Despite increasing use of the Internet for electronic commerce, online privacy remains an important issue for consumers. Several polls find that privacy is the primary concern inhibiting people from engaging in e-commerce (Digital Future Report, 2005; Miyazaki & Fernandez, 2001). Privacy is implicated in e-commerce because of the risk involved in disclosing personally-identifying information, such as email addresses or credit card information, which is required for most e-commerce transactions. Specific privacy concerns in this realm include companies’ use of customers’ information for electronic surveillance (e.g., ‘cookies’), email solicitation (e.g., ‘spam’), or data transfer (e.g., when customer database information is sold to third parties or stolen) resulting in identity or credit card theft (Digital Future Report, 2005).
An important question for scholars examining online information disclosure, persuasion, and privacy, then, is how do people manage or cope with privacy concerns in e-commerce transactions? Under what circumstances do consumers decide to disclose or withhold information? This study invokes communication privacy management theory (Petronio, 2002) to address these questions. As such, this research considers privacy and e-commerce as a communicative process. The results are used to build an understanding of privacy regulation and disclosure during online commercial transactions, an area in which research is plentiful but theory is lacking (White, 2004). The findings of this study are then leveraged to help e-commerce practitioners craft messages that respond effectively to online consumers’ privacy concerns.
Privacy, privacy management, and communication privacy management theory
Privacy may be defined as an individual’s ability to determine when, how, and to what extent personal information is disseminated to others (Westin, 1967). Accordingly, consumers’ privacy fears in e-commerce transactions stem from their potential loss of control over personal information. At the same time, the convenience of e-commerce is attractive to many consumers. Communication privacy management theory (Petronio, 2002) addresses the tension between disclosure and privacy by examining how and why people decide to reveal or conceal private information across various relational contexts.
Undergirding CPM theory is the idea that disclosure has both benefits and risks, and thus that people must balance their competing needs for privacy and for disclosure. The benefits of disclosure range from self-expression to relationship development to social control. The risks include loss of face, status, or control. When people disclose, they give over something they feel belongs to them (e.g., private information), and therefore they feel they should retain the right to control it, even after disclosure. Disclosure renders people vulnerable to exploitation by others because information changes from being privately owned to being co-owned (Petronio, 2002). As such, disclosure always involves some degree of risk. This risk, according to CPM theory, leads us to erect boundaries around what information we consider public and private. These boundaries allow us to control who has access to the information and motivate us to set expectations for co-ownership of information once it is disclosed to others (Petronio, 2002).
CPM is a rule-based theory that proposes that individuals develop rules to aid decisions about whether to reveal or conceal private information and thus how to best protect personal privacy. The theory states that individuals develop rules to help them maximize the benefits while minimizing the risks of disclosure. The rules that are developed can stabilize over time through repeated use but are also highly situational and may be changed to fit new or evolving circumstances. Furthermore, many different rules are used throughout the boundary management process to decide what, when, and to whom to disclose.
The theory proposes that there are three processes of boundary management. First, ‘boundary rule formation’ stipulates that people develop rules to regulate when and under what circumstances they will reveal rather than withhold information. Second, ‘boundary coordination’ refers to the process of negotiating privacy rules between partners, for example, whether disclosed information can be revealed to others outside the relationship. As part of the coordination process, individuals enact rules to moderate boundary linkages (whether to link to others), boundary ownership rights (who should be included or excluded in the boundary), and boundary permeability (what information may be revealed to whom). Third, ‘boundary turbulence’ may result from differences in privacy rules used by individuals, privacy rule violations, or deficient boundary coordination, for example, when one partner shares information outside the relationship that violates the other partner’s expectations.
