1 Introduction

More advanced and efficient digital products and services continuously enter the market due to the ongoing progress in digital technologies. This progress allows connecting and equipping a wide range of objects, devices, machines, or buildings with sensors, tags, or software. However, while these more sophisticated goods and services offer new possibilities for value creation, managers have to overcome a number of threats and obstacles that digitalization also harbors (Hess et al. 2016). In an effort to reap the benefits of digitalization and appropriately manage the associated risks, a debate on Corporate Digital Responsibility (CDR) has emerged (Lobschat et al. 2021; Mihale-Wilson et al. 2021). CDR closely relates to the concept of Corporate Social Responsibility (CSR), both summarized under the concept of Corporate Responsibility. The concepts pursue similar goals, namely minimizing negative impacts and maximizing the positive impacts of corporate practices, despite different foci. CSR addresses socially and environmentally relevant issues (Maignan and Ralston 2002), while CDR efforts focus mainly on effects of corporate digital activities and digitalization in general to establish ethical and responsible practices for the development, deployment, and use of digital technologies and data. The concept of CDR pursues the goal to provide a more holistic approach to responsibilities emerging in the digital context rather than addressing them in an isolated manner like issues related to data privacy or access. Accordingly, such a concept and the broad approach associated with it tend to reflect the reality in which (digital) responsibilities also do not occur in isolation. However, the concrete implementation of these concepts hinges on the individual understanding of the concept within the company or the implementing individuals (van Marrewijk 2003).

Recently, the concept CDR gains increasing attention from research and practice. Previous research shed light on defining CDR and its underlying responsibilities (e.g., Lobschat et al. 2021; Herden et al. 2021), discussed CDR as a special application to Artificial Intelligence (AI) governance (e.g., Elliott et al. 2021), or in different industry and economic settings (e.g., Etter et al. 2019; Jones and Comfort 2021). In short, most research on CDR is rather conceptual yet (Mueller 2022). As part of this debate, several approaches share a common understanding of various areas covered by the concept (Mihale-Wilson et al. 2022). However, current research on CDR calls for a more empirical approach to the issue because the conceptualization converges increasingly (Mihale-Wilson et al. 2022; Mueller 2022). Hence, this work contributes to existing research on the subject of CDR by adding a more empirical angle to the discussion (see Fig. 1 for an overview on the status-quo of CDR research). The publication aims at operationalizing CDR in practice by empirically assessing concrete CDR activities in a quantitative fashion. Based on an initial empirical approach to the issue by ranking the dimensions of CDR (Mihale-Wilson et al. 2021), we assess the operationalization of concrete CDR-related activities on measure-level and evaluate a possible segmentation, thus individualization of the offered products and services. The adoption of standards and practices can take place in a variety of manners and levels (e.g., Matten and Moon 2008) and address different stakeholder groups (e.g., consumers, employees, suppliers, the society). The different demands and expectations of the CDR concept are stakeholder-dependent (e.g., Trittin-Ulbrich and Böckel 2022). Accordingly, research and practice should consider preferences of all relevant stakeholder groups for a broad understanding of CDR. Besides, implementing CDR activities in practice grounds on different motivations (Schaltegger and Burritt 2018). Motivation can be either intrinsic or extrinsic. Intrinsic motivation depends on the personality of the implementing persons or their management. Intrinsic motivation proved to be very central in the implementation of CSR (Schaltegger and Burritt 2018). We can already observe the first efforts to drive CDR from intrinsic motivation in practice. Another source of motivation can be extrinsic motivation triggered by stakeholder demands (Schaltegger and Burritt 2018). This study focuses on the operationalization of CDR in practice originating in extrinsic motivation. Usually, companies have a limited budget for conducting activities related to CSR and CDR. Hence, the successful deployment of CDR depends—in case of extrinsically motivated activities—on the ability of firms to implement dimensions and activities in a manner that matches stakeholders’ demands (Kesavan et al. 2013). Research can help to align corporate engagement regarding CDR and stakeholders involved to maximize the potential of the CDR activities. Consumers’ perception of implemented CDR activities has the capability to influence the opinion about a company and hence consumption and adoption decisions (e.g., Schreck and Raithel 2018; Edinger-Schons et al. 2020). The concept of CDR covers a wide range of fields, but in particular puts consumer needs and their rights in a digital world in the center of attention. Thus, this work concentrates on consumers as one key stakeholder group to be able to guarantee a profound evaluation. Additionally, prior research indicated the appropriateness for companies to address different consumer segments of digital products and services individually due to heterogeneous preferences (e.g., Naous and Legner 2017; Mihale-Wilson et al. 2019). Hence, this publication assesses consumer preferences and quantifies them. As is usually the case with new concepts or technologies, consumers are not equally enthusiastic about these developments. Accordingly, there is always a group of consumers who are not enthusiastic about this development, an undecided group, and, usually, a group of consumers who would value this development. Thus, it is important to understand each of these different consumer groups in their heterogeneity. With this study, we pursue consequently two main goals: first, to assess why some consumers do not value the operationalizing of CDR. Second, this study pursues a consumer segmentation approach to evaluate the additional earnings potential for firms accompanied by an individualization of CDR activities conducted. In this vein, this work provides concrete guidance for the operationalization of CDR activities and consumer segmentation in practice, supporting the broad adoption of the concept in corporate practice (i.e., also by targeting consumers not yet enthusiastic).

Fig. 1
figure 1

Status-quo of CDR research

We conduct a series of studies with 663 German-speaking participants to derive insights into consumers’ valuation of CDR dimensions, their corresponding sub-dimensions, and concrete CDR activities (see Fig. 2, Fig. 7 for a detailed overview). We have selected Germany as the first application testing country, as a high level of regulatory requirements (e.g., the GDPR) already applies, which requires a greater commitment for activities classified as CDR activities. In addition, there is already a high level of awareness and sensitivity for corporate responsibilities in the digital context in Germany, and organizations and research located here play a leading role in the further development of the concept of CDR. For example, governmental efforts in Germany target bringing together companies in the so-called “CDR initiative” to further develop and anchor the concept in practice. The empirical evaluation grounds on two types of Discrete Choice experiments (DCEs) with a strong foundation in behavioral and market research, especially for products not yet on the market (Swait and Andrews 2003; Naous and Legner 2017). Before designing and conducting the set of main studies, we performed a set of pre-studies (Mihale-Wilson et al. 2021) featuring two different types of studies to limit the number of attributes evaluated by the participants. Firstly, we conducted a (qualitative) expert discussion to discuss topics summarized under the umbrella concept CDR, applied eight dimensions (Thorun et al. 2017) as the best fitting discussed concept, and developed according sub-dimensions and concrete activities. Secondly, we conducted a set of pre-studies employing two Best–Worst Scaling (BWS) experiments (Mihale-Wilson et al. 2021). The first BWS experiment evaluated the importance of the CDR dimensions for consumers. We then explored these insights more in depth by sequencing several sub-dimensions of the most important CDR dimension in BWS 2. Summing up, aim of the set of pre-studies was to sequence the proposed CDR dimensions and the sub-dimensions of the top-ranked CDR dimension by importance (Mihale-Wilson et al. 2021). With the help of this set of pre-studies, we cannot give recommendations for concrete CDR activities, but we could identify possible fields of action that are most important for consumers. Thus, the results from both BWS pre-studies (Mihale-Wilson et al. 2021) inform the design of the set of main studies consisting of two Dual Response (DURE) experiments. DURE 1 focuses on the most valued activities within the top three sub-dimensions of the top-ranked dimension, and DURE 2 addresses the remaining five dimensions of CDR. By this means, we provide concrete guidance for a comprehensive set of CDR activities and the concept’s operationalization, thus supporting a broader adoption of the concept in practice. Our results enable a consumer segmentation approach to CDR activities, thus to individualize digital offerings.

Fig. 2
figure 2

Conducted set of studies and their research subjects

The next section introduces CSR and a conceptualization of CDR based on existing literature completed by the state of research in the field of DCEs. Section three (set of pre-studies, Mihale-Wilson et al. 2021) and section four (set of main studies) introduce the methodology, study design, and the results of our conducted set of studies. We conclude with a discussion of the results and implications for theory, practice, and future research.

2 Related work

As discussed earlier, research regards the concept of CDR and CSR as intertwined. Both concepts belong to the subordinate concept of Corporate Responsibility. However, CDR deserves the independent attention of the research community as it focuses on the unique responsibilities made necessary by the ongoing digitalization (Lobschat et al. 2021). The strong technological focus of the concept conditions the distinction between CDR and CSR (Mihale-Wilson et al. 2022). To elaborate the gap between CSR and CDR, we first review the main underlying ideas of CSR. We then discuss the core components of CDR referencing to existing literature on unique ethical and social issues posed by the digital era. Subsequently we present the methodological foundation of our research.

