- Top of page
This study applies Petronio’s Communication Privacy Management theory (CPM) to understand the tension between information disclosure and privacy within e-commerce relationships. It proposes that consumers manage their privacy concerns through decisions to reveal or conceal information about themselves in interactions with online retailers. The study investigates the degree to which privacy management strategies identified by CPM theory to regulate privacy and disclosure within interpersonal relationships, including withholding and falsifying information, as well as seeking information seeking from a relational partner, operate in the computer-mediated context of e-commerce relational transactions. Findings suggest that online consumers do erect boundaries around personal information and form rules to decide when to reveal information that are consistent with CPM theory. Overall, this study provides knowledge about privacy in online commercial transactions, serves as a basis for more directed theory construction in this arena, and has important practical and policy implications.
- Top of page
The first hypothesis proposed that online consumers may withhold information from commercial websites as a privacy protection rule. This was tested by investigating how many people withheld information from the commercial website, how much information participants withheld, and the reasons given for withholding information. Of the 213 participants, 89 (41.8%) disclosed at least one piece of information to the website, whereas 124 (58.2%) withheld all information about themselves. The mean amount of withholding across all participants was 16.61 items.
Responses to the open-ended question asking why participants chose to withhold information from the site were analyzed to determine the extent to which privacy-related concerns were mentioned. Each participant’s response was coded as reflecting privacy-related reasons, ambiguous reasons, or privacy-unrelated reasons for withholding. Of the 146 respondents who provided reasons, 85 (58.2%) cited a privacy-related reason for withholding information from the website (e.g., afraid of spam, didn’t trust the site, never give personal information online because of risk), 8 (3.8%) cited an ambiguous reason (e.g., wasn’t required to get the CD), and 53 (36.3%) gave a reason that was not related to online privacy concerns (e.g., did not want the CD, too lazy, already belong to similar site).6 The differences in these percentages are significant, χ2= 61.49, p<.001. These data suggest that withholding information is indeed a strategy for privacy management in the e-commerce setting, thus supporting H1.
Hypothesis 2 predicted that online consumers develop rules about withholding specific types of information, in particular more sensitive information, as a way of protecting privacy. As a first step, H2 was investigated by testing for differences in the percentages of participants who withheld each of the 23 types of information requested by the site. The omnibus test showed significant differences (Cochran’s Q= 808.16, p < .001). Table 1 shows that participants were most likely to withhold some types of financial information or information that could link their identity to financial records, specifically their credit card and social security numbers (Wilcoxon z=−4.96, p < .001). Personal contact and consumer preference information were the next-most withheld items, and included email address, telephone number, favorite website, hobbies/interests, and last purchase made online, although income and political party affiliation fell in this range as well.7
Table 1. Mean sensitivity scores and percentage of disclosure by information type
|Type of Information||Information Sensitivity||% Disclosed|
|First name||1.48 (.64)f||39.9|
|Zip code||2.43 (1.02)d||39.0|
|Last name||2.07 (.89)e||38.5|
|Street address||3.35 (.86)c||38.0|
|Education level||1.39 (.54)f||37.1|
|Favorite kind of music||1.86 (.93)f||36.6|
|Marital status||1.74 (.82)f||35.7|
|Time online||1.57 (.71)f||35.2|
|Number of people in household||2.07 (.97)e||33.3|
|Email address||2.63 (.99)d||31.5|
|Telephone number||3.54 (.69)b||29.6|
|Political party affiliation||2.06 (.96)e||29.1|
|Favorite website||1.73 (.85)f||27.2|
|Last online purchase||2.19 (1.02)e||22.1|
|Social security number||3.87 (.38)a||7.5|
|Credit card number||3.57 (.61)b||0.0|
At the other end of the spectrum, participants were least likely to withhold their name and address, which were required for purchasing or obtaining the free CD. Aside from the required information, participants were least likely to withhold general demographic information about themselves, for example, their sex, race, education, marital status, time spent online, number of people in their household, and age. As a more direct test of H2, the correlation between information sensitivity and information withholding was computed and found to be both positive and significant, r= .61, p < .001. These findings support H2.