Applying CPM theory to privacy management online
CPM was developed to understand how people decide to disclose information within interpersonal relationships. However, the theory has expanded to explain disclosure within other settings, including group, organizational, and institutional relationships. Moreover, Petronio (2002) and others have discussed the applicability of CPM to privacy issues generated by new technologies, including the Internet (Altman, cited in Petronio, 2002; Stanton & Stam, 2003; West & Turner, 2004). Although there are significant differences between privacy issues in face-to-face versus computer-mediated communication (CMC) contexts, many of the basic premises of CPM theory likely endure in online privacy management.1 First, both benefits and risks to disclosure within e-commerce relationships exist, just as in other types of relationships. Benefits may include convenience, faster service, and lower prices. Risks include vulnerability to spam, theft, and electronic surveillance. Second, as within interpersonal relationships, studies find that people feel ownership over the personal information they provide to e-commerce retailers (‘etailers’), and believe they have a right to control access to information they give about themselves online (Federal Trade Commission, 1998; Fox, 2000). Finally, the main elements of boundary management—boundary rule formation, coordination, and turbulence—are evident in online privacy management.
With regard to boundary rule formation, preliminary evidence suggests that online consumers may construct rules to determine if and when they will disclose personal information to etailers, and that they will do this using similar criteria as in CPM, including culture, motivation, the specific situation, and risk-benefit analyses. For example, studies find that online disclosure is negatively related to an individual’s level of privacy concern, which is affected by larger cultural values surrounding privacy (Milberg, Burke, Smith, & Kallman, 1995).2 Motivations such as attraction/liking and expectations of costs or rewards that are known to affect disclosure rule formation in interpersonal contexts are also found in research on disclosure in e-commerce contexts. For example, people are more willing to disclose information to reputable etailers (Swaminathan, Lepowska-White, & Rao, 1999) and when etailers offer rewards for disclosure (White, 2004). Situational demands, such as whether a desired product is only available online, are likely to contribute to the rules people form to manage their privacy online. Evidence also suggests that risk-benefit calculations drive online consumers’ decisions regarding electronic information exchange, and that consumers balance their privacy concerns against the convenience of online shopping when deciding whether to engage in e-commerce (e.g., Bhatnagar, Misra, & Rao, 2000; Hann, Hui, Lee, & Png, 2002; Miyazaki & Fernandex, 2001; White, 2004).
Boundary coordination and turbulence are also evident in consumers’ efforts to manage their privacy online. As in face-to-face contexts, for many, part of the decision to disclose personal information to a website involves coordinating expectations about how the disclosed information will be treated and who will have access to the information outside the boundary. In other words, a set of privacy access and protection rules must be negotiated between parties. Furthermore, the nature of boundary negotiations is different in CPM versus in online privacy management. Whereas face-to-face boundary coordination may involve back and forth negotiation and agreement between relational partners, online consumers must negotiate boundaries in other ways, for example, through self-protective behaviors such as setting privacy preferences, rejecting cookies, opting-out of mailing lists, and only providing information to etailers who promise not to reveal information to third parties.
This study applies CPM to online consumer relationships to understand information disclosure in e-commerce, focusing specifically on the ways in which consumers strive to protect their privacy in e-commerce relationships by enacting rules to regulate boundary permeability, boundary ownership rights, and boundary linkages. It is argued that online consumers use privacy-protection rules that guide the choices they make regarding whether to withhold information about themselves online, limit exposure by falsifying information online, and coordinate privacy rules with etailers by seeking information prior to disclosure to assess the danger of disclosure and to avoid turbulence. In each case, it is theorized that privacy protection rules are used by e-commerce participants to minimize the risk inherent in online disclosure. In this way, this research moves CPM theory to the CMC e-commerce environment and adds to our understanding of private disclosures beyond interpersonal settings.