2.1 Corporate Social Responsibility

A widely used and established definition of the concept (Pirsch et al. 2007) describes CSR as the society’s expectations towards companies in economic, legal, ethical, and discretionary (philanthropic) matters (Carroll 1979). Corporate responsibilities in the context of CSR capture these expectations and perceived responsibilities towards society. Hence, these responsibilities set the frame for interactions between companies and society (Matten and Moon 2007). For instance, economic responsibilities regarding CSR refer to the company’s purpose to achieve profits, satisfy affected stakeholders, and create sustainability in the long term. While organizations must follow legal obligations (i.e., regulations, laws) when offering products or services, ethical responsibilities in the context of CSR relate to behavior according to “what is right, just and fair, even when they are not obliged to by the legal framework” (Matten and Moon 2007, p. 181). Discretionary responsibilities related to CSR describe behavior fostering the well-being of the associated communities. In particular, the economic and legal responsibilities are a necessary prerequisite for companies’ survival, while ethical and philanthropic commitments are desirable additions (Matten and Moon 2007). However, based on the notion that organizations can determine in the short term the extent to which they will undertake certain responsibilities, the CSR concept anticipates that organizations will adopt activities and initiatives that exceed the requirements necessary for them to run their business. The motivation for implementing such CSR activities differ fundamentally and can be extrinsic (i.e., requirements of relevant stakeholder groups) or intrinsic (e.g., motivation of involved employees and managers, so-called change agents) (Schaltegger and Burritt 2018). CSR initiatives can encompass a variety of actions—depending on the individual understanding of the concept—that address the environment, (physical) product safety, human rights, human dignity, economic development, sustainability, community involvement, and many more (Kesavan et al. 2013).

2.2 Corporate Digital Responsibility

CDR focuses on challenges to the ethical practices of companies that are peculiar to digitalization and the digital era. Associated concrete goals, norms, and values depend on the individual understanding of the implementing organization or the personal understanding (van Marrewijk 2003). Previous research on the ethical and social implications of digitalization indicates that digital technologies (e.g., Internet of Things (IoT), robotics, digital platforms, AI, social media) result in key societal and ethical issues for privacy, security, autonomy, justice, human dignity, and balance of power (Royakkers et al. 2018). The relevance of these topics is rising, driven by the “exponential growth in technological development, malleability of technologies and data in use, and pervasiveness of technology and data” (Lobschat et al. 2021, p. 876). Hence, CDR focuses on unprecedented risks and obstacles of (digital) technologies rather than the relatively broad goal of CSR concerning society where technology plays only a subordinate role (Mihale-Wilson et al. 2022). Overall, the concept of Corporate Responsibility comprises both CSR and CDR, two partially overlapping concepts. Nevertheless, the distinct issues arising in a digitalized world suggest that an expanded conceptualization of Corporate Responsibility in the digital setting is worthwhile, thus motivating separate conceptualizations of CSR and CDR applying simultaneously.

CDR gains increasing traction in research and practice alike. The current scholarly debate shares a common understanding of different areas of CDR activities aimed at consumers despite differing nomenclature. Hence, the conceptualization converges increasingly (Mihale-Wilson et al. 2022). Therefore, this publication rather moves in the encouraged direction of operationalization and empirical assessment of the CDR concept (Mueller 2022). To empirically assess the operationalization of CDR in practice, this work needs to choose one of the systematic approaches to the commonly agreed areas addressing consumers. To provide concrete guidance for practice it is crucial that the approach is easy to access for practitioners. Hence, we opted for a practice-driven approach comprising eight dimensions (Thorun et al. 2017) that reflect the common understanding of CDR activities (Mihale-Wilson et al. 2022). For example, compared to some other conceptual approaches, this nomenclature makes the ecological component less central as a separate dimension. Still, the difference between the concepts does not reside in the scope of CDR but rather in the division and nomenclature of the dimensions and thus different foci. The selected approach and its dimensions (Thorun et al. 2017) are suitable for encouraging the ethical and responsible deployment of technology and data. Even though these dimensions emerged in the context of the practice-oriented CDR discourse, previous research on Information Systems (IS) and Business Ethics theoretically validate the eight dimensions. Especially for the concept of CDR, prior research on IS is of immense importance, as the field of IS deals with operationalization on technology- and product-level in practice and thus matches the understanding and approach to CDR. Table 1 establishes this relationship between the practically formulated dimensions and existing research concerning some dimensions of the concept. Although the CDR concept is new in research, the individual elements of it are not new to IS research (e.g., Mason 1986; Hsieh et al. 2008). Approaching these yet often isolated dimensions under the overarching concept of CDR helps, for instance, companies to have a comprehensive approach to the topic, consumers to have a broader awareness, and supports legislative organizations in regulation.

Table 1 Overview of the eight CDR dimensions
  1. (I)

    Access refers to the ability to physically and mentally access digital technologies, products, or services (Hsieh et al. 2008; Lameijer et al. 2017). This dimension ensures digital inclusion alongside affordability, perceived ease of use, or required prior knowledge (Venkatesh and Brown 2001; Díaz Andrade and Techatassanasoontorn 2021). Besides, companies can offer access to services and products without entering personal data to reduce consumers’ privacy concerns.

  2. (II)

    Education and awareness comprises all actions that empower consumers with information and advice related to the process of purchasing online, data required for online transactions, consumer rights related to data privacy and security, how to exploit these rights, and understanding technologies (Thorun et al. 2017; United Nations 2018). In addition, this CDR dimension encourages companies to equip consumers with tools allowing them to comprehend the consequences of their digital use and behavior, and to enable better-informed decisions about digitalization in the future, e.g., concerning digital well-being, environmental, and societal issues. Both, the access and the education dimensions, seek to reduce the digital divide that results from differences in technology access and capabilities (e.g., Hsieh et al. 2008; Venkatesh and Sykes 2013) therefore pursuing digital empowerment. Prior research broadly agrees that inequalities in technology access or technology-related abilities have negative impacts on both individuals and society. Thus, an ethical, conscientious, and enduring approach to technology should incorporate measures to mitigate inequities in technology access and capabilities.

  3. (III)

    Information and transparency In addition to education, another key requirement for informed decision-making is information and transparency. With the advent of the Internet and immediate availability of information, consumers’ desire for information and transparency also constantly increased (Awad and Krishnan 2006; Granados et al. 2010) when consumers “expect to be very well informed, spoiled, and empowered” (Granados and Gupta 2013, p. 637). Thus, there is a pressure on companies to provide more information and transparency. Transparency is not just about explicitly outlining the capabilities of a product or service but instead related to pricing, products’ provenance, the resources such products were made of, quality, certifications, internal governances, and especially overlapping also with the dimension of data privacy and security (e.g., Granados and Gupta 2013; Carl and Mihale-Wilson 2020).

  4. (IV)

    Economic interests Similar to information transparency, the CDR concept also encourages businesses to consider the economic interests of their consumers, e.g., by the adoption of an appropriate competition policy (United Nations 2018). There is a broad literature base on competing economic interests between consumers and business in the digitalized setting, for instance, related to net neutrality (e.g., Bourreau et al. 2015), price strategies (e.g., Weisstein et al. 2013), interoperability (e.g., Lewis 2013), unbiased recommendation systems (e.g., Xiao and Benbasat 2011) and AI (e.g., Berente et al. 2021), and resource consumption and sustainability (e.g., Truby 2018). Although the focus and range of research questions explored in existing research varies, the recent literature indicates that protecting consumers’ economic interests can be rewarding for companies (e.g., Weisstein et al. 2013).

  5. (V)

    Product safety and liability In the real world, product safety describes the degree of potential risks and injuries due to the handling and use of products while liability relates to the actions of product or service providers in the event of injury (Daughety and Reinganum 1995). In a purely physical world, organizations are unable to limit their liability to the consumer at all, since the source of most injuries is undisputed (Daughety and Reinganum 1995). Conversely, in a digitalized world, it can be much more difficult to find the indisputable cause of injuries and losses due to interconnected products and services from different suppliers continuously sharing and using data to deliver personalized products and services (Smith 2017). Additionally, consumers may suffer not only physical but also mental harm from digital goods and services (Gross et al. 2016), which further complicates the product safety and liability implications. In this vein, the CDR concept enforces businesses to engage in a variety of issues related to product safety, liability, accountability, and reliability of digital products.

  6. (VI)

    Data privacy and security are among the most important issues in the development, deployment, and use of information technologies (e.g., Mason 1986; Mihale-Wilson et al. 2017). It is therefore logically consistent that these topics attract considerable attention from policymakers and researchers alike (e.g., Bélanger and Crossler 2011; Heimbach and Hinz 2018). Regulations in the field (e.g., the GDPR) define minimum requirements that organizations must meet. To count as a CDR activity, companies must voluntarily exceed the minimum legal requirements. Compliance with the minimum requirements does not attract positive attention, but non-compliance can have serious financial and legal implications for companies (Goel and Shawky 2009). As businesses can use strategic initiatives to positively affect consumer perceptions (Hann et al. 2007), this dimension promotes organizations to exceed the privacy and security regulations currently in place, for instance, related to secure handling and storage of data, and digital freedom.