Taken together, the results of the first two hypotheses indicate that withholding information within e-commerce relationships is a common privacy-protection strategy and depends on the sensitivity of the information requested by the site. These findings are consistent with theoretical predictions, as delineated earlier. They also parallel research on self-disclosure that finds greater withholding of intimate or more sensitive information during the initial stages of interpersonal relationships (Altman & Taylor, 1973; Jourard & Lasakow, 1958).
Research Question 1 addressed the extent to which online consumers falsify information as a privacy protection rule. Of the participants who disclosed information to the website, 39.6% falsified some of the information they disclosed. Most people, however, falsified only a few items; out of the 23 items requested by the website, participants falsified only 2-3 items on average.
Delving further into online deception, the third hypothesis examined which types of information participants were most likely to falsify. Table 2 shows the percentages of lying for each type of information requested. Participants who revealed information generally falsified more sensitive information, especially information that could be linked to financial and identity records. Nearly everyone (93.8%) who provided their social security number to the website falsified it. Participants were next most likely to falsify their name, direct contact, and basic demographic information. Participants were most truthful about their mailing address (recall this was needed for receiving the CD), time spent online, marital status, and hobbies/preferences.
Table 2. Lying by information type
|Type of Information||n disclosed||n falsified||% falsifying|
|Social security number||16||15||93.75|
|Last online purchase||47||7||14.89|
|Political party affiliation||62||8||12.90|
|Number of people in household||71||9||12.68|
|Favorite kind of music||78||4||5.13|
To test H3 directly, the correlation between information sensitivity and information falsification was computed and found to be positive and significant (r= .59, p < .01), as hypothesized. Considered jointly, the results of H2 and H3 show that participants are least likely to provide sensitive information online and most likely to falsify it when they do, compared to other kinds of information, which supports both hypotheses as well as prior research findings on disclosure in other contexts.
In sum, results generally support the four hypotheses. With regard to the research questions, there was some evidence that a sizable percentage of participants falsified their personal information and that some participants sought information from privacy policies as a means to protect their privacy, although not to a great extent. On the other hand, there was very little evidence that gender, level of privacy concern, or online experience have much impact on disclosure and information seeking within the e-commerce context.
- Top of page
This study shows that consumers manage their privacy online through their decisions to reveal or conceal information about themselves to online retailers. In particular, this study examines information withholding, deception, and seeking as online privacy management strategies. The research also provides insight into factors including gender, past online and e-commerce experience, concern about online privacy issues, type of information requested, and the specific language used in etailers’ privacy policies that may or may not influence decisions to disclose or withhold information.
Results inform past work on disclosure and interpersonal relationships that served as the basis for this study. Findings demonstrate that similar kinds of balancing dynamics appear to operate in the Web environment as they do in face-to-face situations, thus extending CPM into the domain of CMC, and e-commerce relationships specifically. Evidence that online consumers use strategies predicted by CPM theory—including information withholding, deception, and, to a lesser extent, information-seeking—is confirmed in this research. The study suggests that online consumers erect boundaries around personal information and form rules to decide when to reveal information to etailers, as predicted by CPM theory.
The data also encourage future research to extend CPM theory’s predictions of how boundary turbulence may impact disclosure decisions to e-commerce contexts. This is most evident in the open-ended questionnaire responses, such as “Whenever I give my information I get a lot of spam” or “I’ve had bad luck with giving out information about myself.” These responses indicate that prior negative experiences with online disclosure in e-commerce contexts may be a primary reason for withholding personal information. Results showing greater deception for those with more e-commerce experience also imply that boundary turbulence in past e-commerce relationships may play a role in people’s future online disclosure decisions. This is consistent with research showing that experienced Internet users were nearly two times more likely to provide false information to websites compared to less experienced users (Fox, 2000).
Together, the results of this study provide a basis to begin conceptualizing online consumers’ disclosure decisions in more systematic ways than have been attempted before. CPM theory predicts many aspects of the online behavior observed in this research and, thus offers a first step toward building a theory of online privacy management. At the same time, however, this study suggests that CPM must not be applied without accommodation for fundamental differences in the online context compared to face-to-face settings. For example, there was no evidence that online boundary rules are formulated on the basis of gender or general online privacy concerns, which is somewhat surprising given past findings in the interpersonal and e-commerce research literatures.
