Addressing the privacy paradox on the organizational level: review and future directions

The discrepancy between informational privacy attitudes and actual behaviour of consumers is called the “privacy paradox”. Researchers across disciplines have formulated different theories on why consumers’ privacy concerns do not translate into increased protective behaviour. Over the past two decades multiple differing explanations for the paradox have been published. However, authors generally agree that companies are in a strong position to reduce consumers’ paradoxical behaviour by improving their customers’ informational privacy. Hence, this paper aims at answering the question: How can companies address the privacy paradox to improve their customers’ information privacy? Reviewing a sample of improvement recommendations from 138 papers that explore 41 theories in total, we determined that companies can generally align their privacy practices more closely with customers’ expectations across 4 inter-connected managerial processes: (1) strategic initiatives, (2) structural improvements, (3) human resource management, and (4) service development. The findings of this systematic literature review detail how companies can address both the rational and irrational nature of the privacy decision-making process. Furthermore, we propose a dynamic model able to identify weaknesses and strengths in companies’ privacy orientation.


Introduction
The "Social Media Age of Privacy" (Yun et al. 2019, p. 573) started about 20 years ago. With it came an increased concern regarding personal information privacy, commonly defined as the concern of consumers about companies' privacy practices which could compromise their ability to control their personal information (Smith et al. 1996, p. 191). This escalation of concerns continues to this day, with 81% of U.S adults feeling like "they have no or little control over the data companies collect from them" and thinking the "potential risks of companies collecting data about them outweigh the potential benefits" (Auxier et al. 2019, p. 4). However, early studies observed that customers' stated high privacy concerns did neither translate into a lower willingness to share personal data (Acquisti 2004) nor into increased protective behaviour (Norberg and Horne 2007). This value-action gap, which Barnes (2006) popularised under the term "privacy paradox", is still a prevalent topic amongst privacy researchers across various disciplines.
In their systematic literature review, Barth and de Jong (2017) examined 32 decision models from journal articles on the topic of the privacy paradox. They arrived at the conclusion that consumers' privacy behaviour is probably only predictable to a limited extent, as several moderating variables influence customer behaviour. For this reason, the recommendation was made to orientate data-intensive services more strongly towards the customers' needs: "The creation of data protection awareness in combination with tools that support users in their data protection decisions should help them to avoid paradoxical behaviour" de Jong 2017, p. 1051). Martin and Murphy (2017, p. 153) also support this conclusion in their literature review on the role of privacy in marketing: "Although a coherent subset of theoretic approaches has provided a robust understanding through deep insights, in some respects this focus has limited our view of privacy too much to individual silos (…) Future research directions should embody a holistic approach, blending the many consumer, organisational, ethical, and legal concerns that feature in contemporary data privacy questions." In other words, companies are in a strong position to reduce consumers' paradoxical behaviour by improving their customers' informational privacy. Despite the prevalent recommendation for companies to adapt a "more proactive approach" (Dinev et al. 2015, p. 652), current literature across disciplines does not sufficiently address the privacy paradox on an organisational level. Hence, this paper aims at answering the following question: How can companies address the privacy paradox and improve their customers' information privacy?
In this paper, we review 138 papers with 41 different theoretical approaches to the privacy paradox and evaluate their recommendations on what companies could learn from their studies. We begin by staking out our theoretical position and its importance for data collecting companies. Afterwards, we detail our methodological approach and the steps taken in searching and appraising the past twenty years of privacy paradox research. Our findings elaborate on how the recommendations of these papers can be structured in order to create a dynamic

Theoretical gap
The lack of research considering the organisational level can be illustrated by the large number of literature reviews featuring extensive insights on the personal or sectoral level, while either completely omitting the organisational level from their research question (e.g. Bandara et al. 2017) or only summarizing the effect organisational privacy practices have on individuals (e.g. Beke et al. 2018). The few reviews explicitly addressing the organisational level note the "surprisingly" low number of "studies on the organisational level" (Bélanger andCrossler 2011, p. 1029) while "advocating for a holistic way of thinking about organisational use of consumer data" (Martin and Murphy 2017, p. 153).
Of course, this is not to suggest that previous privacy research offers no insights on how to address the privacy paradox on the organisational level. As Bélanger andCrossler (2011, p. 1027) note, the results of these studies offer a variety of implications on other levels. Yet, so far, the majority of studies are not conducted on the organisational level and the plethora of implications from results on other levels have not been systematically analysed. This paper's theoretical contribution is centred specifically around these implications.

3
The lack of papers from an organisational perspective and the inconsistent measuring of many privacy constructs (Smith et al. 2011, p. 997) make it difficult to conduct a meta-analysis. Yet, by focusing on recommendations arising from papers basing their insights on established theoretical frameworks, we are able to sketch out a dynamic model which has the potential to serve as a unifying basis upon which future studies on the organisational level can be built.

The privacy paradox
Six years ago, Dienlin and Trepte (2015, p. 295) declared the privacy paradox to be "a relic of the past". Their argument was based on the "principle of compatibility"-stating that attitudes such as privacy concerns serve as better predictors for behaviour when measured at the same level of specificity (Ajzen 2011;Ajzen andFishbein 1970, 1977). In their own words: "Broad and abstract attitudes such as privacy concerns are less likely to predict narrow behaviours such as the use of public versus private profiles on SNSs [social networking systems]" (Dienlin and Trepte 2015, p. 286). They conclude that, if the level of specificity is matched, "paradoxical" behaviour will disappear. This argument highlights an old problem; as Smith et al. (2011, p. 997) also noted: "Because of the near impossibility of measuring privacy itself (…), almost all empirical privacy research in the social sciences relies on measurement of a privacy-related proxy of some sort." While this argument does justice to the highly contextual nature of individuals' privacy decision making (Mourey and Waldman 2020), it is ultimately still based on the assumption of rational disclosure-i.e. only one part of the privacy paradox.
Individual choice can only explain the observed paradoxical behaviour under a rather narrow "zone of effectiveness" (Reidenberg et al. 2014, p. 517) where requests to share data are infrequent, the risks of disclosure are comprehensible and consumers have an incentive to take requests seriously (Richards andHartzog 2019, p. 1492). As long as the "irrational" side of individual privacy decisions (Gambino et al. 2016;Sundar and Kim 2019;Sundar et al. 2013) and the structural hurdles to informed consent (Mourey and Waldman 2020;Reidenberg et al. 2014;Richards and Hartzog 2019;Solove 2013Solove , 2021Waldman 2020) are not taken into account, our understanding of the privacy paradox remains incomplete.
Hence, addressing the privacy paradox on an organisational level necessitates the often demanded "holistic perspective" (Bélanger andCrossler 2011, p. 1027;Martin and Murphy 2017, p. 153), i.e. trying to unify the rational, irrational and structural approaches in order to reduce the discrepancy between expressed privacy concerns and actual privacy behaviour. Any model attempting to do so must first consider the well-established theories used to "solve" the privacy paradox on a personal and societal level. From their arguments, a theoretical basis for organisational privacy research can be drawn.

