The Cognitive Heuristics Behind Disclosure Decisions

  • Vincent Marmion
  • Felicity Bishop
  • David E. Millard
  • Sarah V. Stevenage
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10539)


Despite regulatory efforts to protect personal data online, users knowingly consent to disclose more personal data than they intend, and they are also prone to disclose more than they know. We consider that a reliance on cognitive heuristics is key to explaining these aspects of users’ disclosure decisions. Also, that the cues underpinning these heuristics can be exploited by organisations seeking to extract more data than is required. Through the lens of an existing credibility heuristic framework, we qualitatively analyse 23, one-to-one, semi-structured interviews. We identify six super-ordinate classes of heuristics that users rely upon during disclosures: PROMINENCE, NETWORK, RELIABILITY, ACCORDANCE, NARRATIVE, MODALITY, and a seventh non-heuristics TRADE class. Our results suggest that regulatory efforts seeking to increase the autonomy of the informed user are inapt. Instead the key to supporting users during disclosure decisions could be to positively nudge users through the cues underpinning these simple heuristics.


Cognitive heuristics Privacy paradox Informed consent 


  1. 1.
    Acquisti, A.: Privacy and security of personal information. In: Camp, L.J., Lewis, S. (eds.) Economics of Information Security in Advances in Information Security, vol. 12, pp. 179–186. Springer, Heidelberg (2004).
  2. 2.
    Acquisti, A.: Nudging privacy: the behavioral economics of personal information. Digit. Enlightenment Yearb. 2012, 193–197 (2012)Google Scholar
  3. 3.
    Acquisti, A., Grossklags, J.: Privacy attitudes and privacy behavior. In: Camp, L.J., Lewis, S. (eds.) Economics of Information Security, pp. 1–15. Springer, Heidelberg (2004).
  4. 4.
    Acquisti, A., Grossklags, J.: What can behavioral economics teach us about privacy? In: Digital Privacy, pp. 363–377. Auerbach Publications (2007).,
  5. 5.
    Acquisti, A., John, L., Loewenstein, G.: The impact of relative standards on the propensity to disclose. J. Market. Res. 49(2), 160–174 (2012).
  6. 6.
    Adjerid, I., Acquisti, A., Brandimarte, L., Loewenstein, G.: Sleights of privacy. In: Proceedings of the Ninth Symposium on Usable Privacy and Security - SOUPS 2013, p. 1. ACM (2013).
  7. 7.
    Balebako, R., Jung, J., Lu, W., Cranor, L.F., Nguyen, C.: Little brothers watching you. In: Proceedings of the Ninth Symposium on Usable Privacy and Security - SOUPS 2013, p. 1. ACM (2013).
  8. 8.
    Balebako, R., Leon, P.G., Almuhimedi, H., Kelley, P.G., Mugan, J., Acquisti, A., Cranor, L.F., Sadeh, N.: Nudging users towards privacy on mobile devices. In: CEUR Workshop Proceedings, vol. 722, pp. 23–26 (2011)Google Scholar
  9. 9.
    Cialdini, R., Trost, M.: Social influence: social norms, conformity and compliance. In: The Handbook of Social Psychology, vol. 2, pp. 151–192 (1998).
  10. 10.
    Fereday, J., Muir-Cochrane, E.: Demonstrating rigor using thematic analysis: a hybrid approach of inductive and deductive coding and theme development. Int. J. Qual. Methods 5(1), 80–92 (2006)CrossRefGoogle Scholar
  11. 11.
    Fogg, B.J., Soohoo, C., Danielson, D.R., Marable, L., Stanford, J., Tauber, E.R.: How do users evaluate the credibility of web sites? A study with over 2,500 participants. In: Proceedings of the 2003 Conference on Designing for User Experiences (DUX 2003), pp. 1–15. ACM (2003).