  7. (VII)

    Dispute resolution and awareness The CDR concept also covers dispute resolution and awareness, e.g., with regard to possible difficulties caused by the interoperability and interconnectivity of products and services from different vendors. Dispute resolution more generally refers to dispute resolution mechanisms aimed at enabling consumers who have experienced (e.g., economic) loss or damage in transactions to resolve their grievances and obtain redress (Ang and Buttle 2012). With digitalization allowing organizations to engage across borders, the CDR concept proposes straightforward, uniform, and efficient dispute resolution and awareness tools for all consumers. In practical terms, CDR proposes that consumers should be able to file complaints easily and at no cost, while complaint handling should be fair, fast, and transparent (Turel et al. 2008).

  8. (VIII)

    Governance and participation mechanisms Finally, it is noteworthy that CDR also recognizes the necessity for governments to continually align the regulatory requirements to “steer the digitalization process in the right direction” (Thorun et al. 2017, p. 91). To this end, the CDR concept promotes appropriate governing and participatory mechanisms at state level (i.e., efficient lawmaking, regulatory frameworks, and well-functioning enforcement) in a digitalized environment. In this context, governance and participation engagement lies in the responsibility of policymakers and other non-governmental regulatory organizations (Thorun et al. 2017) and is therefore an exogenous force within a company’s CDR concept. Internal company governances have no application in this dimension, but are subject to other dimensions such as information and transparency, and economic interests. Thus, we exclude the dimension of governance and participation mechanisms from further investigation as this study evaluates the operationalization of CDR in companies rather than exogenous forces for companies.

Summing up, the concepts of CSR and CDR share the idea of voluntariness, although current legislation already regulates several aspects of the aforementioned CDR dimensions. Nevertheless, it is crucial to recall that CDR constitutes actions that companies may undertake voluntarily and in supplement to any minimum requirements that may be in place. Only fulfilling legally required minimum actions is not sufficient to count as CDR activities. Accordingly, the understanding of CDR differs worldwide, as there apply different legal minimum requirements. CDR efforts involve additional expenses and investments that companies must consider if they decide to pursue these kinds of activities. One motivation for addressing additional corporate responsibilities can be stakeholders’ growing interest as seen for the concept of CSR (Schaltegger and Burritt 2018). Thus, it is inevitable to better understand and to take consumer preferences into consideration when developing and establishing CDR activities also employing them for market segmentation (e.g., Naous and Legner 2017; Mihale-Wilson et al. 2019). For companies, consumer acceptance of their CDR activities is one decisive success factor to prevail also in the future. Yet, research on CDR mostly focuses on the conceptualization (Mueller 2022) rather than approaching the topic empirically. One initial research approach evaluated consumer preferences for CDR on dimension-level (Mihale-Wilson et al. 2021). However, this is not sufficient for companies to have a concrete understanding for operationalizing the concept on a measure-level (Mueller 2022). This could even slow down the adoption of CDR activities in practice. Accordingly, this study aims to remedy this. To the best of our knowledge, there is no previous research that assesses CDR operationalization by evaluating consumers’ preferences for concrete CDR measures and an according consumer segmentation quantitatively in-depth, a gap this study aims to close.

2.3 Discrete Choice experiments and random utility theory

In a developing field like CDR, it is essential to evaluate consumer preferences. These preferences set the direction for the development of CDR as a concept but also for the implementation of CDR strategies in companies. DCEs are a state-of-the-art method for assessing consumer preferences (e.g., Swait and Andrews 2003; Gensler et al. 2012; Schlereth and Skiera 2017).

Respondents repeatedly make trade-off decisions between a set of product alternatives characterized by their attributes and attribute levels, selecting the one that maximizes their utility. Thus, the attractiveness of each attribute level is evident with this approach. Random utility theory lays the foundation for evaluating DCEs (Train 2009; Louviere et al. 2013). DCEs are similar to real-world choices and therefore suitable to explain the value of specific product features and actual purchasing behavior (Swait and Andrews 2003; Gensler et al. 2012). Compared to self-explicated methods, rating- or ranking-based conjoint analysis, DCEs provide a direct link to the participants’ actual choices (Hinz et al. 2015).

3 Set of pre-studies: consumers’ valuation of the CDR dimensions and its sub-dimensions

Aim of this entire set of studies is to provide guidance on concrete CDR activities and consumer segmentation for firms based on consumers’ perceived importance of these activities. However, the seven relevant out of the eight CDR dimensions (see Table 1, except for the excluded dimension of governance and participation mechanisms) cover a wide range of possible sub-dimensions, each featuring several concrete activities firms can perform (see Fig. 2). Therefore, we conducted a set of pre-studies employing two BWS experiments (Mihale-Wilson et al. 2021) before proceeding to a preference evaluation deploying two DURE studies (i.e., set of main studies) based on the insights from the set of pre-studies. The first BWS experiment evaluated consumers’ perception of the CDR dimensions (see Table 1, except for the excluded dimension of governance and participation mechanisms). We then explored these insights more in depth by sequencing several sub-dimensions of the most important CDR dimension in BWS 2. Summing up, aim of the BWS pre-studies was to sequence the proposed CDR dimensions and the sub-dimensions of the top-ranked CDR dimension by importance (Mihale-Wilson et al. 2021). The results from both BWS experiments then inform the design of the two DURE experiments. Since established methods like DURE studies can only deal with a limited number of attributes, this consecutive approach is necessary to evaluate concrete CDR activities. The following sections introduce the methodology, study setup, and results of the set of pre-studies (Mihale-Wilson et al. 2021).

3.1 Best–Worst Scaling

Best–worst scaling has been widely used to assess consumer preferences for decades (Finn and Louviere 1992; Hinz et al. 2015) also for consumer perspectives in CSR research (Auger et al. 2007). BWS is an advanced version of paired comparison (Cohen and Orme 2004; Auger et al. 2007), where participants each choose their most and least preferred attribute from a varying set of attributes (Hinz et al. 2015; Kaufmann et al. 2018). In this manner, researchers can compare subjects and people minimizing bias due to the utilization of scales or the consumers’ cultural background (Auger et al. 2007). Besides, BWS is superior to ranking methods when the number of employed attributes is large, and the equal differences between two consecutive attributes cannot be assumed (Hinz et al. 2015). Furthermore, BWS studies are particularly suitable in the case of heterogeneous groups, e.g., with regard to education or knowledge (Hinz et al. 2015). Thus, this methodology fitted well with our investigation of the evolving CDR concept (Mihale-Wilson et al. 2021).

We opted for the counting method to analyze individual and aggregate sample preference estimations regarding the most and least important attribute choices (Finn and Louviere 1992). Within the BWS studies, we evaluated seven attributes within seven choice sets each featuring three alternatives. Thus, with a balanced design, each attribute appeared three times to the sample (= 7 × 3/7). In this case, Best–Worst (BW) scores ranged between − 3 (worst) and 3 (best) depending on the frequency consumers chose this attribute (Mihale-Wilson et al. 2021).Footnote 1 This analysis was sufficient to rank the dimensions according to their perceived importance (Hinz et al. 2015).

3.2 Study setup

The design of our BWS studies followed the one of Auger et al. (2007) and utilized DISE implemented by Schlereth and Skiera (2012). Both BWS studies employed the same questionnaire schema (see Supplementary Information). The first part comprised a brief explanation of the topic of CDR in general, to prepare participants for the BWS part, followed by further questions exploring socio-demographic data (i.e., gender, age, education, employment). Consumers indicated the most and least important CDR attribute within each of the seven choice sets (see Fig. 3). The design of our choice sets employed the Balanced Incomplete Block Design featuring (1) the same number of attributes within each choice set; and (2) the same number of occurrences of every attributes across choice sets (Kaufmann et al. 2018).

Fig. 3
figure 3

Study design—exemplary choice set in the set of pre-studies (Mihale-Wilson et al. 2021)

An examination of relevant personality traits and participants’ attitude towards technology in general followed the BWS part. Consumers indicated psychographic attributes on 7-point Likert scales (Bruner 2009) measuring established constructs from psychology and marketing.Footnote 2 Before conducting the BWS experiments, we did a pilot test to check for clarity of the questionnaire and easiness to fill in.

3.3 Data

Both BWS studies employed the same participant sample as results directly build upon each-others. A market research institute recruited a representative sample of the German population. Out of 791 participants, 663 participants finished both BWS studies also passing the attention checks. The sample had an almost equal gender split and is between 17 and 87 years old (see Table 13 in the Appendix).

3.4 Results

Firstly, one BWS experiment determined an overall ranking of the various CDR dimensions. An additional BWS experiment addressing the favored sub-dimensions of the top-ranked dimension in detail then complemented the first BWS experiment. This second BWS experiment aimed at evaluating various possible sub-dimensions of the wide-ranging, most important CDR dimension (Mihale-Wilson et al. 2021).