Why should companies care?
While there are many scientific and ethical reasons to research information privacy, from a firm's perspective the goal is to "first satisfy their customers" (Gunther 2009, p. 18). Hence, trying to reduce the discrepancy between customers' globally increasing demands for more privacy (Clemons et al. 2014) and the predicted rise in data collection needs of new (marketing) technologies (Palmatier and Martin 2019, p. 58) should be a central concern of marketers. Big data technologies have a high potential for use in marketing, but rely heavily on consumer trust (Bauer and Lasinger 2014;Bauer and Strauss 2016;Michler et al., 2020). Accordingly, by building the necessary capabilities to address the privacy paradox (i.e. aligning the rational, irrational and structural privacy conditions with the customers' expectations), companies could gain a strategic advantage in the market today (Li et al. 2019;Seo et al. 2018). These capabilities have already been linked to higher trust and customer satisfaction (Dehghanpouri et al., 2020;Eastlick et al. 2006;Featherman et al. 2010;Wu et al. 2012), willingness to share data (Dinev and Hart 2006;Hui et al. 2007;Morlok 2016), damage control for data breaches (Malhotra and Malhotra 2011) and even firm performance .
However, since no cohesive overarching framework of how to address the privacy paradox on an organisational level exists (Palmatier and Martin 2019, p. 180), different organisational capabilities were examined and measured across all of these studies. Additionally, most of these studies looked at individual privacy measures (e.g. transparency and control) and their effects on customer behaviour. So far, there is little comparability between these results. Nevertheless, taken together, they at least provide enough evidence to suggest a "first-mover advantage on consumer privacy protection" (Martin and Murphy 2017, p. 152).

Method
We performed a literature review of publications researching the privacy paradox and offering implications or recommendations for companies on how to address it. The review aimed to.
1. highlight the different theories used in the literature to answer the question posed in the introduction; 2. organise and classify said recommendations according to the management process they intend to impact; 3. create a dynamic model able to classify future recommendations and identify weaknesses and strengths in companies' privacy orientation; and 4. identify gaps in the current literature to indicate future research directions.
The review phases conducted correspond to the four phases described by Okoli (2015, p. 884): planning; literature selection; data extraction; and execution (see Fig. 1). This method was chosen as it synthesises the methodology from diverse fields and allows for the analysis of both quantitative and qualitative results. This was necessary as the reviewed papers originated from different fields, including marketing, information system science, psychology, sociopsychology, ethics and law and used both qualitative and quantitative research 1 3 designs. Furthermore, Okoli's (2015, p. 905) process is designed to both assure rigor through reproducibility and increase the chance not to leave out any relevant literature. Additionally, to guide the qualitative nature of the data extraction in this review, the approach of Bandara et al. (2015, p. 160) was used, as recommended by Okoli (2015, p. 895), to supplement the overall structure.

Planning phase
In the planning phase, the paper's four goals and the driving question of "How can companies address the privacy paradox to improve their customers' informational privacy" were defined. The systematic literature review was chosen due to the available wealth of information aimed at answering the privacy paradox across disciplines. Most of these papers feature recommendations on how addressing the paradox may help both customers and firms in the long run. However, since there is no cohesive overarching model to categorise these recommendations, the effects of privacy strategies are often measured through expressed privacy concerns (Dinev et al. 2012) and therefore lack comparability. Any model attempting to create a framework which would allow comparability between different privacy strategies must therefore draw its conclusions from arguments derived from well-established theories which have been shown to have predictive power both in, and outside of, privacy research (see goals 1 and 2 of this review). Hence, the results of the review should guide managers in their endeavours to align their company's data collection practices with their customers' expectations as well as help researchers identify future research directions.
To coordinate and inform all researchers involved in the review process, a protocol based on Kitchenham and Charters (2007, p. 54) was drafted. Due to the comparatively small team size involved in this review, no further training steps were taken.

Selection phase
The selection phase consists of defining a practical screening process with inclusion and exclusion criteria and utilizing these to search for relevant literature (Okoli 2015, p. 893).
Our review considered papers published between January 1st 2001 and December 1st 2020. These dates were chosen to incorporate privacy research since the beginning of the "Social Media Age" of privacy, as this was the time period the privacy paradox was first considered as such (Yun et al. 2019, p. 573). To cover the broad spectrum of privacy literature across disciplines, we placed no restrictions on the chosen research method-as long as it aimed at expanding or using existing theory to find an answer to (a part of) the privacy paradox. Papers not explicitly mentioning the privacy paradox were not automatically excluded, as the term is not equally widespread across disciplines (see e.g. Child et al. 2009). However, we rejected any papers not subjected to peer review (i.e. most book chapters) or not written in English (to ensure equal comprehensibility for all researchers involved).
We utilised a hierarchical search strategy for the literature search process to capture relevant articles from multiple fields, starting with the most reliable sources. To this end, the databases WebofScience and EbscoHost were searched using the terms "privacy paradox" or "privacy behaviour" or "privacy protection" (or a combination thereof) in the title, abstract or keywords. These two platforms were prioritised due to their interdisciplinary nature and collection of peer-reviewed articles and conference proceedings. We repeated the process on Google Scholar to ensure we obtained a comprehensive selection of papers across multiple sources and disciplines. Since the search yielded 9′250 papers (often duplicated) even after applying all the exclusion criteria, only the topmost 100 articles were screened. This initial search yielded 456 papers-not counting duplicates. As recommended by Bandara et al. (2015, p. 184), we used backward and forward sampling to increase the quality of the sample overall. For backward sampling we used the references found in literature reviews and meta-analyses published in journals with an impact score higher than 2 across different disciplines (psychology, marketing, information system science, socio-psychology). Finally, forward sampling was carried out (using Mendeley and Google Scholar) for often-cited papers published in A or A + journals across the same disciplines (psychology, marketing, information system science, socio-psychology). The complete list came down to 538 papers to be screened.
The papers were screened manually. Papers neither citing an explicit theoretical background nor proposing a new theory to explain the privacy paradox (or a related question) as well as papers not proposing direct or indirect implications to improve privacy orientation at an organisational level were rejected. Whenever a paper had been published in more than one journal or conference report, only the most complete version was chosen. After two rounds of screening, the initial selection was reduced to 289 papers.
The selection process is illustrated in Fig. 2 to show "the initial number of identified studies and the number of studies eliminated at each stage of the literature search process" as recommended by Kuckertz and Block (2021, p. 3) to clearly express the effect of the exclusion criteria used.

