond the ability of typical database software tools to capture, store, manage and analyse’, (Manyika et al, 2011 in Ovadia, 2013). So, Big Data is what you get when you connect different sets of data together to create even more sets of information. The intention of collecting information of consumers is to create long lasting relationships by targeting individuals on a personal level, (Rapp, Hill, Gaines & Wilson, 2009).
Big data tools let organizations gather information not only from social media, blogs, phone apps, search histories and sensors in the mall, someone’s answers to a call center conversation and the TV shows that you watch and the time you spend in online game or entertainment environments, (Fowler et al., 2013), but also from the usage of credit cards, purchases made with discount cards and the websites someone visits. Meaning is derived from this information by using complex data-mining algorithms and then used for own purpose or sold to other firms, (Rapp et al., 2009). The companies use this information to be able to differentiate between and interact with individual customers to customize products and advertisements for each customer to add greater value to businesses, (Fowler et al., 2013;
Tien, 2013). So, the plus side is that companies can know more about customers and their preferences than ever before, (Fowler et al., 2013).
2.2. How about the Issue of Privacy?
How about the issues of Big Data? The issues of sharing data are complex, but there seem to be two main issues. The first is that businesses want to protect their gathered information from their competitors for competitive advantages. High-quality and reliable information about consumers is not only valuable to the organization but also for other organizations, (Jackson, 2013). The second one is of greater importance and that is the question of privacy, (Ovadia, 2013; Jeffries, 2013; Park, Cambell and Kwak, 2012; Featherman, Miyazaki & Sprott, 2010; Furnell & Phippen, 2012; Wu, Huang, Yen & Popova, 2012). Privacy has been referred as the individual claim to determine when, how and to what extent information about themselves is communicated to others, (Westin, 1967 in Featherman, Miyazaki & Sprott, 2010).
As data sets become larger, individuals can more easily be identified. A good example of this is when two researchers were able to identify individuals from massive sets of data from Netflix while linking it to other sites like review posts. So even when a company is legally not allowed to save a person’s name, with Big Data, a company can still find out which data belongs to which person by using different databases. It is therefore important that organizations determine clearly what they would do with all this information that is gathered.
2.2.1 Regulation
In protecting the EU citizens from the misuse of their personal data, the European Union adopted the Data Protection Directive 95/46/EC in 1995. The goal was to achieve a degree of
harmonisation between the regulations of the different European countries. However, 19 years after its implementation, there is not sufficient harmonisation. Therefore, the European Commission proposed a General Data Protection Directive for the public and private sector and a special Directive for police and justice in 2012, (Dix, Thüsing, Traut, Christensen, Etro, Aaronson & Maxim, 2013). On the twelfth of March 2014, the European Parliament had 621 votes in favour, 10 against and 22 abstentions for the Regulation. The huge amount of votes in favour shows the necessity of strong data protection rules. They claim that after the U.S. spying scandals, data protection is more than ever a competitive advantage. The data protection reform will ensure more effective control of people over their own personal data, and it will also be more ease for businesses to operate and innovate in the EU, (European Commission – MEMO/14/186, 12/03/2014).
The Regulation stands for the ‘establishment of certification mechanisms, data protection seals and marks’ to enhance transparency and legal compliance and to permit data subjects [individuals] the means to make quick assessments of the level of data protection of relevant products and services, (Rodrigues, Wright & Wadhwa, 2013). The Regulation is a directly applicable legal instrument, which covers most of the national legislation on data protection in the 28 separate legal frameworks of the countries in the EU. In addition, the Regulation also covers another crucial point. Before, the EU regulations about data privacy issues did not cover for non-European countries that do business in European countries. This was very contradicting, especially because the US Supreme Court ruled that any foreign company that does business in the US has to comply with US law. The regulation therefore stated that this principle also applies to any non-European country that does business in the EU, (Dix et al., 2013).
Gather information in such way that protects a customer’s identity is not only necessary in order to follow legislation; public opinion about privacy issues on the Internet is also changing.
2.2.2 Public opinion
Security breaches like: phishing, credit card exposures, hackings of databases, etc. keep occurring in a growing pace. Over the last year, people learn more and more about the online personal data abuse that seems to occur on international level by not only the largest companies in the world but also by various national intelligence agencies. People learn that various large companies like Facebook and Barclays use their data for advertising activities, (Jeffries, 2013). Next to that, after more and more messages in the news about large institutions like the NSA that espionage millions of people over the world, people become more aware of the importance of their online privacy.
With regard to the extensive media attention, new corporate disclosure laws and the high profile coverage of data losses, these security breaches do not go unnoticed by consumers, (Featherman et al., 2010). Internet users that shop online have concerns, where privacy was to be found in the top-three concerns, (Hawthorne, 2011; Wu, Huang, Yen & Popova, 2012; Miyazaki & Fernandez, 2001 in Featherman et al., 2010;). Combining various areas of concerns like: transparency and awareness of data collection, security and protocols to protect and remedies by misuse can be unified to one understanding of privacy issues. That is, privacy issues require that consumers have some understanding of the collection process and some control over the usage of their personal data, (Culan and Bies, 2003 in Rapp et al., 2009). Consumers’ must feel a certain degree of control about the use of their personal information by companies.
But for now, most consumers are clueless about data storage and the way their personal data that they store online is handled. Technically, people own the data that they put online, but who is using it and how, (Jeffries, 2013)? These types of questions raise a lot of concerns like perceived risk and trust issues.
