Electronic Markets

, Volume 28, Issue 4, pp 475–490 | Cite as

The disclosure of private data: measuring the privacy paradox in digital services

  • Henner Gimpel
  • Dominikus Kleindienst
  • Daniela WaldmannEmail author
Research Paper


Privacy is a current topic in the context of digital services because such services demand mass volumes of consumer data. Although most consumers are aware of their personal privacy, they frequently do not behave rationally in terms of the risk-benefit trade-off. This phenomenon is known as the privacy paradox. It is a common limitation in research papers examining consumers’ privacy intentions. Using a design science approach, we develop a metric that determines the extent of consumers’ privacy paradox in digital services based on the theoretical construct of the privacy calculus. We demonstrate a practical application of the metric for mobile apps. With that, we contribute to validating respective research findings. Moreover, among others, consumers and companies can be prevented from unwanted consequences regarding data privacy issues and service market places can provide privacy-customized suggestions.


Privacy paradox Privacy calculus Metric Digital services 

JEL classification

Supplementary material

12525_2018_303_MOESM1_ESM.pdf (109 kb)
ESM 1 (PDF 109 kb)


  1. Abdelzaher, T., Anokwa, Y., Boda, P., Burke, J., Estrin, D., Guibas, L., ... Reich, J. (2007). Mobiscopes for human spaces. IEEE Pervasive Computing, 6(2), 20–29. Scholar
  2. Acquisti, A. (2004). Privacy in electronic commerce and the economics of immediate gratification. In Proceedings of the 5th ACM Conference on Electronic Commerce (pp. 21–29).
  3. Acquisti, A., & Gross, R. (2006). Imagined communities: Awareness, information sharing, and privacy on the Facebook. In Proceedings of the 6th Workshop on Privacy Enhancing Technologies (pp. 36–58).CrossRefGoogle Scholar
  4. Acquisti, A., & Grossklags, J. (2004). Privacy attitudes and privacy behavior. In L. J. Camp & S. Lewis (Eds.), Economics of information security (pp. 165–178). Boston: Kluwer Academic Publishers.CrossRefGoogle Scholar
  5. Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security and Privacy, 3(1), 26–33. Scholar
  6. Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509–514. Scholar
  7. Alt, R., Militzer-Horstmann, C., & Zimmermann, H.-D. (2015). Editorial 25/2: electronic markets and privacy. Electronic Markets, 25(2), 87–90. Scholar
  8. Becker, M., Lehrig, S., & Becker, S. (2015). Systematically deriving quality metrics for cloud computing systems. In Proceedings of the 6th ACM/SPEC International Conference on Performance Engineering (pp. 169–174). New York, USA.
  9. Bélanger, F., & Crossler, R. E. (2011). Privacy in the digital age: a review of information privacy research in information systems. MIS Quarterly, 35(4), 1017–1042.CrossRefGoogle Scholar
  10. Bélanger, F., Hiller, J. S., & Smith, W. J. (2002). Trustworthiness in electronic commerce: the role of privacy, security, and site attributes. The Journal of Strategic Information Systems, 11(3–4), 245–270. Scholar
  11. Berendt, B., Günther, O., & Spiekermann, S. (2005). Privacy in e-commerce: stated preferences vs. actual behavior. Communications of the ACM, 48(4), 101–106. Scholar
  12. Böhme, R., & Freiling, F. C. (2008). On metrics and measurements. In I. Eusgeld (Ed.), Lecture notes in computer science: Vol. 4909. Dependability metrics. Advanced lectures (pp. 7–13). Berlin: Springer.Google Scholar
  13. Bouwers, E., van Deursen, A., & Visser, J. (2013). Evaluating usefulness of software metrics: An industrial experience report. Proceedings of the 35th International Conference on Software Engineering (pp. 921–930).Google Scholar
