1 Introduction

The concept of privacy can be used to describe many sociological, legal, philosophical, and philosophical aspects of modern life. In a 2011 interdisciplinary review of Information Privacy research [1] reviewed all these aspects in depth. The work developed here focuses primarily on Information Privacy. Recent advances in storage, collection and analysis of personal data, social networking and the ubiquitous nature of IT, together with increased government surveillance have produced heightened awareness of information privacy in the media and in the public conscience. However, Information Systems (IS) researchers continue to observe a mismatch between attitudes to information privacy and actual outcomes and behaviours. Attitudes toward information privacy differ across the world. Previous studies have shown that there is a relationship between race and ethnic origin, and information privacy concern. Since Electronic Commerce (EC) is acknowledged to be a global activity, work should be undertaken develop models that test our understanding of the interplay between privacy policies, attitudes, trust and culture [2]. [1] put forward the acronym APCO (Antecedents -> Privacy Concerns -> Outcomes). To describe the common macro model in empirical privacy research [3] developed a full integrative framework analysing existing empirical research and its multiple antecedent and consequent factors. Our work is particularly concerned with the culture-privacy concern- trust-behaviour model. Literature relating to this is described in below.

2 Prior Research

2.1 Concern for Information Privacy: Existing Research and Measurement Scales

The notion of privacy is notoriously hard to describe. Since the advent of Information systems and more recently internet based commerce, information privacy has been seen as synonymous with privacy in general although there are distinct lines of research around privacy of the person privacy as a right, or as a commodity. The past fifteen years have seen a maturing in the measurement scales for information privacy in the 1990s researchers began to accept privacy concern as a measurable proxy for information privacy. Early studies attempted to measure individuals’ attitudes to information privacy using a one dimensional scale [4]. This scale did not, however, capture the multidimensional nature of individuals privacy concerns. This was superseded by a 15 question instrument, developed by Smith et al. [5], which reflects four dimensions of information privacy concern (collection, errors, secondary use, and unauthorised access to information). These dimensions were later revalidated by Stewart and Segars [6]. This instrument known as the concern for Information privacy (CFIP) instrument, or adaptations thereof have been used in a number of studies [7,8,9,10,11,12]. These basic measures have formed an enduring basis for Information Privacy research. Sipior Ward and Conolly (2013) noted that even after the advent of the IUIPC [13] (Malhotra 2004) measurement scale researchers tended to use the earlier scale. The main point of the IUIPC scale was to adapt the earlier CFIP scale to encompass internet users concerns. It draws on social contract theory to streamline the concept of privacy in internet based environments to three factors, collection, control and awareness which go to make up the second order factor IUIPC.

We adapt the instrument used by Malhotra et al., because it captures a second order factor, Internet Users’ Information Privacy Concern (IUIPC). This instrument retains the more general information privacy questions from earlier studies.

There have been five highly cited reviews of the privacy literature. These and their findings are summarized in Table 1. What has emerged over the past fifteen years or so is a privacy paradox namely that individuals’ actions in protecting their own privacy or surrendering to the policies of government or organisations are quite different from their espoused privacy concerns. This paradox has led researchers down a number of interesting paths of enquiry. In particular, as described by Dinev (2014) beyond the definition and conceptualisation of privacy there are the anthropological and cultural angle of privacy. These aspects can be described as Macro Environmental factors and include culture and governmental regulations and are relevant to the present work.

Table 1. Key information privacy reviews

Concern for information privacy has appeared in empirical studies as both the dependent and independent variable. When featured as a dependent variable the antecedents are often personal characteristics such as demographics, personality traits, knowledge and experience or Psychological or socio-psychological factors [17] many researchers have begun to explore psychological aspects of decision making on privacy e.g. computer anxiety [6], self-efficacy [18, 19]. Frequency of internet use has been associated with lower levels of privacy concern, and less experience with higher levels of anxiety [7] The effects of gender, age and personality type on attitudes to information privacy have been explored e.g. [18, 20, 21]. Further, there have been a number of empirical studies that focus on so-called privacy calculus whereby a value can be imputed for information privacy [22,23,24,25,26,27].

