Skip to main content

Perceived Privacy Violation: Exploring the Malleability of Privacy Expectations

Abstract

Recent scholarship in business ethics has revealed the importance of privacy expectations as they relate to implicit privacy norms and the business practices that may violate these expectations. Yet, it is unclear how and when businesses may violate these expectations, factors that form or influence privacy expectations, or whether or not expectations have in fact been violated by company actions. This article reports the findings of three studies exploring how and when the corporate dissemination of consumer data violates privacy expectations. The results indicate that consumer sentiment is more negative following intentional releases of sensitive consumer data, but the effect of data dissemination is more complex than that of company intentionality and data sensitivity alone. Companies can effectively set, and re-affirm, privacy expectations via consent procedures preceding and succeeding data dissemination notifications. Although implied consent has become more widely used in practice, we show how explicit consent outperforms implied consent in these regards. Importantly, this research provides process evidence that identifies perceived violation of privacy expectations as the underlying mechanism to explain the deleterious effects, on consumer sentiment, when company actions are misaligned with consumers’ privacy expectations. Ethical implications for companies collecting and disseminating consumer information are offered.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3

References

  • Ackerman, M. S., Cranor, L. F., & Reagle, J. (1999). Privacy in e-commerce: Examining user scenarios and privacy preferences. In Proceedings of the 1st ACM conference on electronic commerce (pp. 1–8).

  • Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509–514.

    Article  Google Scholar 

  • Altman, I. (1975). Environment and social behavior: Privacy, personal space, territory, and crowding. Monterey, CA: Brooks/Cole.

    Google Scholar 

  • Baca-Motes, K., Brown, A., Gneezy, A., Keenan, E. A., & Nelson, L. D. (2013). Commitment and behavior change: Evidence from the field. Journal of Consumer Research, 39(5), 1070–1084.

    Article  Google Scholar 

  • Brenkert, G. G. (1981). Privacy, polygraphs and work. Business and Professional Ethics Journal, 1(1), 19–35.

    Article  Google Scholar 

  • Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448.

    Article  Google Scholar 

  • Cranor, L. F. (2012). Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. Journal on Telecommunications and High Technology Law, 10, 273.

    Google Scholar 

  • Disney (2015). Privacy policy. https://disneyprivacycenter.com/privacy-policy-translations/english/#DIMGQuestion4. Accessed May 25, 2016.

  • Dommeyer, C. J., & Gross, B. L. (2003). What consumers know and what they do: An investigation of consumer knowledge, awareness, and use of privacy protection strategies. Journal of Interactive Marketing, 17(2), 34–51.

    Article  Google Scholar 

  • Donaldson, T., & Dunfee, T. W. (1994). Toward a unified conception of business ethics: Integrative social contracts theory. Academy of Management Review, 19(2), 252–284.

    Article  Google Scholar 

  • Dunfee, T. W. (2006). A critical perspective of integrative social contracts theory: Recurring criticisms and next generation research topics. Journal of Business Ethics, 68(3), 303–328.

    Article  Google Scholar 

  • Easton, R. B., Graber, M. A., Monnahan, J., & Hughes, J. (2007). Defining the scope of implied consent in the emergency department. The American Journal of Bioethics, 7(12), 35–38.

    Article  Google Scholar 

  • Facebook (2013). Important message from Facebook’s white hat program. https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766. Accessed December 19, 2015.

  • Federal Trade Commission. (2009). The CAN-SPAM Act: A compliance guide for business. https://www.ftc.gov/system/files/documents/plain-language/bus61-can-spam-act-compliance-guide-business.pdf. Accessed December 1, 2016.

  • Federal Trade Commission. (2011). FTC charges deceptive privacy practices in Google’s rollout of its buzz social network. http://Ftc.Gov/Opa/2011/03/Googleshtm. Accessed December 1, 2016.

  • Federal Trade Commission. (2014). Data brokers: A call for transparency and accountability. Www.Ftc.Gov/System/Files/Documents/Reports/Data-Brokers-Call-Transparency-Accountabilityreport-Federal-Trade-Commission-may-2014/140527databrokerreport.Pdf. Accessed December 1, 2016.

