E-Commerce and Privacy: Exploring What We Know and Opportunities for Future Discovery

ABSTRACT:  Electronic commerce (e-commerce) has a built-in trade-off between the necessity of providing at least some personal information to consummate an online transaction and the risk of negative consequences from providing such information. This requirement and the increased sophistication of companies' personal information gathering have made e-commerce privacy a critical issue and have spawned a broad research literature that is reviewed in this paper. Key research issues and findings are organized, using a framework defined by four key stakeholder groups—companies, customers, privacy solution providers (PSPs), and governments—as well as the interactions among them. The review indicates that the published research on e-commerce privacy peaked in the early 2000s; thus, it has not addressed many of the technological advances and other relevant developments of the past decade. Potential research opportunities for researchers in Management Information Systems (MIS) and Accounting Information Systems (A...

[1]  Jianhua Shao,et al.  Privacy and e-commerce: a consumer-centric perspective , 2007, Electron. Commer. Res..

[2]  Julia Brande Earp,et al.  Internet privacy law: a comparison between the United States and the European Union , 2004, Comput. Secur..

[3]  Gurpreet Dhillon,et al.  Internet Privacy: Interpreting Key Issues , 2001, Inf. Resour. Manag. J..

[4]  Mary J. Culnan,et al.  Using the Content of Online Privacy Notices to Inform Public Policy: A Longitudinal Analysis of the 1998-2001 U.S. Web Surveys , 2002, Inf. Soc..

[5]  G. Hofstede,et al.  Culture′s Consequences: International Differences in Work-Related Values , 1980 .

[6]  Robert J. Kauffman,et al.  A Survey of Consumer Information Privacy from the Accounting Information Systems Perspective , 2011, J. Inf. Syst..

[7]  J. Phelps,et al.  Privacy Concerns and Consumer Willingness to Provide Personal Information , 2000 .

[8]  George R. Milne,et al.  Trust and Concern in Consumers’ Perceptions of Marketing Information Management Practices , 1999 .

[9]  Tomaz Klobucar,et al.  Privacy-Enhancing Technologies - approaches and development , 2003, Comput. Stand. Interfaces.

[10]  Alan Robert Peslak,et al.  An Ethical Exploration of Privacy and Radio Frequency Identification , 2005 .

[11]  Kenneth C. Laudon,et al.  Markets and privacy , 1993, CACM.

[12]  Mary J. Culnan,et al.  Strategies for reducing online privacy risks: Why consumers read (or don't read) online privacy notices , 2004 .

[13]  Anthony D. Miyazaki,et al.  Internet Privacy and Security: An Examination of Online Retailer Disclosures , 2000 .

[14]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[15]  Annie I. Antón,et al.  Examining Internet privacy policies within the context of user privacy values , 2005, IEEE Transactions on Engineering Management.

[16]  Sandra J. Milberg,et al.  Information Privacy: Corporate Management and National Regulation , 2000 .

[17]  Trevor T. Moores,et al.  Do consumers understand the role of privacy seals in e-commerce? , 2005, CACM.

[18]  D. Lien,et al.  E-commerce and consumer's purchasing behaviour , 2003 .

[19]  Language and Control , 1980 .

[20]  Philip Yang Information systems assurance practices in China: Where they are and where are they going? , 2012, Int. J. Account. Inf. Syst..

[21]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[22]  Chang Liu,et al.  Beyond concern - a privacy-trust-behavioral intention model of electronic commerce , 2004, Inf. Manag..

[23]  Y. Aharoni Cultures and Organizations: Software of the Mind , 1992 .

[24]  M. Culnan,et al.  Information Privacy Concerns, Procedural Fairness, and Impersonal Trust: An Empirical Investigation , 1999 .

[25]  M. Lwin,et al.  A Model Integrating the Multidimensional Developmental Theory of Privacy and Theory of Planned Behavior to Examine Fabrication of Information Online , 2003 .

[26]  Mary Ann Eastlick,et al.  Understanding online B-to-C relationships: An integrated model of privacy concerns, trust, and commitment , 2006 .

[27]  R. Petty Marketing without Consent: Consumer Choice and Costs, Privacy, and Public Policy , 2000 .

[28]  Vicky Arnold,et al.  The impact of relative information quality of e-commerce assurance seals on Internet purchasing behavior , 2002, Int. J. Account. Inf. Syst..

[29]  Irene Pollach,et al.  What's wrong with online privacy policies? , 2007, CACM.

[30]  Claire Gauzente,et al.  “To legislate or not to legislate”: a comparative exploratory study of privacy/personalisation factors affecting French, UK and US Web sites , 2003 .

[31]  George R. Milne,et al.  A Longitudinal Assessment of Online Privacy Notice Readability , 2006 .

[32]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[33]  Annie I. Antón,et al.  An Empirical Study of Consumer Perceptions and Comprehension of Web Site Privacy Policies , 2008, IEEE Transactions on Engineering Management.

[34]  Subhasish Dasgupta,et al.  Privacy on the Web: an Examination of User Concerns, Technology, and Implications for Business Organizations and Individuals , 2003, Inf. Syst. Manag..

