MARKET - Economics - PRIVACY - Preference Measurement

 

Measuring the Preference for Privacy

Measuring preferences for privacy is a complicated task. One of the key reasons is that the very act of asking a question about privacy can raise concerns in individuals, because the question primes on the problem. Another challenge is that privacy concerns seem to depend largely on the context in which they are elicited. Figure 1 shows that there are different kinds of transactions that raise different kinds of privacy concerns. For basics and an introduction to the economics of privacy, click here.

 

Fig. 1 Types of Transactions

  typesoftransactions

Source: Jentzsch (2015).

 

In the following, we provide a brief overview of the current research related to preference measurement. This overview is by no means complete, but it provides the reader with some knowledge guideposts for a start. Why is this important? Privacy preference elicitation mechanisms play an important role in market research (e.g. are there enough privacy-sensitive buyers to reach break-even?) and the development of new products (is there a demand for a specific privacy product?). 

 

Unfortunately, research shows that the instruments for measuring privacy concerns are empirically not robust. This means that they seem to contain little information that is predictive for the actions of the very same individuals (an observation that has been termed ‘Privacy Paradox’). One of the reasons why this assumed paradox might exist is that the elicitation mechanism is not neutral, but priming individuals and therefore renders artificially high levels of concern. This is a question debated in the literature.

 

At the highest level, two types of methods of privacy preference elicitation can be differentiated:

  • Question-based methods
  • Action-based methods

 

Question-based Privacy Concern Elicitation

The most common method observed in the research literature is the question-based method, maybe because it is the most easy to implement. The majority of authors use questions on personal data use and processing and scale the answers by a Likert-scale (“How strongly do you agree to the following statement …”), measuring the strength by a scale of 1 to 7, for example.

There are a number of authors who propose a series of questions (Buchanan et al. 2006; Malhotra et al. 2004; Smith et al. 1996, Stewart et al. 2002). Table 1 explains in detail how they work). This is necessarily only a limited introduction to privacy preference measurement; a general overview is provided by Preibusch (2013).

One of the problems is that the developers of these methods do not test whether the stated preferences do in fact associate with real behavior of the very same individuals.

 

Table 1 Measurement of Privacy Concerns: Question-based Methods

Authors Year Measurement Approach
Malhotra et al. (2004) 2004 IUIPC: Multidimensional notion of Internet Users data Privacy Concerns (IUIPC) The measurement instrument recognizes multiple aspects of data privacy: (i) attitudes toward the collection of personal data; (ii) control over personal data; and (ii) awareness of privacy practices of companies gathering personal data as being components of a second-order construct they label IUIPC. All of these aspects still lie within the domain of informational privacy.
Buchanan et al. (2006) 2006

3 Internet-admininstered scales measuring  privacy concern

In the first study there were several people who completed an 82-item questionnaire from which three scales were derived. Then the correlations between the scores on the current scales and two established measures of privacy concern were examined.
Smith et al. (1996) 1996 Concern for Information Privacy Scale 15-item instrument to measure individuals’ concern regarding organizational practices. It identified four factors—collection, errors, secondary use, and unauthorized access to information as dimensions of an individual’s concern for privacy.
Stewart et al. (2002) 2002 Re-evaluation of: Concern for Information Privacy Scale Study examines the factor structure of the concern for information privacy (CFIP) instrument posited by Smith et al. (1996). The results suggest that each dimension of CFIP is reliable and distinct. However, CFIP may be more parsimoniously represented as a higher-order factor structure rather than a correlated set of first-order factors.

 Source: Jentzsch (2015).

 

Multidimensional Notion of Privacy Concerns

Internet Users' Information Privacy Concern (IUIPC): This measurement instrument recognizes multiple aspects of data privacy: (i) attitudes toward the collection of personal data; (ii) control over personal data; and (ii) awareness of privacy practices of companies gathering personal data as being components of a second-order construct they label IUIPC. All of these aspects still lie within the domain of informational privacy.

Buchanan et al. (2006) suggest 3 Internet-administrated scales for measuring the privacy concern. In the first study, there were several people who completed an 82-item questionnaire from which three scales were derived. Then the correlations between the scores on the scales and two established measures of privacy concern were examined.

Smith et al. (1996) develop a Concern for Information Privacy (CFIP) Scale, which is a 15-item instrument to measure individuals’ concern regarding organizational practices. It identified four factors—collection, errors, secondary use, and unauthorized access to information as dimensions of an individual’s concern for privacy. Stewart et al. (2002) do a re-evaluation of the Concern for Information Privacy Scale and examine the factor structure of the concern for information privacy (CFIP) instrument posited by Smith et al. (1996). The results suggest that each dimension of CFIP is reliable and distinct. 

 

Action-based Privacy Concern Elicitation

Other studies use action-based instruments to observe concerns, such as the number of personal data items disclosed or cookie usage practices. In the latter, the subject is asked about cookie settings.

It is an important area of future research to develop more robust methods for privacy elicitation.

 

 

 

IPACSO Publications

Jentzsch, N. (2015) State-of-the-Art of the Economics of Cyber-Security and Privacy, IPACSO - Innovation Framework for ICT Security Deliverable 4.1. (download).

 

Further Related Publications

Buchanan, T., P. Schofield, C.B., Joinson, A.N. and U.R. Reips (2006). Development of measures of online privacy concern and protection for use on the Internet, Journal of the American Society for Information Science and Technology 58: 157 – 165.

Goldfarb, A., and C. Tucker (2012). Shifts in Privacy Concerns. American Economic Review, 102(3): 349-53.

Jentzsch, N., A. Harasser, S. Preibusch (2012). Monetising Privacy – An Economic Model of the Pricing of Personal Information, ENISA Report, Greece.

Jentzsch, N. (2014). Auctioning Privacy-Sensitive Goods: A note on Incentive-Compatibility, in B. Preneel and D. Ikonomou (eds.), Privacy Technologies and Policy, Lecture Notes in Computer Science, Vol. 8450, pp. 133-142.

Kumaraguru, P. and L.F. Cranor (2005). Privacy Indexes: A Survey of Westin's Studies CMU-ISRI-05-138 December 2005 CMU-ISRI-05-138.pdf Malhotra, N. K., Kim, S. S. and Agarwal, J. (2004). Internet Users' data Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model, Data Systems Research 15(4): 336-355.

Preibusch, S. (2013). Guide to measuring privacy concern: Review of survey and observational instruments, International Journal of Human-Computer Studies 71 (12): 1133–1143.

Smith, J.H., Milberg, S.J., & Burke, S.J. (1996). Information privacy: Measuring individuals concerns about organizational practices, MIS Quarterly 20, 167–196.

Stewart, K. A. and A.H. Segars (2002). An empirical examination of the concern for information privacy instrument. Information Systems Research 13, 36–49.

 

Return to MARKET

Getting Started

Which type of company are you? Choose one of the options below and get a head-start.

Framework Overview

Navigate through the different parts of the Framework

leeg