How do companies cope with these concerns? First of all, many companies seem to struggle with the large amount of data that they retrieve. The speed, frequency and complexity of this transactions mean that the pile of retrieved data has become a labyrinth. Jeffries, (2012) even argues that the ICT industry appears to be out of control. More than 50% of the companies that were surveyed in the State of Customer Analytics 2012 report have difficulties in managing and integrating data from the many sources available. Most companies that succeed in making sense of this pile of data have invested huge amounts of money on analytic tools and employing the professionals that can make sense of the data, (Klie, 2012). Secondly, due to the growing privacy concerns and new regulations, companies become more careful in using data in such way that it does not abuses customer privacy, (Jeffries, 2013). But how can they communicate that to the consumers?
They post privacy policies on their websites, which provide an explanation about how a companies website will use personal data that they gather from the customers and inform them about security tools and the protective systems the website has, (Wu et al., 2012).
2.3. Privacy Policies
Privacy policies are statements that companies use to communicate a comprehensive description of the practises of a company, (Kim & Kim, 2010).
They are usually built around the US Federal Trade Commission’s (FTC) principles. This commission is concerned with privacy protection and maintains a market-based approach, in which companies must comply with the promises they make regarding the collection, use, storage and disclosure of data, (Park, 2011). Their duty is to inform consumers and companies about privacy concerns and take action against abuse of personal information, (Rapp et al, 2009). The FTC supports self-regulation because it provides flexibility. The five FTC principles are: notice, choice, access, security and enforcement. Notice is the most fundamental principle and means that customers should be given notice before any personal information is collected from them. Choice is giving the customers the option to inform the company of how to use this information. Access means that customers always have access to their own data. Security means that data must be accurate and secure and enforcement means that privacy protection can only be effective if there is a mechanism in place to enforce them, (Kim & Kim, 2010). More principles have been argued but the FTC principles were chosen as the most flexible and realistic system and are more concerned with the data collection related to the customers, (Wu et al., 2012). However, it appears that of the nearly 90% of the websites that are posting a privacy policy, only 20% actually met the standards of the five principles.
Next to that, it seems that although many people express protective feelings towards online privacy issues, this rarely leads to actual behaviour, (Metzget, 2006 in Joinson, Reips, Buchanan & Schofield 2010). This seems very paradoxical but evidence shows that people find most privacy policies too long and complex and therefore do not bother to read them. When the text is complex, it is often misinterpreted and mistaken assumptions could be made and given its length, it is also a time consuming process, (Tsai, Egelman, Cranor & Acquisti, 2011; Joinson et al., 2010). So concluding, when people don’t bother to read the privacy policy, the most fundamental principle of the FTC (which is: ‘Notice’) would be neglected.
Concluding from this, a market-based approach for privacy protection does not seem optimal to ensure consumers’ privacy, which can result in lower consumers’ trust. Therefore, some other options will be described.
2.3.1 Third-party privacy seal
A way to ensure notice is to display a privacy policy prominently on the website of the company. Different icons can be used to present privacy information in a prominent way. Concluding from this study is that participant who saw a prominent placed icon, which indicated a medium to high amount of privacy the company protected, were more likely to make purchases from that website, (Tsai et al., 2011). Other ways, like an independent certification, to ensure notice are presented in the next chapters of this paper.
An example of a prominent placed icon is a third-party privacy seal, which refers to an approval of a trusted third party that the website discloses and follows its operating practises, that they are reliable and treasure consumers’ privacy, (Kim, Ferrin & Rao, 2007). They provide assurance to consumers that a website follows particular operating practices, that payments are secure, and/or that the privacy policy indicates what the seller can and cannot do with gathered personal data, (Kim et al., 2008). Rodrigues et al., (2013) describes a privacy seal as a visible, public indication of an organization to establish largely voluntary privacy standards with the objective to promote consumer trust and confidence in e-commerce.
The goal of a third-party seal is to reduce uncertainty and online shopping risk, to contribute to consumer’s trust, (Ponte, E.B., Carvajet-Trujilo, E. & Escobar-Rodriguez, T., 2015 and Karimov & Bergman, 2014). Rodrigues et al. (2013) even argue that the overarching objective of privacy seals is to promote and build consumers trust online.
Information Practises (FIP). The advantage of such a third-party privacy seal are an immediately visible sign that reassures consumers that the online website treasures one’s privacy, which help reduce consumers’ perceived risk and helps to gains consumers’ trust. Research also implies that a third party seal works better for trust and against risks than a websites’ own privacy policy (Kim & Kim, 2010;). Examples of widely and well-known third-party seals are TRUSTe, BBBOnline, ESRB Privacy Online Certification Seal, EuroPriSe, WebTrust and CNIL, (Rodrigues, Wright and Wadhwa, 2013).
However, there are some issues regarding to this privacy seals that are explained by Rodrigues et al. (2013), Peterson, Meinert, Criswell II & Crossland (2007) and Miyazaki & Krishnamurthy (2002). The first one of them is a lack of user awareness, many people have no idea who these third-party seal companies are and do not know the function and purpose of these seals. A result of this is that when people are not aware of the meaning of the seal, it can’t add to one’s trust. The following issue is that these seals do not guarantee the standards that are set for fair informational practices, which means that the presence of third-party seals do not guarantee a more secure privacy policy statement, (Peterson et al., 2007). It is therefore a deceptive potential, (Rodrigues et al., 2013). There is also a lack of harmonization, which means that all the different third-party seal programs operate differently and are all focussed on making profit, rather than provide good oversight on their customers. This could also harm consumers’ trust in a website. Next to this, more scholars argue factors that influence the perception of privacy and trust, such as vendor reputation, perceived privacy empowerment, perceived value, website investment and Internet privacy concerns, (Ponte et al., 2015, Kim & Kim, 2011, Kim et al., 2012 & Karimov & Brengman, 2014). Concluding from this is that these self-regulatory, (which means that they are not operating under the law), third party seals do not always add to trust. This seems to be a problem, referring to the beginning of this paper where it became clear that consumers are becoming more worried about privacy issues.
