The upside of data privacy – delighting customers by implementing data privacy measures

  • Henner Gimpel
  • Dominikus Kleindienst
  • Niclas Nüske
  • Daniel Rau
  • Fabian Schmied
Research Paper
Part of the following topical collections:
  1. Special Issue on “Data Science and Business Analytics”


The targeted analysis of customer data becomes increasingly important for data-driven business models. At the same time, the customers’ concerns regarding data privacy have to be addressed properly. Existing research mostly describes data privacy as a necessary evil for compliance and risk management and does not propose specific data privacy measures which address the customers’ concerns. We therefore aim to shed light on the upside of data privacy. In this paper, we derive specific measures to deal with customers’ data privacy concerns based on academic literature, legislative texts, corporate privacy statements, and expert interviews. Next, we leverage the Kano model and data from two internet-based surveys to analyze the measures’ evaluation by customers. From a customer perspective, the implementation of the majority of measures is obligatory as those measures are considered as basic needs of must-be quality. However, delighting measures of attractive quality do exist and have the potential to create a competitive advantage. In this, we find some variation across different industries suggesting that corporations aiming to improve customer satisfaction by superior privacy protection should elicit the demands of their specific target customers.


Privacy concerns Privacy measures Customer data Customer satisfaction Survey research 

JEL classification


Supplementary material

12525_2018_296_MOESM1_ESM.pdf (37 kb)
ESM 1 (PDF 36 kb)


