Abstract
The Web today enables consumers and vendors to conduct business almost without regard to physical location. However, this does not mean that all barriers are removed; culturally-based assumptions about the behavior of the other party can lead to major misunderstandings. We study the differences in privacy-sensitive decisions made by website operators (which can be expected to vary between cultures) as one particular example of these differing assumptions. In particular, we seek to understand whether new norms of behavior may be emerging as online vendors recognize the damage privacy invasions do to consumers’ trust. We present a large-scale empirical study of privacy-sensitive actions across cultures on the Internet. Our study is based on an automated analysis of P3P documents posted on the 100,000 most popular websites. We find that the adoption of P3P, as well as specific company policies, vary across cultural dimensions. The analysis also suggests that discrepancies exist between concerns for information privacy and the adoption of privacy enhancing technologies within a culture.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
This construct, part of the Theory of Moral Intensity, captures the sum of the harm (or benefit) to victims (beneficiaries) of a moral choice.
While our analysis approach explicitly addresses the asymmetrical nature of the data, the robustness of the results was cross-checked by undertaking a simple sensitivity analysis. The dominant countries (in terms of the number of web-sites) were withdrawn from each context (United States and China) and the analysis was repeated. In terms of statistical significance, the results reported in this augmented analysis still concurred with the results reported in the main text.
References
Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security and Privacy, 3(1), 26–33.
Ahn, C., Jung, S.-H., & Kang, S.-H. (2003). An evaluation of weighted chi-square statistics for clustered binary data. Drug Information Journal, 37, 91–99.
Akerlof, G. A. (1970). The market for "lemons": Quality uncertainty and the market mechanism. Quarterly Journal of Economics, 84, 488–500.
Anton, A. I., Earp, J. B., He, Q., Stufflebeam, W., Bolchini, D., & Jensen, C. (2004). Financial privacy policies and the need for standardization. IEEE Security and Privacy, 2(2), 36–45.
Anton, A. I., Earp, J. B., & Young, J. D. (2010). How internet user's privacy concerns have evolved since 2002. IEEE Security and Privacy, 8(1), 21–27.
Bracey, D. H. (2006). Exploring law and culture. Long Grove: Waveland.
Bruckner, L., & Voss, M. (2005, October 2005). MozPETs—a privacy enhanced web browser. Paper presented at the Third Annual Conference on Privacy, Security and Trust, St. Andrews, New Brunswick, Canada.
Byers, S., Cranor, L., Kormann, D. (2003). Automated analysis of P3P-enabled web sites. Paper presented at the Proc. 5th Int. C. Electronic Commerce, Pittsburgh, PA, USA.
Capurro, R. (2005). Privacy. An intercultural perspective. Ethics and Information Technology, 7, 37–47.
Carter, L., & Weerakkody, V. (2008). E-government adoption: A cultural comparison. Information Systems Frontiers, 10(4), 473–482.
Cohen, J. (1988). Statistical power analysis for the behavioral sciences (2nd ed.). Hillsdale: Lawrence Earlbaum Associates.
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J. (2002). The platform for privacy preferences 1.0 Specification World Wide Web Consortium (W3C): http://www.w3.org/P3P/, from http://www.w3.org/TR/P3P/
Cranor, L. F., Byers, S., Kormann, D. (2003). An analysis of P3P deployment on commercial, government and children's web sites as of May 2003: Federal Trade Commission.
Cranor, L., Egelman, S., Sheng, S., McDonald, A., Chowdhury, A. (2008). P3P deployment on websites. Electronic Commerce Research and Applications, to appear.
Dahl, S. (2004). Intercultural research: The current state of Knowledge Middlesex University: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=658202, from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=658202
De Troyer, O., Mushtaha, A. N., Stengers, H., Baetens, M., Boers, F., Casteleyn, S., et al. (2006). On cultural differences in Local Web Interfaces. Journal of Web Engineering, 5(3), 246–264.