[35]  C StoreyVeda,et al.  Compliance to the fair information practices , 2006 .

[36]  Kim Sheehan,et al.  Toward a Typology of Internet Users and Online Privacy Concerns , 2002, Inf. Soc..

[37]  N. Sivasailam,et al.  What companies are(n't) doing about Web site assurance , 2002 .

[38]  Joey F. George,et al.  Influences on the intent to make Internet purchases , 2002, Internet Res..

[39]  Özgür Erçetin,et al.  Public key cryptography based privacy preserving multi-context RFID infrastructure , 2009, Ad Hoc Networks.

[40]  Venkatesh Shankar,et al.  Online trust: a stakeholder perspective, concepts, implications, and future directions , 2002, J. Strateg. Inf. Syst..

[41]  Grace F. Johnson‐Page,et al.  B2C data privacy policies: current trends , 2001 .

[42]  Darren Charters,et al.  Electronic Monitoring and Privacy Issues in Business-Marketing: The Ethics of the DoubleClick Experience , 2002 .

[43]  Yves Gendron,et al.  Professionalization in Action: Accountants' Attempt at Building a Network of Support for the Webtrust Seal of Assurance , 2004 .

[44]  Veda C. Storey,et al.  Compliance to the fair information practices: How are the Fortune 500 handling online privacy disclosures? , 2006, Inf. Manag..

[45]  Alexey N. Nikitkov Information Assurance Seals: How They Impact Consumer Purchasing Behavior , 2006, J. Inf. Syst..

[46]  Rolf Oppliger Privacy-enhancing technologies for the world wide web , 2005, Comput. Commun..

[47]  Michael J. Shaw,et al.  Research opportunities in electronic commerce , 1997, Decis. Support Syst..

[48]  Laurence Ashworth,et al.  Marketing Dataveillance and Digital Privacy: Using Theories of Justice to Understand Consumers’ Online Privacy Concerns , 2006 .

[49]  Mark S. Ackerman,et al.  Privacy in pervasive environments: next generation labeling protocols , 2004, Personal and Ubiquitous Computing.

[50]  Veda C. Storey,et al.  Privacy, fair information practices and the fortune 500: the virtual reality of compliance , 2005, DATB.

[51]  Lei Zhou,et al.  The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[52]  H. Jeff Smith,et al.  Values, personal information privacy, and regulatory approaches , 1995, CACM.

[53]  Steven E. Kaplan,et al.  A Web assurance services model of trust for B2C e-commerce , 2003, Int. J. Account. Inf. Syst..

[54]  K. Sheehan,et al.  An investigation of gender differences in on-line privacy concerns and resultant behaviors , 1999 .

[55]  Paul Ashley,et al.  E-P3P privacy policies and privacy authorization , 2002, WPES '02.

[56]  Niels Provos,et al.  Hide and Seek: An Introduction to Steganography , 2003, IEEE Secur. Priv..

[57]  David J. Danelski,et al.  Privacy and Freedom , 1968 .

[58]  K. Jamal,et al.  Privacy Rights on the Internet: Self-Regulation or Government Regulation? , 2006, Business Ethics Quarterly.

[59]  J. Phelps,et al.  Consumer Privacy and Security Protection on Church Web Sites: Reasons for Concern , 2003 .

[60]  Andrew J. Rohm,et al.  Consumer Privacy and Name Removal across Direct Marketing Channels: Exploring Opt-In and Opt-Out Alternatives , 2000 .

[61]  Chris W. Clegg,et al.  Explaining intranet use with the technology acceptance model , 2001, J. Inf. Technol..

[62]  Scott Dick,et al.  An analysis of privacy signals on the World Wide Web: Past, present and future , 2009, Inf. Sci..

[63]  Lorrie Faith Cranor,et al.  Use of a P3P user agent by early adopters , 2002, WPES '02.

[64]  Lorrie Faith Cranor,et al.  P3P deployment on websites , 2008, Electron. Commer. Res. Appl..

[65]  Dara V. O'Neil Analysis of Internet Users’ Level of Online Privacy Concerns , 2001 .

[66]  Scott Dick,et al.  A Survey and Analysis of the P3P Protocol's Agents, Adoption, Maintenance, and Future , 2007, IEEE Transactions on Dependable and Secure Computing.

[67]  R. Laufer,et al.  Privacy as a Concept and a Social Issue: A Multidimensional Developmental Theory , 1977 .

[68]  Jr. Harry Katzan On The Privacy Of Cloud Computing , 2011, BIOINFORMATICS 2011.

[69]  Eve M. Caudill,et al.  Consumer Online Privacy: Legal and Ethical Issues , 2000 .

[70]  Chris Mallin International journal of disclosure and governance , 2013 .

[71]  Sandra J. Milberg,et al.  Information Privacy and Marketing: What the U.S. Should (and Shouldn't) Learn from Europe , 2001 .

[72]  Larry Korba,et al.  Applying digital rights management systems to privacy rights management , 2002, Comput. Secur..

