This paper discusses efforts to develop a research model with security and privacy concerns conceptualized as an antecedent of trust in social networking sites and a moderator of information sharing. The study aims to understand the impact of security, trust and privacy concerns on willingness to share information on social networking sites. Using an online questionnaire, empirical data was collected from 250 Facebook users of different age groups over the time period of 4 months. Reliability analysis, confirmatory factor analysis and structure equation modelling were used to validate the proposed research framework.

This empirical study, based on an established theoretical foundation, will help the research community to gain a deeper understanding of the impacts of privacy concerns in the context of Facebook. The proposed ideas and discussion are equally applicable to social networking site operators as useful strategies for enhancing users’ acceptance. The privacy concerns of research respondents were found to be statistically significant, suggesting that these concerns, like security and trust, have a positive effect on information sharing.

In recent years, user participation in social networking sites has moved from a niche phenomenon to the highest level of mass adoption. The rapid growth of social networking sites in Web 2.0, such as Facebook, Orkut, Google+ and Twitter, facilitates millions of individuals to build a public or semi-public profile within a bounded system. Facebook has become the most-accessed website in cyberspace today. Facebook statistics shows that it had 936 million daily active users for March 2015, with 1.44 billion monthly active users as of 31 March 2015.1 Active participation in social networking sites has changed the way people build their online personal network for computer-mediated communication.2, 3, 4

The primary objective of social networking users is to make connections, communicate and maintain relationships. But latest trends show that social networking sites like Facebook are reshaping the way people communicate. Users share information and take collective action, playing an important role in, for example, the Arab Spring uprising, London riots and Assam riots.4, 5 The issue of information privacy has been captivating, with 25 per cent of Americans considering themselves victims because their information privacy has been compromised.6 Programmes like Beacon, part of Facebook’s advertisement system that sent data from external websites to Facebook, have triggered user protests over privacy issues. In addition, there are many other policies, for example advertisements, used by social networking sites where the privacy and trust of the user may be violated.

For users of social networking sites, there are many privacy and trust considerations that need to be addressed. First, the information revealed in users’ profiles can lead to risks such as identity theft, online stalking and cyber harassment.4 Second, features such as newsfeeds make personal information more accessible and visible to others.7 Social network sites deeply penetrate their users’ everyday lives and, as pervasive technology, tend to become invisible once they are widely adopted, ubiquitous and taken for granted.8 However, social networking site operators have provided many security features for preserving the privacy of users. Despite these features, however, the impact of security, privacy and trust on sharing of information needs to be addressed. Research by Johnston et al.9 investigated the role Facebook use plays in the creation or maintenance of social capital among university students in South Africa. This paper focuses on the impact of privacy, security and trust on users’ willingness to share information within social networking sites in the context of Facebook. The primary research questions of this study are:


  • What are the antecedents of trust in social networking sites?


  • What is the impact of privacy, security, and trust on the willingness of sharing information?

Theoretical background

Previous research into privacy concerns on social networking sites

Online social networking is emerging as the web’s top application.10 Sites used primarily for social interaction have received significant research attention in recent years. Some prior studies examined users’ acceptance of social networking sites with behavioural intention to use. Despite this, the growing importance of privacy concerns in the social networking context has not been previously studied as a moderator in the technology adoption model (TAM). In related social networking site research, some prior studies examined the impact of privacy concerns on usage behaviour and information revelation. Chai et al.11 defined information privacy as ‘the claim of individuals, groups, or institutions to determine of themselves when, how, and to what extent information about them is communicated to others’.

Trust and security have a direct effect on usage behaviour and information revelation, with trust the central component of social exchange theory.12, 13, 14 As trust and privacy play a crucial role in face-to-face communication and the development of a new relationship, several studies propose that a similar approach is used by users on social networking sites.15, 16 Other studies have further established the privacy paradox on social networking sites. Furthermore, several risks to users of online social networks and groups have been highlighted,10, 15 such as embarrassment, stalking and identity theft. Online social networking has been criticized because users lack trust in site security.16 Dwyer et al.16 and Goettke and Christiana17 have attempted to determine the implication of privacy concerns and awareness for users’ online practices and behaviour.