Even more importantly, Özpolat, K., Gao, G., Jank, W., & Viswanathan, S. (2013) & Rodrigues et al. (2013) explain that a number of studies have analyzed the influence of third-party seals on trust, but there is a lack of consensus on this. They discuss that some found a positive influence (Kim & Kim, 2011, Kim et al., 2010 & Karimov & Brengman, 2014) while others did not, (Rodrigues, 2013, Kim, Steinfield and Lai, 2008 & Ponte et al, 2015). As discussed, the reason why companies pay for a third-party seal is to increase consumers’ trust. When it is not certain or curious whether a third-party seal ads to trust, more research is important. However, given the other downsides of a third-party seal, it should be interesting to investigate other options.
Rodrigues et al. (2013) present two main other options for privacy seals: a full regulatory approach with the law taking charge and a co-regulatory approach. They argue that the first one is not desirable since the costs would go up, staff requires huge mobilization, the industry might resist it and it is not flexible. Rapp et al. (2009) also agree that a full regulatory approach is not optimal. They state that legislation to protect peoples’ privacy has proved to be surprisingly slow and unsteady, and therefore argue a preference for self-regulation over legislation. Jeffries (2013) concludes his article by agreeing on this point. He claims that due to constantly shifting goals as Internet technology keeps becoming more and more advanced, new legislation could become out-dated very quickly.
So concluding, a full regulatory approach and a self-regulation approach do not seem to be optimal given the various negative aspects. What then should be the best way to protect personal data online? Rodrigues et al. (2013) advise a co-regulatory approach, which combines regulatory approach with self-regulation. Hereby, different stakeholders set desired common objectives and standards to protect and maintain privacy whereby the third-party audits the way the industry is adhering to these standards. The fundamental idea is that it
2.3.2 Co-regulatory privacy seal
The way that this might work is the fact that co-regulation is an increasingly popular approach to overlook some problems. For example, Kijkwijzer, which classifies audio-visual products, is co-ordinated by the Institute for the Classification of Audio-visual Media (NICAM) and the CE marking scheme, an Europe-wide product certification system that is recognized and accepted by many. When different stakeholders work together to achieve an objective, the following advantages appear: it would reduce the regulatory burden, it would receive wider stakeholder support, proactive participation of many different companies, lower costs, more stakeholder responsibility and it would harmonize and streamline the certification of privacy in Europe, (Rodrigues et. al, 2013).
Rodrigues et al. (2013) addresses the following advantages of a co-regulatory seal that are related to the increase of consumers’ trust. The first advantage is the mechanism of privacy impact assessments (PIAs) to check and document privacy compliances of websites. A specially designed body will perform these and guard the proper use of the system. PIAs are well known and add value by enabling organizations to fulfil their social and legal obligations and deliver digital trust, (CSC Consulting, 2008 in Rodrigues et al., 2013). Secondly, they propose a harmonized standard, established by the European Commission, with a unique privacy seal. This seal would be well established and publicized which would lead to public recognition and would ensure that privacy seals would become real and effective symbols of privacy and trust, (Wright, 2012 in Rodrigues et al., 2013). Concluding, support through legislation, enforcement, and public communication and awareness campaigns boots its visibility and generate public trust in it, (Rodrigues et al. 2013).
Recently, some articles were written about third-party privacy policy seals. Main conclusions of those articles were that third-party seals work better than normal privacy
policies, which is a good beginning. However, they also argue that these third-party companies are not very reliable and that there is the problem of awareness: many people do not know the companies that are behind the seals. And most importantly, there is a lack of consistency in the results of the relationship between a third-party seal and trust, the most important objective of a seal for companies, (Kim & Kim, 2011, Kim et al., 2010 & Karimov & Brengman, 2014, Rodrigues et al., 2013, Kim, Steinfield and Lai, 2008 & Ponte et al, 2015). In order to address this gap, another form of privacy seal will be discussed in this research to test whether these results give a better insight in this topic.
The research of Rodrigues et al. (2013) is the first that comes up with a new form of third-party seal. However, next to this advice, no actual research has been done on this topic. Insight in outcomes of this paper can be very valuable given the fact that self-regulatory third-party seals can lose ground and can lack positive outcomes. In order to meet growing consumers’ need about handling their online data in a correct way that ensures their privacy to increase trust, companies could benefit from a new type of institution like a co-regulation between stakeholders.
2.3.3 Other co-regulatory seals, how do they work?
In this chapter, two other co-regulatory institutions are analyzed in order to see how these companies were set up, who the stakeholders are and who benefits from it. This should give insight in how to create a co-regulatory organization that ensures consumers’ online privacy.
2.3.4 Kijkwijzer
Kijkwijzer is a Dutch classification system that makes recommendations to parents and educators about harmful video content. It was set up by the Netherlands Institute for the Classification of Audio-visual Media (NICAM), a self-regulatory organization, in 1999.
The way they make recommendations is firstly by giving an age recommendation up to what age a television program or movie can be harmful to children: All Ages, 6 years, 9 years, 12 years and 16 years. In addition to this, they use pictograms that are used to show the reason for this recommendation, whether the program/movie contains: violence, fear, sex, discrimination, drug and/or alcohol abuse and coarse language.
This institute was set up in close cooperation with the Ministry of Education, Culture and Science, the Ministry of Health, Welfare and Sports and the Ministry of Justice. The reason for the set up of this institute was the European Commission’s policy document ‘ Not for all ages’ in 1997. In this way, they would call on all Member States to take action to protect young viewers against possible harmful effects of the audio-visual world. A couple of representatives of the audio-visual sector responded to this call and set up this self-regulatory institution.
Anno 2014, more than 2200 companies and organizations support the NICAM. The board consists of representatives of both public and commercial broadcasters, film distributors and cinema operators, distributors, videotheques and retailers and also an independent member. Their performances are supported by an Advisory Committee, experts in the areas of media, youth, education and other social organizations, who are divided in the Science Committee, the Coding Committee and the Complaint Committee.
