Theories in online information privacy research: A critical review and an integrated framework
Highlights
► This study reports a review on fifteen theories in online information privacy research. ► An integrated theoretical framework is proposed from the fifteen theories. ► Two interrelated tradeoffs are recognized. ► The risk calculus is proposed for future research. ► A decision table based on the two tradeoffs is further provided.
Introduction
Much research has been conducted from various theoretical perspectives on individuals' concerns for information privacy in the e-commerce environment [14], [49], [59], [74]. Such concerns reflect online consumers' worries that their personal information could be inappropriately collected, maintained, accessed, or used by online merchants without their consent [54], [73], [76]. Consumers who are concerned about online information privacy would take protective actions to reduce the risks, such as refusing to provide information to a website, providing inaccurate information, or removing information from a website [75]. These actions have significant impacts on online merchants that rely on customer information to provide personalized products and services [9], [70], [85].
To study online information privacy behavior, scholars from different perspectives adopted multiple theories in research, including the procedural fairness theory [20], [83], the theory of reasoned action [24], [64], the expectancy theory [24], [35], the social contract theory [31], [54], the protection motivation theory [17], [88], and the social presence theory [60], [89], among others. These theories interpret the formation of online consumers' privacy concerns and the subsequent behavior to provide (or conceal) personal information in online transactions. Based on these theories, a large number of antecedent and consequence factors of privacy concern were studied in literature [49], [74].
In spite of the broad applications of theories in online information privacy research, there has yet to be a study to review the theories and to provide an improved understanding of the theoretical basis of the area. This leaves a number of limitations in literature. First, while the same kind of phenomena, i.e., the privacy-driven behavior, was investigated through multiple theories, the theories address the issue from different perspectives with varied emphases: some focus on organizational factors that influence an individual's privacy perceptions, such as the procedural fairness theory and the social presence theory [20], [60], [89], while others focus on individuals' internal responses to the external factors, such as the protection motivation theory [17], [88]. Such distinct emphases in theories suggest that applications of multiple theories in a study may help to produce more fruitful results in understanding the phenomena, calling for a theoretical review, comparison, and integration [69].
Second, while the theories address privacy issues from different perspectives, there are connections among the theories that need to be recognized. For example, the privacy calculus theory is a common approach to analyzing individuals' information disclose behavior, suggesting that an individual's intention to disclose information is based on the comparison of expected benefits and perceived risks in a given context [20], [22], [24], [83]. Although the specific benefit and risk factors differ across studies, depending on other theories applied, the general findings support the central role of the privacy calculus [74]. Recognizing such a connection between theories is helpful in fortifying the theoretical basis of this area, which is critical for studies that draw upon multiple theories.
Third, facets of theories that have not received full attention in literature should be recognized and strengthened in further research. Scholars operationalize certain aspects of the theories to fit their research objectives. For example, the theory of reasoned action (TRA) [4] suggests that a person's behavioral intention is influenced by two antecedent factors: attitude and subjective norm. The privacy literature adopting this theory has analyzed either attitude [8], [37], [71] or subjective norm [21] but not both, and some examined none of them [24], [41], [42], [53], [54]. By recognizing the under-investigated areas of theories in literature, it is possible to conduct research for improved outcomes.
To address the above limitations, this study reviews fifteen established theories in online information privacy research and develops an integrated theoretical framework for future research. The study has three potential contributions. First, it provides a comprehensive view of the theoretical basis of this area. Although several review studies were conducted in this area [14], [49], [59], [74], none has focused on the underlying theories in research. The current study therefore fills the gap in literature. Second, the integrated framework provides a basis for further research by summarizing achievements made in this area and highlighting new research opportunities, as discussed in Section 5. Third, a new trade-off in information disclosure decisions – the risk calculus – is derived from the protection motivation theory [66], which refers to the trade-off between perceived risks and the efficacy of coping with the risks. The risk calculus and the well-known privacy calculus [74] constitute the dual-calculus model, which determines the intentions of individuals to disclose information online. This model has potential values for research and practice.
The rest of the article is organized as follows. Section 2 describes the research method. Section 3 presents the review. The integrated framework is proposed in Section 4, where the relationships among the theories are explained. Finally in Section 5, limitations of the study and implications for research and practice are discussed.
Section snippets
Research method
This study follows the common approach of literature review [47], [69]. Based on the research objectives specified above, the first step is to select and filter theories from the literature. While many theories and frameworks were applied to study online information privacy, it goes beyond the scope of this study to review them all. Instead, the study focuses on established theories that have been empirically tested at the individual level. First, only established theories are selected, and
Review of the theories
The fifteen theories interpret online information privacy from different but interrelated perspectives. Fig. 1 provides a map for the review, which categorizes the theories based on the origin, the behavioral consequences, and the influential factors of privacy concern. Two theories that explain the origin of privacy concern are introduced first; they are the agency theory [16], [30] and the social contract theory [28], [55]. Both suggest that uncertainties, such as privacy concerns, exist in
Development of an integrated theoretical framework
To strengthen the theoretical basis of this area and throw light on further research, an integrated theoretical framework is proposed in Fig. 2. The framework adopts TPB as the basis to outline the relationships between privacy antecedents, privacy belief, privacy-driven behavioral intention and privacy behavior. Most of the relationships (either positive or negative) between concepts/constructs are clearly specified in the corresponding literature, although some concepts, such as personality
Discussion and concluding remarks
In this study, fifteen established theories in online information privacy research are reviewed for an understanding of the theoretical basis of this area. The review highlights the distinctions as well as interconnections among the theories. Based on the review, an integrated theoretical framework is developed to consolidate the theories for a better understanding of the antecedents and consequences of privacy concern. Two interrelated trade-offs in privacy decision are highlighted in the
Yuan Li is an assistant professor of business in the Division of Business, Mathematics and Sciences at the Columbia College in Columbia, South Carolina, USA. He received his Ph.D. in Management Information Systems from the University of South Carolina. His current research focuses on knowledge management at the organizational and individual levels, knowledge and skills transfer in end user computing, and online information privacy. His research appears in the Journal of the Association for
References (89)
The theory of planned behavior
Organizational Behavior and Human Decision Processes
(1991)- et al.