As an independent variable privacy is often explored in relation to its impact on trust, risk and behavioural intention. The role of CFIP and its more recent descendent, IUIPC in empirical models is explored at length in a review article by Li (2011). A quasi model has evolved in these studies APCO [1] which establishes the context that all or most privacy studies incorporate an antecedent to privacy concern, and a number of outcomes. Our particular interest is National Culture as an antecedent to Privacy Concern and we describe that factor in more detail in the next section. In 2004 Bellman noted that National culture has been incorporated as a demographic factor in many works, but has rarely been studied in isolation as an antecedent to privacy attitudes. This was echoed at that time by, Mahmood et al. [28]. Who noted that future researchers should focus specifically in the impact of culture. Since then there has been some development in the area of national culture and privacy.

2.2 National Culture

Table 2 gives a summary of research specifically focusing on Culture as an antecedent in every case the Hofstede and Hofstede [29] variables were used. For an explanation of the abbreviations of these variables see Sect. 3.

Table 2. Previous studies of national culture and privacy

Culture is an antecedent in this study and trust, risk and behavioral intention are consequent. We extend the work in these studies by using the GLOBE cultural dimensions. Each dimension was considered from the viewpoint of its effects on privacy concerns. A much cited paper on trust and culture Jarvenpaa et al. [35] notes the fact that participants were not necessarily born in the country studied as a limitation. Use of the GLOBE variables and judicious demographic questioning in this study addresses this shortcoming.

Culture as a demographic indicator has been used in a number of privacy studies. Most recently Bellman et al. [7] used national regulation as a means of revealing CFIP. They hypothesized three explanations for differences in privacy concerns: culture, internet experience and political desires using the Hofstede and Hofstede [29] dimensions to describe culture. Only culture and internet experience turned out to be significant. i.e., it is nature and experience rather than government intervention that determines an individual’s attitude to information privacy.

However, the validity of National Culture measures to date has been criticized for accuracy and relevance, particularly with regard to cultural boundaries. These and other criticisms of the use of cultural factors by [36] have been largely overcome by the GLOBE project [37]. GLOBE re-examines national culture in a new way mitigating many of the concerns of earlier approaches. This study represents a move away from the Hofstede [38] national cultural dimensions in favor of those developed in the GLOBE project (many of which are developed from the foundations developed by Hofstede). These variables are presented with the proposed model. Heales et al. [39] and [40] provide a more extensive background on the development and use of the GLOBE cultural dimensions in an IS setting.

2.3 Trust and Behavioral Intention

Behavioral intention (BI) in EC has a strong relationship with trust. Although trust is difficult to define, Gefen et al. [41] conduct a rigorous review of the various dimensions of trust in an e-commerce setting.

Two early studies on trust specifically explored privacy concern more deeply; Malhotra et al. [13] drew on social contact theory to present a framework for users’ privacy concerns and proposed and tested a causal model between IUIPC and BI. They identified three factors, trusting beliefs, risk beliefs and BI. Trust also featured as an antecedent to BI in the work of Liu et al. [42] who tested the model through a variety of questions concerning how the respondent felt about structural features of an internet site. Figure 1 provides a starting point for the work developed here.

Fig. 1.
figure 1

(adapted from Liu et al. [42])

Privacy-trust-behavioral intention model

Gefen and Heart [2] called for the inclusion of national culture in studies of e-commerce trust beliefs. In more recent years antecedents of privacy have more commonly included perceived information sensitivity [43]. How culture affects perceptions of risk and trust [44]. How culture affects willingness to disclose personal information in cross country studies [45, 46] and how privacy affects trust [47]. We look specifically at culture as an antecedent for Privacy and hypothesize the likely effect of cultural dimensions on IUIPC [48].

3 Proposed Study and Model

Figure 2 details the research model. There are some points to note with reference to this model. In the IUIPC model collection measures the same concept as Smith’s collection construct, and control and awareness together represent the other three CFIP dimensions of Improper use, secondary use and errors. An explanation of each of the remaining constructs in the model follows.