  14. Brislin, R. W. (1970). Back-translation for cross-cultural research. Journal of Cross-Cultural Psychology, 1(3), 185–216.CrossRefGoogle Scholar
  15. Buchanan, T., Paine, C., Joinson, A. N., & Reips, U. (2007). Development of measures of online privacy concern and protection for use on the internet. Journal of the American Society for Information Science and Technology, 58(2), 157–165.CrossRefGoogle Scholar
  16. Buck, C., Horbel, C., Germelmann, C. C., & Eymann, T. (2014). The unconscious app consumer. Proceedings of the 22nd European Conference on Information Systems (ECIS2014), Tel Aviv, June 9–11, 2014.Google Scholar
  17. Chellappa, R. K., & Sin, R. G. (2005). Personalization versus privacy: an empirical examination of the online consumer’s dilemma. Information Technology and Management, 6(2–3), 181–202.CrossRefGoogle Scholar
  18. Cho, H., Rivera-Sánchez, M., & Lim, S. S. (2009). A multinational study on online privacy: global concerns and local responses. New Media & Society, 11(3), 395–416.CrossRefGoogle Scholar
  19. Culnan, M. J., & Armstrong, P. K. (1999). Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation. Organization Science, 10(1), 104–115.CrossRefGoogle Scholar
  20. Culnan, M. J., & Bies, R. J. (2003). Consumer privacy: balancing economic and justice considerations. Journal of Social Issues, 59(2), 323–342.CrossRefGoogle Scholar
  21. Cunningham, S. M. (1967). The major dimensions of perceived risk. In D. F. Cox (Ed.), Risk taking and information handling in consumer behavior (pp. 82–111). Cambridge: Harvard University Press.Google Scholar
  22. Degirmenci, K., Guhr, N., & Breitner, M. (2013). Mobile applications and access to personal information: a discussion of users’ privacy concerns. Proceedings of the 34th International Conference on Information Systems (ICIS 2013), Milan, December 15–18, 2013.Google Scholar
  23. Dinev, T., & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17(1), 61–80.CrossRefGoogle Scholar
  24. Dinev, T., Bellotto, M., Hart, P., Russo, V., Serra, I., & Colautti, C. (2006). Privacy calculus model in e-commerce: a study of Italy and the United States. European Journal of Information Systems, 15(4), 389–402.CrossRefGoogle Scholar
  25. Egelman, S., Felt, A. P., & Wagner, D. (2013). Choice architecture and smartphone privacy: There’s a price for that. In R. Böhme (Ed.), The economics of information security and privacy (pp. 211–236). Heidelberg: Springer.CrossRefGoogle Scholar
  26. Erl, T., Puttini, R., & Mahmood, Z. (2013). Cloud computing: concepts, technology and architecture. Upper Saddle River, NJ: Prentice Hall.Google Scholar
  27. Even, A., & Shankaranarayanan, G. (2007). Utility-driven assessment of data quality. ACM SIGMIS Database, 38(2), 75–93. Scholar
  28. Felt, A. P., Ha, E., Egelman, S., Haney, A., Chin, E., & Wagner, D. (2012). Android permissions: user attention, comprehension, and behavior. Proceedings of the 8th Symposium on Usable Privacy and Security (SOUPS 2012), Washington, DC, July 11–13, 2012.Google Scholar
  29. Fishbein, M., & Ajzen, I. (1975). Belief, attitude, intention and behavior: An introduction to theory and research: An introduction to theory and research. Reading, MA: Addison-Wesley.Google Scholar
  30. Graupner, E., Melcher, F., Demers, D., & Maedche, A. (2015). Customers’ intention to use digital services in retail banking: an information processing perspective. Proceedings of the 23rd European Conference on Information Systems (ECIS 2015), Münster, May 26–29, 2015.Google Scholar
  31. Gregor, S. (2006). The nature of theory in information systems. MIS Quarterly, 30(3), 611–642.CrossRefGoogle Scholar