One reason why gender was less important in this study than in interpersonal relationships might be that the nature of disclosure in e-commerce contexts is quite different from that in most interpersonal relationships. Research on disclosure within interpersonal relationships finds that females tend to disclose more intimate and emotional information than do men (Derlega, Metts, Petronio, & Margulis, 1993). The lack of gender differences for withholding information found in this study might be explained by the fact that e-commerce transactions require disclosure of factual and largely non-emotional information. The results of this study agree with some prior e-commerce research that failed to find a relationship between gender and online deception (e.g., Sheehan, 1999) in spite of studies showing that women are more concerned about their privacy online than are men.
An explanation for the lack of findings with regard to concern for privacy in this study is the existence of a “privacy paradox” when it comes to online disclosure. Recent research finds that, despite expressing high levels of concern about privacy and security online, consumers are still willing to provide personal information to commercial websites (LaRose, 2004; Spiekermann, Grosslags, & Berendt, 2001). E-commerce incentives such as giveaways, lower prices, greater selection, the convenience of online shopping, and consumers’ feelings of powerlessness to protect their personal data on the Web have all been advanced as explanations for this paradox, and may have been operating in this study. Furthermore, this is not dissimilar to studies using CPM that have observed that people are sometimes willing to give up privacy when they seek security, in other words, that dialectical tensions sometimes shift from privacy-disclosure to privacy-security.
A second possible explanation is variable measurement. Privacy concern had low variance and acceptable, yet less-than-ideal reliability, making for an extremely conservative test of this concept statistically. Despite efforts to base the measure on prior research and the face validity of the items comprising the scale, future studies must develop better operationalizations of this concept.
Implications of the research for policy and practice
The fact that willingness to disclose was significantly impacted by the sensitivity of information requested by the website implies that marketers need to be aware of and sensitive to consumers’ perceptions of risk when asking for users’ personal information (see also White, 2004). For example, results suggest that online marketers will likely have greater success eliciting less threatening information from consumers. Indeed, etailers may do well to wait until after a relationship has been established and trust proven—perhaps after a satisfactory transaction with a customer has been completed—to request more sensitive information. Although this would hinder efforts toward customized marketing in the short run, it may provide significant payoff in the long term with regard to eliciting disclosure from consumers.
Finally, the findings on deception offer both good and bad news for e-commerce practitioners. The good news is that the majority of participants who disclosed personal information in this study were truthful, and if they lied, it was typically about only a few items. The bad news is that a substantial number of consumers will use deception to protect their privacy. Prior survey estimates show an average of 20% of online consumers regularly falsify information (Kehoe, et al., 1999; Pew Research Center, 2000; Sheehan & Hoy, 1999; SurveyNet, 1997). This study shows that closer to 40% of participants falsified information, implying that previous estimates may underestimate online deception and perhaps reflect a social desirability response bias in self-reports. The implications for etailers are somewhat ominous, especially when viewed in light of the fact that consumers with greater e-commerce experience lied more than those with less experience. This suggests that efforts to elicit truthful disclosure will become more difficult for etailers in the future, as consumers gain experience with e-commerce.
Overall, the study further suggests that people may be cautious in giving their personal information online because they know they will have little opportunity to negotiate mutually-acceptable privacy rules. To cope with this, they may withhold the more private information and give the minimum to achieve their goal. Under circumstances where pre-set privacy rules disallow negotiation, then, people settle for providing only the minimum information to get what they want. Thus an interesting dilemma arises: By pre-setting privacy rules in their privacy policies, companies may be limiting the amount of information they can expect to receive from consumers.
By framing decisions to provide or withhold information, either truthfully or falsely, in terms of CPM theory, this study helps to understand the privacy decisions that consumers make during e-commerce transactions. Results suggest that specific elements of CPM migrate well to the e-commerce environment, and that the notion of boundary management has theoretical traction when applied to this context. This research also highlights similarities and differences between interpersonal relationships and online commercial transactions, suggesting that information disclosure and veracity in e-commerce are somewhat a function of the type of information requested, past e-commerce experience (with regard to the amount of lying), and the specific language used in privacy policies. Together, findings from this study serve as a basis for more directed theory construction in this arena.