  • Finkle, J. (2013). Adobe data breach more extensive than previously disclosed. Reuters, http://www.reuters.com/article/us-adobe-cyberattack-idUSBRE99S1DJ20131029. Accessed December 19, 2015.

  • Fredrix, E. (2005). Ameritrade loses backup tape containing 200 K client files. http://usatoday30.usatoday.com/tech/news/computersecurity/infotheft/2005-04-20-ameritrade-files-lost_x.htm. Accessed December 1, 2016.

  • Garcia, A. (2015). Target settles for $39 million over data breach. http://money.cnn.com/2015/12/02/news/companies/target-data-breach-settlement. Accessed September 1, 2016.

  • Google. (2016). Privacy policy. http://www.google.com/policies/privacy. Accessed December 1, 2016.

  • Harris, K. D. (2016). California Data Breach Report 2012-2015. https://oag.ca.gov/sites/all/files/agweb/pdfs/dbr/2016-data-breach-report.pdf. Accessed May 25, 2016.

  • Hayes, A. F. (2013). Introduction to mediation, moderation, and conditional process analysis: A regression-based approach. New York: Guilford Press.

    Google Scholar 

  • Heide, J. B., Wathne, K. H., & Rokkan, A. I. (2007). Interfirm monitoring, social contracts, and relationship outcomes. Journal of Marketing Research, 44(3), 425–433.

    Article  Google Scholar 

  • Huh, Y. E., Vosgerau, J., & Morewedge, C. K. (2014). Social defaults: Observed choices become choice defaults. Journal of Consumer Research, 41(3), 746–760.

    Article  Google Scholar 

  • Janssen, A., & Gevers, S. (2005). Explicit or implied consent and organ donation post-mortem: Does it matter. Medicine and Law, 24(3), 575–583.

    Google Scholar 

  • Johnson, E. J., Bellman, S., & Lohse, G. L. (2002). Defaults, framing and privacy: Why opting in-opting out. Marketing Letters, 13(1), 5–15.

    Article  Google Scholar 

  • Johnson, E. J., & Goldstein, D. (2003). Do defaults save lives? Science, 302(5649), 1338–1339.

    Article  Google Scholar 

  • Kang, J., & Hustvedt, G. (2014). Building trust between consumers and corporations: The role of consumer perceptions of transparency and social responsibility. Journal of Business Ethics, 125(2), 253–265.

    Article  Google Scholar 

  • Kannan, K., Rees, J., & Sridhar, S. (2007). Market reactions to information security breach announcements: An empirical analysis. International Journal of Electronic Commerce, 12(1), 69–91.

    Article  Google Scholar 

  • Kelly, E. (2017). Congress tackles major privacy, surveillance issues. USA Today https://www.usatoday.com/story/news/politics/2017/04/12/congress-tackles-major-privacy-surveillance-issues/100335168. Accessed April 16, 2017.

  • Kroft, S. (2014). The data brokers: Selling your personal information. CBS News. http://www.cbsnews.com/news/the-data-brokers-selling-your-personal-information/. Accessed October 5, 2015.

  • Lombrozo, T. (2010). Causal–explanatory pluralism: How intentions, functions, and mechanisms influence causal ascriptions. Cognitive Psychology, 61(4), 303–332.

    Article  Google Scholar 

  • Lowry, P. B., Posey, C., Roberts, T. L., & Bennett, R. J. (2014). Is your banker leaking your personal information? The roles of ethics and individual-level cultural characteristics in predicting organizational computer abuse. Journal of Business Ethics, 121(3), 385–401.

    Article  Google Scholar 

  • Luo, X., Raithel, S., & Wiles, M. A. (2013). The impact of brand rating dispersion on firm value. Journal of Marketing Research, 50(3), 399–415.

    Article  Google Scholar 

  • Madden, M. (2014). Public perceptions of privacy and security in the post-Snowden era. http://www.pewinternet.org/2014/11/12/public-privacy-perceptions. Accessed December 1, 2016.