Extraction phase
During the extraction phase, the first data points are collected and the selection of papers is further reduced through a qualitative appraisal of their content.
We extracted ten data points for each paper-amongst them identifiers such as the author and title, classifications such as research stream and theories cited and the recommendations made to address the privacy paradox on an organisational level. The data per paper was extracted and tabulated by one researcher and checked by another one.
For the appraisal of quality, we used a qualitative approach in combination with a scoring system recommended by Kitchenham and Charters (2007, p. 53) to further refine the number of papers considered. This approach was chosen over a quantitative method to accommodate for the diverse nature of privacy research (i.e. different disciplines as well as research designs). The questions driving the appraisal were: Question 1: Are the inclusion criteria explicitly defined in the paper?
• Yes-they are explicitly defined in the paper. • Partially-the criteria are implicitly met.
• No-the inclusion criteria are neither met nor are they implicitly referable.
Question 2: Is the paper based on or expands on one or multiple clearly defined theory/theories?
• Yes-the theoretical approach is explicitly defined in the paper. • Partially-the theoretical approach can be inferred from citations and/or variables used. • No-the paper makes no mention to the chosen theoretical approach. Addressing the privacy paradox on the organizational level:… Question 3: Does the paper offer any practical implications on how to address the privacy paradox on an organisational level?
• Yes-the recommendations are clearly defined in their own paragraph. • Partially-the recommendations can be inferred from the paper's conclusion. • No-the paper offers neither recommendations nor inferences on how to address the privacy paradox on an organisational level.
Question 4: Are the recommendations within the paper based on evidence and a cohesive argumentation?
• Yes-the recommendations follow logically and directly from the paper's results. • Partially-the recommendations follow logically from the paper's results. • No-the recommendations are not connected to the paper's results.
"Yes" answers yielded 1 point, "partially", 0.5 points and "no", 0 points. All papers with one or more "nos" were rejected, and so were papers scoring no more than 2 points.
After this qualitative appraisal, the final sample comprised 138 papers which were considered for the execution phase.

Execution phase
During the execution phase, the screened, selected, and scored papers are combined to "make comprehensive sense" (Okoli 2015, p. 899) of their content.
As a first step, we aggregated a list of all the theories used to explain the privacy paradox. This was done to ensure that the intended model was based on established theories covering the rational, irrational and structural elements making up the privacy paradox. Among the 138 papers, 42 different theories across 7 academic disciplines were used. Other descriptive statistics, such as the years of publication, the research design, etc., were also summarised.
We coded the recommendations using the inductive process described by Bandara et al. (2015, p. 169) to capture the recommendations found in the literature to address the privacy paradox on an organisational level. The grounded theory approach was chosen to arrive at a clear data structure which could serve as the foundation for "a vibrant inductive model grounded in data" (Gioia et al 2013, p. 22).
After an initial round of coding covering all the recommendations, the resulting codes and memos were surveyed. Codes which were sufficiently similar in terminology and meaning were merged. This led to a classification of thirteen secondorder themes related to resolving the privacy paradox. Based on this codebook, the intercoder reliability was tested with unaffiliated PhD students, resulting in an intercoder reliability of 64.28% (calculated according to the Holsti method; (Mao 2018)). After discussing the results with the students, the descriptions in the codebook were updated and narrowed. A second round of testing with other researchers resulted in a 71.42% intercoder reliability, falling within an acceptable reliability window, especially considering the sample size and the possible number of codes per question (Hruschka et al. 2004, p. 317).
As a final step, we aggregated these 13 themes into four dimensions. To test their reliability, we asked three researchers to cluster the themes themselves based on the information in the codebook. The four resulting aggregate dimensions cover the managerial processes through which the privacy paradox can be addressed: (1) strategic initiatives; (2) structural improvements; (3) human resource (HR) management; and (4) service development (see Fig. 3).
This data structure was the basis which enabled a deeper exploration of the research question. Specifically, it guided the inquiry about (1) what recommendations are made to address the privacy paradox on an organisational level, (2) what (if any) gaps are there in the literature addressing the privacy paradox. The results and the connection between these themes are discussed in the following section.

Addressing the privacy paradox
The four aggregate dimensions mentioned above give a bird's eye view on what management processes the recommendations have an impact on. Together they form the parts of a dynamic model on how to address the privacy paradox on the organisational level. 'Addressing' hereby refers to the potential actions a company can take to align customers' privacy concerns and expectations with its actual data collection and processing activities.
The dynamic nature of the model is owed to the need to depict "complex changes relating to all aspects of an organisation" (Leonard and McAdam 2004, p. 258) along a temporal axis while allowing for recursive behaviour (Bauer et al. 2000). The four dimensions represent four, sequentially interdependent approaches that help companies align their privacy practices more closely with their customers' expectations (see Fig. 10). Addressing the privacy paradox on the organizational level:… The code for 'service development' is cited the most, with 67 citations within the sample, followed by the code for 'strategic initiatives' with 43 citations. 'Structural improvements' and 'HR management' appear 38 and 35 times, respectively. This is not surprising, considering that both psychology and marketing papers are often concerned with solutions to the paradox on a personal level, while sociology, information system science and management papers usually take a more structural approach. However, these numbers make no statement on the depth or quality of the recommendations, nor do they provide any insight on the connection between the codes.
Most 'solutions' to the privacy paradox are either based on the assumption of a (semi-rational) "risk-benefit calculation" or the assumption of "little to no risk assessment" being possible for individuals (e.g. due to knowledge deficiencies) de Jong 2017, p. 1043). The presented model tries to bridge this gap by considering both explanations as valid, depending on the context. Hence, while individual aggregate dimensions might be more efficient in addressing one end of this dichotomy, they are formed to address both.
The connections between the aggregate dimensions and the second-order themes were inductively inferred from the source material by looking at the temporal or directional relationships used in the papers' arguments. Wirtz and Lwin (2009, p. 204), for example, write on the subject of privacy goals: "Reducing privacy concerns may be sufficient for first-time or one-off transactions but will not be sufficient in relationship marketing, where an ever deeper understanding of customers, their background, motivations, and consumption patterns will enhance service delivery." This passage is illustrative of how privacy goals inform trust-building activities while leading to more meaningful personal interactions and ultimately individual privacy features. Additionally, the regulatory focus theory used in the same paper suggests that customers learn from interactions with companies by reacting to the companies' motivational systems, further cementing the view that companies' actions should precede their customers' reactions. Interpretations of such passages were collected in memos and later used to construct the model, the sub-models and their interrelationships, as suggested by Bandara et al. (2015, p. 170).
The sub-models and their most central connections are discussed in detail in the following paragraphs.

