Skip to main content
SpringerLink
Log in

Privacy and e-commerce: a consumer-centric perspective

  • Published:
Electronic Commerce Research Aims and scope Submit manuscript

Abstract

Privacy is an ancient concept, but its interpretation and application in the area of e-commerce are still new. It is increasingly widely accepted, however, that by giving precedence to consumer privacy bigger benefits can be reaped by all parties involved. There has been much investigation into the concept of privacy, legal frameworks for protecting this most impalpable of human values and, more recently, computing technologies that help preserve an individual’s privacy in today’s environment. In this paper we review the historical development of this fundamental concept, discussing how advancements both in society and in technology have challenged the right to privacy, and we survey the existing computing technologies that promote consumer privacy in e-commerce. Our study shows that historically the protection of privacy has been driven primarily both by our understanding of privacy and by the advancement of technology, analyses the limitations of privacy protections for current e-commerce applications, and identifies directions for the future development of successful privacy enhancing technologies.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ackerman, M.S., Cranor, L.F., & Reagle, J. (1999). Privacy in e-commerce: examining user scenarios and privacy preferences. In Proceedings of the 1st ACM conference on electronic commerce (pp. 1–8). New York: ACM

    Chapter  Google Scholar 

  2. Adam, N.R., & Worthmann, J. C. (1989). Security-control methods for statistical databases: a comparative study. ACM Computing Surveys, 21(4), 515–556

    Article  Google Scholar 

  3. Agrawal, D., & Aggarwal, C.C. (2001). On the design and quantification of privacy preserving data mining algorithms. In Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems (pp. 247–255). New York: ACM

    Chapter  Google Scholar 

  4. Agrawal, R., & Srikant, R. (2000). Privacy-preserving data mining. In Proceedings of the 2000 ACM SIGMOD international conference on management of data (pp. 439–450). New York: ACM

    Chapter  Google Scholar 

  5. Arendt, H. (1958). The Human Condition. Chicago: University of Chicago Press

    Google Scholar 

  6. Ashley, P., Hada, S., Karjoth, G., & Schunter, M. (2002). E-p3p privacy policies and privacy authorization. In Proceeding of the ACM workshop on privacy in the electronic society (pp. 103–109). New York: ACM

    Chapter  Google Scholar 

  7. Ashley, P., Powers, C., & Schunter, M. (2002). From privacy promises to privacy management: a new approach for enforcing privacy throughout an enterprise. In Proceedings of the 2002 workshop on new security paradigms (pp. 43–50). New York: ACM

    Chapter  Google Scholar 

  8. Beck, L.L. (1980). A security mechanism for statistical databases. ACM Transactions on Database Systems, 5(3), 316–338

    Article  Google Scholar 

  9. Benn, S.I., & Gaus, G.F. (1983). Public and Private in Social Life. St. Martins Press

  10. Bloustein, E.J. (1964). Privacy as an aspect of human dignity. New York University Law Review, 39, 962–1007

    Google Scholar 

  11. Brin, D. The transparent society. http://www.wired.com/wired/archive/4.12/fftransparent.html

  12. Camenisch, J., & Lysyanskaya, A. (2001). An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In B. Pfitzmann (Ed.), Advances in cryptology—EUROCRYPT 2001. Lecture Notes in Computer Science, vol. 2045 (pp. 93–118). Heidelberg: Springer

    Google Scholar 

  13. Camenisch, J., & Van Herreweghen, E. (2002). Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM conference on computer and communications security (pp. 21–30). New York: ACM

    Chapter  Google Scholar 

  14. Chaum, D. (1985). Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10), 1030–1044

    Article  Google Scholar 

  15. Chaum, D., & Evertse, J.-H. (1987). A secure and privacy-protecting protocol for transmitting personal information between organizations. In CRYPTO 86. Lecture Notes in Computer Science, vol. 263 (pp. 118–167). Heidelberg: Springer

    Chapter  Google Scholar 

  16. Chaum, D.L. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2), 84–90

    Article  Google Scholar 

  17. Chen, L. (1995). Access with pseudonyms. In E. Dawson and J. Golić (Eds.), Cryptography: policy and algorithms. Lecture Notes in Computer Science, vol. 1029 (pp. 232–243). Heidelberg: Springer