  12. 12.
    Fogg, B.J.: Prominence-interpretation theory: explaining how people assess credibility online. In: Conference on Human Factors in Computing Systems - Proceedings, pp. 722–723. ACM (2003).
  13. 13.
    Furnell, S., Phippen, A.: Online privacy: a matter of policy? Comput. Fraud Secur. 2012(8), 12–18 (2012).  10.1016/S1361-3723(12)70083-0
  14. 14.
    Gambino, A., Kim, J., Sundar, S.S., Ge, J., Rosson, M.B.: User disbelief in privacy paradox: heuristics that determine disclosure. In: Proceedings of the 2016 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pp. 2837–2843. ACM (2016)Google Scholar
  15. 15.
    Gigerenzer, G., Gaissmaier, W.: Heuristic decision making. Ann. Rev. Psychol. 62, 451–482 (2011)CrossRefGoogle Scholar
  16. 16.
    Gigerenzer, G., Hoffrage, U., Goldstein, D.G.: Fast and frugal heuristics are plausible models of cognition: reply to Dougherty, Franco-Watkins, and Thomas. Psychol. Rev. 115(1), 230–239 (2008)CrossRefGoogle Scholar
  17. 17.
    Gigerenzer, G., Todd, P.M.: Fast and frugal heuristics: the adaptive toolbox. In: Simple Heuristics that make us Smart, pp. 3–34. Oxford University Press, Oxford (1999)Google Scholar
  18. 18.
    Goodman, M.: Future Crimes: Everything is Connected, Everyone is Vulnerable and What We can do about it. Anchor, Daman (2015)Google Scholar
  19. 19.
    Hansen, P.G., Jespersen, A.M.: Nudge and the manipulation of choice: a framework for the responsible use of the nudge approach to behaviour change in public policy. Eur. J. Risk Regul. 1, 3–28 (2013).
  20. 20.
    Heikkinen, A., Wickström, G., Leino-Kilpi, H.: Understanding privacy in occupational health services. Nurs. Ethics 13(5), 515–530 (2006).
  21. 21.
    Higgins, E.: Promotion and prevention. Regulatory focus as a motivational principle.pdf. Adv. Exp. Soc. Psychol. 30, 1–46 (1998)CrossRefGoogle Scholar
  22. 22.
    Hollingsed, T., Novick, D.G.: Usability inspection methods after 15 years of research and practice. In: Proceedings of the 25th Annual ACM International Conference on Design of Communication, pp. 249–255. ACM (2007)Google Scholar
  23. 23.
    Holloway, I.: Basic Concepts for Qualitative Research. Wiley, Hoboken (1997)Google Scholar
  24. 24.
    Hoofnagle, C.J.: Identity theft: making the known unknowns known. Harvard J. Law Technol. 21, 98–122 (2007).
  25. 25.
    Kahn, C.M., Roberds, W.: Credit and identity theft. J. Monetary Econ. 55(2), 251–264 (2008).
  26. 26.
    Kahneman, D.: Thinking, Fast and Slow. Macmillan, Basingstoke (2011)Google Scholar
  27. 27.
    Kehr, F., Wentzel, D., Mayer, P.: Rethinking the privacy calculus: on the role of dispositional factors and affect. In: The 34th International Conference on Information Systems, vol. 1, pp. 1–10 (2013).
  28. 28.
    Knijnenburg, B.P.: On the dimensionality of information disclosure behavior in social networks. Int. J. Hum.-Comput. Stud. 71(12), 1144–1162 (2013)CrossRefGoogle Scholar
  29. 29.
    Komanduri, S., Shay, R., Kelley, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F., Egelman, S.: Of passwords and people. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI 2011), pp. 2595–2604. ACM (2011).
  30. 30.
    Krasnova, H., Günther, O.: Privacy concerns and identity in online social networks. Identity Inf. Soc. 2(1), 39–63 (2009)CrossRefGoogle Scholar
  31. 31.
    Krasnova, H., Spiekermann, S., Koroleva, K., Hildebrand, T.: Online social networks: why we disclose. J. Inf. Technol. 25(2), 109–125 (2010).