Strategic initiatives
The codes aggregated in this dimension all aim at addressing the privacy paradox through a strategic management focus, i.e., they seek to "guide those aspects of general management that have material effects on the survival and success of the business enterprise" as a whole and in the long term (Teece et al. 1997). Therefore, these recommendations should reduce paradoxical behaviour by "identifying difficult-to-imitate internal and external competences" (Teece et al. 1997) most likely to improve privacy capabilities within a firm or to signal high privacy standards to the market. In accordance with the "dynamic capabilities" perspective on strategic management, both externally focused strategic orientation and internally driven initiatives, such as setting privacy goals and engaging in trustgenerating tactics (see Fig. 4), form the basis all other privacy efforts have to build on Zhou and Li (2010).

Privacy goals
The code for privacy goals is featured most prominently across marketing papers, with 8 out of the total of 11 citations. Their recommendations aim to eliminate paradoxical behaviour on the customer's side by creating a privacy-aware culture within a company. It is usually framed as the first step to undertake, or as Lanier and Saini (2008, p. 28) put it: "Firms should look beyond being reactive, and instead embrace proactive approaches to managing privacy. Two areas in which this proactive adaptation can play out include organisational structure and strategy." Thus, these strategies aid customers in their risk-benefit calculation by explicitly declaring privacy as being central to a company's strategy (Lanier and Saini 2008). A fitting example for this strategy is the crypto-messenger Threema, which is able to uphold a high standard of privacy since almost every one of its visible features is subservient to their users' privacy (Bickelmann 2021).
Alternatively, measures such as implementing internal fair data usage procedures (Son and Kim 2008), investing heavily in the company's information systems for added security and transparency (Teng et al. 2019), or "dismantling the epistemic and normative power of the claim that privacy is a matter of individual control of information" within one's company culture (Hull 2015, p. 99) address the structural hurdles causing the privacy paradox.
Taken together, the sample's recommendations still give an incomplete picture of what constitutes an "aware" or "proactive" privacy culture. Future studies aimed at defining the "cultural web" of organisational privacy culture (rituals, symbols, heroes, values; (Sun 2008, p. 139) may enable us to measure their effects on customer privacy outcomes.

Trust-building
Trust is one of the central variables affecting the success of privacy measures (Wirtz and Lwin 2009), customer support of big data technologies (Bauer and Strauss 2016;Michler et al 2020) and the negative consequences of privacy turbulences for firms . While many of the recommendations in this review ultimately aim at earning the trust of customers, this code only addresses strategic initiatives with the explicit goal of building or rebuilding a basis of privacy-related and sustained trust. Since "trust is an important condition" (Dinev and Hart 2006, p. 76) for any other privacy initiatives, it works in tandem with the long-term privacy goals to create the conditions for all other privacy efforts (see Fig. 5).
However, most papers are unspecific in their recommendations on how to build such a basis. In general, the call for "investments in trust generating tactics" (Bansal et al. 2016, p. 13) is followed by recommendations to generate positive experiences first, e.g. by offering social interactions at crucial moments or by offering less (or non) data-intensive alternatives to new customers first (Guo et al. 2016).
In this way, customers are able to more realistically evaluate the potential benefits of a given service before deciding to disclose information, thus reducing paradoxical behaviour. Therefore, companies should actively measure their customers' trust over time (Schade et al. 2018) or whether customers perceive their services and actions as "fair" (Wirtz and Lwin 2009). Both aspects are indices of whether customers are able to perceive the benefits of a potential disclosure of data and whether internally driven privacy goals and externally driven privacy branding positions are successful.

Privacy branding
Privacy branding helps address the privacy paradox by signalling a company's stance on privacy in relation to its competitors. This either means positioning a product using higher or clearer privacy standards as a selling point (see e.g. Fazzini 2019 for an example) or by using third party privacy seals to signal a privacy benchmark met by the company (Mothersbaugh et al 2012). Either way, these efforts help customers make a more informed decision when evaluating offers. As Martin and Murphy (2017, p. 151) put it: "As companies continue to grapple with consumer information privacy questions, and as long as they compete in markets where privacy protections can be differentiated and are valued by customers, using privacy as a (branding) strategy remains a viable option to marketers." Of course, privacy branding can only be effective in the long term if it is either backed up by a privacy seal which independently searches for and reports infringements  or if it is backed by long-term privacy efforts which are believably signalled to the market (Tang et al. 2008).
As such, privacy branding is highly dependent on existing trust-building initiatives and an internal vision for a company's privacy goals. Future research regarding the "drivers of brand extension success" (Völckner and Sattler 2006, p. 18) or the "stretchability" (Ahluwalia 2008, p. 337) of data collecting brands may shed further light on how privacy branding can contribute to aligning consumers' privacy expectations more closely with firms' data collection processes.