    Chapter  Google Scholar 

  18. Chin, F.Y., & Ozsoyoglu, G. (1982). Auditing and inference control in statistical databases. IEEE Transactions Software Engineering, 8(6), 113–139

    Article  Google Scholar 

  19. Clayton, R., Danezis, G., & Kuhn, M.G. (2001). Real world patterns of failure in anonymity systems. In Information hiding: 4th international workshop, IHW 2001. Lecture Notes in Computer Science, vol. 2137 (pp. 230–244). Heidelberg: Springer

    Google Scholar 

  20. Cranor, L.F. (2002). The role of privacy advocates and data protection authorities in the design and deployment of the platform for privacy preferences. In Proceedings of the 12th annual conference on computers, freedom and privacy, (pp. 1–8). New York: ACM

    Chapter  Google Scholar 

  21. Cyber Dialogue (2001). Cyber dialogue survey reveals lost revenue for retailers due to widespread consumer privacy concerns. http://www.cyberdialogue.com/news/releases/2001/11-07-uco-retail.html

  22. Damguård, I. (1990). Payment systems and credential mechanism with provable security against abuse by individuals. In CRYPTO 88. Lecture Notes in Computer Science, vol. 403 (pp. 328–335). Heidelberg: Springer

    Google Scholar 

  23. Denning, D.E., & Denning, P.J. (1979). Data security. ACM Computing Surveys, 11(3), 227–249

    Article  Google Scholar 

  24. Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation onion router. In Proceedings of the 13th USENIX security symposium (August)

  25. Elovici, Y., Shapira, B., & Maschiach, A. (2002). A new privacy model for hiding group interests while accessing the web. In Proceeding of the ACM workshop on privacy in the electronic society (pp. 63–70). New York: ACM

    Chapter  Google Scholar 

  26. European Parliament, Report on echelon. http://www.europarl.eu.int/tempcom/echelon/pdf/rapport_echelon_en.pdf

  27. Forrester Research (1999). Post-web retail (September). http://www.forrester.com/

  28. Forrester Research (2001). Privacy concerns cost e-commerce $15 billion (September). http://www.forrester.com/

  29. Foster, I., Kesselman, C., & Tuecke, S. (2001). The anatomy of the grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 15(3), 200–222

    Article  Google Scholar 

  30. Fried, C. (1968). Privacy [a moral analysis]. Yale Law Journal, 77, 475–493

    Article  Google Scholar 

  31. Gartner Research (2005). Increased phishing and online attacks cause dip in consumer confidence (June). http://www.gartner.com/

  32. Gerstein, R.S. (1978). Intimacy and privacy. Ethics, 89, 76–81

    Article  Google Scholar 

  33. Goldschlag, D., Reed, M., & Syverson, P. (1999). Onion routing. Communications of the ACM, 42(2), 39–41

    Article  Google Scholar 

  34. Goldschlag, D.M., Reed, M.G., & Syverson, P.F. (1996). Hiding routing information. In Information Hiding (pp. 137–150). Berlin/Heidelberg: Springer

    Google Scholar 

  35. Goldwasser, S. (1997). Multi party computations: past and present. In Proceedings of the sixteenth annual ACM symposium on principles of distributed computing (pp. 1–6). New York: ACM

    Chapter  Google Scholar 

  36. Habermas, J. (1989). The structural transformation of the public sphere: an inquiry into a category of bourgeois society. Cambridge: MIT (translated by T. Burger)

    Google Scholar 

  37. Harris Interactive (2002). First major post-9/11 privacy survey finds consumers demanding companies do more to protect privacy. http://www.harrisinteractive.com/news/allnewsbydate.asp?NewsID=429

  38. IBM Global Services (1999). IBM multi-national consumer privacy survey. Conducted by Louis Harris and Associates, Inc. http://www.ibm.com/services/files/privacy_survey_oct991.pdf

  39. Jupiter Research (2002). Seventy percent of us consumers worry about online privacy, but few take protective action. http://www.jupiterresearch.com/xp/jmm/press/2002/pr_060302.html

  40. Kahn, D. (1996). The history of steganography. In Proceedings of the first international workshop on information hiding, London, UK. (pp. 1–5). Berlin: Springer