The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online
Decision Support Systems
(2010) - et al.
Internet privacy concerns and beliefs about government surveillance — an empirical investigation
The Journal of Strategic Information Systems
(2008) - et al.
Understanding online B-to-C relationships: an integrated model of privacy concerns, trust, and commitment
Journal of Business Research
(2006) - et al.
When is trust not enough? The role of perceived privacy of communication tools in comfort with self-disclosure
Computers in Human Behavior
(2010) - et al.
A trust-based consumer decision-making model in electronic commerce: the role of trust, perceived risk, and their antecedents
Decision Support Systems
(2008) - et al.
Revisiting the role of web assurance seals in business-to-consumer electronic commerce
Decision Support Systems
(2008) - et al.
Locking the door but leaving the computer vulnerable: factors inhibiting home users' adoption of software firewalls
Decision Support Systems
(2008) - et al.
The role of affect and cognition on online consumers' decision to disclose personal information to unfamiliar online vendors
Decision Support Systems
(2011) - et al.
Just what the doctor ordered: the role of information sensitivity and trust in reducing medical information privacy concern
Journal of Business Research
(2004)
The effects of trust, security and privacy in social networking: a security-based approach to understand the pattern of adoption
Interacting with Computers
The relationship between social presence and online privacy
The Internet and Higher Education
The personalization privacy paradox: an exploratory study of decision making process for location-aware marketing
Decision Support Systems
Knowing your customers: using a reciprocal relationship to enhance voluntary information disclosure
Decision Support Systems
Nature and operation of attitudes
Annual Review of Psychology
Perceived behavioral control, self-efficacy, locus of control, and the theory of planned behavior
Journal of Applied Social Psychology
Understanding Attitudes and Predicting Social Behavior
Can the media richness of a privacy disclosure enhance outcome? A multifaceted view of trust in rich media environments
International Journal of Electronic Commerce
The Environment and Social Behavior: Privacy, Personal Space, Territory, and Crowding
Self-Disclosure on the web: the impact of privacy policy, reward, and company reputation
Advances in Consumer Research
Adoption of electronic health records in the presence of privacy concerns: the elaboration likelihood model and individual persuasion
MIS Quarterly
The personalization privacy paradox: an empirical evaluation of information transparency and the willingness to be profiled online for personalization
MIS Quarterly
Organizational theories: some criteria for evaluation
Academy of Management Review
Social Foundations of Thought and Action: A Social Cognitive Theory
Social cognitive theory: an agentic perspective
Annual Review of Psychology
Privacy in the digital age: a review of information privacy research in information systems
MIS Quarterly
Privacy in e-commerce: stated preferences vs. actual behavior
Communications of the ACM
Agency relationships in marketing: a review of the implications and applications of agency and related
Journal of Marketing
Internet and online information privacy: an exploratory study of preteens and early teens
IEEE Transactions on Professional Communication
Am i afraid of my peers? Understanding the antecedents of information privacy concerns in the online social context
Determinants of customer repurchase intention in online shopping
Online Information Review
Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation
Organization Science
Mobile commerce adoption in china and the United States: a cross-cultural study
The DATA BASE for Advances in Information Systems
Internet privacy concerns and their antecedents—measurement validity and a regression model
Behaviour & Information Technology
Internet privacy concerns and social awareness as determinants of intention to transact
International Journal of Electronic Commerce
An extended privacy calculus model for e-commerce transactions
Information Systems Research
The centrality of awareness in the formation of user behavioral intention toward protective information technologies
Journal of the Association for Information Systems
Internet users' privacy concerns and beliefs about government surveillance: an exploratory study of differences between Italy and the United States
Journal of Global Information Management
Toward a unified conception of business ethics: integrative social contracts theory
Academy of Management Review
Agency theory: an assessment and review
The Academy of Management Review
Influence of the web vendor's interventions on privacy-related behaviors in e-commerce
Communications of AIS
A meta-analysis of research on protection motivation theory
Journal of Applied Social Psychology
Theoretical explanations for firms' information privacy behaviors
Journal of the Association for Information Systems
Overcoming online information privacy concerns: an information-processing theory approach
Journal of Management Information Systems
Cited by (0)
Yuan Li is an assistant professor of business in the Division of Business, Mathematics and Sciences at the Columbia College in Columbia, South Carolina, USA. He received his Ph.D. in Management Information Systems from the University of South Carolina. His current research focuses on knowledge management at the organizational and individual levels, knowledge and skills transfer in end user computing, and online information privacy. His research appears in the Journal of the Association for Information Systems, European Journal of Information Systems, the Journal of Organizational and End User Computing, and the Communications of the Association for Information Systems.