Industry influence
The final code within this aggregate dimension combines recommendations regarding collaborations, joint ventures or agreements with vertical or horizontal industry participants to create more favourable privacy outcomes for customers. Similar to privacy branding, the goal is to address the privacy paradox by increasing signal accuracy regarding privacy practices. Hence, recommendations range from emphasizing privacy concerns as an entire industry (Oetzel and Gonja 2011) to distancing the company from industry actors with questionable privacy practices (Casadesus-Masanell and Hervas-Drane 2015; Hui et al. 2007). A current example are Apple's continued efforts to make Facebook's data tracking activities through their apps more transparent (Rodriguez 2021). Since the negative spill-over effects of a privacy breach (e.g. through a data leak) are felt throughout the industry, such efforts aid both in generating trust and in believable privacy branding . Additionally, such efforts are often driven by a firm's internally defined privacy goals.
Furthermore, addressing structural barriers for customers trying to act on their privacy preferences also requires asserting influence on the respective industry sector. Common recommendations are pro-actively trying to establish an industry standard in privacy management (Karwatzki et al. 2017;Plangger and Montecchi 2020) or creating an industry-wide demand for privacy friendly data collection processes (Martin 2020).

Structural improvements
An often-cited explanation for consumers' paradoxical behaviour is the one-sided power relationship when it comes to sharing personal data. The privacy calculus, resource exchange theory or social contract theory try to analyse privacy behaviour in terms of a market exchange: customers exchanging data for personalised services. Of course, this assumes that this exchange is initiated by the consumer and that it is based on a balanced power relationship. The codes aggregated under this dimension mostly try to address the prevalent power imbalance by changing the company structure. The connections between the individual codes largely follow the relationships found in information system science. Specifically, the company structure is essential "in leveraging the technological architecture" (i.e. the collection processes) to "encourage sharing and collaboration across boundaries within the organisation" (i.e. allowing the design of company-wide data control initiatives; see Fig. 6) (Gold et al. 2001).

Company structure
In order to adopt long-term privacy goals such as the 10 principles of the General Data Protection Regulation (GDPR; Art. 5-11), changes in company structure, hierarchy or business model often become necessary (see e.g. Teixeira et al. 2020). Recommendations like appointing and empowering a Chief Privacy Officer (CPO) (Solove 2013), banning the transmission of highly personal information across departments (Hermalin and Katz 2006), or abandoning revenue streams based on predatory data practices (Waldman 2020) serve to enforce compliance with strategic privacy initiatives. This addresses the privacy paradox by more closely aligning the actual risk of disclosure with customers' expectations. Unfortunately, there are few structural recommendations which go beyond compliance and trying to work with the customer to profit from data collection while addressing the privacy paradox. The advice that comes closest is the suggestion by Child et al. (2012Child et al. ( , p. 1871 to take a more customer-centric approach to understand how they "experience privacy missteps, miscalculations, and regretted disclosures." Yet, in order to take that step, a more customer-centric company structure may be necessary to both collect data and address the diverse privacy needs of customers, which in turn would shape data control and collection processes.

Data control
Most of the danger related to the loss of privacy stems from a loss of control over the flow of personal data (Nissenbaum 2010). The code "Data Control" applies to all recommended changes in control structures (viewing-privileges, collection privileges, usage privileges, modification privileges) relating to customer data within a firm. The argumentation behind redistributing control over data usually stems from theories which postulate that customers will protect themselves if given the chance Fig. 6 Connections between structural improvement codes to. Hence, recommendations for "consumer empowerment" through "control over their private data flow" (Prince 2018, p. 30) are often repeated. Specifically, users should be able to "add, delete, and modify at will, the information in the organisation's databases" (Malhotra et al. 2004, p. 350)-if possible for each individual datapoint (Ozdemir et al. 2017). These recommendations are in line with the GDPR's stance on data ownership and help to resolve the privacy paradox by allowing customers to leverage their personal data more effectively. Hence, data control recommendations should also extend to who within a company is able to utilise customer data. Unfortunately, almost none of the recommendations give clear instructions on this matter. The advice that comes closest is the suggestion by Raento and Oulasvirta (2008) to offer customers the choice to modify their shared data depending on the target audience. A guideline on how to translate such a system into a corporate context to address the privacy paradox is largely missing.
At the same time, it is important to acknowledge that customers might not protect themselves even if they have the means to do so (see, e.g., protection motivation theory, third person effect theory, etc.). Hence, data control options can only ever be effective when paired with employee training and transparency efforts-as will be discussed in the following paragraphs.

Collection processes
While the company structure largely determines where customer data is used, the collection processes determine how data is generated and ultimately utilised. This code incorporates all recommendations regarding the instruments, methods and processes used to collect, filter, aggregate and analyse customer data. Their goal is to address the privacy paradox in two ways: On the one hand, by trying to reduce biases and increase transparency at the point of disclosure, e.g. by not asking for customer data after cognitively taxing tasks (Alashoor and Baskerville 2015; Barth et al. 2019) or by using just-in-time alerts to pro-actively warn users about the context of their disclosure before doing so (Sundar et al. 2020). On the other hand, the recommendations aim at reducing the actual risk of unwanted disclosure, e.g. by restricting data collection to specific time periods or contexts (Williams et al. 2016) or by focusing data collection only on highly specific but relevant data points (Choi et al. 2018). Outside the sample, literature concerned with data security and anonymisation already offers a wealth of concrete and implementable recommendations to address the privacy paradox by improving collection processes (see e.g. Freudiger et al. 2014;Mohassel and Zhang 2017;Vergara-Laurens et al. 2017). Thus, the goal of further research should be to incorporate these insights into the larger organisational privacy discussion and expand on how they organise data control.

HR management
Human resources, both as the workforce and as a business function, has long been recognised as an important strategic lever which creates value by "contributing directly to the implementation of operating and strategic objectives of firms" (Becker and Gerhart 1996, p. 780). Value generation through (1) acquiring a "human capital resource pool" (i.e. skills and abilities), (2) the "specification of required human resource behaviours", and finally measuring the (3) firm-level outcomes (Wright and McMahan 1992, p. 299) work the same way in a privacy context. The three codes and their relationships within this dimension are analogous to this process (see Fig. 7). A variety of (1) "privacy skills" is necessary to implement even the most basic privacy goals (e.g. having a CPO). Translating privacy goals into action requires codifying them in (2) "employee motivation" through KPIs or other incentive structures before the results can be studied and honed through (3) "personal interactions" with the customer. Since this process is aided by the company structure but not dictated by it, the two aggregate dimensions of "structural improvements" and "HR Management" are considered to have a joint effect on a company's privacy outcomes (see Fig. 4).