The following umbrella organizations from the audio-visual sector participate in NICAM: • Netherlands Association of Cinema operators (NVB)
• Netherlands Association of Film distributors (NVF)
• Netherlands Association of Producers and Importers of Picture and Sound Carriers (NVPI) • Netherlands Video Retailers Organization (NVDO)
• Netherlands Broadcasting Corporation (NPO), which represents all national public service broadcasting organizations
• Association of Satellite Television and Radio Program Suppliers (VESTRA), which represents all commercial broadcasting organizations in the Netherlands
Although it is a self-regulatory organization, the government (the Media Authority) closely monitors and supervises the NICAM. Next to that, it also subsidies the NICAM. This means that this organization is self-regulated that is combined with a regulatory approach. NICAM itself also performs regular quality assessments of compliance with the rules. In addition, it regularly tests consumer perception and use of Kijkwijzer.
The actual implementation is in the hands of the audio-visual institutions and companies. (Kijkwijzer, NICAM, http://www.kijkwijzer.nl/nicam, accessed on: 23/04/14)
How does NICAM prove and maintain its quality? They perform each year an inspection based on a random sample to test the quality and practise of the Kijkwijzer classifications. These criteria are set up in cooperation with the supervisor, the Committee of Media. These institutions test whether the classifications are consistent and precise. The NICAM also inspects the broadcast times of harmful shows and whether their supporting organizations indeed show the recommendations and pictograms that they claim to use, (Jaarverslag, 2012, http://www.kijkwijzer.nl/upload/zijbalk1/51_Nicam2012lowres.pdf. Accessed on 23/04/14).
Given the large amount of supporting organizations, the combination of a self-regulatory organization and government support, and the large amount of Dutch adults that claim to look at the recommendations when their kids watch a show (9 out of 10 parents see Kijkwijzer as a valuable tool to use, (Mediacourant, ‘ouders hechten groot belang aan
Kijkwijzer’ http://www.mediacourant.nl/?p=164374. Accessed on 23/04/14), this co-regulatory approach seems to work very well. All the stakeholders aim together for the same goal, without the need of making profit, to make watching TV or movies a safe experience for children. The way they did this raised a lot of awareness for this industry.
2.3.5. Fair Trade International
Fairtrade is an alternative approach to conventional trade and is based on a partnership between producers and consumers.
The first Fairtrade label, the Dutch Max Havelaar foundation, already existed in 1988. From this, the initiative was replicated in other markets across Europe and North America in the late ‘ 90s and early ‘90s, followed by the Fairtrade Labelling Organizations International (FLO) in 1997 and the international FAIRTRADE Certification Mark in 2002. In 2004, the FLO-CERT organization was set up next to FLO, which inspects and certifies producer organizations and audits traders.
Now, the international Fairtrade system includes three producer networks, 25 Fairtrade organizations, Fairtrade International, and FLO-CERT, the independent certification body of the global Fairtrade system. The FAIRTRADE Mark is recognized by consumers around the world as the leading social and sustainable development Mark. It inspires high trust in consumers around the world that a considered purchase improves the lives of people and communities in developing countries.
(Fairtrade International, official website http://www.fairtrade.net/361.html. Accessed on 23/04/14)
So, Fairtrade International has created a special mark, by setting goals together with different stakeholders without aiming for profit, that gives consumers higher trust in the products they
buy and consider that while they are shopping. Higher trust could enhance purchase behaviour; these concepts will be explained in the next paragraphs.
However, there seems to be a pitfall in this story, Jones and Williams (2012) argue that the wide availability and variety of ethical and fair trade labels are a potential for consumer confusion. Since such labels are a promise to consumers who must be able to trust companies that utilize them, this point seems very crucial. Therefore, labelling should be done in a consistent and transparent manner and educational effort is needed to make consumers aware of such labels. Next to this research, Upham, Dendler & Blenda (2011), also found that a label is not enough, participants in their study about carbon labelling thought that consumers would need substantially more information to make sense of the logos. A lack of awareness was also why the different third-party privacy policy seals are less useful than expected, as discussed previously in this paper. More relevant to the topic of this paper is the following principle of the European Commission Communication of 2 May 2007: ‘the number of privacy seal systems should be kept to a minimum to avoid customer confusion that can undermine their trust in all seals’, (Rodrigues et al., 2013).
Concluding, communication and education about the label towards consumers seems very important to make and also keep the label widely recognized, increase in use of the product and to create trust.
2.4. What is Trust?
When companies have to be responsible with the data that they gather and then be communicated to the customers via FTC principles, competitive advantages could be increased. Online companies are placing their privacy policies on their website to gain
becomes very important to improve the relationships between customer and businesses. These privacy policies give customers an insight in the way a company uses personal data and inform them about security tools and systems of the website, (Wu et al., 2012). Tang, Hu & Smith (2008) argue that it is particularly important to build trust among consumers regarding privacy concerns. They state that ‘the willingness of one party to be subject to the risk brought by another party’s action is trust’ and that it is essential for the relationship between sellers and buyers.
Next to this, Ponte, Carvajel-Trujullo & Escobar-Rodriguez (2015), argue that the definition of trust is complicated because it is an abstract and complex factor. From various definitions, they are following this definition: trust is the subjective belief that the online seller will fulfil its transactional obligations, as those obligations are understood by the consumer, (Kim et al., 2008). So to conclude, consumers have to perceive the transactions as reliable.