  32. Gregor, S., & Hevner, A. R. (2013). Positioning and presenting design science research for maximum impact. MIS Quarterly, 37(2), 337–356.CrossRefGoogle Scholar
  33. Gregor, S., & Jones, D. (2007). The anatomy of a design theory. Journal of the Association for Information Systems, 8(5), 312–335.CrossRefGoogle Scholar
  34. Hashem, I. A. T., Yaqoob, I., Anuar, N. B., Mokhtar, S., Gani, A., & Khan, S. U. (2015). The rise of “big data” on cloud computing: review and open research issues. Information Systems, 47, 98–115. Scholar
  35. Hauff, S., Veit, D., & Tuunainen, V. (2015). Towards a taxonomy of perceived consequences of privacy-invasive practices. Proceedings of the 23rd European Conference on Information Systems (ECIS 2015), Münster, May 26–29, 2015.Google Scholar
  36. Hauser, J., & Katz, G. (1998). Metrics: you are what you measure! European Management Journal, 16(5), 517–528.CrossRefGoogle Scholar
  37. Hawkey, K., & Inkpen, K. M. (2006). Keeping up appearances: Understanding the dimensions of incidental information privacy. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. New York: ACM Press.
  38. Heimbach, I., Gottschlich, J., & Hinz, O. (2015). The value of user’s facebook profile data for product recommendation generation. Electronic Markets, 25(2), 125–138. Scholar
  39. Herrmann, D. S. (2007). Complete guide to security and privacy metrics: Measuring regulatory compliance, operational resilience, and ROI. Boca Raton, FL: Auerbach Publications.CrossRefGoogle Scholar
  40. Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design science in information systems research. MIS Quarterly, 28(1), 75–105.CrossRefGoogle Scholar
  41. Horbach, M., & Horbach, M. (Eds.). (2013). Informatik 2013: Informatik angepasst an Mensch, Organisation und Umwelt. Koblenz: Bonner Köllen Verlag.Google Scholar
  42. Hui, K.-L., Tan, B. C. Y., & Goh, C.-Y. (2006). Online information disclosure: motivators and measurements. ACM Transactions on Internet Technology (TOIT), 6(4), 415–441. Scholar
  43. Jensen, C., Potts, C., & Jensen, C. (2005). Privacy practices of internet users: self-reports versus observed behavior. International Journal of Human-Computer Studies, 63(1), 203–227.CrossRefGoogle Scholar
  44. Kaiser, M., Klier, M., & Heinrich, B. (2007). How to measure data quality? A metric-based approach. Proceedings of the 28th International Conference on Information Systems (ICIS 2007), Montreal, December 9–12, 2007.Google Scholar
  45. Keith, M. J., Thompson, S. C., Hale, J., & Greer, C. (2012). Examining the rationality of information disclosure through mobile devices. Proceedings of the 33rd International Conference on Information Systems (ICIS 2012), Orlando, December 16–19, 2012.Google Scholar
  46. Keith, M. J., Thompson, S. C., Hale, J., Lowry, P. B., & Greer, C. (2013). Information disclosure on mobile devices: re-examining privacy calculus with actual user behavior. International Journal of Human-Computer Studies, 71(12), 1163–1173.CrossRefGoogle Scholar
  47. Keith, M. J., Babb, J. S., & Lowry, P. B. (2014). A longitudinal study of information privacy on mobile devices. In Proceedings of the 47th Hawaii International Conference on System Sciences (pp. 3149–3158).Google Scholar
  48. Kotler, P., & Armstrong, G. M. (2010). Principles of marketing. Upper Saddle River, NY: Pearson Prentice Hall.Google Scholar
  49. Krasnova, H., & Veltri, N. F. (2010). Privacy calculus on social networking sites: explorative evidence from Germany and USA. Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS 2010), January 5–8, 2010.Google Scholar
  50. Krasnova, H., Günther, O., Spiekermann, S., & Koroleva, K. (2009). Privacy concerns and identity in online social networks. Identity in the Information Society, 2(1), 39–63.CrossRefGoogle Scholar