Privacy skills
Privacy orientation requires a human resource capital pool that includes legal experts, data security experts, system engineers, privacy officers and many more. The recommendation to invest early in the human capital necessary to leverage privacy-enhancing technologies (e.g. anonymisation, statistical modelling, etc.) is repeated throughout the sample (Amiri et al. 2018;Bulgurcu et al. 2017;Kokolakis 2017;Solove 2013;Taneja et al. 2014). The benefits of reducing paradoxical behaviour by lowering the customers' actual risk of exposure may be secondary for the company when compared to the potential strategic value conveyed by a skilled workforce of data security and analytics experts. As Anhalt-Depies et al. (2019, p. 7) put it: "It is possible to provide high-quality, spatially explicit data (…) while protecting sensitive information in ways that provide protections to privacy and resources. However, doing this well requires significant investment in (understanding) technological solutions, data policies, and transparency efforts." Moreover, the acquisition of soft skills is not to be neglected, especially in companies with close customer contact. Therefore, recommendations such as those by Steiner and Maas (2018) who advise to co-create the value produced by sharing data Fig. 7 Connections between HR management codes by accommodating customers throughout the customer journey present an interesting avenue for further research.

Employee motivation
By far the most underrepresented code is concerned with initiatives, performance indicators or nudges designed to influence employees' motivation to proactively pursue protective measures regarding customers' privacy. This is likely due to the organisational perspective on privacy being underrepresented in the sample in general and because even simple measures (e.g. nudges for back-end systems) are difficult to study. In detail, the recommendations suggest to reduce internal hurdles for employees to use privacy controls (Acquisti et al. 2016;Taneja et al. 2014), e.g. by affording extra time for privacy-critical processes or by using external instruments to reward employees for compliance (Bulgurcu et al. 2017). However, the question whether internal privacy-related KPIs or rewards programs can effectively address the privacy paradox on an organisational level remains under-researched. Since this code ultimately aims at controlling privacy-related HR goals while providing guidance for personal interactions, expanding it with concrete recommendations (e.g. employee privacy literacy tests) represents a valuable future research direction.

Personal interaction
Customer-facing employees are essential for instilling trust throughout the customer journey ("moments of trust"-e.g. by purposefully conducting sales talks in a secluded and private room). As the cues-filtered-out theories suggest, personal interactions convey more information more efficiently-even in a privacy context (Pötzsch et al. 2010). Hence, personal interactions along the customer journey help make a company's privacy policy both more tangible to the customer and more believable (Morey and Krajecki 2016, p. 179;Pötzsch et al. 2010). The opportunity to speak with a company representative effectively reduces privacy concerns while increasing perceived rewards of disclosure, thus reducing paradoxical behaviour. As the final step in the process of anchoring privacy skills within a company's HR pool, personal interactions also serve as a key source of learning for employees and thus help align a firm's privacy protections with their customers' demands.
Exactly where and when to employ human interaction touchpoints to efficiently address privacy concerns while setting up feedback loops presents a promising avenue for future research.

Service development
Most recommendations in the sample revolve around improving customers' privacy at potential points of data collection, e.g., by increasing an app's number of data control settings or by improving how these features get communicated. Usually these recommendations aim at addressing the privacy paradox by giving the customers both more control over and transparent information on requested data flows. The importance of creating services with both transparency and control in mind has been established (Beke et al. 2018, p. 8) and was largely incorporated into the GDPR's central principle of "Privacy by Design" (Art. 47 GDPR). However, while this current paradigm is a step towards more privacy protection, it cannot fully circumvent the privacy paradox due to the numerous problems with consent-driven disclosure (Richards and Hartzog 2019;Solove 2013). Hence, the codes "privacy features" and "communications" are two sides of the same coin, the former necessitating a dialogue with the customer base to function as designed, the latter providing insights into which improvements are demanded by the customer. Both determine the context of customers' motivation on the how and why they will engage with a company's privacy features.
Future studies will have to build on these foundations to actively gauge customers' privacy needs (Matz et al. 2020) across various contexts. The codes within this aggregate dimension are meant to guide such efforts.

Privacy features
Unlike the codes "collection processes" or "data control", "privacy features" refers to any design choices within an individual product or service that increase the transparency of the collected data and give users more (granular) control over data flows. Of course, an increase in control does not only mean giving customers an easy way to opt out of sharing data (Dienlin and Metzger 2016;Dinev et al. 2009), it also means allowing for audience management of this data (De Wolf and Pierson 2014), providing selective options for anonymity and confidentiality (Dinev et al. 2012) or creating a privacy dashboard showing all currently shared data or its value to the customer and the company (Hallam and Zanella 2017). Naturally, the effectiveness of these privacy features is highly dependent on corresponding communication efforts and the inclusion into other service developments. These individual privacy features only represent the final step to address the privacy paradox. However, current research already provides ample evidence for the importance of privacy features (Bauer and Lasinger 2014;Bauer and Strauss 2016;Michler et al. 2020) as well as many rather detailed design instructions for both improving the rational and irrational sides of customers' privacy decision-making process (see e.g. Acquisti et al. 2017).

Communications
Almost a third of all the papers in the sample give a recommendation on or stress the importance of engaging the customer in a privacy dialogue, i.e. information campaigns or communication strategies aimed at improving customers' privacy-related knowledge. The reasoning is that a reduced informational asymmetry between customers and companies will diminish paradoxical behaviour through more informed choices. As Boerman et al. put it (2018, p. 19): "People are aware of the threat to their online privacy. However, many people do not know what to answer in questions about highly effective behaviours-which is an indication for little knowledge. (…) People could be educated about the severity of the threat by explaining to them how the collection, usage, and sharing of their personal data online could be a threat to one's privacy." Apart from educating customers in general, recommendations are also made on how to improve the readability of privacy notices (Hann et al. 2007), emphasizing the positive aspects of privacy when communicating (Huang and Bashir 2020) or by simply putting the value proposition of disclosure before the actual disclosure (Baruh et al. 2017).
While the call for more transparency addresses the privacy paradox in the long run, an emphasis on the details of data collection might inflate customers' perceived risk, thus punishing such efforts (see e.g. Kim et al. 2019). Apart from the aforementioned personal interactions, there are not enough recommendations in the sample for circumventing this effect.