Kim et al. (2008) give a broader definition to trust, where trust has three antecedents that are related to consumer’s perceptions: security protection, privacy protection, and the quality of the information given on the website, where Ponte et al. (2015) conclude that a third-party seal might increase the perceived security and privacy protection. Regarding the perceived security antecedent, this can be defined as the perception of consumers that the online seller has included the antecedents of security, such as verification, authentication, encryption, protection, and non-repudiation. If a consumer perceives this security protection, they are more likely to trust the website. The perceived privacy protection antecedent can be conceptualized as the probability that the online seller will ensure that the confidential information about the consumer acquired during the online transaction is protected against unauthorized disclosure or use. If a consumer perceives this privacy protection, they are more likely to trust the website.
Next to privacy policies, privacy seals are visible symbols of trust that provide consumers with privacy guarantees, (Rodrigues et al., 2013). Websites that display a privacy logo show to prove that they have fulfilled their obligations and implemented appropriate data protection measures, which are regularly audited. This increases consumers’ trust. Both third-party privacy seals and co-regulatory seals will create this advantage above a website that does not display a privacy seal. As discussed under the chapter of the third party seals, the goal of a company to choose for a third party seal is to increase trust.
Overall, some scholars find a positive influence of trust seals on consumers’ trust, while others do not support this claim, (Karimov & Brengman, 2014). These outcomes are the same for the positive influence of trust seals on consumers’ trust with the use of a third-party seal. Kim & Kim (2011) found that posting a well-known third-party seal on the order page of a website can build trust. Next to this research, Peterson et al. (2007) found that website that display their seals increases consumer trust since it indicates that the company is monitored by the seal granting organization. They do acknowledge that these self-regulatory seal programs lack compliance and awareness, as stated above.
When a consumer does not recognizes and/or understands the privacy policy seal displayed on the website, his or her trust cannot be increased. One of the disadvantages of using a third-party seal on a website is a lack of consumer awareness and trust, as described in the previous chapters. Since these disadvantages are explained and investigated by various researchers for third-party privacy policy seals but not for co-regulatory privacy policy seals (since no research exists of this topic), the differences should be the two are interesting to know. The way a co-regulated privacy policy can add to trust is when consumers are aware of the seal and understand the difference between a co-regulatory and a third-party seal, i.e. the meaning of the seal and where it stands for. As seen in the co-regulatory examples of
companies work collectively to achieve a common goal by support through legislation, enforcement, and public communication and awareness campaigns boots its visibility and generate public trust in it, (Rodrigues et al. 2013).
Next to this, there seems to be a common agreement that the explanation of the different outcomes that scholars give when discussing this topic, is that the outcomes may differ depending on several factors such as awareness and knowledge, (Karimov & Brengman, 2014). A broader insight, since outcomes differ, in this topic seems therefore be of great relevance.
The following hypothesis can be formulated regarding to this findings:
H1: Displaying a third-party seal leads to a lower increase in Trust than a co-regulatory seal.
2.5. Consumers’ Purchase Behavior
Why should companies engage in a third-party seal or a co-regulatory seal? In order to receive a third-party seal, companies pay the third-party to investigate their privacy policy. Next to that, the company may have to make some (costly) changes in their everyday business to increase the privacy for consumers’ to receive a third-party seal. When engaging in a co-regulatory seal, it is most likely that a company has to pay a fee to the umbrella organization behind the seal, like with the Kijkwijzer example. In return, managers expect a reward that covers these costs and even increase their income.
Therefore, testing whether an increase in purchase behavior is higher for a co-regulatory seal than for a third-party seal is necessary in order to recommend setting up an organization to create a co-regulatory seal.
2.5.1 The effect of privacy seals on purchase behavior
Different outcomes can be found in the currently available literature regarding to this relationship. Some argue that a presence of any Web seal was more likely to result in an online purchase than when no seal was present, (Nieschwietz, 2003 in McCole et al., 2010). On the other hand, others found no influence on consumers’ purchase behavior when they saw a Web seal while they did their online shopping, even when they were aware of the trust seal programs, (Head & Hassanein, 2002 in McCole et al., 2010).
Tsai et al. (2011) argue that people are more likely to make purchase from websites that offer medium or high privacy when it is communicated in a prominent way (via the use of icons and other forms of communication like media). Next to this, because many traditional cues for assessing trust in the physical world are not for online purposes, the presence of trust seals increases the likelihood of an online purchase, (Karimov & Brengman, 2014).
When different stakeholders create a co-regulatory company like Kijkwijzer or Fairtrade International (see examples), they bundle their power and money to communicate their vision and meaning to the large audience, (Rodrigues et al., 2013). These co-regulated companies strive to help people, whether it is for protecting children against aggressive TV shows, to enhance fair food or for online privacy. Saurwein and Latzer (2010) argue that the success of such an arrangement depends on broad public awareness, understanding of the meaning, trust and strong industry support. In order to increase these points, they widely communicate their company, logo and meaning.
Comparing these co-regulatory seals with third party seals, third party seals do not advertise their meaning to the large audience, which can lead to less awareness and knowledge. They are rather focused on their clients, the companies who pay the third-party seals to certify them. Edelman, (2010) discusses this drawback of TRUSTe, one of the best know trust
authorities. With this revenue model, and a small staff, there is no pressure to seek high standards in evaluating a companies’ privacy seal in a correct manner, (of the 3416 consumer complaints received since January 2003, TRUSTe concluded that not a single one required any change to any member’s operations.
When comparing the Kijwijzer and Fairtrade case with TRUSTe, a co-regulated seal should result in a higher increase in purchase behavior given the fact that they increase support through legislation, enforcement, and public communication and awareness campaigns boots its visibility and generate public trust in it, (Rodrigues et al. 2013).
Next to that, they also found that purchases were higher when participants were presented with icons that represented relevant privacy information than the participants that were presented with irrelevant information. The following hypothesis can be formulated regarding to this findings:
H2: Displaying a third-party seal leads to a lower increase in likelihood of purchase behavior than a co-regulatory seal.