Earp, J. B., Anton, A. I., Aiman-Smith, L., & Stufflebeam, W. H. (2005). Examining internet privacy policies within the context of user privacy values. IEEE Transactions on Engineering Management, 52(2), 227–237.
Egelman, S., & Cranor, L. F. (2006, August, 2006). An analysis of P3P-enabled web sites among top-20 search results. Paper presented at the Eighth International Conference on Electronic Commerce, Fredericton, New Brunswick, Canada.
Elgin, B., & Grow, B. (2006). The plot to hijack your computer, BusinessWeek Online.
Ellickson, R. C. (2001). The evolution of social norms: A perspective from the legal academy. In M. Hechter & K.-D. Opp (Eds.), Social norms (pp. 35–75). New York: Russell Sage.
Ess, C., & Sudweeks, F. (2005). Culture and computer-mediated communication: Toward new understandings. Journal of Computer-Mediated Communication, 11(1).
Garfinkel, S. (1995). PGP: Pretty good privacy. Sebastopol: O'Reilly & Associates.
Gevorgyan, G., & Manucharova, N. (2009). Does culturally adapted online communication work? a study of American and Chinese internet users' attitudes and preferences toward culturally customized web design elements. Journal of Computer-Mediated Communication, 14(2), 393–413.
Goecks, J., & Mynatt, E. D. (2005). Social approaches to end-user privacy management. In L. F. Cranor & S. Garfinkel (Eds.), Security and usability designing secure systems that people can use. Beijing: O'Reilly.
Greenspan, S., Goldberg, D., Weimer, D., Basso, A. (2000, December 2000). Interpersonal trust and common ground in electronically mediated communication. Paper presented at the 2000 ACM Conference on Computer Supported Cooperative Work, Philadelphia, Pennsylvania, United States.
Gritzalis, S. (2004). Enhancing web privacy and anonymity in the digital era. Information Management and Computer Security, 12(3), 255–288.
Gudynkunst, W. B. (1998). Bridging differences effective intergroup communication (3rd ed.). Thousand Oaks: Sage Publications.
Gudynkunst, W. B., Ting-Toomey, S., & Chua, E. (1988). Culture and interpersonal communication. Newbury Park: Sage.
Hall, E. T. (1989). Beyond culture. New York: Doubleday.
Hasselblad, V., & Hedges, L. V. (1995). Meta-analysis of screening and diagnostic tests. Psychological Bulletin, 117(1), 167–178.
Hofstede, G. H. (1980). Culture's consequences: International differences in work-related values. Berkeley: Sage Publications.
Hofstede, G. H. (1991). Cultures and organizations. Berkshire: McGraw-Hill.
Hofstede, G. (2006). Cultural dimensions Itim International: http://www.geert-hofstede.com/, from http://www.geert-hofstede.com/
Horne, C. (2001). Sociological perspectives on the emergence of norms. In M. Hechter & K.-D. Opp (Eds.), Social norms. New York: Russell Sage.
Howell, D. C. (2002). Statistical methods for psychology (5th ed.). Pacific Grove: Duxbury/Thomson Learning.
Hsu, M.-H., & Kuo, F.-Y. (2003). The effect of organization-based self-esteem and deindividualism in protecting personal information privacy. Journal of Business Ethics, 42(4), 305–320.
Jensen, C., & Potts, C. (2004, April 2004). Privacy policies as decision-making tools: An evaluation of online privacy notices. Paper presented at the CHI 2004, Vienna, Austria.
Jensen, C., Potts, C., & Jensen, C. (2005). Privacy practices of internet users: Self-reports versus observed behavior. International Journal of Human Computer Studies, 63, 203–227.
Kaplan, S. E., & Nieschwietz, R. J. (2003). A web assurance model of trust for B2C E-commerce. International Journal of Accounting Information Systems, 4(2), 95–114.
Kim, H., Coyle, J. R., & Gould, S. J. (2009). Collectivist and individualist influences on website design in South Korea and the U.S.: A cross-cultural content analysis. Journal of Computer-Mediated Communication, 14(3), 581–601.