Customer motivation
Individual data points are almost valueless, as their value is only realised by bundling them into data sets to be used in statistical modelling. While the case of monetary compensation for customer data has been made (Hann et al. 2007), it is likely to exacerbate paradoxical behaviour by playing to hyperbolic discounting biases or even increasing privacy concerns (Chen et al. 2017). However, other recommendations within this code cover incentives, rewards, or nudges designed to influence customers' motivation to proactively pursue protective measures regarding their privacy. Often and clearly highlighting the social value of using privacy controls might incentivise customers to protect themselves and others (Morlok 2016). The same could be achieved by piquing users' curiosity by an incremental release of information about privacy protection (Kitkowska et al. 2020).
However, what motivates customers with regard to their privacy is highly individual and is probably not easily predictable in general (Barth and de Jong 2017). Hence, firms could survey and segment their customer base for incentives which would effectively motivate them to engage in a privacy dialogue. Further research on such a direction is still needed (Fig. 8).

Theoretical approaches to the paradox
Our understanding of the privacy paradox has grown over the past two decades beyond the dichotomous view of rationality vs. irrationality. However, the nature Fig. 8 Connections between service development codes and appearance of the paradox is highly context-and personality-sensitive (Bansal et al. 2016;Dinev et al. 2012;James et al. 2015;Morlok 2016;Plangger and Montecchi 2020;Waters and Ackerman 2011). This is reflected in the increased use of the 'Antecedents-Privacy Concerns-Outcomes' (APCO) model (Dinev et al. 2015) outside of IS research streams and in the fact that more than half of all analysed papers utilise two or more theories to explain the privacy paradox (see Fig. 9).
However, the privacy calculus is still the most frequently used model within the sample. Its user-centric assumptions have been especially useful in driving recommendations for the "HR management" and "service development" dimensions (Dinev et al. 2012;Kehr et al. 2015;Keith et al. 2014;Zhu et al. 2017). This is not surprising as, from a marketing manager's point of view, addressing the privacy paradox by aiding the customer in aligning their semi-rational calculation with their actual behaviour should be a primary goal. After all, offering immediately perceivable benefits tied to the disclosure of data while increasing transparency by guiding the customer "throughout their journey" is a fixture of customer centricity literature (Lemon and Verhoef 2016, p. 89).
While this marketing-oriented approach may help improve customers' decisionmaking processes, it largely fails to address the many systemic problems reinforcing the privacy paradox. Assuming the decision to disclose personal information is based on little to no risk assessment, the only way to reduce paradoxical behaviour is to lower the actual risks of disclosure. The theory of bounded rationality or theories which take the emotional reality of privacy into account (e.g. the feelings-asinformation theory) suggest several nudges within the collection processes (Acquisti et al. 2017) to address the privacy paradox. So far, these insights have been mostly applied to collection processes and not to organisations at large (Fig. 10).
The discussion of how to address the structural problems driving paradoxical behaviour has so far been mostly the domain of law-and policy-oriented papers (Reidenberg et al. 2014;Richards and Hartzog 2019;see e.g. Solove 2013see e.g. Solove , 2021. How to apply these insights on an organisational level is so far under-researched. The theories represented within this sample (e.g. the structuration theory and the resource-based view) hint towards the feasibility of other management theories as Addressing the privacy paradox on the organizational level:… potentially viable avenues to address systemic privacy problems on the organisational level.
By only considering recommendations born out of well-established theories whose merits have been tested across different contexts and disciplines, the soundness of the theoretical basis of our suggested model is ensured. Additionally, the model highlights the viable theoretical pathways to research privacy on an organisational level for future studies.

Discussion
The purpose of this systematic review is to summarise and structure the recommendations from the past 20 years of privacy paradox research on how to address paradoxical behaviours by customers on an organisational level. We were able to review and code the recommendations from 138 papers and captured a theoretical process of how and where to best reduce paradoxical behaviour-i.e. "claiming to have privacy concerns but disclosing private information nonetheless" de Jong 2017, p. 1050). In the following paragraphs, the main conclusions drawn from the papers are analysed, and directions for future research directions will be given.

Classification of organisational privacy processes
We have shown that the recommendations from the past two decades paint a complex picture of how the privacy paradox can be addressed on the organisational level. By aggregating these processes within four dimensions, we hope to provide a common underlying structure for further research on improving customers' informational privacy. As Forrester (1968, p. 413), the originator of industrial dynamics, put it: "The nonlinear, multiple, feedback loop structuring of systems with associated dynamic principles should grow into a foundation and a central core to unify management education"-or in the case of this paper: organisational privacy processes.
The model shows that addressing the privacy paradox on an organisational level requires a privacy orientation guided by a corporate strategy throughout the business units and down to different functional areas. The temporal dimension is suggested by two arguments. Firstly, the corporate and business level aggregate dimensions largely comprise codes with recommendations that cannot be implemented as short-term patches. Secondly, from a strategic management perspective, the cumulative learning of both the organisation (Argote et al. 2003) and the customer "are based on the total purchase and consumption experiences with a product or service over time" (Wang and Lo 2003, p. 492). From literature on trust recovery after data breaches we also know that a reorientation of data collection processes takes considerable time Wirtz and Lwin 2009). Hence, from a resourcebased view, a superior privacy orientation cannot arise from any single one of the discussed recommendations, but rather from a "complex combination of processes, routines, technologies and individual skills" (Wang and Lo 2003, p. 495).
While there are currently no studies on the direct effect of the processes outlined in the four dimensions on the individual level, theories like the APCO model suggest that strategic initiatives and structural improvements may affect individuals' privacy concerns (Dinev et al. 2015, p. 643). At the same time, the changes brought on by the dimensions 'HR management' and 'service development' may directly affect the situational privacy calculus (Kehr et al. 2015) and behavioural reactions of customers (Dinev et al. 2015, p. 643). Apart from structural improvements invisible to the customers, companies should therefore be able to communicate and practice data collection in closer alignment with their customers' expectations.

