Chapter 10 – Privacy and Trust Online
Chapter Summary
Sharing Information Online
- The concept of privacy is complex and it is a difficult phenomenon to define easily.
- Some people carefully curate their online information.
- Many methods of sharing our information online are available to us. Some of these are conscious, as we post messages and send communications. Some aspects of our online information sharing may be unwitting – for example, through embedded information or Internet cookies.
- Our data online also accumulates across various platforms.
- Online profiles might be linked through facial recognition software.
- Information online might also have a degree of permanency that is not considered when it is posted.
- Complaints against agencies who store information have led to clarifications regarding privacy legislation, such as the ‘right to be forgotten’ in Europe.
- Users also may not consider who has access to information that they share online, including third parties such as government agencies, advertisers, or malicious hackers, who may access the information despite not being the intended audience.
Deciding What Information to Share
- Users have been found to be greatly concerned about their privacy.
- There are many factors which may lead them to share private information online.
Cognitive Psychology and Decision Making
- Various models and theories in cognitive psychology can aid our understanding of why people share information online.
- Daniel Kahneman’s (2011) System 1 and System 2 types of thinking may be relevant, with users employing the faster System 1 for decisions which require the greater deliberation of System 2.
- It is also possible that confirmation bias (Einhorn & Hogarth, 1978) might affect decision making about privacy, with users selectively attending to information which suggests that online disclosure is safe.
- Similarly, if a user has experienced or witnessed negative consequences of privacy disclosure, they may be more susceptible to the availability heuristic proposed by Tversky and Kahneman (1973).
- Other theories and models in cognitive psychology may also have applicability to decision making regarding privacy.
Communication Privacy Management
- Sandra Petronio (2002) developed the Communication Privacy Management Theory.
- This suggests that users believe that they own their private information and that they have the right to control the dissemination of this information.
- Communication Privacy Management Theory also suggests that users presume that others who hold this information will follow their rules regarding dissemination, and turbulence will ensue if the information is shared without permission.
Social Spheres and Space
- In some cases, users may be content to share private information with only small groups of close friends.
- In other cases, the user may feel that they can post very private information in a very public setting, provided that they feel they are anonymous.
- Problems may arise if a user wishes to share information that may not be well received by all of their contacts – different social spheres may have different expectations about the user’s behaviour.
- It is also possible that users may feel ‘digital crowding’ where the disclosure inherent in social media results in withdrawal coping methods (Joinson et al., 2011).
Paradoxes, Trade-Offs and Gaps
- Users may sometimes know what the most secure behaviour is, but fail to behave in a way that promotes such security – a phenomenon known as the knowing–doing gap.
- A similar concept is the privacy paradox (Barnes, 2006).
- Users may maintain a balance between privacy settings, selective disclosures, and selective inclusion of others to maintain privacy (Ellison et al., 2011).
- Security is a related concept to privacy, and users may choose to engage in behaviours which make their digital lives easier rather than safer. This concept is known as the convenience-security trade-off (Tam et al., 2009).
- Rogers (1975, 1983) proposed Protection Motivation Theory, which includes several factors which might trigger engagement in more secure behaviours. These include how severe the user perceived the threatened event would be, how likely they perceive the event to be, how effective the preventative measure is, what are the potential rewards if the threat is avoided, what are the potential costs of implementing the preventative measure, and if the user believes that they can successfully implement the preventative measures (self-efficacy).
Removing Our Data Online
- It is difficult to remove all data once it has appeared online.
- There are many reasons why a user may wish to remove this data, including avoiding unwanted attention, fear of cyberstalking, or removal of a comment which attracted criticism.
- Untagging may be a method of managing undesirable photographs on social media (Lang and Barton, 2015).
- Bloggers may also engage in ‘scrubbing’ behaviours for a variety of reasons (Child et al., 2011, 2012).
- Similarly, users may delete social networking profiles, termed ‘virtual identity suicide’ by Stieger et al. (2013).
-
Chapter 10 – Useful Websites
The Princetown University Security and Privacy Research Group’s website includes information relating to their work and researchers in this important field, as well as links to publications by their group. Their research can be found at:
A similar website is maintained by the University of Washington Security and Privacy Research Lab. Their publications, courses, and research activities are described at:
-
Chapter 10 – Further Reading
This fascinating paper by Joanne Hinds, Emma Williams, and Adam Joinson considers how people’s privacy concerns were (or were not) affected by the Cambridge Analytica case.
- Hinds, J., Williams, E. J., and Joinson, A. N. (2020). “It wouldn’t happen to me”: Privacy concerns and perspectives following the Cambridge Analytica scandal. International Journal of Human-Computer Studies, 143, 102498. https://doi.org/10.1016/j.ijhcs.2020.102498
- https://www.sciencedirect.com/science/article/abs/pii/S1071581920301002
The Pew Research Centre has published data regarding people’s perceptions of privacy online. A summary of their results and a link to the full report are available here:
- https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/
- Broader content on online privacy and security from the Pew Research Centre is also available at: https://www.pewresearch.org/topic/internet-technology/technology-policy-issues/online-privacy-security/
Bruce Schneier maintains a fascinating blog ‘Schneier on Security’. As the name suggests, the primary focus is on security, but occasional posts relate more specifically to privacy.
The IEEE publication Security & Privacy includes articles, interviews, tutorials and case studies:
-
Chapter 10 – Audio and Video links
Here’s a short interview with Professor Sandra Petronio explaining the principles of Communication Privacy Management theory.
Prof. Daniel Kahneman, winner of the Nobel Prize in Economics, describes the research presented in his book ‘Thinking Fast and Slow’ in this ‘Talks at Google’ video.
-
Chapter 10 – Essay questions
- Explain how at least three cognitive psychology theories or models can aid our understanding of why individuals might engage in risky online privacy management behaviours.
- Evaluate the applicability of Petronio’s Communication Privacy Management Theory to online communication.
- How does the ability to utilise online social spheres lead to an increase in online disclosures?
- Legislation regarding the right to be forgotten online is ineffective unless users are educated about the risks of online information sharing. Discuss.