3.4.1 Overall ranking of the CDR dimensions

Figure 4 ranked the averaged BW scores (standard deviations (SD) in parentheses) of the assessed CDR dimensions in decreasing order complemented by the distances between the BW scores of the top three consumer choices (Δ). BW scores reflect the relative importance of choice sets ranging from − 3 to 3. We opted for the counting method to analyze individual and aggregate sample preference estimations regarding the best and worst attribute choices (Finn and Louviere 1992).1 Thus, averaged BW scores reflect the relative importance of choice sets across the entire participant sample. In short, consumers saw data privacy and security, product safety and liability, and information and transparency as the most important CDR dimensions. While consumers appreciated corporate activities related to access, economic interests, and dispute resolution less. Expanding on these results and consumer preferences regarding the CDR dimensions, we conducted another BWS experiment to assess consumers’ valuation of possible sub-dimensions within the highest-ranked CDR dimension—data privacy and security.

Fig. 4
figure 4

Averaged BW ratings (SD) of CDR dimensions across participants

3.4.2 Detailed ranking of data privacy and security sub-dimensions

The following BWS experiment served as a starting point for the DURE analysis of the most important CDR dimension since DURE studies can only capture a limited number of deployed attributes. Thus, we first assessed the most preferred sub-dimensions before the evaluation of concrete activities within these dimensions in the form of a DURE experiment.

There is a broad, multifaceted research base on the importance of data privacy and security in IS covering various different aspects (e.g., Bélanger and Crossler 2011). Several classification schemes exist to describe the scope of privacy. For example, Smith et al. (1996) name (1) data collection; (2) unauthorized secondary usage; (3) improper access; and (4) information accuracy as four main aspects. In practice, data privacy and security regulations incorporate these aspects, for instance, resulting in eight main principles as in the OECD Privacy Framework (2013): (1) collection limitation; (2) data quality; (3) purpose specification; (4) use limitation; (5) security safeguards; (6) openness; (7) individual participation; and (8) accountability principle. The BWS experiment examined seven of the eight sub-dimensions within the OECD Privacy Framework excluding the principle of accountability. Accountability is an important framework condition for the compliance with other principles and therefore excluded. The seven sub-dimensions used for our BWS experiment captured previous research on data privacy and security as well as the current state of legislation (see Table 2).

Table 2 Data privacy and security sub-dimensions in BWS 2 (Mihale-Wilson et al. 2021)

Figure 5 indicates the average BW scores of the data privacy and security sub-dimensions. The results underlined the importance of secure storage and processing, a restricted data collection, and data access and correction for consumers, while consumers seemed to appreciate openness about data processing practices, high data quality, or a clear purpose of data collection less. This was rather surprising given that, e.g., the GDPR emphasizes the importance of purpose limitation as one of the central pillars.

Fig. 5
figure 5

Averaged BW ratings (SD) of privacy and security sub-dimensions across participants

4 Set of main studies: consumers’ valuation of CDR operationalization

So far, the set of pre-studies (Mihale-Wilson et al. 2021) provided insights into which CDR dimensions and which related sub-dimensions consumers value most. Despite these insights in the set of pre-studies, it is still unclear how consumers perceive concrete CDR activities also relative to economic factors. The goal of the set of main studies is to address this gap and support the operationalization of CDR and firms’ consumer segmentation strategy. Accordingly, our further assessment deploys DURE to evaluate possible activities within these CDR dimensions but excluding the product safety and liability dimension. We could not verify stable product safety and liability activities for empirical assessment for the sake of them being very heterogeneous issues across product types and nationally fragmented (Desai 2014; Howells et al. 2017; Kozup 2017). This notwithstanding, product safety and liability are strongly regulated fields. Companies have only very few degrees of freedom in this context (Jorstad 2000). Thus, companies need to fulfil these regulations but often cannot use this factor as a unique selling proposition. Aim of this study is to provide guidance which dimensions to implement first and how to implement them specifically (i.e., providing guidance on the operationalization of CDR), therefore focusing on the further CDR dimensions.

First, we offer some insights into DURE and Choice-based Conjoint (CBC) analysis complemented by the study setup. Second, we present the results of the set of main studies. This set consists of two independent experiments and its design grounds on the initial rankings (i.e., CDR dimensions in general and sub-dimensions of the data privacy and security dimension) from the set of pre-studies (Mihale-Wilson et al. 2021): one DURE experiment focuses on the most valued activities within the top-ranked data privacy and security sub-dimensions, and the other DURE experiment addresses the remaining five dimensions of CDR to provide guidance for companies on possibly useful, concrete CDR activities and consumer segmentation. Besides, the studies provide insights on specific characteristics of participants not valuing the implementation of CDR activities in practice, hence not yet in the market. Still, it might be sensible for companies to acquire a large consumer base also by convincing non-purchasers.

4.1 Dual Response

DURE is a modification of the widespread CBC analysis as used in market research especially for business research and marketing (e.g., Gensler et al. 2012; Hinz et al. 2015; Naous and Legner 2017) and belongs to DCEs (Schlereth and Skiera 2017). Characteristically, CBC enforces participants to repeatedly trade-off between multi-attributed product versions in context with a price (Green and Srinivasan 1990). Conducting a CBC analysis reveals consumer preferences about a product or service. To better map the market, studies can implement a “no choice” option (Louviere and Woodworth 1983; Gensler et al. 2012). In case of a traditional CBC analysis, this option is available parallel to the prompted alternatives, thus losing knowledge about the preference order and leading to a knowledge bias in case of a selected no choice option (Brazell et al. 2006). To compensate for this weakness, DURE emerged (e.g., Brazell et al. 2006; Hinz et al. 2015; Schlereth and Skiera 2017). Each choice set in a DURE experiment consists of two trade-offs. Firstly, consumers have to choose one out of several alternative products that they like most (forced-choice). Secondly, they have to decide whether they would choose this product or not (free-choice). The no choice option is no longer parallel to the product alternatives but consecutive thus offering more information on consumer preferences. Consumers who are currently not yet active on the market also provide insights in this way (Brazell et al. 2006). Especially with an expected high share of no choices, this method can lead to more stable preferences and reliable results (Brazell et al. 2006). Due to the novelty of CDR, a high proportion of no choice decisions is likely. Thus, DURE seems to be suiting to evaluate preferences on CDR. The analysis of the DURE study relies on random utility theory (Train 2009). Consumers’ valuations of the latent value of respective CDR activities complement findings from the DURE study. To evaluate the latent value of CDR activities we employ the concept of the willingness to pay (WTP) (e.g., Green and Srinivasan 1990). In general, the WTP is defined as the indifference reservation price meaning “the price at which a consumer is indifferent between purchasing and not purchasing a bundle” (Meyer et al. 2018, p. 503). To provide insights into consumers’ latent value ratings for CDR activities we calculate the latent values analogous to the concept of WTP (Gensler et al. 2012).

4.2 Study setup

Aim of the DURE studies is to evaluate consumers’ perception of different, concrete activities within the previously ranked CDR dimensions and sub-dimensions (set of pre-studies, Mihale-Wilson et al. 2021) complemented by a consumer segmentation approach. The results from the set of pre-studies condition the attributes (i.e., activities) chosen for the DURE studies. A literature review reveals respective attribute levels covering the status-quo in the market but also incorporating further improvements. The chosen attribute levels address the ranked dimensions and their respective sub-dimensions (see Tables 3, 8). To reduce the effort for participants, we conducted two independent DURE experiments covering activities within the top-ranked data privacy and security sub-dimensions in DURE 1 and activities within further CDR dimensions in DURE 2 for a comprehensive understanding of possible CDR activities. The design of the DURE experiments follows established scientific approaches and data collection methods as an online survey (e.g., Brazell et al. 2006). The survey consists of three major parts analogous to the set of pre-studies. To make the more abstract topic of CDR tangible for the participants, a use case serves as an illustration for the DURE parts. In addition, the effectiveness and design of CDR activities is partly based on the specific industry in which CDR is to be implemented (Mihale-Wilson et al. 2022). Accordingly, we employed IoT as a tangible example of an ongoing digitalization and at the same time as a rapidly growing market with an ever-increasing importance for our professional and private everyday life. The first part of each DURE experiment presents every participant an introductory video showing the amenities, IoT can have in everyday life. Furthermore, descriptions of the assessed attributes (i.e., CDR activities) and their assorted characteristics appeared.

Table 3 Attributes and attribute levels of data privacy and security—DURE 1

The DURE experiments use DISE (Schlereth and Skiera 2012) for implementation. To reduce the complexity and the length of the survey, we limited the number of choice sets while still producing valid insights. Therefore, we followed the techniques by Street and Burgess (2007) deploying only a limited number of attributes creating a D-optimal fractional factorial design with 12 choice sets. Participants had to choose one out of three product versions followed by the question if they would actually subscribe to this solution or not (see Fig. 6).