    Google Scholar 

  41. Katzenbeisser, S., & Petitcolas, F.A. (Eds.) (2000). Information hiding techniques for steganography and digital watermarking. Norwood: Artech House

    Google Scholar 

  42. Kewney, G. Wireless lamp posts take over the world! http://www.theregister.co.uk/content/69/34894.html

  43. Lysyanskaya, A., Rivest, R.L., Sahai, A., & Wolf, S. (1999). Pseudonym systems. In Proceedings of the sixth annual workshop on selected areas in cryptography (SAC’99). Lecture Notes in Computer Science, vol. 1758. Heidelberg: Springer

    Google Scholar 

  44. McBurney, P., & Parsons, S. (2003). Posit spaces: a performative model of e-commerce. In Proceedings of the second international joint conference on autonomous agents and multiagent systems (pp. 624–631). New York: ACM

    Chapter  Google Scholar 

  45. Milberg, S.J., Burke, S.J., Smith, H.J., & Kallman, E.A. (1995). Values, personal information privacy, and regulatory approaches. Communications of the ACM, 38(12), 65–74

    Article  Google Scholar 

  46. Moor, J.H. (1997). Towards a theory of privacy in the information age. ACM SIGCAS Computers and Society, 27(3), 27–32

    Article  Google Scholar 

  47. Moores, T.T., & Dhillon, G. (2003). Do privacy seals in e-commerce really work? Communications of the ACM, 46(12), 265–271

    Article  Google Scholar 

  48. Murphy, R.F. (1984). Social distance and the veil. In Philosophical dimensions of privacy: an anthology (pp. 34–54). Cambridge: Cambridge University Press (chapter 2)

    Google Scholar 

  49. Nielsen, J., Molich, R., Snyder, C., & Farrell, S. (2000). E-commerce user experience. Technical report, Nielson Norman Group

  50. Odlyzko, A. (2003). Privacy, economics, and price discrimination on the internet. In Proceedings of the 5th international conference on electronic commerce (pp. 355–366). New York: ACM

    Chapter  Google Scholar 

  51. Patton, M.A., & Jøsang, A. (2004). Technologies for trust in electronic commerce. Electronic Commerce Research, 4(1–2), 9–21

    Article  Google Scholar 

  52. Posner, R.A. (1984). An economic theory of privacy. In Philosophical dimensions of privacy: an anthology (pp. 333–345). Cambridge: Cambridge University Press (chapter 15)

    Google Scholar 

  53. Privacy International. National id cards. http://www.privacy.org/pi/activities/idcard/

  54. Prosser, W.L. (1960). Privacy [a legal analysis]. Harvard Law Review, 48, 338–423

    Google Scholar 

  55. Rachels, J. (1975). Why privacy is important. Philosophy and Public Affairs, 4(4), 323–333

    Google Scholar 

  56. Reagle, J., & Cranor, L.F. (1999). The platform for privacy preferences. Communications of the ACM, 42(2), 48–55

    Article  Google Scholar 

  57. Reiss, S.P. (1984). Practical data-swapping: the first steps. ACM Transactions on Database Systems, 9(1), 20–37

    Article  Google Scholar 

  58. Reiter, M.K., & Rubin, A.D. (1998). Crowds: anonymity for web transactions. ACM Transactions on Information System Security 1(1), 66–92

    Article  Google Scholar 

  59. Reiter, M.K., & Rubin, A.D. (1999). Anonymous web transactions with crowds. Communications of the ACM, 42(2), 32–48

    Article  Google Scholar 

  60. Rezgui, A., Ouzzani, M., Bouguettaya, A., & Medjahed, B. (2002). Preserving privacy in web services. In Proceedings of the fourth international workshop on Web information and data management (pp. 56–62). New York: ACM

    Chapter  Google Scholar 

  61. Saxonhouse, A.W. (1983). Classical greek conceptions of public and private. In Public and private in social life (pp. 363–384). New York: St. Martins (chapter 15)

    Google Scholar 

  62. Schlaeger, C., & Pernul, G. (2005). Authentication and authorisation infrastructures in b2c e-commerce. In Proceedings of the sixth international conference on electronic commerce and Web technologies (EC-Web’05). Lecture Notes in Computer Science. Heidelberg: Springer

