Elsevier

Decision Support Systems

Volume 54, Issue 1, December 2012, Pages 471-481
Decision Support Systems

Theories in online information privacy research: A critical review and an integrated framework

https://doi.org/10.1016/j.dss.2012.06.010Get rights and content

Abstract

To study the formation of online consumers' information privacy concern and its effect, scholars from different perspectives applied multiple theories in research. To date, there has yet to be a systematic review and integration of the theories in literature. To fill the gap, this study reviews fifteen established theories in online information privacy research and recognizes the primary contributions and connections of the theories. Based on the review, an integrated framework is developed for further research. The framework highlights two interrelated trade-offs that influence an individual's information disclosure behavior: the privacy calculus (i.e., the trade-off between expected benefits and privacy risks) and the risk calculus (i.e., the trade-off between privacy risks and efficacy of coping mechanisms). These two trade-offs are together called the dual-calculus model. A decision table based on the dual-calculus model is provided to predict an individual's intention to disclose personal information online. Implications of the study for further research and practice are discussed.

Highlights

► This study reports a review on fifteen theories in online information privacy research. ► An integrated theoretical framework is proposed from the fifteen theories. ► Two interrelated tradeoffs are recognized. ► The risk calculus is proposed for future research. ► A decision table based on the two tradeoffs is further provided.

Introduction

Much research has been conducted from various theoretical perspectives on individuals' concerns for information privacy in the e-commerce environment [14], [49], [59], [74]. Such concerns reflect online consumers' worries that their personal information could be inappropriately collected, maintained, accessed, or used by online merchants without their consent [54], [73], [76]. Consumers who are concerned about online information privacy would take protective actions to reduce the risks, such as refusing to provide information to a website, providing inaccurate information, or removing information from a website [75]. These actions have significant impacts on online merchants that rely on customer information to provide personalized products and services [9], [70], [85].

To study online information privacy behavior, scholars from different perspectives adopted multiple theories in research, including the procedural fairness theory [20], [83], the theory of reasoned action [24], [64], the expectancy theory [24], [35], the social contract theory [31], [54], the protection motivation theory [17], [88], and the social presence theory [60], [89], among others. These theories interpret the formation of online consumers' privacy concerns and the subsequent behavior to provide (or conceal) personal information in online transactions. Based on these theories, a large number of antecedent and consequence factors of privacy concern were studied in literature [49], [74].

In spite of the broad applications of theories in online information privacy research, there has yet to be a study to review the theories and to provide an improved understanding of the theoretical basis of the area. This leaves a number of limitations in literature. First, while the same kind of phenomena, i.e., the privacy-driven behavior, was investigated through multiple theories, the theories address the issue from different perspectives with varied emphases: some focus on organizational factors that influence an individual's privacy perceptions, such as the procedural fairness theory and the social presence theory [20], [60], [89], while others focus on individuals' internal responses to the external factors, such as the protection motivation theory [17], [88]. Such distinct emphases in theories suggest that applications of multiple theories in a study may help to produce more fruitful results in understanding the phenomena, calling for a theoretical review, comparison, and integration [69].

Second, while the theories address privacy issues from different perspectives, there are connections among the theories that need to be recognized. For example, the privacy calculus theory is a common approach to analyzing individuals' information disclose behavior, suggesting that an individual's intention to disclose information is based on the comparison of expected benefits and perceived risks in a given context [20], [22], [24], [83]. Although the specific benefit and risk factors differ across studies, depending on other theories applied, the general findings support the central role of the privacy calculus [74]. Recognizing such a connection between theories is helpful in fortifying the theoretical basis of this area, which is critical for studies that draw upon multiple theories.

Third, facets of theories that have not received full attention in literature should be recognized and strengthened in further research. Scholars operationalize certain aspects of the theories to fit their research objectives. For example, the theory of reasoned action (TRA) [4] suggests that a person's behavioral intention is influenced by two antecedent factors: attitude and subjective norm. The privacy literature adopting this theory has analyzed either attitude [8], [37], [71] or subjective norm [21] but not both, and some examined none of them [24], [41], [42], [53], [54]. By recognizing the under-investigated areas of theories in literature, it is possible to conduct research for improved outcomes.