Fig. 2.
figure 2

Research model

3.1 Trust

Trust includes beliefs relating to integrity, benevolence, ability, and predictability. Familiarity reduces social complexity and uncertainty, thus is likely to enhance trust. The assessment that a new transaction will be a success based on how customary and familiar the situation appears (situational normality) also leads to trust. Trust can also be shaped by an assessment of the costs and benefits to the other party of cheating or cooperating, this is known as calculative based trust. Structural assurances such as policies or web seals are also likely to increase trust [49]. A full discussion of these antecedents is given in [41]. This leads us to hypothesize:

H1 Familiarity with a trustworthy e-vendor will positively affect trust in that e-vendor

H2 Perceptions of situational normality will positively affect trust in an e-vendor

H3 Calculative based beliefs will positively affect trust in an e-vendor

The structural assurance questions in the survey related to information assurance in the context of a commodity product (book) as opposed to look and feel product (e.g. clothes) Thus it would be expected that such seals would increase trust in a vendor and hence BI.

H4 Structural Assurances will positively affect trust in an e-vendor

Finally, based on prior work [41], trust allows the user to subjectively rule out undesirable behaviours by the vendor and hence heighten levels of intended use.

H5 Trust will positively affect BI

3.2 Risk

Many authors have used a trust-risk model to explain behaviours in the consumer-firm relationship (see for example [50]. In essence the model suggests that in a situation in which risks are present, trust plays an important role in determining one’s risk taking behaviour [13]. Personal traits are known to influence both trusting beliefs and risk beliefs. A tendency to worry over information privacy will influence how a person perceives a given risk. If a user has a high degree of information privacy concern it is likely that they will also have highly developed risk beliefs. Risk beliefs refer to the expectation that loss will occur as a result of releasing personal information to an online firm. Risk was included in the model post-hoc and thus we did not set out to specifically test any hypotheses in this area, but have included it in the research model, see [51].

3.3 Demographic Factors

Internet use has widely been identified as a factor that reduced IUIPC [7]. It has been suggested that younger users have a greater degree of awareness about privacy and how to protect themselves and hence are less anxious about privacy, these results were borne out by Gauzente [52]. The original study by Milberg et al. [30] showed that females tend to be more concerned than males. This leads us to propose:

H6-1 Age will be negatively associated with IUIPC

H6-2 Internet experience is negatively associated with IUIPC

H6-3 Female users are likely to have a higher level of IUIPC

3.4 Cultural Dimensions

As noted above, we chose to use the GLOBE cultural dimensions. We present the hypotheses derived from the use of GLOBE cultural dimensions on IUIPC:

Power Distance

A culture of high PD is characterized by a hierarchy of authority and control, centralization of knowledge and responsibility, excessive rule and a more restricted exchange of knowledge [37]. The reverse is true of lower PD cultures that are characterized by less hierarchy, fewer rules, greater decentralization of knowledge and free flow of information. We suggest that cultures with low PD emphasize a flatter hierarchy and greater equality in relationships. Thus those with low PD would be more willing to share information, and have a more egalitarian view on privacy. The converse is true that high PD cultures would tend to want to control and guard information by adopting a high IUIPC stance. This argument leads to:

H7-1 PD scores will be positively associated with IUIPC scores.

Uncertainty Avoidance

UA is the extent to which a society relies on social norms and procedures to alleviate the unpredictability of future events. In high UA cultures, people would be expected to have high levels of CFIP because they would aim to reduce uncertainty by being cautious and careful about the information they divulged through the internet so that they would be more certain as to what was done with any information provided. On the other hand, people scoring low on UA are less interested in reducing uncertainty and would not be concerned about how information they provide is used. The ability to reduce uncertainty with a computer system is highly valued for high UA individuals [53]. Therefore, the relationship between UA and IUIPC exists, thus:

H7-2 High uncertainty avoidance will be associated high IUIPC

Institutional Collectivism

High values of IC encourage and reward collective distribution of resources and collective action. In such cultures cooperation is seen as more important than the individuals needs [54]. In such an environment attitudes toward privacy are likely to be more relaxed, leading to:

H7-3 IC will be negatively associated with values of IUIPC

Humane Orientation

HO targets the individual’s focus on others’ wellbeing, and people rather than task oriented approach. Paternalistic and patronage relationships are valued, and individuals value harmony [55]. It follows that individuals exhibiting high levels of HO would be concerned about privacy.