Koike, Y., & Taiki, S. (2002). P3P validator world wide web consortium: http://www.w3.org/P3P/validator.html, from http://www.w3.org/P3P/validator.html
Kumaraguru, P., & Cranor, L. (2005, May 2005). Privacy in India: Attitudes and awareness. Paper presented at the 2005 Workshop on Privacy Enhancing Technologies, Dubrovnik, Croatia.
Leeds-Hurwitz, W. (1990). Notes in the history of intercultural communication: The Foreign Service Institute and the mandate for intercultural training. The Quarterly Journal of Speech, 76(3), 262–281.
Lichtenstein, S., Swatman, P. M. C., Babu, K. (2003). Adding value to online privacy for consumers: Remedying deficiencies in online privacy policies with an holistic approach. Paper presented at the 36th Hawaii International Conference on System Sciences, Hawaii.
Lipsey, M. W., & Wilson, D. B. (2001). Practical meta-analysis (vol. 49). Thousand Oaks: Sage Publications.
McSweeney, B. (2002). Hofstede's model of national cultural differences and their consequences: A triumph of faith—a failure of analysis. Human Relations, 55(1), 89–118.
Milberg, S. J., Burke, S. J., Smith, H. J., & Kallman, E. A. (1995). Values, personal information privacy, and regulatory approaches. Communications of the ACM, 38(12), 65–74.
Milberg, S. J., Smith, H. J., & Burke, S. J. (2000). Information privacy: Corporate management and national regulation. Organization Science, 11(1), 35–57.
Moores, T. (2005). Do Consumers understand the role of privacy seals in e-commerce? Communications of the ACM, 48(3), 86–91.
Pitta, D. A., Fung, H.-G., & Isberg, S. (1999). Ethical issues across cultures: Managing the differing perspectives of china and the USA. Journal of Consumer Marketing, 16(3), 240–256.
Reay, I., Beatty, P., Dick, S., & Miller, J. (2007). A survey and analysis of the P3P protocol’s agents, adoption, maintenance and future. IEEE Transactions on Dependable & Secure Computing, 4(2), 151–164.
Reay, I., Dick, S., & Miller, J. (2009a). An analysis of privacy signals on the world wide web: Past, present and future. Information Sciences, 179(8), 1102–1115.
Reay, I., Dick, S., & Miller, J. (2009b). A large-scale empirical study of online privacy policies: Stated actions vs. legal obligations. ACM Transactions on the Web, 3(2), 34.
Rogers, E. M., Hart, W. B., & Miike, Y. (2002). Edward T. Hall and the history of intercultural communication: The United States and Japan. Keio Communication Review, 24, 3–26.
Shaw, T. R. (2003). The moral intensity of privacy: An empirical study of webmasters' attitudes. Journal of Business Ethics, 46(4), 301–318.
Singh, N., Zhao, H., & Hu, X. (2003). Analyzing the cultural content of web sites, a cross-national comparison of China, India, Japan, and US. International Marketing Review, 22(2), 129–146.
Sipior, J. C., & Ward, B. T. (2008). Trust, privacy, and legal protection in the use of software with surreptitiously installed operations: An empirical evaluation. Information Systems Frontiers, 10(1), 3–18.
Smith, H. J., Milberg, S. J., & Burke, S. J. (1996). Information privacy: Measuring individual's concerns about organizational practices. MIS Quarterly, 20(2), 167–196.
Spence, A. M. (1973). Job market signalling. Quarterly Journal of Economics, 87, 355–374.
Spiekermann, S., Grossklags, J., Berendt, B. (2001). E-privacy in 2nd generation e-commerce: Privacy preferences versus actual behaviour. Paper presented at the 3rd ACM conference on Electronic Commerce.
Staff. (2002). A matter of trust: What users want from web sites. Washington: Princeton Survey Research Associates.
Staff. (2003). P3P dashboard report. London: Ernst and Young.