To address the above limitations, this study reviews fifteen established theories in online information privacy research and develops an integrated theoretical framework for future research. The study has three potential contributions. First, it provides a comprehensive view of the theoretical basis of this area. Although several review studies were conducted in this area [14], [49], [59], [74], none has focused on the underlying theories in research. The current study therefore fills the gap in literature. Second, the integrated framework provides a basis for further research by summarizing achievements made in this area and highlighting new research opportunities, as discussed in Section 5. Third, a new trade-off in information disclosure decisions – the risk calculus – is derived from the protection motivation theory [66], which refers to the trade-off between perceived risks and the efficacy of coping with the risks. The risk calculus and the well-known privacy calculus [74] constitute the dual-calculus model, which determines the intentions of individuals to disclose information online. This model has potential values for research and practice.

The rest of the article is organized as follows. Section 2 describes the research method. Section 3 presents the review. The integrated framework is proposed in Section 4, where the relationships among the theories are explained. Finally in Section 5, limitations of the study and implications for research and practice are discussed.

Section snippets

Research method

This study follows the common approach of literature review [47], [69]. Based on the research objectives specified above, the first step is to select and filter theories from the literature. While many theories and frameworks were applied to study online information privacy, it goes beyond the scope of this study to review them all. Instead, the study focuses on established theories that have been empirically tested at the individual level. First, only established theories are selected, and

Review of the theories

The fifteen theories interpret online information privacy from different but interrelated perspectives. Fig. 1 provides a map for the review, which categorizes the theories based on the origin, the behavioral consequences, and the influential factors of privacy concern. Two theories that explain the origin of privacy concern are introduced first; they are the agency theory [16], [30] and the social contract theory [28], [55]. Both suggest that uncertainties, such as privacy concerns, exist in

Development of an integrated theoretical framework

To strengthen the theoretical basis of this area and throw light on further research, an integrated theoretical framework is proposed in Fig. 2. The framework adopts TPB as the basis to outline the relationships between privacy antecedents, privacy belief, privacy-driven behavioral intention and privacy behavior. Most of the relationships (either positive or negative) between concepts/constructs are clearly specified in the corresponding literature, although some concepts, such as personality

Discussion and concluding remarks

In this study, fifteen established theories in online information privacy research are reviewed for an understanding of the theoretical basis of this area. The review highlights the distinctions as well as interconnections among the theories. Based on the review, an integrated theoretical framework is developed to consolidate the theories for a better understanding of the antecedents and consequences of privacy concern. Two interrelated trade-offs in privacy decision are highlighted in the

Yuan Li is an assistant professor of business in the Division of Business, Mathematics and Sciences at the Columbia College in Columbia, South Carolina, USA. He received his Ph.D. in Management Information Systems from the University of South Carolina. His current research focuses on knowledge management at the organizational and individual levels, knowledge and skills transfer in end user computing, and online information privacy. His research appears in the Journal of the Association for

References (89)

  • D.H. Shin

    The effects of trust, security and privacy in social networking: a security-based approach to understand the pattern of adoption

    Interacting with Computers

    (2010)
  • C.H. Tu

    The relationship between social presence and online privacy

    The Internet and Higher Education

    (2002)
  • H. Xu et al.

    The personalization privacy paradox: an exploratory study of decision making process for location-aware marketing

    Decision Support Systems

    (2011)
  • J.C. Zimmer et al.

    Knowing your customers: using a reciprocal relationship to enhance voluntary information disclosure

    Decision Support Systems

    (2010)
  • I. Ajzen

    Nature and operation of attitudes

    Annual Review of Psychology

    (2001)
  • I. Ajzen

    Perceived behavioral control, self-efficacy, locus of control, and the theory of planned behavior

    Journal of Applied Social Psychology

    (2002)
  • I. Ajzen et al.

    Understanding Attitudes and Predicting Social Behavior

    (1980)
  • M. Aljukhadar et al.