2.5.2 The effect of trust on purchase behavior
Various studies found that trusting beliefs strongly influence customers’ intention to purchase from online vendors, (Walczuch & Lundgren, 2004; Gefen & Heart, 2006 and Jarvenpaa et al, 2000 in McCole et al., 2010).
Various studies have previously studied the relationship between trust and the intention to purchase online in the e-commerce field, (Kim et al., 2008, 2012 & Ponte et al., 2015). However, in the field of third party seals, less research has been done to this topic. McCole et al. (2010) found a significant positive relationship between the trust in third parties and purchase behavior. Next to this research, no other research has been found on the trust in third
parties and purchase behavior, this relationship will therefore also be tested in this paper. The following hypothesis can be formulated regarding to this findings:
H3: Consumers’ trust regarding the website leads to higher likelihood of purchase behaviour Besides these articles little information can be found on the relationship of communicating privacy by the using of privacy seals to customers and increased purchase intentions. Insight in this subject could help managers to create the right privacy seal that will lead to more purchases.
2.6. Perceived Privacy Empowerment
As discussed earlier, the goal of this paper is to investigate the best way for companies to communicate to consumers that they protect and do not misuse the personal data that they give online. As mentioned above, this paper will test whether trust and purchase intention will be higher by showing a co-regulatory seal instead of a third-party seal. But what about consumers’ perceptions about how the website handles the personal information and possibly even more important: the level of control a consumer has in this practice.
One of the articles that mention this is the study of Kim & Kim (2011) by discussing a consumers’ perceived privacy empowerment. They describe this as ‘a psychological construct related to the individual’s perception of the extent to which they can control the distribution and use of their personally identifiable information’, (van Dyke, Midha & Nemati, 2007 in Kim & Kim, 2011). They address this construct because it is a mechanism through which third-party certification influences initial trust, where others do not pay much attention to this. By testing perceived privacy empowerment, light is shed on different mechanisms that build initial trust. Consumers like to control their personal information in the following ways: they
want to know how the website discloses their information and how they would use is, they want to be provides with choices as how their personal information is used after a transaction and they want to have access to the information that a website has collected about them, (van Dyke et al., 2007).
Trust consists of party trust, which refers to trust in another party (like an e-commerce website), and control trust, which refers to trust in the control mechanisms that ensure reliability of transaction processing. The study of van Dyke et al., (2007) focuses on control trust because this takes on greater importance in situations where party trust is lacking. In short, when people have insufficient party trust, they will seek to replace it with control trust, (Tan and Thoen, 2001 in Kim & Kim, 2011). This is referred to as substitution where privacy empowerment influences initial trust. When consumers feel that they have a higher perceived privacy empowerment, that is when they perceive that they can control the distribution and use of their personal information, trust will be increased. However, when initial party trust is sufficient, that is the goal of a co-regulatory seal, (Rodrigues et al., 2013), people will not have the need to replace is with control trust.
The following hypotheses can be formulated regarding to this findings:
H4: Displaying a third-party seal leads to a higher increase in perceived privacy empowerment than a co-regulatory seal.
Up to this point, possible positive relationships between a third-party seal and a co-regulatory seal and trust, purchase behavior and perceived privacy empowerment have been discussed to test. Before testing these variables to see which privacy seal is most competent for a better outcome, a possible variable that can influence these relationships is discussed in the next chapter.
2.7. Privacy concerns
As discussed in a previous chapter about consumers’ opinion about online privacy issues, privacy concerns are growing. When people experience a high level of privacy concern, it can lead to a lack of willingness to provide data, rejection of the e-commerce website and could negatively influence consumer databases which can cause inaccurate targeting, wasted effort and frustrated customers, (Wu et al., 2012).
People who indicate a high privacy concern are concerned about security breaches like: phishing, credit card exposures, hackings of databases but also: espionage, losing control of the gathered personal information and the increased media attention of these cases. A high privacy concern can lead to a rejection of the e-commerce website as stated above, which results in a lower purchase intention. (Wu et al., 2012; Featherman et al., 2010). Featherman et al., (2010) also argue that consumers’ concerns increase perceived risk. Given that perceived risk and trust are negatively correlated, privacy concerns are most likely to decrease trust, (Pavlou, 2012 in Featherman et al., 2010). As already mentioned, consumers with high privacy concerns can even reject the website. Although it has not been tested yet, this negative line of reasoning can also result in lower perceived privacy empowerment. The following hypotheses can be formulated regarding to this findings:
H5a: The relationship between a third party seal and trust is negatively moderated by privacy concerns.
H5b: The relationship between a co-regulatory seal and trust is negatively moderated by privacy concerns.
H5c: The relationship between a third party seal and purchase intention is negatively moderated by privacy concerns.
H5d: The relationship between a co-regulatory seal and purchase intention is negatively moderated by privacy concerns.
H5e: The relationship between a third party seal and perceived privacy empowerment is negatively moderated by privacy concerns.
H5f: The relationship between a co-regulatory seal and perceived privacy empowerment is negatively moderated by privacy concerns.
2.8. Conceptual Model
In the theoretical framework, the literature about the relationship about different privacy seals on trust, purchase intention and perceived privacy empowerment has been discussed as well as the moderating role of privacy concerns on this relationships. From this literature, several hypotheses are formulated that will be tested in the next part of this paper. The hypotheses are formulated to answer the research question, which was: What is the effect of a privacy policy seal on consumers’ trust, purchase behaviour and perceived privacy empowerment?
The outcome of the hypotheses will give insight in the differences between a third-party privacy seal and a co-regulatory privacy seal.
The goal of the conceptual model, which can be seen in figure 1, is to give a clear overview of the theoretical framework and the hypotheses that were constructed from the theory. In short, this model is the guiding overview of this paper.