According to CPM theory, boundaries around private information can be more or less permeable, and people regulate permeability by enacting various boundary access and protection rules. Under conditions of minimal risk, boundary access rules likely predominate, which results in high levels of disclosure. When risk of disclosure is perceived to be great, boundary protection rules prevail and more withholding results (Petronio, 2002). Although withholding information as a protection rule has been well documented in interpersonal contexts, it has never been investigated online. Nonetheless, there is some evidence to suggest that withholding information is a strategy used for protecting privacy in e-commerce situations. Polls find that people refuse to register for websites and fail to supply information requested by online marketers (Sheehan & Hoy, 1999). Some users cite threats to privacy as a reason for withdrawing entirely from e-commerce (Digital Future Report, 2005). Thus, the first hypothesis of this study proposes that, as in interpersonal scenarios, withholding information is a rule employed by Internet users to limit disclosure and protect personal privacy in CMC contexts:
H1: E-commerce participants will withhold information from a commercial website as a privacy protection rule.
However, maintaining impermeable (closed) boundaries around information may itself create risk. CPM predicts that relationship quality suffers when no information is allowed to pass through boundaries (Petronio, 2002). In other words, disclosure leads to relationship development, and without disclosure, relationships are often terminated. This explains why there is usually some disclosure and some withholding in most relationships (Petronio, 2002), even those between etailers and their customers who must disclose information to reap the benefits of online shopping despite their fears about privacy (Sheehan & Hoy, 1999). CPM theory thus stipulates that privacy protection and access rules guide not only whether people reveal or conceal information but also what information is withheld or disclosed within a relationship (Petronio, 2002).
Not all personal information carries with it the same degree of risk. As Petronio (2002) states, “private information changes in degrees of risk based on perceived repercussions for revealing and concealing” (p. 67). This suggests that some information is more readily disclosed or withheld according to the perceived consequentiality of disclosure. It further suggests that individuals develop privacy rules such that as information is perceived to be more risky to reveal, it is more likely to be withheld. Indeed, studies on interpersonal communication show this to be true. For example, some researchers have found that people use topic avoidance protection rulesto help them decide whether to avoid discussing particularly risky topics in order to protect themselves (Afifi & Guerrero, 2000).
Applying this notion of perceived repercussions to online privacy management, consumers may refuse to disclose certain types of information to etailers as a way to protect themselves, while disclosing other information in order to obtain desired products or services. CPM logic suggests that e-commerce consumers develop rules about withholding and disclosing information that carry different levels of risk. So, people may reveal personal information when trust of the etailer and benefit of disclosure are high, and/or may withhold more sensitive personal information when possible. The second hypothesis of this study is predicated on the idea that e-commerce participants may develop a rule about withholding certain types of information (e.g., more sensitive types) as a means of protecting their privacy. If true, this rule predicts that:
H2: More sensitive information will be withheld to a greater extent by e-commerce participants than will less sensitive information.
CPM theory predicts that another strategy to protect privacy is to falsify information. Falsifying information allows an individual to experience the benefit of disclosure while maintaining his or her privacy (Petronio, 2002). In this way, deception may be conceptualized as a privacy protection rule that limits disclosure and thereby protects privacy boundaries. Deception can happen during boundary coordination or as a result of boundary turbulence. For example, in situations where one relational partner may prefer to keep certain information to him/herself but the other partner expects that information to be shared within the dyad, the discloser may choose to falsify some information rather than withholding as a way to maintain the relationship while retaining ownership of private information.
Analogous processes likely occur in e-commerce relationships, for example, when people deliberately falsify information to etailers as an online privacy protection rule that works by limiting exposure and thus the risk associated with disclosure of personal information. Online deception may also result from boundary turbulence, such as when a person wishes to enjoy the benefits of online shopping but has had (or has heard about) past negative experiences with disclosing information to etailers (e.g., receiving spam). Also, when customers are forced to provide personal information to complete a transaction online, they may falsify information, which allows the customer to keep his/her information private while fulfilling the etailer’s expectation for co-ownership of the information. Interestingly, in these situations, falsifying information is motivated by self-defense and so may not be felt as an act of deliberate deception by the consumer, since the consumer feels s/he owns the information (Petronio, 2002). In other words, deception is defined from the perspective of the receiver of the information in this context.
