E-commerce & Online Privacy Concerns

The issue of privacy paradox is broad and many interpretations exist. The privacy paradox describes the situation in which the Internet users’ privacy concerns are not reflected in protective behavior.  Although users are worried about their online privacy and complain about the high risks of disclosing information online, they do not act accordingly. In fact, their behavior is easily influenced by low-level rewards (Image 1) despite their high levels of concerns (Norberg et al., 2007). Eventually, they disclose much of their very sensitive data, such as their address, phone number, location data, or political preferences. 

                        (Image 1)                      

This article examines the privacy paradox after the strengthening and expansion of EU data protection law. In May 2018 the Data Protection Act was replaced by the EU’s General Data Protection Regulation (GDPR). The GDPR aims at empowering EU citizens’ data privacy by reshaping the way organizations approach privacy (Smouter, 2018). At the same time, online privacy concerns among consumers are growing significantly, and are expected to grow further in the following years. In particular, a survey of 2,500 U.S. consumers by IDC found that 84% of respondents were concerned about the privacy of their personal information online and that 70% of them are more worried about the security of their personal information today than they were a few years ago (Pike et al., 2017). However, the privacy paradox remains a prevalent phenomenon. Even if there are more people who use VPNs, delete cookies and track blockers to demand lost privacy, they represent only a small percentage of the online users. Especially, when it comes to social media use, users are not cautious, but rather engage in risky behavior. In fact, only 40% of Facebook content is shared according to the default settings (Nahai, 2017). 

In order to explain why people’s concerns about online privacy fail to translate into privacy-protective behavior on the Internet and explore the correlation between the offer of a reward and a privacy-related notice, the third-person effect theory is being analyzed: “In the view of those trying to evaluate the effects of a communication, its greatest impact will not be on “me” [the first person] or “you”, [the second person] but on “them”-the third persons” (Davison 1983, p. 3). In other words, Davison states that individuals believe that mass media have a greater impact on others than on themselves and as a result of this belief their behavior may change. In this case, a privacy notice (Image 2) could lead to reducing the phenomenon of privacy paradox. However, as the primary incentive of users’ engagement in social media or e-commerce are the potential gains, the offer of a reward (e.g. discount with first purchase) could lead to sharing personal data online. Users in an online setting tend to base their decision-making on actual rewards rather than on privacy-related concerns (Poikela et al., 2015). 

(Image 2)

Therefore, they consider that the negative consequences of revealing information, for example in social networks, are attributed only to others while they only reap the benefits of positive effects (Debatin et al., 2009). When a message is perceived as negative, people attribute this message to having more influence on others. On the other hand, when the message is considered positive, users attribute more effects to the self since they are “smart enough” to recognize its value (Gunther & Mundy, 1993). This phenomenon is explained in light of the “biased optimism”. They suggest that individuals are biased toward positive personal outcomes. In fact, the discrepancy between the “me” and “them” is determined by the “benefit likelihood”. When there are benefits or rewards, the perceived effect on self and others is likely to agree, but when there are negative results to come, the perceived effect on self and others will differ to a great extent. 

Therefore, this article considers that the perceived benefits (the offer of a reward) outweigh any potential risks that are highlighted by a protection privacy notice. This means that the individual attributes the negative consequences of revealing information only to others and does not behave in accordance with the notice. In this case it is expected that the existence of a third-person effect contributes to the disclosure of personal information. Previous research has also shown that when users understand that there is a privacy notice, they trust the website more and are more willing to disclose their personal data (Beldad et al., 2009). 

This topic can be analyzed more and many experiments have been conducted but by realizing the opportunity that lies in a privacy protection notice or a reward, companies could enhance the way they communicate their privacy strategies, and the framework for privacy in multiple industries could be improved. Careful thinking is necessary when creating a privacy notice so that marketers can approach the issue from a customer perspective and provide users with a privacy notice that clearly explains the purpose of the privacy related notice.


Beldad, A. D., De Jong, M., & Steehouder, M. F. (2009). When the bureaucrat promises to safeguard your online privacy: Dissecting the contents of privacy statements on Dutch 

Davison, W. P. (1983). The Third-Person Effect in Communication. Public Opinion Quarterly, 47(1)

Debatin, B., Lovejoy, J. P., Horn, A., & Hughes, B. N. (2009). Facebook and online privacy: Attitudes, Behaviors, and Unintended Consequences. Journal of Computer‐Mediated Communication, 15(1), 83-108. doi:10.1111/j.1083-6101.2009.01494.x

Gunther, A. C., & Mundy, P. (1993). Biased Optimism and the Third-Person Effect. Journalism Quarterly,70(1), 58-67. doi:10.1177/107769909307000107

Nahai, T. C. (2017, May 10). Why We’re So Hypocritical About Online Privacy. Retrieved December 7, 2017, from https://hbr.org/2017/05/why-were-so-hypocritical-about-online-privacy

Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors. Journal of Consumer Affairs, 41(1), 100-126. doi:10.1111/j.1745-6606.2006.00070.x

Nahai, T. C. (2017, May 10). Why We’re So Hypocritical About Online Privacy. Retrieved December 7, 2017, from https://hbr.org/2017/05/why-were-so-hypocritical-about-online-privacy

Pike, S., Kelledy, M., & Gelnaw, A. (2017). Measuring U.S. Privacy Sentiment: An IDC Special Report. Retrieved January 08, 2018, https://www.idc.com/getdoc.jsp?containerId=US42238617

Poikela, M., Schmidt, R., Wechsung, I., & Möller, S. (2015). FlashPolling privacy. Proceedings of the 2015 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2015 ACM International Symposium on Wearable Computers – UbiComp 15

Smouter, K. (2018). The Year of the GDPR. Research World, 2018(68), 48-49. doi:10.1002/rwm3.20624

Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2011). The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Information Systems Research, 22(2), 254-268. doi:10.1287/isre.1090.0260

Related articles