3. Method:
In this chapter, the following will be discussed; the research approach, study type and strategy, the experiment, a description of the sample study and the measurement scale that will be used to test the experiment. This method will be used as a foundation to test the variables in order to answer the research question.
3.1. Research approach, study type and strategy.
For this paper, a deductive research approach is used to conduct the research and to answer the research question. According to Saunders et al. (2009) a deductive research approach is defined as: a research approach which involves the testing of a theoretical proposition by using a research strategy specifically designed for the purpose of its testing. The main characteristic of the deductive approach is the explanation of causal relationships between variables. Testing the relationship between the privacy policy seals and trust, purchase intention and perceived privacy empowerment is therefore a deductive research.
Research that focuses on studying a situation or a problem in order to explain the relationship between variables is an explanatory study whereby a statistical test will be used to test the relationships.
The strategy to test the relationships between the variables is a mixed-method design. Hereby an experiment will be conducted as well as a survey.
Survey: An online survey will be conducted during the experiment in order to collect data about the variables that will be tested. The measurement items to test the relationships between the variables will be adopted from studies that have tested these variables before and tested a reliable Chronbach’s alpha. The items will be closed questions that will be measured on a Likert-scale. These items will be explained in the last part of this chapter.
3.2 Experiment and experimental design
Experiment: The purpose of the experiment is to study the causal links between the variables, to establish whether a change in one independent variable leads to a change in another dependent variable. The independent variables of this research are: a third party privacy policy seal and a co-regulatory privacy policy seal. The dependent variables of this research are: trust, perceived privacy empowerment and purchase behavior.
The goal of this research design is to test whether a co-regulatory privacy policy seal works better on increasing consumers’ trust and purchase behavior then third-party privacy policy seal. These hypotheses are clearly explained in a conceptual model.
Thereafter, an online experiment then will be designed to validate the proposed model. In order to make this online experiment, two versions of a fictitious web order pages were created. One of these order pages, a third-party privacy policy seal will be displayed in the middle of the page. On the other order page, a co-regulatory privacy policy seal will be displayed on the same location. This co-regulatory privacy policy seal will be fictitious since it does not exist yet.
With exception of the seals, the two pages have to be identical in form and content in order to get validation in the answers. When the test was set up with the experiment and the questions via a survey, a pre-test was held to make sure the link to the experiment works, that the experiment works and that the questions are correctly stated. I performed this test by somebody I know well, in order to get useful feedback.
Experimental design: The participants received an email or a request via a social media platform requesting participation in the main experiment; this email will display a link to a server that randomly assigns them to one of the two seal conditions (third-party or
co-they would be presented with an introducing story about the topic of the experiment. On the next page, they saw one of the two seal conditions in a fictitious web order page. In order to induce a perception of privacy risk, the participants will be asked to register on the fictitious website by providing personally identifiable information as their name, email address and telephone number. They were also asked to imagine that they are in a situation in which they would actually buy a product from this website to conduct as reliable results as possible (appendix 1.1). On the next page, participants were asked whether they’d noticed the privacy policy seal that was presented on the page before (yes or no).
On the next page, the participants found an explanatory story about the seal that they did or did not noticed so that they received some knowledge about the subject, (appendix 1.2) The reason for this step was the fact that few people in the Netherlands have knowledge about privacy policy seals. Next to this, a co-regulatory seal is a new topic that is known by few. The outcomes of the rest of the questions could not be valid if I did not presented this information to the respondents. This could have a large negative influence on the questions that were asked thereafter. So next, trust, purchase behavior and perceived privacy empowerment related questions were asked via the survey. Next to that, the moderating variable that tests privacy concerns will be tested to conduct a broader insight in the outcomes. The respondents were thanked for their participation at the end of the experiment.
To stimulate the motivation for the participants to imagine that they were actually shopping in an online store, the participants received a note that they could win one of the items that was presented. On the final page, the respondents could leave their e-mail address behind so that I could contact them in case of winning one of the items.
3.3 Description of sample study - Selecting and approaching the respondents:
The population contains all people who have Internet access and are known with online purchasing. In the Netherlands alone, about 80% of the Internet users have ever made an online purchase, which accounts to almost 10 million people, (CBS, July 2013). This population is way to large to examine given the time available for this research. Therefore, focus will be on the regions Amsterdam and The Hague, since I live here and therefore are the people that live here most easily to sample.
Sampling frame:
Region Amount of inhabitants January 2014
Amsterdam 1571234
The Hague 1051889
Total: 2.633.123
Table 1: Bevolkingsontwikkeling; regio per maand. Source: CBS (2014).
The amount of people who have excess to Internet in the Netherlands is 94% (Elsevier, 2013), so 2.475.136 in the regions Amsterdam and The Hague. Of them, 80% have ever shopped online, which are 1.980.109 people.
Sample size: The research of Van Voorhis and Morgan (2007) show some understandings in the rules of thumb for determining sample sizes. They argue that the sample size have to be at least 50 when testing relationships as correlations and regressions. They also mention the research of Harris’s (1985) as a good measurement, which explains that the researcher has better power when using approximately 30 participants per variable. In that case, this research would be reliable by 180 participants, (6 variables x30 participants).
Respondents’ selection: Since there isn’t time or money to get a full list of the population, probability sampling is not appropriate for this research. Therefore, the respondents will be select via my personal network on online media and via e-mail communication. The respondents were therefore selected via non-probability sampling. Since I use my judgment to select people from my network, this is purposive sampling (Saunders & Lewis, 2012).
Access and approach: Since my network of people consists mostly of students, I stimulated my family members, some older and younger friends and current bosses to distribute my experiment to their network. For this, I’m using the snowball sampling technique, (Saunders & Lewis, 2012). In that way, respondents from various age groups are conducted. This is important to get reliable and valid results.
Description of research instruments and procedures: Data collection procedure, and an
estimation of the response rate based upon earlier research.