Staff. (2006a). BBBOnLine, Inc.–promoting trust and confidence on the Internet Better Business Bureau, from http://www.bbbonline.org/
Staff. (2006b). Geolocation IP address to country city region latitude longitude ZIP Code ISP domain name database for developers IP2Location.com, from http://www.ip2location.com/
Staff. (2006c). State sues major "spyware" distributor office of New York State Attorney General Eliot Spitzer, from http://www.oag.state.ny.us/press/2006/apr/apr04a_06.html
Staff. (2006d). TRUSTe–make privacy your choice San Francisco, CA, USA: Truste.org, from http://www.truste.org/
Staff. (2006e). WebTrust/SysTrust Washington, D.C., USA: American Institute of Certified Public Accountants, from http://www.webtrust.org/
Staff. (2007a). Alexa web search–top 500 San Francisco, CA, USA: Alexa Internet Inc. retrieved February 21, 2007, from http://www.alexa.com/site/ds/top_500
Staff. (2007b). DOCKET NO. C-4194 decision and order. Washington: Federal Trade Commission.
Staff. (2008). VeriSign–security (SSL certificates), intelligent communications, and identity protection Mountain View, CA, USA: Verisign, from http://www.verisign.com/
Taylor, C. R., Franke, G. R., & Maynard, M. L. (2000). Attitudes toward direct marketing and its regulation: A comparison of the United States and Japan. Journal of Public Policy and Marketing, 19(2), 228–237.
Turow, J., Feldman, L., Meltzer, K. (2005). Open to exploitation: American shoppers online and offline: University of Pennsylvania's Annenberg School for Communication.
Venkatesh, V., & Brown, S. A. (2001). A longitudinal investigation of personal computer adoption in homes: Adoption determinants and emerging challenges. MIS Quarterly, 25(1), 71–102.
Watt, A. (2005). Beginning regular expressions. Indianapolis Indiana: Wiley Publishing, Inc.
Westin, A. F. (1967). Privacy and freedom. New York: Atheneum.
Winkler, J. K., Dibbern, J., & Heinzl, A. (2008). The impact of cultural differences in offshore outsourcing—case study results from German–Indian application development projects. Information Systems Frontiers, 10(2), 243–258.
Zhang, X., & Maruping, L. M. (2008). Household technology adoption in a global marketplace: Incorporating the role of espoused cultural values. Information Systems Frontiers, 10(4), 397–402.
Acknowledgements
The authors wish to thank Alexa.com for providing a copy of their Top 100,000 List for our research.
Author information
Authors and Affiliations
Corresponding author
Appendix A
Appendix A
The P3P 1.0 specification (Cranor et al. 2002) specifies an XML schema which expresses the key aspects of a human-readable privacy policy in a machine-readable form. The P3P policy for a site is an XML document, accessed by one of three defined mechanisms in the P3P specification. These documents are retrieved by a P3P user agent, parsed and presented to the user. P3P does not enforce privacy standards. It is through the use of written laws, situational context, and case law that the legality of organizational actions are determined.
An activity diagram for a P3P user agent is presented in Fig. 1. The P3P agent intercepts user requests for a Web page, and first sends a request for the P3P policy reference file (PRF) of the Web site. The Web site responds with the PRF, which the agent then uses to determine which P3P policies need to be fetched for each individual HTTP resource. The agent then requests any policies not already retrieved for the desired Web page, and then analyzes them for any conflicts with the user’s privacy preferences. The agent also requests the actual Web page, and the server responds with that page. Finally, the agent displays the Web page to the user, along with any alerts about the privacy policy. The contents of a P3P document are a series of classes represented as tags (Table 3). These tags are an approximation to the information contained in the human readable privacy policies that are posted on websites; the P3P specification mandates the posting of the human readable policies in parallel with the P3P XML document. The complete specification of P3P is available at http://www.w3.org/TR/P3P/.
Activity diagram for P3P protocol (Reay et al. 2009b)
Rights and permissions
About this article
Cite this article
Reay, I., Beatty, P., Dick, S. et al. Privacy policies and national culture on the internet. Inf Syst Front 15, 279–292 (2013). https://doi.org/10.1007/s10796-011-9336-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-011-9336-7