  • Martin, K. (2012). Diminished or just different? A factorial vignette study of privacy as a social contract. Journal of Business Ethics, 111(4), 519–539.

    Article  Google Scholar 

  • Martin, K. (2015). Privacy notices as tabula rasa: An empirical investigation into how complying with a privacy notice is related to meeting privacy expectations online. Journal of Public Policy & Marketing, 34(2), 210–227.

    Article  Google Scholar 

  • Martin, K. (2016). Understanding privacy online: Development of a social contract approach to privacy. Journal of Business Ethics, 137(3), 551–569.

    Article  Google Scholar 

  • Martin, K., & Shilton, K. (2015). Why experience matters to privacy: How context-based experience moderates consumer privacy expectations for mobile applications. Journal of the Association for Information Science and Technology, 67(8), 1871–1882.

    Article  Google Scholar 

  • Martin, K., & Shilton, K. (2016). Putting mobile application privacy in context: An empirical study of user privacy expectations for mobile devices. The Information Society, 32(3), 200–216.

    Article  Google Scholar 

  • Micewski, E. R., & Troy, C. (2007). Business ethics–deontologically revisited. Journal of Business Ethics, 72(1), 17–25.

    Article  Google Scholar 

  • Milne, G. R. (2000). Privacy and ethical issues in database/interactive marketing and public policy: A research framework and overview of the special issue. Journal of Public Policy & Marketing, 19(1), 1–6.

    Article  Google Scholar 

  • Milne, G. R., & Bahl, S. (2010). Are there differences between consumers’ and marketers’ privacy expectations? A segment-and technology-level analysis. Journal of Public Policy & Marketing, 29(1), 138–149.

    Article  Google Scholar 

  • Milne, G. R., & Culnan, M. J. (2004). Strategies for reducing online privacy risks: Why consumers read (or don’t read) online privacy notices. Journal of Interactive Marketing, 18(3), 15–29.

    Article  Google Scholar 

  • Milne, G. R., Culnan, M. J., & Greene, H. (2006). A longitudinal assessment of online privacy notice readability. Journal of Public Policy & Marketing, 25(2), 238–249.

    Article  Google Scholar 

  • Milne, G. R., & Gordon, M. E. (1993). Direct mail privacy-efficiency trade-offs within an implied social contract framework. Journal of Public Policy & Marketing, 12(2), 206–215.

    Article  Google Scholar 

  • Mothersbaugh, L. D., Foxx, W. K., II, Beatty, S. E., & Wang, S. (2011). Disclosure antecedents in an online service context: The role of sensitivity of information. Journal of Service Research, 15(1), 76–98.

    Article  Google Scholar 

  • Newman, G. E., Gorlin, M., & Dhar, R. (2014). When going green backfires: How firm intentions shape the evaluation of socially beneficial product enhancements. Journal of Consumer Research, 41(3), 823–839.

    Article  Google Scholar 

  • Nissenbaum, H. (2004). Privacy as contextual integrity. Washington Law Review, 79, 101–139.

    Google Scholar 

  • Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Stanford, CA: Stanford Law Books.

    Google Scholar 

  • Nissenbaum, H. (2015). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics. doi:10.1007/s11948-015-9674-9

  • Nowak, G. J., & Phelps, J. (1997). Direct marketing and the use of individual-level consumer information: Determining how and when “privacy” matters. Journal of Interactive Marketing, 11(4), 94–108.

    Google Scholar 

  • Nunan, D., & Di Domenico, M. (2015). Big data: A normal accident waiting to happen? Journal of Business Ethics. doi:10.1007/s10551-015-2904-x

  • Ohm, P. (2015). Sensitive information. Southern California Law Review, 88(5), 1125–1196.

    Google Scholar 

  • Peslak, A. R. (2005). An ethical exploration of privacy and radio frequency identification. Journal of Business Ethics, 59(4), 327–345.

    Article  Google Scholar 

  • Phelps, J., Nowak, G., & Ferrell, E. (2000). Privacy concerns and consumer willingness to provide personal information. Journal of Public Policy & Marketing, 19(1), 27–41.