Given a response rate of 17-25% between 720 and 1060 people have to receive the experiment. My own network of people on social media sites consists of +- 350 people. Given the fact that around 10 of my close friends and family members (with each also have 350 people in their network on average) ‘shared’ my survey via an online platform, the amount of 720 to 1060 was not that difficult.
3.4. Measurement Scale
In the table 1 in appendix 1, the measurement items can be found. All items are adapted from literature that already is available, except for the ‘presence of co-regulatory seal’ since no one has tested this before. The same items are used to test this variable since the goal is to find out what the difference is between these independent variables on the independent variables. It is therefore important that the presence of a third party and co-regulatory privacy seal are tested
4. Analysis of the Results
In this chapter, the analysis of the results of the questionnaire will be discussed. Starting with the descriptive statistics, following with reliability & validity tests to see if the items and constructs are correct. Finishing with different regressions to test the hypotheses.
4.1 Descriptive Statistics
The total amount of respondents of this survey was N=211. The amount of respondents that filled out the survey with questions regarding the TrustE privacy policy seal was 111 (52,6%) and the amount of respondents that filled out the survey with questions regarding the Datawae privacy policy seal was 100 (47,4%). In total, 103 men (48,8%) and 108 women (51,2%) filled in the questionnaire. The largest amount of respondents, (41,6%) are in the age category of 18-24, closely followed by respondents in the age category of 25-34 (34,8%). Most of these respondents (41,1%) finished a WO education, a HBO education (28%) or a MAVO education (15,5%). An interesting outcome here is that 60,2% of the respondents did not notice the privacy seal in the beginning of the questionnaire, where there was no significant difference between the TrustE and Datawae seals (39,6% versus 40% did noticed and 60,4% versus 60% did not noticed).
4.2 Computing scale reliability and validity
To further analyze the data, the two different sets of outcomes were separated (the questions regarding TrustE versus the questions regarding Datawae). In the next part of this paper, these different data sets will be referred as Data Set TE (TrustE) and Data Set D (Datawae).
The reason why the constructs are measured on reliability is to see if the collection techniques are right. Reliability is the extent to which data collection techniques or analysis procedures yield consistent findings (Saunders et al., 2009). Starting with Data Set TE, all constructs
showed reliability ranging from good to excellent (.811 ≤ α ≥ .945). Further, all items scored higher than .30 on the corrected item-total correlation and all of the items in the different constructs did not vary more than .10 to each other. This means that no item has to be deleted to compute a higher reliability.
For the other data set, Data Set D, all constructs also showed reliability ranging from good to excellent (.840 ≤ α ≥ .957). The functional quality scale’s Cronbach’s Alpha could be improved by deleting item DQ2 and item DQ16. When deleting item DQ2, the Cronbach’s Alpha could increase from .840 ≤ α ≥ .893. Next to this, this item has a corrected item-total correlation of more than .30 (.446), which means that this value is high enough for reliability. Since the construct already a good internal consistency (α. .840), and has not many items (N of items = 4) to test the construct, the item will be kept in data set D. The same reason is why item DQ16 will not be deleted from data set D. If the item were to be deleted, Cronbach’s alpha would increase from .869 to .891, which are both good. The construct has only 3 items and the correlated item-total correlation is higher than .30 (.664).
In order to test for the construct validity of the scales, a Factor analysis will be performed. Starting with Data Set TE. By using the principle components method it is to decide how many factors to keep and Direct Oblimin to allow correlation between factors. The results show five components, which correspond to the initial scales. The eigenvalues for those five components is above 1 (1.293 to 7.875), which supports the use of five components. The cumulative % of explained variance is 75,984. The next step is to look at the pattern matrix to see the relative importance of each variable for each factor. The table (appendix 2) shows no cross-loadings and all have significant loadings (all above .40). All components match the variables.
Data Set D was analyzed next, for which the results also showed 5 components. The eigenvalues for those components is above 1 (1.221 to 8.999) with a cumulative % of explained variance of 79,172%. The table (appendix 2) shows 2 cross-loadings, DQ4 and DQ10. DQ4 loads under component 3 (value of .582), as it should, but also under component 5 (value of .488). DQ10 loads under component 5 (value of .627), as it should but also under component 4 (value of .395). However, these cross-loads all score less than .30 relative to each other (between primary and cross-loadings). This means that it is not worrisome to keep the items in the right component.
4.3. Correlation Matrix
A Correlation Matrix was computed to observe the means, standard deviations and the correlations between the constructs. The first correlation matrix contains the values of the outcomes of the TrustE seal and the second matrix contains the values of the outcomes regarding the Datawae seal. Both correlation matrixes show relative averaged outcomes for the questions regarding the TrustE seal (TrEseal), Purchase behavior (PurBeh), Trust and Perceived Privacy Empowerment (PPE) given that the questions were answered on the basis of a 5-point Likert Scale. These questions have also an average positive correlation to each other and are significant at the 0.01 level.
The questions regarding the Datawae seal have a higher Mean on all constructs, which means that they are answered more positively overall. The correlations between the construct are also higher for the Datawae seal. The construct Privacy Concern shows a very high mean (4,26 and 4,45 on a 5-point Likert Scale), which means that people have a high concern about their privacy.
In the first matrix (regarding the TrustE seal), this construct is weak negative correlated to the other constructs and not significant. This means that the privacy concern of the respondents doesn’t depend on the other questions, people have an overall high privacy concern. This is not the case for the second matrix (regarding the Datawae seal), which shows a positive significant correlation in Purchase Behavior, Trust and PPE.
As described above, only 39,6% versus 40% of the respondents did noticed the TrustE seal and the Datawae seal respectively. In order to see whether the people that noticed the seal were also answered more positively, the correlation matrix was also made for the respondents that did notice the seal they were presented with.