    Google Scholar 

  63. Schlörer, J. (1975). Identification and retrieval of personal records from a statistical data bank. Methods of Information in Medicine, 14(1), 7–13

    Google Scholar 

  64. Schlörer, J. (1977). Confidentiality and security in statistical data banks. In Proceedings of workshop on data documentation (pp. 101–123). Munich: Verlag Dokumentation

    Google Scholar 

  65. Schlörer, J. (1981). Security of statistical databases: multidimensional transformation. ACM Transactions on Database Systems, 6(1), 95–112

    Article  Google Scholar 

  66. Schoeman, F. (1984). Privacy: philosophical dimensions of the literature. In Philosophical dimensions of privacy: an anthology (pp. 1–33). Cambridge: Cambridge University Press (chapter 1)

    Google Scholar 

  67. Schoemen, F.D. (1984). Philosophical dimensions of privacy: an anthology. Cambridge: Cambridge University Press

    Google Scholar 

  68. Shoshani, A. (1982). Statistical databases: characteristics, problems, and some solutions. In Proceedings of the eighth international conference on very large data bases. September 8–10, Mexico city, Mexico (pp. 208–222). San Francisco, CA: Morgan Kaufmann

    Google Scholar 

  69. Smith, R., & Shao, J. (2003). Preserving privacy when preference searching in e-commerce. In P. Samarati and P. Syverson (Eds.), Proceedings of the 2003 ACM workshop on privacy in the electronic society (WPES’03) (pp. 101–110). New York: ACM

    Chapter  Google Scholar 

  70. Syverson, P. (2003). The paradoxical value of privacy. In Proceedings of the 2nd annual workshop on economics and information security, WEIS 2003

  71. Thomson, J.J. (1975). The right to privacy. Philosophy and Public Affairs, 4(4), 295–314

    Google Scholar 

  72. Tuerkheimer, F.M. (1993). The underpinnings of privacy protection. Communications of the ACM, 36(8), 69–73

    Article  Google Scholar 

  73. US Office of Federal Statistical Policy and Standards (1978). Statistical policy working paper 2: report on statistical disclosure and disclosure avoidance techniques

  74. Volokh, E. (2000). Personalization and privacy. Communications of the ACM, 43(8), 84–88

    Article  Google Scholar 

  75. Warren, S.D., & Brandeis, L.D. (1890). The right to privacy [the implicit made explicit]. Harvard Law Review, 4(5), 193–220

    Article  Google Scholar 

  76. Wasserstrom, R.A. (1984). Privacy: some arguments and assumptions. In Philosophical dimensions of privacy: an anthology (pp. 317–332). Cambridge: Cambridge University Press (chapter 14)

    Google Scholar 

  77. Weintraub, J. (1997). The theory and politics of the public/private distinction. In Public and private in thought and practise (pp. 1–42). Chicago: University of Chicago Press (chapter 1)

    Google Scholar 

  78. Weintraub, J., & Kumar, K. (1997). Public and private in thought and practise. Chicago: University of Chicago Press

    Google Scholar 

  79. Westin, A.F. (1967). Privacy and freedom. New York: Atheneum

    Google Scholar 

  80. Westin, A.F. (1984). The origins of modern claims to privacy. In Philosophical dimensions of privacy: an anthology (pp. 56–74). Cambridge, UK: Cambridge University Press (chapter 3)

    Google Scholar 

  81. Westin, A.F. (1991). Equifax-Harris consumer privacy survey. New York: Louis Harris & Associates

    Google Scholar 

  82. Westin, A.F. (1994). Equifax-Harris consumer privacy survey. New York: Louis Harris & Associates

    Google Scholar 

  83. Yates, J. (1769). Millar vs. Taylor. In 4 Burr. (pp. 2303–2379)

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, Cardiff University, Cardiff, CF24 3AA, UK

    Rhys Smith & Jianhua Shao

Authors
  1. Rhys Smith
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianhua Shao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rhys Smith.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Smith, R., Shao, J. Privacy and e-commerce: a consumer-centric perspective. Electron Commerce Res 7, 89–116 (2007). https://doi.org/10.1007/s10660-007-9002-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10660-007-9002-9

Keywords

Search

Navigation