H7-4 HO will be positively associated with values of IUIPC

Performance Orientation

In cultures with the highest reported PO scores, training and development is highly valued. People believe in taking initiative and emphasize performance. It is likely that these people will be concerned about privacy and would strive to ensure that privacy issues are addressed, thus:

H7-5 PO will be positively associated with values of IUIPC

Future Orientation

Kluckhohn and Strodtbeck [56] first identified this phenomenon that represents a culture’s focus on the past, present or future. A past-oriented culture might evaluate plans in terms of customs, traditions, or history, while a future-oriented culture would evaluate plans in terms of future benefits. People with high FO scores would be more concerned about privacy issues in the future and would likely have a high IUIPC score, thus:

H7-6 FO will be positively associated with values of IUIPC

Gender Egalitarianism

In societies where the differences in gender are high, gender inequality will be apparent. Men tend to focus on hierarchy and independence, while women focus on intimacy and solidarity, thus women would be more concerned over privacy issues.

H7-7 High GE will be associated with high IUIPC

Group Collectivism

This dimension refers to the extent to which members of a society take pride in membership in small groups such as their family and close circle of friends, and the organizations in which they are employed. In countries with high group collectivism scores, being a member of a family and of a close group of friends is important and there is an inclination to put friends and family before society’s rules and procedures. This focus and tendency to share may lead people to be less concerned about privacy.

H7-8 High GC will be associated with low IUIPC


In cultures where assertiveness, confrontational, and aggressive behavior is condoned, individuals are more likely to be concerned about information privacy because they focus on the right to control information about themselves [57]. These arguments lead us to hypothesise:

H7-9 ASS scores will be positively associated with IUIPC scores

3.5 Privacy

Consensus in the trust literature (Malhotra et al. [13]) implies:

H8 There is a negative relationship between IUIPC and the degree of trust an individual has when making an online transaction

4 Research Method

Using the a modified version of the Malhotra et al. [13] model and questionnaire, a web-based survey instrument was used to collect data from a cross-section of Internet users on the constructs in the model. The survey subjects varied in age from 15 to 73 and the gender balance was 55% female and 45% male. Table 3 illustrates the countries of birth of participants. There were 53 questions in the survey. Respondents were asked a series of demographic questions, including some based on culture related variables. They were then presented with two scenarios one of which involved a discount club that gave discounts on CDs Books and electronics in exchange for personal purchase preference information (such as favorite category, brand design etc.), the second was the same scenario only asking for personal financial information (such as income, mortgage payments, investments).

Table 3. Countries of birth of participants

The data collected from the questionnaire were subject to analysis using structural equation modelling. First, the measurement model was tested to ensure that items loaded satisfactorily on to the constructs being measured. No significant departures from normality were detected in the data.

The survey measured both Global information privacy concerns (GIPC) and the more contemporary Internet Users Information Privacy Concerns (IUIPC). We collected this data with a view to comparing the nature of the two constructs and help resolve the differences between them. We used PLS to test the structural integrity of the model, however individual relationships were tested using multiple regression. The results for the complete model are shown in Fig. 3.

Fig. 3.
figure 3

Model of GIPC showing loadings of Control, Awareness and Collection

5 Results

First we examined the differences between GIPC and IUIPC before inclusion in the full research model. The survey measured both GIPC and IUIPC. We discuss our results with respect to both, then go on to test the full model.

5.1 Test of GIPC and IUIPC

As expected, IUIPC was significantly correlated with GIPC (R = 0.675, p < 0.01). The constructs contributing to GIPC and IUIPC were tested using both PLS and multiple regression. Collection contributed strongly to GIPC (loading of 0.55), and Control showed a weak contribution to GIPC (0.14). Overall, the model contributes to an R2 of 0.519 for GIPC.

The regression testing of GIPC, Control, Awareness, and Collection variables were computed by averaging each construct’s indicators, and regressing Control Awareness and Collection against GIPC (see Table 4 below). Collection contributed significantly at the p < 0.01 level, while weak association are shown with Control at the p < 0.10 level.

Table 4. Summary results for the stepwise regression of collect, control, and aware against GIPC

Testing of the full relationship between GIPC and Collect, Control and Aware, using PLS (see Fig. 3). The model resulted in an R2 of 0.499 for GIPC. This test indicates the GIPC and IUIPC are not the same construct, and are significantly different. For example, IUIPC assumes that Collect Control and Aware contribute equally to its value, however Collect only contributes 43.5% of the value of GIPC. Control only has a loading of 0.140 on GIPC (significant at only p < 0.05), and the loading of Aware on GIPC is 0.082 (not significant). Therefore we conclude that GIPC should not be used to proxy for IUIPC.