Concepts of privacy and trust in social networking sites

Privacy concerns are the primary focus of our study. Trust is defined as the ‘willingness of a party to be vulnerable to the actions of another party based on the expectation that the other will perform a particular action important to the truster irrespective of the ability to monitor or control that other party’.16 Privacy can be defined as ‘control over the flow of one’s personal information, including the transfer and exchange of that information’.12 Security is defined as ‘the extent to which a user believes that using a social networking application will be risk-free’.12 The major categories of trust and privacy in social networking sites can be defined by the following measures:

  • Security

  • Control over the flow of information in a user’s profile

  • Notification

Research framework, hypothesis and constructs

Several theoretical models have been proposed and tested in the past to understand the privacy concerns in social networking sites. Drawing on social network theory, the TAM and previous frameworks, Shin,12 Dwyer et al.16 and Gross et al.4 propose a framework for finding the willingness to share information on social networking sites, as represented in Figure 1. The proposed hypothesis in Figure 1 was empirically tested.

Figure 1
figure 1

Proposed research model

The proposed hypotheses aim to find the impact of privacy, security and trust on the willingness to share information on social networking sites. According to the proposed hypotheses, perceived security, perceived privacy and perceived trust are the factors that influence a user’s willingness to share information on social networking sites.


  • Perceived security is positively related to perceived trust within social networking sites.


  • Perceived privacy is positively related to perceived trust within social networking sites.


  • Perceived security is positively related to information sharing in social networking sites.


  • Perceived privacy is positively related to information sharing in social networking sites.


  • Perceived trust is positively related to information sharing in social networking sites.

The following research constructs were used in the proposed model.

Privacy is defined as a process of anonymity preservation and is strongly connected to control over information about the self. In online environments, people who perceive higher threats to privacy are less disposed to disclose information about the self because they perceive themselves as less able to control information and also protect themselves. In contrast, when people perceive lower privacy risks and higher control, such as when privacy policies are clearly exposed, they disclose more personal information.18 Research in information security and marketing has argued that information privacy and consumer concerns thereof are one of the most important issues in today’s technology-based environment19 The concept of privacy is in itself not new and it has generally been defined as an individual’s ability to control the terms by which their personal information is acquired and used.20

Trust is mandatory when risk is present.21, 22, 23 Trust is the foundation of any transaction that takes place between two parties. There are several facets to the concept of trust. For face-to-face, trust is a critical determinant of sharing information and developing new relationships.24, 25 Trust is also important for successful online interactions.26, 27, 28, 29 Trust is believed to be used in the calculation of perceived cost. High trust would lead to a perception of low cost and vice versa. Studies of interpersonal exchange situations confirm that trust is a precondition for self-disclosure because it reduces perceived risks involved in revealing private information.30

From a consumer perspective, perceived security of an electronic commerce transaction may be defined as ‘the subjective probability with which consumers believe that their personal information (private and monetary) will not be viewed, stored, and manipulated during transit and storage by inappropriate parties in a manner consistent with their confident expectations’. Security corresponds to concerns about the protection of personal information with three specific goals: integrity that ensures information is not altered during transit and storage; authentication that addresses the verification of a user’s identity and eligibility for data access; and confidentiality that requires that data use be confined to authorized purposes by authorized people.31, 32, 33 Prior research has found that security and privacy concerns were actually based on user perceptions, not objective measures, because the average internet user is not knowledgeable enough to distinguish between the various security features present on a particular website.34

In line with previous research,4, 35, 36 the data shows high levels of information revelation on Facebook. Millions of people have joined social networking sites, adding profiles that reveal personal information. The reputations of social networking sites have been diminished by a number of incidents publicized by the news media.37, 38, 39, 40 Is it possible to join a network of millions of people and be able to trust all of them? This does not seem realistic. Since people are obviously joining networks and revealing information, what role does trust play in the use of social networking sites?

Privacy within social networking sites is often not expected or is undefined.16 Social networking sites record all interactions and retain them for potential use in social data mining. Offline, most social transactions leave behind no trace. Therefore, these sites need explicit policies and data protection mechanisms in order to deliver the same level of social privacy found offline. Since online social privacy is harder to guarantee, does a higher level of concern for internet privacy affect the use of social networking sites?

Data analysis and interpretation

Data was collected by conducting an online customized questionnaire survey of Facebook users to test the proposed framework. The survey was conducted from May to August 2013. To maximize the response rate, we utilized search engines and emails. All items of the proposed research framework were measured on a 5-point Likert scale, ranging from 1 (strongly disagree) to 5 (agree). A pilot survey was used for validating the proposed framework before the final analysis. Reliability analysis was performed using SPSS 19.0. Cronbach’s alpha (α), which provides a measure of the internal consistency of a test or scale, was used to test the internal consistency of the questionnaire. SEM (structural equation modelling) was used to detect relationships among constructs. SEM was performed using AMOS 19.0.