  51. Kumaraguru, P., & Cranor, L. F. (2005). Privacy indexes: A survey of Westin’s studies. Technical Report, CMUISRI-05-138, Carnegie Mellon University, Institute of Software Research.Google Scholar
  52. Laufer, R. S., & Wolfe, M. (1977). Privacy as a concept and a social issue: a multidimensional developmental theory. Journal of Social Issues, 33(3), 22–42.CrossRefGoogle Scholar
  53. Liggesmeyer, P. (2009). Software-Qualität: Testen, Analysieren und Verifizieren von Software. Heidelberg: Spektrum Akademischer Verlag.CrossRefGoogle Scholar
  54. Linkov, I., Welle, P., Loney, D., Tkachuk, A., Canis, L., Kim, J. B., & Bridges, T. (2011). Use of multicriteria decision analysis to support weight of evidence evaluation. Risk Analysis, 31(8), 1211–1225. Scholar
  55. Lioudakis, G. V., Koutsoloukas, E. A., Dellas, N. L., Tselikas, N., Kapellaki, S., Prezerakos, G. N.,. ... Venieris, I. S. (2007). A middleware architecture for privacy protection. Computer Networks, 51(16), 4679–4696. Scholar
  56. Lynne, M. M., & Mentzer, K. (2014). Foresight for a responsible future with ICT. Information Systems Frontiers, 16.Google Scholar
  57. Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users’ information privacy concerns (IUIPC): the construct, the scale, and a causal model. Information Systems Research, 15(4), 336–355.CrossRefGoogle Scholar
  58. Mason, R. O. (1986). Four ethical issues of the information age. MIS Quarterly, 10(1), 5–12.CrossRefGoogle Scholar
  59. Merriam Webster. (2017). Definition of metric. Retrieved from
  60. Min, J., & Kim, B. (2015). How are people enticed to disclose personal information despite privacy concerns in social network sites? The calculus between benefit and cost. Journal of the Association for Information Science and Technology, 66(4), 839–857.CrossRefGoogle Scholar
  61. Nissenbaum, H. (1997). Toward an approach to privacy in public: Challenges of information technology. Ethics & Behavior, 7(3), 207–219.CrossRefGoogle Scholar
  62. Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The privacy paradox: personal information disclosure intentions versus behaviors. Journal of Consumer Affairs, 41(1), 100–126.CrossRefGoogle Scholar
  63. Offermann, P., Blom, S., Schönherr, M., & Bub, U. (2010). Artifact types in information systems design science – a literature review. In D. Hutchison, T. Kanade, J. Kittler, J. M. Kleinberg, F. Mattern, J. C. Mitchell,. ... S. Aier (Eds.), Global perspectives on design science research (pp. 77–92). Heidelberg: Springer. Scholar
  64. Palmer, J. W. (2002). Web site usability, design, and performance metrics. Information Systems Research, 13(2), 151–167.CrossRefGoogle Scholar
  65. Peffers, K., Tuunanen, T., Rothenberger, M. A., & Chatterjee, S. (2007). A design science research methodology for information systems research. Journal of Management Information Systems, 24(3), 45–77. Scholar
  66. Roeber, B., Rehse, O., Knorrek, R., & Thomsen, B. (2015). Personal data: how context shapes consumers’ data sharing with organizations from various sectors. Electronic Markets, 25(2), 95–108. Scholar
  67. Schreiner, M., & Hess, T. (2015). Why are consumers willing to pay for privacy? An application of the privacy-freemium model to media companies. Proceedings of the 23rd European Conference on Information Systems (ECIS 2015), Münster, May 26–29, 2015.Google Scholar
  68. Sheng, H., Nah, F. F.-H., & Siau, K. (2008). An experimental study on ubiquitous commerce adoption: impact of personalization and privacy concerns. Journal of the Association for Information Systems, 9(6), 15.CrossRefGoogle Scholar