Evidence that e-commerce participants develop rules about falsifying information as a means to protect privacy exists, although studies show wide variation in terms of the rate of falsification. Estimates are that between 13% and 40% of online consumers have provided false information at one time or another (Kehoe, Pitkow, Sutton, Aggarwal, & Rogers, 1999; Pew Research Center, 2000; Sheehan & Hoy, 1999). These studies rely on self-report data, which may be subject to social desirability biases (Sheehan & Hoy, 1999). The present research explores falsifying information as a privacy protection strategy by examining actual online behavior in conjunction with self-report data in order to provide a more accurate understanding of the use of deception in e-commerce exchanges than is possible in survey research. Thus, although it is known that deception is used in both interpersonal relationships and online, the first research question seeks to determine the degree to which online consumers falsify information to etailers as a means of privacy protection:
RQ1: What percentage of e-commerce participants falsify information on a commercial website as a privacy protection rule?
Research on interpersonal relationships further suggests that whether a person lies depends on the type of information requested. Both CPM and social penetration theory (Altman & Taylor, 1973) predict that revealing sensitive information makes a person feel more vulnerable than revealing other types of information because the perceived risk of disclosure varies with information type. Jourard and Lasakow (1958), for example, found that people are more willing to disclose information about their interests, opinions, and work than they are to reveal their deep emotions, insecurities, or financial and health information. A direct analogy to the online context can be made, since revealing some kinds of information (e.g., credit card) is more risky than revealing other kinds of information online (e.g., general preferences). The third hypothesis is founded on the notion that e-commerce participants develop rules about what types of information to falsify based on their perceived repercussions of disclosure and, therefore, predicts that:
H3: E-commerce participants are likely to falsify more rather than less sensitive types of information as a means to protect their privacy.
According to CPM theory, seeking information from a relational partner prior to disclosing information is an important part of boundary formation and coordination processes. Information seeking may be viewed as a rule that regulates boundary linkages by helping a person decide whether to initiate a boundary linkage with a new partner. Information seeking is part of the cost-benefit analysis that the discloser goes through to determine, and thus control, the risk of disclosing information to a partner (Petronio, 2002). Assessing the trustworthiness of a partner prior to disclosure by determining whether the recipient will use the information responsibly is thus a key component of boundary formation (Petronio, 2002).
CPM theory further explains that after linkages are established, the decision to disclose private information to others involves negotiating expectations about how the information will be collectively managed once divulged. Boundary coordination, then, involves negotiating rules about boundary permeability and co-ownership, for example, determining who outside the collective boundary will have access to the information once it is revealed. For the discloser, the purpose of coordination processes is to assess the risk of revealing, and, consequently, having information about the confidant is crucial to the disclosure decision (Petronio, 2002). When there is a high degree of uncertainty about the partner, CPM theory predicts that there will be more information seeking prior to the decision to disclose private information (Berger & Calabrese, 1975; Petronio, 2002).
As discussed, seeking information may be used by relational partners to guide disclosure decisions in interpersonal contexts. Information-seeking may work similarly in computer-mediated relationships as well. Privacy policies are used by etailers to increase consumers’ disclosure to commercial websites by lowering the perceived risk of engaging in electronic exchanges (Jarvenpaa & Tractinsky, 1999; Swaminathan, et al., 1999). By providing information about how personal data will be treated and to whom it will be revealed, privacy policies can decrease risk by giving customers a greater sense of control over the exchange (Federal Trade Commission, 1998). In CPM terms, privacy policies communicate explicit rules for whether, how, and when personal information will be allowed to permeate the collective boundary after disclosure, and individuals can use that information to decide whether the website’s rules align with their own privacy goals. Privacy policies may also lower risk via enhancing the perceived security of online transactions by providing information about the security measures taken by the etailer to protect customer information (Culnan & Armstrong, 1999; Palmer, Bailey, & Faraj, 2000; Swaninathan, et al., 1999).
Individual differences in online privacy management
CPM theory stipulates that privacy rules may vary situationally depending upon an individual’s motivation or cost-benefit analysis but may also coalesce into consistent patterns of disclosure based on more stable criteria, such as one’s gender, culture, or certain life experiences (Petronio, 2002). The third research question explores this issue with regard to privacy management in e-commerce.