    Article  Google Scholar 

  • Pizarro, D., Uhlmann, E., & Salovey, P. (2003). Asymmetry in judgments of moral blame and praise the role of perceived metadesires. Psychological Science, 14(3), 267–272.

    Article  Google Scholar 

  • Pollach, I. (2005). A typology of communicative strategies in online privacy policies: Ethics, power and informed consent. Journal of Business Ethics, 62(3), 221–235.

    Article  Google Scholar 

  • Quick, M., Hollowood, E., Miles, C., & Hampson, D. (2017). World’s biggest data breaches. Informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks. Accessed April 16, 2017.

  • Robinson, S. L. (1996). Trust and breach of the psychological contract. Administrative Science Quarterly, 41(4), 574–599.

    Article  Google Scholar 

  • Robinson, S. L., & Morrison, E. W. (2000). The development of psychological contract breach and violation: A longitudinal study. Journal of organizational Behavior, 21(5), 525–546.

    Article  Google Scholar 

  • Rousseau, D. M. (1989). Psychological and implied contracts in organizations. Employee Responsibilities and Rights Journal, 2(2), 121–139.

    Article  Google Scholar 

  • Russo-Spena, T., Tregua, M., & De Chiara, A. (2016). Trends and drivers in CSR disclosure: A focus on reporting practices in the automotive industry. Journal of Business Ethics, 1–16.

  • Sheehan, K. B., & Hoy, M. G. (2000). Dimensions of privacy concern among online consumers. Journal of Public Policy & Marketing, 19(1), 62–73.

    Article  Google Scholar 

  • Smith, N. C., Goldstein, D. G., & Johnson, E. J. (2013). Choice without awareness: Ethical and policy implications of defaults. Journal of Public Policy & Marketing, 32(2), 159–172.

    Article  Google Scholar 

  • Stohl, C., Etter, M., Banghart, S., & Woo, D. (2015). Social media policies: Implications for contemporary notions of corporate social responsibility. Journal of Business Ethics. doi:10.1007/s10551-015-2743-9

  • Target. (2016). Privacy policy. http://www.target.com/spot/privacy-policy. Accessed May 25, 2016.

  • Tom, G., Barnett, T., Lew, W., & Selmants, J. (1987). Cueing the consumer: The role of salient cues in consumer perception. Journal of Consumer Marketing, 4(2), 23–27.

    Article  Google Scholar 

  • Veatch, R. M. (2007). Implied, presumed and waived consent: The relative moral wrongs of under-and over-informing. The American Journal of Bioethics, 7(12), 39–54.

    Article  Google Scholar 

  • Walker, K. L. (2016). Surrendering information through the looking glass: Transparency, trust, and protection. Journal of Public Policy & Marketing, 35(1), 144–158.

    Article  Google Scholar 

  • Zhou, W., & Piramuthu, S. (2015). Information relevance model of customized privacy for IoT. Journal of Business Ethics, 131(1), 19–30.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Scott A. Wright.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Electronic supplementary material

Below is the link to the electronic supplementary material.

Supplementary material 1 (DOC 206 kb)

Appendix

Appendix

Study 1: Example Companies by Industry

Industry Companies
E-commerce Ebay
Amazon
Cardpool.com
Retail Target
Walmart
Costco
Finance Bank of America
USAA
Citibank
Electronics Apple
Samsung
Best Buy
Telecom/entertainment Comcast
Bravo
AT&T
Miscellaneous US Air Force
Kroger
Mary Kay

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wright, S.A., Xie, GX. Perceived Privacy Violation: Exploring the Malleability of Privacy Expectations. J Bus Ethics 156, 123–140 (2019). https://doi.org/10.1007/s10551-017-3553-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10551-017-3553-z

Keywords

  • Consumer privacy
  • Data dissemination
  • Explicit consent
  • Intentionality
  • Personal data
  • Implied consent
  • Privacy infringement
  • Sensitive information
  • Social contract theory