  69. Smith, H. J., Milberg, S. J., & Burke, S. J. (1996). Information privacy: measuring individuals’ concerns about organizational practices. MIS Quarterly, 20(2), 167–196.CrossRefGoogle Scholar
  70. Smith, H. J., Dinev, T., & Xu, H. (2011). Information privacy research: an interdisciplinary review. MIS Quarterly, 35(4), 989–1016.CrossRefGoogle Scholar
  71. Son, J.-Y., & Kim, S. S. (2008). Internet users’ information privacy-protective responses: a taxonomy and a nomological model. MIS Quarterly, 32(3), 503–529.CrossRefGoogle Scholar
  72. Spiekermann, S., Grossklags, J., & Berendt, B. (2001). E-privacy in 2nd generation e-commerce: privacy preferences versus actual behavior. Proceedings of the 3rd ACM Conference on Electronic Commerce.Google Scholar
  73. Spiekermann, S., Acquisti, A., Böhme, R., & Hui, K.-L. (2015). The challenges of personal data markets and privacy. Electronic Markets, 25(2), 161–167. Scholar
  74. Stone, E. F., Gueutal, H. G., Gardner, D. G., & McClure, S. (1983). A field experiment comparing information: privacy values, beliefs, and attitudes across several types of organizations. Journal of Applied Psychology, 68(3), 459.CrossRefGoogle Scholar
  75. Stutzman, F., Gross, R., & Acquisti, A. (2013). Silent listeners: the evolution of privacy and disclosure on Facebook. The Journal of Privacy and Confidentiality, 4(2), 7–41.CrossRefGoogle Scholar
  76. Tene, O., & Polonetsky, J. (2012). Privacy in the age of big data: a time for big decisions. Stanford Law Review Online, 64, 63–69.Google Scholar
  77. van Slyke, C., Shim, J. T., Johnson, R., & Jiang, J. J. (2006). Concern for information privacy and online consumer purchasing. Journal of the Association for Information Systems, 7(6), 415–444.CrossRefGoogle Scholar
  78. Venkatesh, V., Morris, M. G., Davis, G. B., & Davis, F. D. (2003). User acceptance of information technology: toward a unified view. MIS Quarterly, 27(3), 425–478.CrossRefGoogle Scholar
  79. Venkatesh, V., Thong, J. Y. L., & Xu, X. (2012). Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology. MIS Quarterly, 36(1), 157–178.CrossRefGoogle Scholar
  80. Wallmüller, E. (2001). Software-Qualitätsmanagement in der Praxis: Software-Qualität durch Führung und Verbesserung von Software-Prozessen. München: Hanser.Google Scholar
  81. Wei, X., Gomez, L., Neamtiu, I., & Faloutsos, M. (2012). Malicious android applications in the enterprise: What do they do and how do we fix it? In Proceedings of the 28th International Conference on Data Engineering Workshops (pp. 251–254).Google Scholar
  82. Xu, H., Teo, H.-H., Tan, B. C. Y., & Agarwal, R. (2009). The role of push-pull technology in privacy calculus: the case of location-based services. Journal of Management Information Systems, 26(3), 135–174.CrossRefGoogle Scholar
  83. Zhan, J., & Rajamani, V. (2008). The economics of privacy-privacy: People, policy and technology. Proceedings of the 2nd International Conference on Information Security and Assurance.Google Scholar
  84. Zhou, T. (2013). Examining continuous usage of location-based services from the perspective of perceived justice. Information Systems Frontiers, 15, 141–150.CrossRefGoogle Scholar
  85. Zukowski, T., & Brown, I. (2007). Examining the influence of demographic factors on internet users’ information privacy concerns. Proceedings of the 2007 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on IT Research in Developing Countries.Google Scholar

Copyright information

© Institute of Applied Informatics at University of Leipzig 2018

Authors and Affiliations

  1. 1.FIM Research CenterAugsburgGermany
  2. 2.Fraunhofer FIT - Project Group Business and Information Systems EngineeringAugsburgGermany

Personalised recommendations