Types of Privacy Expectations

Ashwini Rao, Juergen Pfeffer

Research output: Contribution to journalArticlepeer-review

5 Scopus citations

Abstract

Understanding user privacy expectations is important and challenging. General Data Protection Regulation (GDPR) for instance requires companies to assess user privacy expectations. Existing privacy literature has largely considered privacy expectation as a single-level construct. We show that it is a multi-level construct and people have distinct types of privacy expectations. Furthermore, the types represent distinct levels of user privacy, and, hence, there can be an ordering among the types. Inspired by expectations-related theory in non-privacy literature, we propose a conceptual model of privacy expectation with four distinct types – Desired, Predicted, Deserved and Minimum. We validate our proposed model using an empirical within-subjects study that examines the effect of privacy expectation types on participant ratings of privacy expectation in a scenario involving collection of health-related browsing activity by a bank. Results from a stratified random sample (N = 1,249), representative of United States online population (±2.8%), confirm that people have distinct types of privacy expectations. About one third of the population rates the Predicted and Minimum expectation types differently, and differences are more pronounced between younger (18–29 years) and older (60+ years) population. Therefore, studies measuring privacy expectations must explicitly account for different types of privacy expectations.

Original languageEnglish
Article number7
JournalFrontiers in Big Data
Volume3
DOIs
StatePublished - 25 Feb 2020

Keywords

  • data privacy
  • empirical
  • expectation
  • regulation
  • usability
  • user study

Fingerprint

Dive into the research topics of 'Types of Privacy Expectations'. Together they form a unique fingerprint.

Cite this