Fig. 6
figure 6

Study design—exemplary choice set in the set of main studies

Further questions exploring socio-demographic data (i.e., gender, age, education, employment) as well as relevant personality traits and the participants’ attitude towards technology and innovation in general follow the DURE part. For the psychographic information, we employ 7-point Likert scales (Bruner 2009) and established constructs from psychology and marketing.2 We conducted a pilot test to check for clarity of the questionnaire and easiness to fill in.

4.3 Consumers’ valuation of activities regarding the data privacy and security sub-dimensions

The set of pre-studies Mihale-Wilson et al. (2021) validated the importance of data privacy and security, also proposing the most-valued sub-dimensions of this CDR dimension. The more in-depth assessment of consumers’ preferences and latent values for concrete activities within the three top-ranked sub-dimensions of privacy and security (DURE 1) advances the initial ranking in the set of pre-studies (BWS 2, Mihale-Wilson et al. 2021). DURE 1 focuses on the top three sub-dimensions of data privacy and security to avoid participants’ information overload. Each data privacy and security sub-dimension represents a broad field of application, thus, we chose one subordinate activity (attribute) per sub-dimension to limit the participants’ effort.

Limited or restricted data collection must be with the consent of the user, nevertheless many consumers struggle to understand what data companies are really collecting and what it is for, thus making uninformed decisions (Wieringa et al. 2021). Even though companies have to inform about this in an understandable way according to the GDPR (e.g., Felzmann et al. 2019). Whereby this is a rather subjective legal requirement. Hence, companies can define themselves in the implementation beyond the legal minimum requirement. Thus, the attribute information regarding data collection in the form of the data protection declaration covers the aforementioned sub-dimension. Access and correction of personal data is ranked under the top three sub-dimensions and (partly) covered by the GDPR therefore captured in the DURE analysis by its own attribute (e.g., Martin 2015). Here, companies can implement the access to data required by the GDPR more or less easily for consumers. Hence, the item access and correction of personal data covers this differing manifestation. Secure storage and processing presents the top-ranked sub-dimension and goes beyond the mere process in the eyes of the consumers. This sub-dimension is mainly perceived in the form of incidents and the related notifications (e.g., Thorun et al. 2017). Thus, the corresponding attribute is the notification of incidents concerning stored personal data. Direct, personal information of those affected can be obligatory for companies (i.e., by the GDPR), depending on the incident and instructions from the supervisory authority. Beyond this obligation, companies can also voluntarily assume more responsibility in this respect and exceed the legal minimum. Additionally, we include the price per month to assess consumers’ perceived latent valuation of CDR activities. The price of the service and the data privacy and security features can influence the WTP for this service. We based our pricing on the monthly costs of entertainment subscriptions such as Spotify (9.99€), Netflix (7.99€), or Amazon Prime (7.99€).Footnote 3 Accordingly, Table 3 comprises the deployed attributes (activities) and respective levels.

4.3.1 Data

The first DURE study expands the results of the BWS studies and uses the same sample as the BWS studies. A market research company provided a representative sample with 404 German participants completing both BWS and the first DURE experiment also passing the attention checks. The sample has an almost equal gender split and is between 17 and 75 years old (see Table 13 in the Appendix).

4.3.2 Results

The primary goal of the first conducted DURE analysis is the identification of consumer preferences regarding concrete data privacy and security activities. We first present characteristics of those who do not value the operationalizing of data privacy and security activities and thus are not in the market, at least yet. We then proceed with a consumer segmentation of those who are in the market to guide practice in individualizing data privacy and security activities to better meet the different preferences. Reasonable signs and magnitudes of the parameter values indicate face validity. Internal validity is high with a hit rate of 90.14%, thus suggesting an adequate sample quality and high validity of the results.

4.3.2.1 Evaluation of participants’ characteristics not (yet) in the market

Aggregated over all 12 choices, we observe 52.23% of the respondents never choosing any of the presented products (i.e., non-purchasers), while only 15.84% of the consumers always choose one of the presented alternatives (i.e., always-purchasers). The high share of no choices supports the choice of DURE. Other established methods like CBC would lead to a loss of information because the no choice option is available parallel to the prompted alternatives, thus losing knowledge about the preference order and leading to a knowledge bias. Analyzed more in detail, for companies, it is essential to know how to target the type of consumer who is more difficult to acquire with additional data privacy and security activities, hence the non-purchasers, in future. When evaluating the characteristics of non-purchasers we found that their decision not to subscribe to any of the IoT solutions with different data privacy and security attributes is significantly correlated with a higher age and not very surprisingly with higher privacy concerns (see Table 4). High privacy concerns may limit the overall adoption of such systems (e.g., Carl and Mihale-Wilson 2020) regardless of the CDR activities conducted. For these consumers, there might be a general lack of trust regarding companies and their (privacy) activities that hinders general adoption of IoT solutions distrusting the claim of any CDR activities (e.g., Sicari et al. 2015; Khan et al. 2019). Firms first have to establish a sufficient level of trust before they can distinguish themselves credibly to these non-purchasers through additional data privacy and security activities.

Table 4 Characteristics of non-purchasers—DURE 1
4.3.2.2 Consumer segmentation regarding data privacy and security activities

A first analysis (see Table 5) of the data for the entire sample (i.e., non-, sometimes-, and always-purchasers) provides us estimated parameter values and importance weights of the activities (attributes) across the entire sample. The importance weights gained allow ranking the considered concrete CDR activities for the whole sample. Weighting the four deployed attributes, access and correction of personal data (30.51%), and price per month (30.18%) seem to play a leading role for consumers regarding CDR activities in the field of data privacy and security. Access and correction of personal data outperforms in the in-depth analysis of possible activities. The reason might lie in the additional understanding and awareness consumers gained when presented with the detailed possibilities inherent in this dimension. While consumers might be aware of the importance of secure storage and processing, access and correction of personal data might be rather unfamiliar to them. Utility increases substantially when the easy access to correct or delete personal data is available instead of mere information about personal data (enhancement of 1.67). Many regulatory regimes set minimum requirements that companies can voluntarily exceed concerning notifications of incidents concerning stored personal data (19.78%), and information regarding data collection (19.54%), but consumers seem to value these facets of CDR less. The highest increase in utility regarding the notification of incidents concerning stored personal data is observable between the information on request and an automatic notification of affected consumers (increase of 0.34). Consumers even prefer this notification type compared to a public broadcast. Surprisingly, in the dimension information regarding data collection, utility values decline (decline of 0.49) for a more standardized declaration (i.e., detailed form and a more standardized overview). Thus, consumers seem to prefer a more extensive data protection declaration—for the information on data collection practices—compared to a simpler approach to this matter. Altogether, these findings go in line with previous technology adoption research. On the one hand consumers are highly concerned about their personal data stored (e.g., Awad and Krishnan 2006; Baumann et al. 2019) but on the other hand price plays a striking role especially for digital goods (Mihale-Wilson et al. 2019).

Table 5 Perceived value of the data privacy and security activities—DURE 1

The overall high standard deviations especially of the two top-ranked attributes price per month (SD = 31.15%), and access and correction of personal data (SD = 23.12%) indicate heterogeneous preferences within the sample (see Table 5). Thus, a cluster analysis could reveal some additional insights relevant for market segmentation. For clustering, we employed the two unsupervised learning algorithms Principal Component Analysis (PCA) and K-Means. Before performing the cluster analysis, we use PCA to generate aggregated principal components summarizing psychographic attributes (i.e., privacy concerns, technophobia, change seeking behavior, innovativeness, trust, risk appetite, online transaction perception). The PCA generated three principal components summarizing the braveness (i.e., change seeking behavior, risk appetite), the trusting nature (i.e., trust, privacy concerns (reversed), online transaction perception), and technology affinity (i.e., technophobia (reversed), innovativeness). Afterwards, a cluster analysis employing K-Means effectively divides participants into four segments according to the generated principal components (i.e., braveness, trusting nature, technology affinity) and demographic information (i.e., age, education, employment status). To determine the optimal number of clusters K we applied the “Elbow criterion”. To avoid distortions in our WTP calculation (Gensler et al. 2012), we removed respondents from this analysis who invariantly subscribed (i.e., always-purchasers) or did not subscribe (i.e., non-purchasers) to the IoT solutions regardless of the privacy attributes. The thus adjusted sample contains 129 respondents (i.e., the sometimes-purchasers).

We labeled the clusters according to their demographics and the derived principal component scores to distinguish them (see Table 6). Accordingly, segment 1, the distrustful brave, exhibits the comparatively lowest average score for trust and the highest for braveness across the various segments. Similarly, we label the other segments young performer, retired traditionalists, and technology affine conservatives. Table 7 presents the resulting preferred product variations as well as their associated latent value (WTP). It shows the three most preferred product variations per consumer segment and for the entire sample (i.e., all sometimes-purchasers) alongside with their associated monthly WTP. For example, for the distrustful brave, the most preferred product variation features detailed information regarding data collection, information, correction, and deletion access to personal data, and the notification of incidents for affected users only, with an associated WTP of 3.17€ per month.