  1. Acquisti, A., Friedman, A., & Telang, R. (2006). Is There a Cost to Privacy Breaches? An Event Study. In ICIS 2006 Proceedings (Paper 94).Google Scholar
  2. Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security & Privacy, 3(1), 26–33.CrossRefGoogle Scholar
  3. Ahmad, A., & Mykytyn, P. (2012). Perceived Privacy Breach - the Construct, the Scale, and its Antecedents. In AMCIS 2012 Proceedings (Paper 21).Google Scholar
  4. Amazon. (2017).ärung. Retrieved from Accessed on 2017–10-23.
  5. Apple. (2017). Apple Datenschutzrichtlinie. Retrieved from Accessed on 2017–10-23.
  6. Arbore, A., & Busacca, B. (2009). Customer satisfaction and dissatisfaction in retail banking: Exploring the asymmetric impact of attribute performances. Journal of Retailing and Consumer Services, 16(4), 271–280.CrossRefGoogle Scholar
  7. Audatis Consulting. (2016). Checkliste: Technische und organisatorische Maßnahmen. Retrieved from Accessed on 18.08.2016.
  8. Bartikowski, B., & Llosa, S. (2004). Customer satisfaction measurement: Comparing four methods of attribute Categorisations. The Service Industries Journal, 24(4), 67–82.CrossRefGoogle Scholar
  9. BBC. (2015). Ashley Madison infidelity site's customer data 'leaked'. Retrieved from Accessed on 2017–05-10.
  10. Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: A review of information privacy research in information systems. MIS Quarterly, 35(4), 1017–1041.CrossRefGoogle Scholar
  11. Berendt, B., Günther, O., & Spiekermann, S. (2005). Privacy in E-commerce: Stated preferences vs. actual behavior. Communications of the ACM, 48(4), 101–106.CrossRefGoogle Scholar
  12. Berger, C., Blauth, R., Boger, D., Bolster, C., Burchill, G., DuMouchel, W., et al. (1993). Kano's methods for understanding customer-defined quality. Center for Quallity Management. Journal, 2(4), 3–36.Google Scholar
  13. Buchmann, E., Böhm, K., & Raabe, O. (2008). Privacy 2.0: Towards Collaborative Data-Privacy Protection. In Y. Karabulut, J. Mitchell, P. Herrmann, & C. D. Jensen (Eds.), Proceedings of IFIPTM 2008 (pp. 247–262).Google Scholar
  14. Buhl, H. U. (2013). IT as curse and blessing. Business & Information Systems Engineering, 5(6), 377–381.CrossRefGoogle Scholar
  15. Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448.CrossRefGoogle Scholar
  16. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 69–104.CrossRefGoogle Scholar
  17. Clayton, E., & Hilz, A. (2015). 2015 Aviation Trends. Retrieved from Accessed on 2016–08-18.
  18. Clement, A., & Obar, J. A. (2016). Keeping internet users in the know or in the dark: An analysis of the data privacy transparency of Canadian internet carriers. Journal of Information Policy, 6, 294–331.CrossRefGoogle Scholar
  19. Culnan, M. J., & Armstrong, P. K. (1999). Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation. Organization Science, 10(1), 104–115.CrossRefGoogle Scholar
  20. Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Métayer, D. Le, Tirtea, R., & Schiffner, S. (2015). Privacy and Data Protection by Design - from policy to engineering. Athens. Retrieved from Accessed on 25.04.2017.
  21. Deutsche Bank. (2017). Datenschutz. Retrieved from Accessed on 2017–10-23.
  22. Dhasarathan, C., Thirumal, V., & Ponnurangam, D. (2015). Data privacy breach prevention framework for the cloud service. Security and Communication Networks, 8(6), 982–1005.CrossRefGoogle Scholar
  23. Dropbox. (2017). Dropbox-Datenschutzrichtlinie. Retrieved from Accessed on 2017–10-23.
  24. Eastin, M. S., Brinson, N. H., Doorey, A., & Wilcox, G. (2016). Living in a big data world: Predicting mobile commerce activity through privacy concerns. Computers in Human Behavior, 58, 214–220.CrossRefGoogle Scholar
  25. easyJet. (2017). Datenschutzerklärung. Retrieved from Accessed on 2017–10-23.
  26. Facebook. (2017). Datenrichtlinie. Retrieved from Accessed on 2017–10-23.
  27. Fong, D. (1996). Using the self-stated importance questionnaire to interpret Kano questionnaire results. Center for Quallity Management. Journal, 5(3), 21–23.Google Scholar
  28. Füller, J., & Matzler, K. (2008). Customer delight and market segmentation: An application of the three-factor theory of customer satisfaction on life style groups. Tourism Management, 29(1), 116–126.CrossRefGoogle Scholar
  29. Gronholdt, L., Martensen, A., & Kristensen, K. (2000). The relationship between customer satisfaction and loyalty: Cross-industry differences. Total Quality Management, 11(4–6), 509–514.CrossRefGoogle Scholar