The central role of the organisational level
We argue that management science in general, and marketing management in particular, are well suited and underutilised streams of research to address the privacy paradox on an organisational level. Since marketing management has always been a multidisciplinary science researching the "activity, set of institutions, and processes for creating, communicating, delivering, and exchanging offerings that have value for customers, clients, partners, and society at large" (Wilkie and Moore 2011, p. 64), it would make sense for it being used to unify the neighbouring fields of privacy research into a cohesive framework. This is not without precedence: Wang, Lee and Wang (1998, p. 70) recognised the erosion of the customers' need for privacy through "internet marketing" at an early stage and called for an "overall privacy framework" to "achieve the vision of the perfect marketplace that will change the face of commerce as we know it today." Additionally, even before the height of "the third Era of Privacy" (Westin 2003, p. 443), there have been successful attempts by marketeers to define guidelines on how and when organisations should protect their customers' privacy (Nowak and Phelps 1995, p. 57).
Finally, companies have all the tools at their disposal to not only reduce customers' vulnerability to the invasion of their privacy but also to make a positive change in their respective markets. As Sarathy and Robertson (2003, p. 142) put it: "Firms will need to pay continuous attention to privacy issues if consumer goodwill and successful marketing are to be achieved." Marketing as a function is often specifically named as being the central node of the modern privacy debate: caught in the "perpetual tension" between the data needs of advanced analytics and the rising informational privacy needs of their customers (Michler et al. 2020;Palmatier and Martin 2019). We therefore propose that management science and the organisational perspective in particular offer a hitherto under-researched avenue for effectively addressing the privacy paradox.

Gaps and future research
Despite each paper in the sample giving direct or indirect recommendations for addressing the privacy paradox on an organisational level, very few of the sampled research designs aimed at doing so from the outset. The majority of recommendations are extrapolated from effects tested on a personal level. It is therefore not surprising that the most detailed recommendations are aimed at communicating privacy processes and measures, adding additional privacy features or addressing collection processes as a whole. Based on these recommendations, we offer avenues for future research which we think will provide useful insights for developing an organisational response to the privacy paradox. In doing so, we hope to contribute to establishing privacy orientation as a viable and actionable strategy. The following list is not intended to be exhaustive; it just highlights the most noticeable research gaps found in our sample: •

Research limitations
Due to the limited research addressing the privacy paradox on an organisational level, this review opted to analyse recommendations and implications across different disciplines and levels. This means that the coding is mostly based on the researchers' arguments, not their direct research results. Hence, while the logical congruence of individual recommendations with their corresponding study results were qualitatively appraised, they are still often based on untested claims. For example, Dinev et al. (2012) demonstrated that anonymity, secrecy and confidentiality positively influence survey participants' perceived privacy. Hence the recommendation "to develop (website) privacy control features (…) to maintain the anonymity, secrecy, and confidentially of their personal information" (Dinev et al. 2012, p. 309) may be logically sound, even when extended to a company's data collection as a whole, but it still is an untested claim. By focusing on arguments based on wellestablished theories only, we aim to maintain a high level of scientific rigor. Still, the presented dynamic model is to be understood as a theoretical framework which serves as a foundation for further research, not a predictive model based on experimental data. Furthermore, privacy is a highly contextually dependent and fluid concept (Schaub et al. 2015), which is nevertheless treated as a stable concept in a lot of studies ). Criticism has also been expressed regarding the fact that various prior measurements do not distinguish between "privacy", "informational privacy" or "perceived privacy" and related concepts such as "psychological privacy" or "social privacy" (Dienlin and Trepte 2015). Similarly, some studies may be suspected to violate the "principle of compatibility" (Ajzen 2011)-i.e. measuring privacy concerns at a low level of specificity while researching within a highly specific context. By incorporating recommendations based on such measurements, this study might exaggerate the general effectiveness of certain recommendations.
Finally, while we strove for high transparency and replicability of the review process, the qualitative appraisal of sources and the coding of recommendations might still be prone to institutional biases, despite actively working to increase intercoder reliability (for details on the codes and processes used see the supplemental materials).

Conclusion
The purpose of this paper was to review the recommendations made in the past 20 years of privacy paradox research on how to address it on an organisational level. We determined that companies can generally align their privacy practices with customers' expectations across four inter-connected managerial processes: (1) strategic initiatives, (2) structural improvements, (3) human resource management, and (4) service development. The overall findings detail how companies can address both the rational and irrational nature of the privacy decision-making process.
With this model, we are trying to dispel the notion that a focus on privacy law compliance is enough to help customers avoid paradoxical behaviour. Barocas and Nissenbaum (2009) highlighted the three biggest problems with their "notice and consent" rationale: (1) Sharing data with other companies usually includes thirdparty access. This means that customers would need to understand which actors have access to what data for what purposes and what privacy policy applies to any of those transactions to make an informed choice. (2) In many countries privacy policies may be changed with an advance warning of just thirty days. (3) With the "ever-increasing number of players in the ad network and exchange space", understanding the flow of data becomes impossible for customers. Hence, several researchers within the sample have questioned the reliability of self-regulation and passive customer empowerment (Acquisti et al. 2015; Barocas and Nissenbaum 2014;Cate and Mayer-Schönberger 2013;Sanchez-Rola et al. 2019;Solove 2013). Therefore, should a company wish to sustainably address the privacy paradox, it would have to move beyond the reactive thinking of privacy law compliance. In doing so, companies can hope to differentiate themselves from other industry actors (Martin and Murphy 2017, p. 151), streamline data collection processes (Choi et al. 2018), acquire a future-oriented human resource pool (Bulgurcu et al. 2017) and improve an important part of each customer's journey.
The dynamic model presented within this paper serves as a foundation for guiding further privacy research in an organisational context. We believe that looking at the problem through a marketing management lens has the potential to both unearth new methods of addressing the privacy paradox and to gain insights into whether privacy could be leveraged by companies to obtain a strategic advantage. To expand on the conclusion of De Jong's (2017, p. 1052) literature review on the privacy paradox: Attempts to theoretically explain the privacy paradox are not scarce; however, ways "to practically solve the problem of the privacy paradox are still scarce and we feel the subject (still) deserves far more research attention".

Author contributions
Mauro Gotsch created the initial study conception and design. Material preparation, data collection and analysis were performed by Mauro Gotsch and Marcus Schögel. The first draft of the manuscript was written by Mauro Gotsch and all authors commented on previous versions of the manuscript. All authors read and approved the final manuscript.
Funding Open Access funding provided by Universität St.Gallen. Research fully financed by the Institute of Marketing, University of St. Gallen.

Data availability Not applicable.
Code availability Not applicable.

Conflict of interest The authors declared that they have no conflict of interest.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http:// creat iveco mmons. org/ licen ses/ by/4. 0/.