Table 6 Consumer segments—DURE 1
Table 7 WTP and preferred products—DURE 1

The evaluation of consumer preferences unanimously advices companies to commit to easy access to the information on, correction, and deletion of personal data. We found no interest for other access approaches. Except for this attribute, consumer preferences are quite heterogeneous (see Table 7). In this case, one approach to further data privacy and security activities does not fit all equally. Rather, companies should consider individualizing and targeting their CDR activities related to this dimension by exceeding legal requirements. Regarding their information practices, companies can pursue two different approaches. On the one hand, they could offer several untargeted information approaches to data collection practices simultaneously to meet the preferences of a broad mass of people. However, companies pursuing this strategy of different information sources should take the problem of a potential information overload into account. On the other hand, firms might consider customizing information approaches for different consumer segments through targeted communication media to respond to the different preferences. Preferences for the notification of incidents are rather heterogeneous, too. While retired traditionalists favor the notification of incidents on request, the other segments value the pro-active notification of affected users and public broadcasts more. Hence, one size does not fit all when assessing different approaches to the notification of incidents. In sum, the results suggest that companies can differentiate themselves more or less with additionally assumed responsibilities in the context of data privacy and security depending on different consumer segments. To appropriately address different market segments, companies should assess relying on different communication strategies for incident reporting and data collection information, adapting them to different communication channels to address different market segments through their preferred communication media.

To enable a more informed prioritization of CDR activities, we also determined the latent value of various CDR activities (see Table 7). We found positive latent values for data privacy and security related activities of companies across the sample ranging from 3.17€ to 6.52€ for the most preferred bundle except for the segment of the retired traditionalists. Retired traditionalists reveal negative latent values for data privacy and security activities. Their lack of technology affinity also manifests itself in the missing appreciation for such products or services and thus the evaluated IoT solutions. Recent research on preferred privacy properties of IoT systems confirms this impression that older users in particular have a lower WTP for such attributes than younger users (e.g., Zibuschka et al. 2019). Still, the observed mostly positive latent values for the implementation of more advanced data privacy and security activities might not fully account for the expenses of companies to implement these activities. This supports the hypothesis that consumers expect high standards in this field but only punish the absence instead of being overly excited by their implementation (Goel and Shawky 2009). Moreover, these results support the assumption that different consumer segments do not value the implementation of additional CDR activities (monetarily) equally and, accordingly, companies cannot define themselves equally strongly towards different consumers. Hence, companies should pursue consumer segmentation in practice, as one size does not fit all equally. Besides, companies should evaluate whether they can easily supply different versions of their digital offerings, also to appeal to more cost-conscious consumers. For this purpose, firms could implement different versions with lower levels of data privacy and security activities, still exceeding legal minimum requirements. In addition, they should pursue individualization of CDR activities with regard to the various psycho-demographic consumer segments to cover different preferences and at the same time exploit (monetary) appreciation.

4.4 Consumers’ valuation of activities regarding further CDR dimensions

A more in-depth assessment of consumers’ preferences and latent value of different CDR activities within the remaining dimensions advances the ranking of the most important CDR dimensions (BWS 1). The set or pre-studies (Mihale-Wilson et al. 2021) suggested that enterprises should definitely act in the sense of data privacy and security. Additionally, product safety and liability, a highly regulated field, is of importance. Thus, companies should target it to the best of abilities maybe even above and beyond regulatory standards. Still, it might be reasonable to diversify CDR activities also considering the implementation of activities within additional CDR dimensions as a differentiator. In contrast to the scholarly debate on the data privacy and security topic, research on other CDR dimensions like transparency and its benefits is scarce and dispersed across various disciplines (Granados et al. 2010). Thus, the following evaluation of the further CDR dimensions should serve as a guidance for firms on a more comprehensive CDR operationalization and associated consumer segmentation. The examination covers the remaining five dimensions but merging access and education as they overlap in some activities not to overload the participants. Each CDR dimension represents a broad field of application, thus one chosen subordinate attribute (i.e., activity) limits the participants’ effort (see Table 8). Not to exceed the participants’ effort, we did not conduct upstream BWS studies on all five remaining dimensions to filter out the highest valued sub-dimensions in each case unlike the top-ranked dimension. Instead, we selected attributes and their levels from literature with focus on tangibility.

Table 8 Attributes and attribute levels of the further CDR dimensions—DURE 2

The corresponding attribute to the high ranked dimension information and transparency is transparency regarding data protection. This attribute is partly overlapping with the dimension data privacy and security contained in the previous DURE experiment. Still, information and transparency is especially important for consumers in regard to data protection as this concern is central for consumers of digital technologies (e.g., Felzmann et al. 2019) enforcing consumers’ informed decision making (Wieringa et al. 2021). The GDPR partly covers this item. However, companies can voluntarily establish even more transparency exceeding regulatory requirements. User support covers the two dimensions education and access as an overlapping attribute. It is an implementation in regard to education but also to access when it comes to the design of the interaction as a prerequisite for genuine informed consent (e.g., Felzmann et al. 2019). Interoperability captures the dimension economic interest in the DURE analysis. Especially the lack of interoperability is perceived by the consumer in everyday use (e.g., Lewis 2013; Felzmann et al. 2019). While consumers perceive possible alternative attributes like competition policy less. Finally, the corresponding attribute to dispute resolution manifests in the design of the dispute resolution center (e.g., Thorun et al. 2017). Additionally, the price per month allows evaluating consumers’ perceived latent valuation of CDR activities. We based our pricing on the monthly costs of entertainment subscriptions as in DURE 1.Footnote 4 Accordingly, Table 8 comprises the deployed attributes in the DURE study and their levels.

4.4.1 Data

The second DURE study expands the results of the BWS studies and uses the same sample as the BWS studies. A market research company provided a representative sample with 415 German participants completing both BWS and the second DURE experiment also passing the attention checks. The sample has an almost equal gender split and is between 17 and 74 years old and (see Table 13 in the Appendix).

4.4.2 Results

The primary goal of the conducted second DURE analysis is the identification of consumer preferences for broader CDR activities and an according consumer segmentation. Again, we first present characteristics of those who do not value the operationalizing of further CDR dimensions and thus are not yet in the market. We then proceed with a consumer segmentation of those who are in the market to guide corporate practice in individualizing further CDR activities to meet the different preferences. Reasonable signs and magnitudes of the parameter values indicate face validity. Internal validity is high with a hit rate of 91.66%, thus suggesting an adequate sample quality and high validity of the results.

4.4.2.1 Evaluation of participants’ characteristics not (yet) in the market

Aggregated over all 12 choices, we observe 54.46% of the respondents never choosing any product (i.e., non-purchasers). Only 12.53% of the consumers always choose their favored alternative (i.e., always-purchasers). The high share of no choices again supports the choice of DURE compared to other widely used methods like CBC. To provide more information for companies which consumer are more difficult to acquire with additional CDR activities we again conducted a logistic regression to characterize the non-purchasers. When evaluating the characteristics of non-purchasers we found that their decision not to subscribe to any of the IoT solutions with different CDR attributes is significantly correlated with higher privacy concerns but also with change seeking behavior (see Table 9).Footnote 5 Again, high privacy concerns can limit the general adoption of IoT solutions and similar products and services (e.g., Carl and Mihale-Wilson 2020) despite CDR activities of companies. This illustrates the extent to which a lack of trust due to privacy concerns also has an halo effect on further activities of companies, especially in the context of CDR. Hence, companies should not treat data privacy and security in isolation, but should take a more holistic approach to their responsibilities in the digital context, which is supported by the concept of CDR. Still, non-purchasers reveal a comparatively high change seeking behavior. Hence, companies should exploit this psychographic attribute when they want to convince previous non-purchasers. To achieve this, firms have to make it credibly clear to the consumer how much the company is pursuing a change in taking responsibilities and generating a new level of trust in conducted activities.