  30. Hackl, P., & Westlund, A. H. (2000). On structural equation modelling for customer satisfaction measurement. Total Quality Management, 11(4–6), 820–825.CrossRefGoogle Scholar
  31. Harris, E. C. (2007). Personal data privacy tradeoffs and how a Swedish church lady, Austrian public radio employees, and transatlantic air carriers show that Europe does not have the answer. American University International Law Review, 22(5), 745–799.Google Scholar
  32. Hong, W., & Thong, J. Y. L. (2013). Internet privacy concerns: An integrated conceptualization and four empirical studies. MIS Quarterly, 37(1), 275–298.CrossRefGoogle Scholar
  33. Hovav, A., & D’Arcy, J. (2003). The impact of denial-of-service attack announcements on the market value of firms. Risk Management and Insurance Review, 6(2), 97–121.CrossRefGoogle Scholar
  34. Inman, J. J., & Nikolova, H. (2017). Shopper-facing retail technology: A retailer adoption decision framework incorporating shopper attitudes and privacy concerns. Journal of Retailing, 93(1), 7–28.CrossRefGoogle Scholar
  35. Kano, N., Seraku, N., Takahashi, F., & Tsuji, S. i. (1984). Attractive quality and must-be quality. The Journal of the Japanese Society for Quality Control, 14(2), 147–156.Google Scholar
  36. Keith, M. J., Babb, J., Furner, C., Abdullat, A., & Lowry, P. B. (2016). Limited information and quick decisions: Consumer privacy Calculus for mobile applications. AIS Transactions on Human-Computer Interaction, 8(3), 88–130.CrossRefGoogle Scholar
  37. Keith, M. J., Thompson, S. C., Hale, J., Lowry, P. B., & Greer, C. (2013). Information disclosure on mobile devices: Re-examining privacy calculus with actual user behavior. International Journal of Human-Computer Studies, 71(12), 1163–1173.CrossRefGoogle Scholar
  38. Khatri, V., & Brown, C. V. (2010). Designing data governance. Communications of the ACM, 53(1), 148.CrossRefGoogle Scholar
  39. Klingspor, V. (2016). Why do we need data privacy? In S. Michaelis, N. Piatkowski, & M. Stolpe (Eds.), Solving large scale learning tasks: Challenges and algorithms (pp. 85–95). Cham: Springer.CrossRefGoogle Scholar
  40. Ladhari, R. (2009). A review of twenty years of SERVQUAL research. International Journal of Quality and Service Sciences, 1(2), 172–198.CrossRefGoogle Scholar
  41. Lai, H.-J., & Wu, H.-H. (2011). A case study of applying Kano’s model and ANOVA technique in evaluating service quality. Information Technology Journal, 10(1), 89–97.CrossRefGoogle Scholar
  42. Landis, R. J., & Koch, G. G. (1977). The measurement of observer agreement for categorical data. Biometrics, 33, 159–174.CrossRefGoogle Scholar
  43. Lee, M. C., & Newcomb, J. (1996). Applying the Kano methodology in managing NASA's science research program. Center for Quallity Management Journal, 5(3), 13–20.Google Scholar
  44. Löfgren, M., & Witell, L. (2008). Two decades of using Kano's theory of attractive quality: A literature review. The Quality Management Journal, 15(1), 59–75.CrossRefGoogle Scholar
  45. Lyons, V., van der Werff, L., & Lynn, T. (2016). Ethics as pacemaker: Regulating the heart of the privacy-trust relationship. A proposed conceptual model. In ICIS 2016 Proceedings. Google Scholar
  46. Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet Users' information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4), 336–355.CrossRefGoogle Scholar
  47. Mamonov, S., & Koufaris, M. (2014). The impact of perceived privacy breach on smartphone user attitudes and intention to terminate the relationship with the mobile carrier. Communications of the Association for Information Systems, 34(60).Google Scholar
  48. Matthing, J., Sandén, B., & Edvardsson, B. (2004). New service development: Learning from and with customers. International Journal of Service Industry Management, 15(5), 479–498.CrossRefGoogle Scholar
  49. Matzler, K., Hinterhuber, H. H., Bailom, F., & Sauerwein, E. (1996). How to delight your customers. Journal of Product & Brand Management, 5(2), 6–18.CrossRefGoogle Scholar
  50. Matzler, K., & Stahl, H. K. (2000). Kundenzufriedenheit und Unternehmenswertsteigerung. Die Betriebswirtschaft, 60, 626–641.Google Scholar
  51. Mohammed, R. (2014). Why Amazon Should Unbundle Prime. Retrieved from Accessed on 2017–10-12.