    Can the media richness of a privacy disclosure enhance outcome? A multifaceted view of trust in rich media environments

    International Journal of Electronic Commerce

    (2010)
  • I. Altman

    The Environment and Social Behavior: Privacy, Personal Space, Territory, and Crowding

    (1975)
  • E.B. Andrade et al.

    Self-Disclosure on the web: the impact of privacy policy, reward, and company reputation

    Advances in Consumer Research

    (2002)
  • C.M. Angst et al.

    Adoption of electronic health records in the presence of privacy concerns: the elaboration likelihood model and individual persuasion

    MIS Quarterly

    (2009)
  • N.F. Awad et al.

    The personalization privacy paradox: an empirical evaluation of information transparency and the willingness to be profiled online for personalization

    MIS Quarterly

    (2006)
  • S.B. Bacharach

    Organizational theories: some criteria for evaluation

    Academy of Management Review

    (1989)
  • A. Bandura

    Social Foundations of Thought and Action: A Social Cognitive Theory

    (1986)
  • A. Bandura

    Social cognitive theory: an agentic perspective

    Annual Review of Psychology

    (2001)
  • F. Belanger et al.

    Privacy in the digital age: a review of information privacy research in information systems

    MIS Quarterly

    (2011)
  • B. Berendt et al.

    Privacy in e-commerce: stated preferences vs. actual behavior

    Communications of the ACM

    (2005)
  • M. Bergen et al.

    Agency relationships in marketing: a review of the implications and applications of agency and related

    Journal of Marketing

    (1992)
  • S. Chai et al.

    Internet and online information privacy: an exploratory study of preteens and early teens

    IEEE Transactions on Professional Communication

    (2009)
  • J. Chen et al.

    Am i afraid of my peers? Understanding the antecedents of information privacy concerns in the online social context

  • C.M. Chiu et al.

    Determinants of customer repurchase intention in online shopping

    Online Information Review

    (2009)
  • M.J. Culnan et al.

    Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation

    Organization Science

    (1999)
  • H. Dai et al.

    Mobile commerce adoption in china and the United States: a cross-cultural study

    The DATA BASE for Advances in Information Systems

    (2009)
  • T. Dinev et al.

    Internet privacy concerns and their antecedents—measurement validity and a regression model

    Behaviour & Information Technology

    (2004)
  • T. Dinev et al.

    Internet privacy concerns and social awareness as determinants of intention to transact

    International Journal of Electronic Commerce

    (2005)
  • T. Dinev et al.

    An extended privacy calculus model for e-commerce transactions

    Information Systems Research

    (2006)
  • T. Dinev et al.

    The centrality of awareness in the formation of user behavioral intention toward protective information technologies

    Journal of the Association for Information Systems

    (2007)
  • T. Dinev et al.

    Internet users' privacy concerns and beliefs about government surveillance: an exploratory study of differences between Italy and the United States

    Journal of Global Information Management

    (2006)
  • T. Donaldson et al.

    Toward a unified conception of business ethics: integrative social contracts theory

    Academy of Management Review

    (1994)
  • K.M. Eisenhardt

    Agency theory: an assessment and review

    The Academy of Management Review

    (1989)
  • S. Faja et al.

    Influence of the web vendor's interventions on privacy-related behaviors in e-commerce

    Communications of AIS

    (2006)
  • D.L. Floyd et al.

    A meta-analysis of research on protection motivation theory

    Journal of Applied Social Psychology

    (2000)
  • K.E. Greenaway et al.

    Theoretical explanations for firms' information privacy behaviors

    Journal of the Association for Information Systems

    (2005)
  • I. Hann et al.

    Overcoming online information privacy concerns: an information-processing theory approach

    Journal of Management Information Systems

    (2007)
  • Cited by (0)

    Yuan Li is an assistant professor of business in the Division of Business, Mathematics and Sciences at the Columbia College in Columbia, South Carolina, USA. He received his Ph.D. in Management Information Systems from the University of South Carolina. His current research focuses on knowledge management at the organizational and individual levels, knowledge and skills transfer in end user computing, and online information privacy. His research appears in the Journal of the Association for Information Systems, European Journal of Information Systems, the Journal of Organizational and End User Computing, and the Communications of the Association for Information Systems.

    View full text