  32. 32.
    Kruger, J., Wirtz, D., Van Boven, L., Altermatt, T.W.: The effort heuristic. J. Exp. Soc. Psychol. 40(1), 91–98 (2004)CrossRefGoogle Scholar
  33. 33.
    Metzger, M.J.: Privacy, trust, and disclosure: exploring barriers to electronic commerce. J. Comput.-Mediated Commun. 9(4), 1–29 (2006)CrossRefGoogle Scholar
  34. 34.
    Metzger, M.J., Flanagin, A.J.: Credibility and trust of information in online environments: the use of cognitive heuristics. J. Pragmatics 59, 210–220 (2013).
  35. 35.
    Metzger, M.J., Flanagin, A.J., Medders, R.B.: Social and heuristics approaches to credibility evaluation online. J. Commun. 60(3), 413–439 (2010)CrossRefGoogle Scholar
  36. 36.
    Nielsen, J.: Usability inspection methods. In: Conference Companion on Human Factors in Computing Systems, pp. 413–414. ACM (1994)Google Scholar
  37. 37.
    Norberg, P.A., Horne, D.R., Horne, D.A.: The privacy paradox: personal information disclosure intentions versus behaviors. J. Consum. Affairs 41(1), 100–126 (2007)CrossRefGoogle Scholar
  38. 38.
    Olivero, N., Lunt, P.: Privacy versus willingness to disclose in e-commerce exchanges: the effect of risk awareness on the relative role of trust and control. J. Econ. Psychol. 25(2), 243–262 (2004)CrossRefGoogle Scholar
  39. 39.
    Ryan, G.W., Bernard, H.R.: Techniques to identify themes. Field Methods 15(1), 85–109 (2003)CrossRefGoogle Scholar
  40. 40.
    Solove, D.J.: Introduction: privacy self-management and the consent dilemma. Harvard Law Rev. 126, 1880–1903 (2012).
  41. 41.
    Sundar, S.S., Kang, H., Wu, M., Go, E., Zhang, B.: Unlocking the privacy paradox: do cognitive heuristics hold the key? In: CHI 2013 Extended Abstracts on Human Factors in Computing Systems, pp. 811–816 (2013)Google Scholar
  42. 42.
    Sundar, S.S.: The MAIN model: a heuristic approach to understanding technology effects on credibility. In: Digital Media, Youth, and Credibility, pp. 73–100 (2008).
  43. 43.
    Tversky, A., Kahneman, D.: Availability: a heuristic for judging frequency and robability. Cogn. Psychol. 5(2), 207–232 (1973).
  44. 44.
    Tversky, A., Kahneman, D.: Judgment under uncertainty: heuristics and biases. In: Wendt, D., Vlek, C. (eds.) Utility, Probability, and Human Decision Making, vol. 11, pp. 141–162. Springer, Heidelberg (1975). doi: 10.1007/978-94-010-1834-0_8
  45. 45.
    Vila, T., Greenstadt, R., Molnar, D.: Why we can’t be bothered to read privacy policies models of privacy economics as a lemons market. In: Proceeding ICEC 2003 Proceedings of the 5th International Conference on Electronic Commerce, pp. 403–407. ACM (2003).
  46. 46.
    Ward, R.: Physiological responses to different WEB page designs. Int. J. Hum.-Comput. Stud. 59(1–2), 199–212 (2003).
  47. 47.
    Weitzner, D.J., Abelson, H., Berners-Lee, T., Feigenbaum, J., Hendler, J., Sussman, G.J.: Information accountability. Commun. ACM 51(6), 82–87 (2008).
  48. 48.
    Westin, A.F.: Social and political dimensions of privacy. J. Soc. Issues 59(2), 431–453 (2003)CrossRefGoogle Scholar
  49. 49.
    Whitney, S., McCullough, L.B.: A typology of shared decision making, informed consent, and simple consent. Ann. Intern. Med. 140(1), 54–59 (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Vincent Marmion
    • 1
  • Felicity Bishop
    • 1
  • David E. Millard
    • 1
  • Sarah V. Stevenage
    • 1
  1. 1.University of SouthamptonSouthamptonUK

Personalised recommendations