[73]  Joel Weise-Sunps,et al.  Public Key Infrastructure Overview , 2001 .

[74]  K. Sheehan,et al.  Flaming, Complaining, Abstaining: How Online Users Respond to Privacy Concerns , 1999 .

[75]  Jan Fernback,et al.  Online Privacy and Consumer Protection: An Analysis of Portal Privacy Statements , 2005 .

[76]  Rüdiger Grimm,et al.  Can P3P help to protect privacy worldwide? , 2000, MULTIMEDIA '00.

[77]  Julia Brande Earp,et al.  Innovative web use to learn about consumer behavior and online privacy , 2003, CACM.

[78]  Donna L. Hoffman,et al.  Information Privacy in the Marketspace: Implications for the Commercial Uses of Anonymity on the Web , 1999, Inf. Soc..

[79]  C. R. Baker,et al.  Information Technology and the Social Construction of Information Privacy , 2001 .

[80]  Annie I. Antón,et al.  Financial privacy policies and the need for standardization , 2004, IEEE Security & Privacy Magazine.

[81]  M. Culnan Protecting Privacy Online: Is Self-Regulation Working? , 2000 .

[82]  Hock-Hai Teo,et al.  The Value of Privacy Assurance: An Exploratory Field Experiment , 2007, MIS Q..

[83]  Marilyn Prosch,et al.  Protecting personal information using Generally Accepted Privacy Principles (GAPP) and Continuous Control Monitoring to enhance corporate governance , 2008 .

[84]  Scott Dick,et al.  A large-scale empirical study of P3P privacy policies: Stated actions vs. legal obligations , 2009, TWEB.

[85]  Karim Jamal,et al.  Enforced Standards Versus Evolution by General Acceptance: A Comparative Study of E-Commerce Privacy Disclosure and Practice in the United States and the United Kingdom , 2004 .

[86]  Wooseok Choi,et al.  Market reaction to e-commerce impairments evidenced by website outages , 2006, Int. J. Account. Inf. Syst..

[87]  Chang Liu,et al.  An Examination of Privacy Policies in Fortune 500 Web Sites , 2002 .

[88]  Samer Faraj,et al.  The Role of Intermediaries in the Development of Trust on the WWW: The Use and Prominence of Trusted Third Parties and Privacy Statements , 2006, J. Comput. Mediat. Commun..

[89]  Mark Stamp,et al.  An agent-based privacy-enhancing model , 2008, Inf. Manag. Comput. Secur..

[90]  Athman Bouguettaya,et al.  Privacy on the Web: Facts, Challenges, and Solutions , 2003, IEEE Secur. Priv..

[91]  Karim Jamal,et al.  Enforced Standards Versus Evolution by General Acceptance: A Comparative Study of E-Commerce Privacy Disclosure and Practice in the U.S. And the U.K. , 2003 .

[92]  J. Freedman,et al.  Conceptions of Crowding. (Book Reviews: Crowding and Behavior; The Environment and Social Behavior. Privacy, Personal Space. Territory, Crowding) , 1975 .

[93]  Ravi Sarathy,et al.  Strategic and Ethical Considerations in Managing Digital Privacy , 2003 .

[94]  Mor Naaman,et al.  Methods for extracting place semantics from Flickr tags , 2009, TWEB.

[95]  Joey F. George,et al.  The theory of planned behavior and Internet purchasing , 2004, Internet Res..

[96]  Kiran J. Desai,et al.  E-commerce policies and customer privacy , 2003, Inf. Manag. Comput. Secur..

[97]  A. Westin Social and Political Dimensions of Privacy , 2003 .

[98]  Robert W. Proctor,et al.  Examining Usability of Web Privacy Policies , 2008, Int. J. Hum. Comput. Interact..

[99]  Brian R. Kovar,et al.  Consumer Responses to the CPA WEBTRUST™ Assurance , 2000, J. Inf. Syst..

[100]  Harry Hochheiser The platform for privacy preference as a social protocol: An examination within the U.S. policy context , 2002, TOIT.

[101]  R. Bharat Rao,et al.  Browsers or Buyers in Cyberspace? An Investigation of Factors Influencing Electronic Exchange , 2006, J. Comput. Mediat. Commun..

[102]  C. Ranganathan,et al.  Key dimensions of business-to-consumer web sites , 2002, Inf. Manag..

[103]  Nora J. Rifon,et al.  Promoting i-Safety: Effects of Privacy Warnings and Privacy Seals on Risk Assessment and Online Privacy Behavior , 2007 .

[104]  James W. Peltier,et al.  Information Privacy Research: Framework for Integrating Multiple Publics, Information Channels, and Responses , 2009 .

[105]  Victoria Bellotti,et al.  Design for privacy in multimedia computing and communications environments , 1997 .

[106]  Dane K. Peterson,et al.  Privacy Policy Statements and Consumer Willingness to Provide Personal Information , 2006, J. Electron. Commer. Organ..

[107]  Marilyn M. Greenstein,et al.  Extending the Accounting Brand to Privacy Services , 2003, J. Inf. Syst..