Because we believe GIPC and IUIPC are different constructs, we use IUIPC in the full model. All testing therefore is undertaken using IUIPC.

5.2 Full Model

Figure 4 shows the full model with loadings between indicators and latent variables. The full model resulted in an R2 of 0.438 for Behavioral Intention. Demographic factors and Trust contributed significantly to Behavioral Intention, while Risk was found to be a moderating factor between Trust and Behavioral Intention (see Fig. 4). Table 5 summarizes the results of the hypothesis testing.

Fig. 4.
figure 4

Model of national culture, trust and internet privacy concerns

Table 5. Summary of results

IUIPC is a latent variable derived from Collect, Control and Awareness. We hypothesised that IUIPC would also be affected by Demographic and Cultural factors. Demographic factors were slightly significant at the p < 0.10 level (one tail).

Trust is a latent variable derived from IUIPC, FamVend, StructAss, and CalcBel. All variables contributed significantly to Trust at the p < 0.01 level (one tail) and StructAss at the p < 0.05 level (one tail).

Risk was found to contribute directly to Behavioral Intention (0.174, p < 0.05), and also acted as a moderating variable to the effect that Trust had on Behavioral Intention (0.21, p < 0.05).

As noted above, IUIPC and GIPC are not the same constructs. We substituted GIPC for IUIPC and obtained a similar R2 for Behavioral Intention (0.402). However the influence of demographic and cultural variables on GIPC was not significant, and bivariate correlations revealed no significant associations with the cultural dimensions. We conclude that demographic and cultural factors do not influence GIPC. Additional work is needed to investigate this issue further to determining the underlying reasons for this difference.

The demographic factors of Age and Education had a barely significant association with IUIPC (0.080, p < .10 one-tail). However the loading on Behavioral Intention was high at 0.497, p < .01, indicating older users’ Behavioral Intention was to reveal more personal information, as were users with less Education.

6 Discussion

There has been little work exploring the role of culture in the relationship between privacy, trust, risk and behavioral intention in e-commerce. This work contributes to the body of knowledge in that area. It also confirms the validity of the second order factor IUIPC first put forward by [13] as being explained by first order factors; collection, control and awareness. An additional unexpected finding was the mediating role of risk in the relationship between IUIPC and behavioral intention.

Cultural variables load better on to BI than IUIPC. It is well known that there are cultural differences in shopping habits [58], and this may be independent of attitude to information privacy.

The encouraging results of this study suggest an extension of the research to additional country clusters. Such an extension will help ensure an appropriate cultural and demographic mix. We expect the hypotheses to continue being supported, and allow for further investigation into parts of this model that have not achieved significance.

Because of the lack of influence of privacy on behavioral intention (IUIPC on Trust and Behavioral Intention), this finding leads us to conclude that users are more influenced by trust and risk (risk also mitigating trust), not so much by privacy concerns. Practitioners should therefore focus on building trust, and reducing risk.

7 Limitation

The major limitation of this work is the small sample size.

8 Conclusions

This research has built on prior research to show how national cultural dimensions and privacy are important in developing trust in a web-based e-commerce environment. The research combines the work of Bellman et al. [2, 7], and Milberg et al. [33] with the Globe cultural dimensions to examine the influence that culture has on privacy concerns and trust. This further contributes to the cultural theoretical foundation called for by others [2, 7]. Preliminary findings indicate calculative beliefs and familiarity with the vendor (and to a lesser extent structural assurances) to be a key factors influencing trust and thus behavioural intention.

Age and educational level were found to directly influence behavioural intention, but not IUIPC or CFIP. Additional work is needed to tease out this issue.

Group collectivism emerges as significant within the sample, but a dichotomy of cultures may explain this. Work is progressing to expand the survey sample.

Finally, CFIP and IUIPC are not the same, although they are correlated. Again further work is needed to better understand the underlying differences.

To help improve the completion of internet transactions, Practitioners should focus on building trust and reducing risk. We found that cultural influences, age, and educational level directly influenced behavioural intention, so practitioners should focus on educating older, and less educated citizens to reduce their concerns about internet transaction completion.

Culture was found not to influence IUIPC, however it did have a direct influence on behavioural intention. Further work is needed to fully understand the basis of this behaviour. For example, one reason might be that some cultures do not care about privacy when considering divulging sensitive information, or they may feel that privacy is not an issue.