Table 9 Characteristics of non-purchasers—DURE 2
4.4.2.2 Consumer segmentation regarding further CDR activities

Again, a first analysis of the data for the entire sample (i.e., non-, sometimes-, and always-purchasers) provides us estimated parameter values and importance weights of the attributes across the entire sample (see Table 10). Weighting the four deployed attributes, price per month (41.29%) plays a striking role for the success of CDR activities. The comparatively highest valued activity within CDR is interoperability (29.39%). Surprisingly, economic interests and correspondingly interoperability outperforms in the in-depth analysis of possible activities. The reason might lie in the understanding of this dimension. While consumers imagine the influence of CDR activities on safety and liability, their understanding of how CDR activities can protect their economic interests might be rather limited. Therefore, specific measures might broaden their awareness and thus influence their evaluated importance, especially as interoperability is an everyday problem. Utility substantially increases with seamless interoperability instead of solely independent devices and systems (enhancement of 2.41). User support (11.45%), dispute resolution (10.38%), and transparency regarding data protecting (7.49%) are also crucial but less important for the success of CDR. The highest increase in utility regarding dispute resolution is observable between the manufacturer as a point of contact and an independent consumer protection agency (increase of 0.43). Surprisingly, in the dimension user support, utility values decline between a call center and a roboadvisor (decline of 0.60). Thus, consumers seem to prefer the personal contact instead of a faster solution. The same phenomena is observable in case of transparency regarding data protection with a decline of 0.29 in utility values between a detailed form and a more standardized overview. Thus, consumers seem to prefer a more extensive data protection declaration instead of a simpler and more transparent approach to this matter. In the DURE analysis, the dimension of information and transparency underperforms compared to the overall CDR ranking (BWS 1, Mihale-Wilson et al. 2021) providing evidence for the need of a more detailed insight into consumer preferences for specific CDR activities. Altogether, these findings go in line with previous technology adoption research. On the one hand consumers highly appreciate an effortless usage of connected products and on the other hand the price for digital goods plays a striking role (Mihale-Wilson et al. 2019).

Table 10 Perceived value of the further CDR dimension activities—DURE 2

The likewise overall high standard deviations especially of the two top-ranked attributes price (SD = 33.32%), and interoperability (SD = 22.52%) again indicate heterogeneous preferences (see Table 10) and support the applicability of market segmentation not only in terms of data privacy and security but also CDR in general. Thus, we again conduct a cluster analysis for market segmentation. Before performing the cluster analysis, we again employed PCA to generate aggregated principal components summarizing the psychographic attributes. In this case, the PCA generated two principal components aggregating the in love with the new (i.e., technophobia (reversed), change seeking behavior, innovativeness) and the trusting nature (i.e., privacy concerns (reversed), trust). Afterwards, the cluster analysis employing K-Means again effectively divides participants into three segments according to the generated principal components (i.e., in love with the new, trusting nature) and demographic information (i.e., age, education, employment status). To determine the optimal number of clusters K we applied the “Elbow criterion”. For the sake of correct WTP calculation, the adjusted sample contains 137 respondents (i.e., again only sometimes-purchasers) (see Table 11).

Table 11 Consumer segments—DURE 2

We labeled the clusters according to their demographics and the derived principal component scores to distinguish them. Accordingly, segment 2, the young achievers, exhibits the lowest average score for age and the highest for education across the various segments. Similarly, we label the other segments young expeditives, and elderly traditionalists. Table 12 presents the resulting preferred product variations as well as their associated latent value (WTP). It shows the three most preferred product variations per consumer segment and for the entire sample (i.e., all sometimes-purchasers) alongside with their associated monthly WTP. For example, for the young expeditives, the most preferred product variation features call center support, an independent agency for dispute resolution, a detailed data protection declaration, and seamless interoperability, with an associated WTP of 1.75€ per month.

Table 12 WTP and preferred products—DURE 2

Across the various consumer segments, Table 12 immediately supports the importance of seamless interoperability unanimously. We found no interest for lower levels of interoperability in the data. Besides, data suggests a strong preference for an independent agency handling potential disputes. However, young expeditives value manufacturer specific dispute resolution almost equal accounting for only a slightly lower WTP per month. Hence, companies should assess their costs for an independent agency handling their dispute resolution process compared to the young expeditives’ appreciation of this CDR measure. It might be worth considering for firms to individualize their dispute resolution settlement for the different consumer groups to better account for the occurring costs. Besides, most consumer segments value call center support over more automated approaches. Still, young achievers show some appreciation for roboadvisors. Accordingly, similar to the information strategy in the context of data privacy and security activities, firms should consider either to offer various user support approaches simultaneously or to offer this (possibly for companies more cost-effective) access to user support on an individualized basis for the particular consumer segment of young achievers. Similarly to DURE 1, DURE 2 underlines the heterogeneous preferences for transparency related to data privacy and security activities. Hence, firms should consider offering several transparency approaches simultaneously or to customize their informational approach according to different consumer segments. Hence, to appropriately address different market segments, one size does not fit all when it comes to communicating data protection practices transparently (exceeding legal requirements, e.g., imposed by the GDPR). Rather companies could rely on different communication strategies for data protection information, adapting them to different communication channels to address different consumer segments through their preferred communication media. Otherwise, firms could offer several approaches to a transparent data protection communication in parallel to satisfy different preferences across the various consumer segments. Firms should also evaluate whether a lower-cost version with lower CDR engagement is worthwhile for the IoT solutions offered, to better appeal to more price-conscious consumers because price played a central role in the evaluation of the product across the whole sample (see Table 10). Companies could vary user support and dispute resolution in particular for this purpose.

This study aims not only at evaluating consumer preferences but also at the latent value of a more comprehensive set of CDR activities (see Table 12). We found lower latent values for further CDR activities when compared to DURE 1. This again underlines the appreciation of data privacy and security activities of consumers compared to other dimensions of CDR in line with the set of pre-studies. However, consumers still value further CDR activities of companies. The observed latent values range from 0.72€ to 1.75€ for the most preferred bundle. Surprisingly, the elderly generation reveals a slightly higher WTP compared to the young achievers, deviating from DURE 1. However, the low observed latent values for implementing further CDR activities would not account for the company’s expenses when implementing the preferred levels of further CDR activities, e.g., an independent agency for dispute resolution or seamless interoperability. Again, this supports the hypothesis that consumers expect high standards in this field but only punish the absence instead of being excited by their implementation (Goel and Shawky 2009). Still, young expeditives are willing to pay twice as much as elderly traditionalists. Again, these results support the assumption that different consumer segments do not value the implementation of additional CDR activities (monetarily) equally and, accordingly, companies cannot define themselves equally strongly towards different consumers. Hence, companies should pursue consumer segmentation in practice, as one size does not fit all equally. For this purpose, firms could also implement different versions with lower levels of CDR. Besides, firms should pursue individualization of CDR activities with regard to the various psycho-demographic consumer segments to cover different preferences and at the same time exploit (monetary) appreciation.

5 Discussion

This work advances the existing research base on the subject of CDR by empirically assessing CDR operationalization on measure-level (DURE 1, DURE 2) based on prior research (Mihale-Wilson et al. 2021) that ranked possible CDR dimensions (BWS 1) and its sub-dimensions (BWS 2). Hence, this work’s goal is to provide concrete guidance for implementing CDR activities and a feasible consumer segmentation in practice (DURE 1, DURE 2). Both DURE studies suggest that market segmentation is sensible to cover the rather heterogeneous preferences of the various segments in the best possible way.

With this study, we pursue a symbiotic approach to business ethics, thus “envision[ing] a pragmatic, collaborate relationship between normative and empirical inquiry” (Weaver and Trevino 1994, p. 132). This approach enables guidance by relying simultaneously on both types of inquiries. Nevertheless, the understanding and operationalization of CDR highly depends on the individual perception of organizations, their employees, and stakeholders (van Marrewijk 2003). Accordingly, these organizations and stakeholders must evaluate the derived empirical findings for applicability rather than understanding the results as what they should do regarding CDR operationalization.

5.1 Theoretical contributions

This work enhances the existing research base on the evolving concept of CDR by providing an in-depth empirical assessment of the operationalization of CDR dimensions stemming from the current practice-driven debate. Thus, this study supplements and extends initial empirical findings (Mihale-Wilson et al. 2021) on basic preferences for CDR dimensions and their sub-dimensions (BWS 1, BWS 2) by evaluating the concrete operationalization of CDR and an according consumer segmentation. In this way, we sharpen the understanding of consumer preferences for the different CDR dimensions, especially of the data privacy and security dimension by providing an empirical evaluation of the appreciation of concrete activities and a consumer segmentation (DURE 1). DURE 2 complements these findings with an evaluation of activities within further dimensions and a consumer segmentation approach. Besides, the findings of both DURE studies also provide insight into the specific characteristics of participants not valuing CDR activities and thus not (yet) being in the market (i.e., non-purchasers). Altogether, this research serves as a starting point to make the CDR literature more comprehensive by adding the empirical perspective to the current discussion. Hence, this work comprises several theoretical contributions.

First, our results highlight the urgency to make consumers more aware of and understand the concept of CDR. The gap between preferences regarding the CDR dimensions in general (set of pre-studies, Mihale-Wilson et al. 2021) and actual CDR activity preferences (set of main-studies) illustrates this need. The results suggest that many consumers are not yet able to envision the concrete implementation of CDR in practice and the influence on their own rights and concerns. Accordingly, in the future, research should place emphasis on further educating consumers on this point.

Second, the evaluation of characteristics of non-purchasers reveals for both DURE studies the significant influence of privacy concerns on the appreciation of CDR activities in general. This finding emphasizes the need not to consider responsibilities in the digital context, such as data privacy and security, in isolation, but to take a more holistic approach to digital responsibility. This underlines the relevance of establishing a concept like CDR because concerns related to privacy have a potential halo effect on other CDR activities of firms and consumers’ appreciation of them. This demonstrates further that digital responsibility does not occur in isolation in practice.