Studies of dyadic relationships find some consistent patterns to revealing and concealing information based on gender. For example, women appear to disclose more information than men overall (Petronio, 2002). Differences may be due to variations in how men and women are socialized, sex-role expectations, or in how men and women use different criteria in defining and controlling private information (Petronio, 2002). There is some evidence for gender differences in online privacy management. Studies find significant differences in how men and women respond to online privacy issues. Women express greater concern about their privacy online and report providing incomplete information to commercial websites more than do men (Pitkow & Kehoe, 1997; Sheehan, 1999).
Studies have yielded conflicting results with regard to gender differences in falsifying information online. For example, while Sheehan (1999) discovered no gender differences in the amount of lying to websites, a survey by the Pew Research Center found that males reported lying slightly more often than females (Fox, 2000). Small gender differences have also been observed in studies of lying in interpersonal contexts (Burgoon, Buller, Grandpre, & Kalbfleisch, 1998; DePaulo, Epstein, & Wyer, 1993).
Just as individuals vary in their perceived risk of disclosure within interpersonal relationships (Petronio, 2002), studies find that Internet users vary in the degree to which they feel e-commerce is risky. This is manifested in substantial variance in consumers’ stated level of online privacy concern (Digital Future Report, 2005; Federal Trade Commission, 2000) and in their behavior of providing information to online marketers (Sheehan & Hoy, 1999). With regard to concern for privacy, CPM theory predicts that people with high privacy concern would be motivated to protect their privacy, perhaps by forming privacy protection rules that might involve withholding, deception, and information seeking. Indeed, Sheehan (1999) found some differences in lying based on Internet users’ level of concern for privacy.
Disclosure in e-commerce settings may also be contingent upon an individual’s past experience with the Internet and/or with electronic commerce specifically. Chelune (1987) found that past experience with information exchange affects the value placed on such exchanges and influences both expectations about and actual disclosure in future interpersonal exchanges. Extending this logic, past experiences with online disclosure may affect future e-commerce behavior by mitigating or amplifying perceived risk. Indeed, research confirms that willingness to reveal personal information to marketers is determined in part by whether people have done so in the past (Culnan & Armstrong, 1999; Metzger, 2006). Others have found that Internet experience is negatively associated with perceived risk of e-commerce (Miyazaki & Fernandez, 2001) and positively associated with willingness to provide personal information online (Kehoe, et al., 1999).
Experience with the Internet or with e-commerce may also affect online deception. Past online experiences may motivate an individual to be more or less forthright in future online interactions. Certainly, boundary turbulence experienced during past online disclosure should have a negative impact on consumers’ willingness to disclose information in subsequent transactions. Although this issue has not been tested empirically, Fox (2000) found that experienced Internet users reported providing false personal information to websites more often than less experienced users.
Finally, as mentioned earlier, not everyone reads privacy policies. Those with greater concern about online privacy, or those who have suffered privacy problems as a result of past online disclosure, may be more motivated to read them. Other factors may influence motivation as well. For example, as discussed earlier, higher concern for privacy has been linked to gender, where women have been shown to be more concerned than men about privacy. Also, past Internet and e-commerce experience may impact one’s motivation to read privacy statements as a means to protect privacy, although it is difficult to predict in what direction: Greater experience could lead people to read privacy policies less frequently, as trust in the security of online commerce is developed through positive experiences (see Miyazaki & Fernandez, 2001). Alternatively, negative online or e-commerce experiences could have the opposite effect, leading consumers to scrutinize etailers’ policies more thoroughly. As a first step toward examining these issues, the last research question asks whether factors identified by CPM theory, including gender, motivation, and experience, impact disclosure in e-commerce settings:
RQ3: Do individual differences in gender, level of concern about online privacy, and Internet or e-commerce experience influence online consumers’ rates of information seeking, falsification, or withholding on a commercial website?