The online questionnaire was distributed through emails and search engines. A total of 265 questionnaires were collected over the time period of 4 months, out of which 246 were usable for the study. Table 1 shows the sample demographics of collected data.

Table 1 Demographic profile of respondents

Before analysing the research framework, reliability analysis was used to test the internal consistency of the questionnaire. Cronbach’s α is a widely used measurement for internal consistency. To ensure the reliability of the study, items were adapted based on an acceptable Cronbach’s α score above 0.60, based on standard values.41, 42 Table 2 represents the Cronbach’s α of the measured construct of the research framework — it suggests that the internal consistency of the measured constructs is acceptable for the study. The overall reliability assessment of the entire scale was observed well with a Cronbach’s α of 0.825.

Table 2 Cronbach’s α values for measurement model

Confirmatory factor analysis is used for the model fit of the proposed framework. For structural equation model fit, various fit indices and tests have been developed. These indices and tests, however, can point to conclusions about the extent to which a model actually matches the observed data, known as good model fit involving non-experimental research. The following model fit indices are used to validate the model fit:

  1. 1


  2. 2

    Goodness of fit indices (GFI)

  3. 3

    Adjusted goodness of fit indices (AGFI)

  4. 4

    Comparative fit indices (CFI)

  5. 5

    Root mean square error of approximation (RMSEA)

Table 3 represents the model fit indices that satisfy their respective criteria suggested in the prior literature review. Therefore, we can conclude that the proposed framework has a good fit with the collected sample data. The comparison of fit indices with recommended values43, 44, 45 represent a good model fit.

Table 3 Fit indices for the measurement models

The hypothesized causal paths (β) were estimated for hypothesis testing. Table 4 represents the results of hypothesis testing.


  • proposes that there is a positive relationship between perceived privacy and perceived trust (β=0.51; p<0.000), thus supporting:


  • suggests that if users have control over their information flow and protection of their profile privacy, then it increases their trust level in Facebook.


  • proposes that there is a positive relationship between perceived security and perceived trust (β=0.25; p<0.000), thus supporting hypothesis H2. This suggests that if users are provided with greater security while accessing their profile, then it increases their trust level.


  • proposes that there is a positive relationship between perceived security and information sharing (β=0.22; p<0.000), thus supporting:


  • suggests that if users are provided with greater security levels over the internet, then it increases the user’s interest in sharing information in Facebook.


  • proposes that there is a positive relationship between perceived privacy and information sharing (β=0.04; p<0.500), thus rejecting hypothesis H4.


  • proposes that there is a positive relationship between perceived trust and information sharing (β=0.25; p<0.000), thus supporting hypothesis H5.

Table 4 Summary of hypothesis tests

This suggests that users’ trust in the ability of Facebook will increase their willingness to share information. Thus, we can conclude that perceived security and perceived privacy have a positive relationship with perceived trust in Facebook and are antecedents of perceived trust. Figure 2 and Table 4 summarize the result of hypothesis testing.

Figure 2
figure 2

Result of hypothesis testing

Discussion and conclusion

The primary objective of the study is to investigate the effect of users’ privacy concerns on usage behaviour and information sharing on social networking sites with reference to Facebook. Human behaviour issues have a crucial role in the deployment of social networking sites. Using the extended TAM and social exchange theory, the proposed research framework was empirically tested. Our research findings suggest that users having control over their information flow and protection of their profile is more likely to lead to trust in Facebook. Another factor that affected trust in Facebook was the security features provided by Facebook and individual belief that accessing Facebook over the internet is secure.

Further results suggest that perceived privacy and perceived security are antecedents of perceived trust, whereas there is a strong correlation between perceived privacy and perceived trust. In terms of information sharing, when trust is exerted through privacy and trust, this leads to user willingness to share information. In contrast, privacy has no direct effect on sharing of information — an interesting result of the study. This shows that trust in the ability of Facebook will lead to a tendency for users to share more information.

Aside from theoretical values, the results have significant practical implications. The findings may provide social network operators with a better understanding of how privacy concerns may affect user acceptance and information revelation. This study gives an insight to site operators into users’ sense of belonging as a motive for sharing information and users’ privacy concerns, which may lead operators to develop and promote corresponding applications. There are certain limitations to this study, however. First, most of the research respondents belonged to the age group of 16–35 years, which may not cover the general population of social networking sites users. Second, social network users lived in different countries, were from different cultures and had different perceptions of privacy concerns, which potentially influenced their usage behaviour.