Third, we also show how companies can pursue individualization in operationalizing the concept of CDR in practice. We were able to demonstrate the benefits of consumer segmentation due to the very heterogeneous consumer preferences. Consumer segmentation offers an opportunity for practice to target different consumer groups. Besides, the set of main studies was able to demonstrate how important a high level of CDR commitment is to consumers. In each of the main studies, the most preferred bundles were characterized by extensive additional activities in the CDR context.

Because CDR is very much dependent on the industry applied, this study employs the example of IoT due to its omnipresence in professional and private everyday life and thus its tangibility for the respondents. Accordingly, one goal of this publication is to motivate future research to investigate other industries analogously and thus to be able to develop a cross-industry understanding. Besides, we add to the literature basis of hybrid stated preference methods in adoption research (Hinz et al. 2015).

5.2 Managerial implications

From a managerial perspective, this work seeks to support the implementation and operationalization of concrete CDR activities as these additional corporate responsibilities can be costly (Lobschat et al. 2021). This work aims at providing concrete guidance for implementing CDR and a consumer segmentation approach in practice directed to managers operating in the digital economy on the example of IoT (DURE 1, DURE 2). In this vein, we may support a broader adoption of the concept in practice. This work’s intention is not a cost–benefit analysis of conducting CDR activities in a company but it can serve as a preliminary basis for future research on this essential managerial aspect. Companies should not understand the empirical recommendations as what they should do, but rather evaluate to what extent the results obtained are applicable within the company and match the understanding of the CDR concept.

Both DURE studies reveal the potential halo effect of data privacy and security activities on the perception of the CDR engagement. Participants not (yet) valuing additional CDR activities reveal high privacy concerns, thus distrusting the CDR engagement at large. Accordingly, companies should be aware that their activities in one field of CDR can also have an impact on the external perception of other CDR activities and that digital responsibility does not occur in isolation in practice. Accordingly, a concept like CDR can support the implementation of a more holistic approach to digital responsibility.

Our results indicate that for the most valued dimension of data privacy and security, organizations should focus on state-of-the-art solutions to ensure secure storage and processing of personal information (for companies operating in the EU exceeding the requirements of the GDPR). However, consumer preferences within this dimension are rather heterogeneous. Hence, companies should consider targeting particular psycho-demographic consumer segments in terms of an individualized information strategy employing, e.g., different communication media. Concerning notifications of data breaches, consumers mostly prefer more proactive communication. The GDPR partly requires such direct communication depending on the severity of the incident and requirements of the supervisory authority. Still, companies can exceed these legal minimum requirements and assume more responsibility voluntarily, also satisfying consumers’ expectations. However, it is very difficult to estimate the negative impact of privacy and security breaches (Nofer et al. 2014), or the effect of proactively communicating such breaches. Yet, proactive information on data security breaches is not observable. Organizations integrating advanced data privacy and security activities should include into their consideration that the costs arising may not correspond to the appreciation by the consumers and their according WTP (Mihale-Wilson et al. 2019), albeit, we have only examined an adequate (i.e., still exceeding legal minimum requirements, for instance, by the GDPR), but not an exceptionally high level of security. Our findings reinforce that consumers also see it as the responsibility of organizations to limit their activities to necessary ones. Accordingly, companies should include in their implementation strategy which activities are particularly suitable, taking into account the associated expenses, to address the targeted consumer segments as effectively as possible.

For the sake of differentiation, companies should consider addressing further CDR dimensions once they established a sound set of activities within the data privacy and security dimension. This aligns with the activities of corporations that can be observed in the market (Cabinakova et al. 2016). For instance, some organizations (e.g., Google, German Telekom) already moved down to address the information and transparency dimension, albeit companies should incorporate the effects of being more transparent by providing additional information (e.g., business model, security breaches). The same applies to activities regarding a seamless interoperability with devices and services from other manufacturers, which consumers highly value, or the employment of an independent consumer protection agency for dispute resolution. In case industry-wide initiatives enabling seamless interoperability emerge, managers should consider joining them, at least when they have gained significant tractions, as the high consumer valuation of seamless interoperability could increase the overall size of the market, in addition to the company following its digital responsibilities. Again, consumer preferences are rather heterogeneous demonstrating the value of consumer segmentation for firms especially for informational and transparency approaches.

Summing up, the findings reveal that in case of CDR one size does not fit all. It might be worth it to design digital products and services that are easy to adapt to the needs of different consumer segments. Market segmentation is a quite common business practice for digital products and services, e.g., in pricing and scope (e.g., Naous and Legner 2017; Mihale-Wilson et al. 2019). Results suggest that there is a need for consumer segmentation according to the targeted CDR dimension(s). Both studies show that it is advisable to adapt the communication strategy to the targeted consumer segment and thus to use the preferred communication channels to address this specific segment. In addition, the high importance of price for the evaluation of such a solutions shows that it can be useful to offer a slimmed-down version in terms of CDR activities, such as dispute resolution, for the more price-conscious consumers.

5.3 Limitations and avenues for future research

Despite our best efforts, this study is not without limitations. Firstly, our sample comprises individuals living in Germany only. Hence, the low valuation of CDR dimensions like access is less surprising as most Germans have access to the Internet and digital products in general, and the design of the study as an online experiment even reinforces that. Accordingly, the study participants already had to have access to the Internet for participation. Besides, the state of digital skills in a country obviously influences such an evaluation of the operationalization of CDR in practice. Hence, consumers’ valuation of CDR operationalization might differ in other countries or focus groups. To advance research on CDR, future research should also address potential regional biases due to media visibility of certain CDR aspects or previous experience with digital products and therefore consumers’ valuation. For instance, data privacy and security is one of the more present topics in the media especially in Germany or the US (Lobschat et al. 2021). The GDPR already enforces organizations operating in the EU to fulfill high data privacy and security standards also triggering high consumer awareness for data privacy and security. On individual level, several factors might have an influence on the consumer’s evaluation and economic valuation of CDR and its components. For instance, individual-level influences could be media exposure and personal experience concerning ethical incidents arising in the context of digital products and services. Hence, several individual- and macro-level factors might have an influence on the evaluation of a CDR operationalization. Accordingly, a comparison across different countries would be interesting to assess the influence of several individual- and macro-level factors.

Secondly, this study emphasizes one key stakeholder group—consumers—and an external motivational base. Albeit, other stakeholder groups (e.g., at the organizational or individual level) could also favor the implementation of CDR with diverging demands (e.g., Trittin-Ulbrich and Böckel 2022) and the motivation to operationalize CDR could also be intrinsically driven (i.e., by change agents). Hence, future research should assess other stakeholder groups’ valuation of CDR, e.g., employees in their working environment or on company level in the business-to-business context (Lobschat et al. 2021). Besides, future research should assess possible differences in internally or externally motivated CDR commitment. However, also the context influences the measurement of consumer preferences. CDR and consumer preferences can differ between different industries (Mihale-Wilson et al. 2022), e.g., due to necessary data collection or sensitivity of data. In this case, we evaluated the context of IoT with access to very comprehensive and often very personal data, and an omnipresent role in private and professional everyday life. Following, we encourage future research to assess consumer preferences concerning different industries and thus provide further perspectives and possible across-industry comparisons.

Finally, the evaluation of the CDR dimensions and its sub-dimensions stems from a (hypothetical) consumer perspective due to the study design and research goal. It is beyond the scope of the study to assess possible consequences or consumers’ valuation of additional corporate engagement regarding CDR in practice, especially for groups who are dependent on in general less valued dimensions (i.e., access, education). Hence, we call for future research to assess the final value of CDR activities in real-world experiments. Because companies can shape consumer perceptions of a firm through their commitment (Hann et al. 2007), outstanding CDR activities can become a differentiator. Besides, our evaluation relies on one theoretical approach to and understanding of the CDR concept. Therefore, the consumers’ evaluation of the operationalization of CDR is highly dependent on these dimensions, sub-dimensions, and scope of the concept. Yet, first consensus regarding the scope of CDR is developing (e.g., Mihale-Wilson et al. 2022; Mueller 2022) which the selected approach covers. Nevertheless, a different nomenclature with a different focus may lead to different results. Hence, future research should assess whether other conceptual approaches lead to a diverging evaluation by consumers. In addition, the operationalization of CDR highly depends on the norms and values of the organization and its stakeholders. Consequently, the understanding and thus the operationalization of CDR may differ between companies and must be evaluated individually by the company.

Nevertheless, this work provides first guidance on the operationalization of the CDR concept and therefore supplements the current research base by a quantitative in-depth evaluation of consumer preferences for the concrete implementation of CDR and a consumer segmentation. Thus, this study may foster a broader adoption and operationalization of CDR in practice. Results suggest that companies should pursue a more holistic approach to digital responsibilities and should employ consumer segmentation strategies because of the rather heterogeneous consumer preferences.