  52. Morey, T., Forbath, T., & Schoop, A. (2015). Customer data: Designing for transparency and trust. Harvard Business Review. (May), 96–105.Google Scholar
  53. Moshki, H., & Barki, H. (2016). Coping with information privacy breaches: An exploratory framework. In ICIS 2016 Proceedings. Google Scholar
  54. Muntermann, J., & Roßnagel, H. (2009). On the Effectiveness of Privacy Breach Disclosure Legislation in Europe: Empirical Evidence from the US Stock Market. In A. Jøsang, T. Maseng, & S. J. Knapskog (Eds.), Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age (pp. 1–14).Google Scholar
  55. Nicholas-Donald, A., Matus, J. F., Ryu, S., & Mahmood, A. M. (2011). The Economic Effect of Privacy Breach Announcements on Stocks: A Comprehensive Empirical Investigation. In AMCIS 2011 Proceedings (Paper 341).Google Scholar
  56. Nofer, M., Hinz, O., Muntermann, J., & Roßnagel, H. (2014). The economic impact of privacy violations and security breaches. Business & Information Systems Engineering, 6(6), 339–348.CrossRefGoogle Scholar
  57. Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The privacy paradox: Personal information disclosure intentions versus behaviors. The Journal of Consumer Affairs, 41(1), 100–126.CrossRefGoogle Scholar
  58. Otto, B. (2011). Organizing data governance: Findings from the telecommunications industry and consequences for large service providers. Communications of the Association for Information Systems, 29(3), 45–66.Google Scholar
  59. Parasuraman, A., Zeithaml, V. A., & Berry, L. L. (1985). A conceptual model of service quality and its implications for future research. Journal of Marketing, 49(4), 41–50.CrossRefGoogle Scholar
  60. Pavlou, P. A. (2011). State of the information privacy literature: Where are we now and where should we go? MIS Quarterly, 35(4), 977–988.CrossRefGoogle Scholar
  61. Payne, D., Landry, B. J. L., & Dean, M. D. (2015). Data Mining and Privacy: An Initial Attempt at a Comprehensive Code of Conduct for Online Business. Communications of the ACM, 37, Article 34.Google Scholar
  62. Preibusch, S. (2013). Guide to measuring privacy concern: Review of survey and observational instruments. International Journal of Human-Computer Studies, 71(12), 1133–1143.CrossRefGoogle Scholar
  63. Preibusch, S., Kübler, D., & Beresford, A. R. (2013). Price versus privacy: An experiment into the competitive advantage of collecting less personal information. Electronic Commerce Research, 13(4), 423–455.CrossRefGoogle Scholar
  64. Saarijärvi, H., Grönroos, C., & Kuusela, H. (2014). Reverse use of customer data: Implications for service-based business models. Journal of Services Marketing, 28(7), 529–537.CrossRefGoogle Scholar
  65. Sarathy, R., & Robertson, C. J. (2003). Strategic and ethical considerations in managing digital privacy. Journal of Business Ethics, 46(2), 111–126.CrossRefGoogle Scholar
  66. Schaule, M. (2014). Anreize für eine nachhaltige Immobilienentwicklung: Nutzerzufriedenheit und Zahlungsbereitschaft als Funktion von Gebäudeeigenschaften bei Büroimmobilien (Doctoral thesis). Munich: Fakultät für Bauingenieur- und Vermessungswesen.Google Scholar
  67. Schneider, M. J., Jagpal, S., Gupta, S., Li, S., & Yu, Y. (2017). Protecting customer privacy when marketing with second-party data. International Journal of Research in Marketing, 34(3), 593–603.CrossRefGoogle Scholar
  68. Smith, H. J., Milberg, S. J., & Burke, S. J. (1996). Information privacy: Measuring Individuals' concerns about organizational practices. MIS Quarterly, 20(2), 167–196.CrossRefGoogle Scholar
  69. Tanner, A. (2013). Here Are Some of America's Most Privacy Friendly Companies: Accessed on 2016–11-02. Retrieved from Accessed on 2016–11-02.
  70. Telekom DE-Mail. (2017). Datenschutzhinweise für De-Mail der Telekom Deutschland GmbH. Retrieved from Accessed on 2017–10-23.
  71. Tesla Motors. (2017). Datenschutzerklärung. Retrieved from Accessed on 2017–10-23.
  72. The Guardian. (2011). iPhone keeps record of everywhere you go. Retrieved from Accessed on 2017–05-10.
  73. The Telegraph. (2010). Facebook admits 'inadvertent' privacy breach. Retrieved from Accessed on 2017–05-07.
  74. Zalando. (2017). Datenschutzerklärung und Einwilligung zur Datennutzung. Retrieved from Accessed on 2017–10-23.

Copyright information

© Institute of Applied Informatics at University of Leipzig 2018

Authors and Affiliations

  1. 1.FIM Research CenterUniversity of AugsburgAugsburgGermany

Personalised recommendations