This essay critically examines some classic philosophical and legal theories of privacy, organized into four categories: the nonintrusion, seclusion, limitation, and control theories of privacy. Although each theory includes one or more important insights regarding the concept of privacy, I argue that each falls short of providing an adequate account of privacy. I then examine and defend a theory of privacy that incorporates elements of the classic theories into one unified theory: the Restricted Access/Limited Control (...) (RALC) theory of privacy. Using an example involving data-mining technology on the Internet, I show how RALC can help us to frame an online privacy policy that is sufficiently comprehensive in scope to address a wide range of privacy concerns that arise in connection with computers and information technology. (shrink)

Article 12 of the General Data Protection Regulation (GDPR) requires data controllers to provide data subjects with any information relating to data processing operations “in a concise, transparent, intelligible and easily accessible form, using clear and plain language.” Linguistic inclusivity of privacy policies is no longer a matter of style, but has been a binding legal requirement under the new data protection framework. Article 5 GDPR sets forth the requirements of lawfulness, fairness and transparency and prohibits any data (...) processing operations which do not meet the standards of specification, explicitness and legitimacy of processing purposes [ 29 ]. In this study, a quantitative and qualitative analysis of linguistic indeterminacy in a corpus of 350 online privacy policies is presented and it is argued that a considerable number of data controllers continue to make use of strategic vagueness in the context of purpose limitation, therefore potentially prejudicing compliance with the GDPR. A legal-linguistic perspective on the current challenges of informed consent in European data protection law is provided. Finally, it is concluded that while the GDPR has contributed significantly to the linguistic empowerment of the data subject, the framework fails to satisfy the expectation of creating a participatory culture (see [ 36 ]) with a high degree of informational self-determination. (shrink)

The opaque use of data collection methods on the WWW has given rise to privacy concerns among Internet users. Privacy policies on websites may ease these concerns, if they communicate clearly and unequivocally when, how and for what purpose data are collected, used or shared. This paper examines privacy policies from a linguistic angle to determine whether the language of these documents is adequate for communicating data-handling practices in a manner that enables informed consent on (...) the part of the user. The findings highlight that corporate privacy policies obfuscate, enhance and mitigate unethical data handling practices and use persuasive appeals to increase companies’ trustworthiness. The communicative strategies identified provide starting points for redesigning existing privacy statements with a view to communicating data handling practices in a more transparent and responsible manner, laying the groundwork for informed consent. (shrink)

This study evaluated the online privacy policies of business-to-consumer e-commerce firms in five industries of mainland China, Taiwan, and Hong Kong. Based on the neo-institutional theory, we also tested whether the four institutional factors, top management’s legal education, managerial ethics, rule of law in information privacy protection and peer practices, had any effects on e-information and e-communication content. Results from a content analysis of 229 websites found that the privacy policy contents that complied with generally (...) accepted privacy standards were lesser in mainland China firms than those of Taiwan and Hong Kong firms. There were also significant differences in the amount of contents among the five industries. The results of regression analyses showed the importance of all four factors on e-information content. They also showed the importance of coercive, mimetic, and normative isomorphisms on e-information content. The validation of normative isomorphism highlighted the importance of managerial ethics and legal education. Our findings supplemented extant literature which identified economic motive as the main factor in influencing privacy practice disclosures. (shrink)

During the period of growth of e‐commerce, e‐business and online life in general, trust has been identified by a number of authors as a key factor, the absence of which can act as a powerful disincentive to an individual’s engagement in a transaction. This has encouraged a great deal of research into the various facets of trust in an online environment, both theoretical and empirical. One of the many recommendations for business practice that have emerged from this research (...) is the suggestion that online businesses should publish on their website a privacy policy that explains clearly the use that will be made of any personal information collected on the site, the third parties to whom it may be disclosed, and the circumstances under which disclosure may occur. A number of surveys have been conducted that highlight the rather patchy adoption of this recommendation in various countries. We now know, for example, that by no means all online organisations publish an online privacy policy, and that many of those that do exist display a range of serious shortcomings, including poor visibility on the site, incomplete coverage of the main issues of concern and poor readability. However, previous discussion of privacy policies has tended to assume that any particular policy can provide value to its readers by informing them of the privacy practices of its host organisation, and thus also to its publishers through encouraging customers and clients to trust them more than they otherwise would. This assumption is expected to be valid where the policy meets certain criteria, which are either established on the basis of theoretical considerations, or are derived from a kind of best‐in‐breed comparative exercise. This paper seeks to address the question how far privacy policies can ever achieve the goal of providing clear information to website visitors about the privacy practices of an organisation. It reports on an empirical study that was conducted between November 2005 and April 2006 using two groups of University students as subjects. The subjects were asked to read three privacy policies, selected in advance by the author, and to complete a short questionnaire on what the subject thought each policy had to say about certain key privacy issues. The results reveal that there is surprisingly little agreement about what a policy actually means. This has significant implications both for policy writers and their managers, and also for those who are considering entering into a transaction with the host website. There is a need for further research to investigate this question in more detail, but it is clear from these findings that we know less than we thought we did about the ways in which people interpret the notices that they read on websites. (shrink)

As traditional organizations using their websites for eCommerce transactions are increasing at an exponential rate, privacy concerns of users are also on the rise. To gain an insight into these concerns, existing policies and legislation, we conducted the research reported in this paper, in 2003. To augment the literature synthesis, a multiple case study analysis was conducted, based on six large organisations in Australia. Our research findings suggested that in the Australian context, an online privacy policy (...) (OPP) on the website which complies with the Privacy Act, supported by few best practices are reasonably able to address online privacy concerns. However, these findings are restricted in time frame, indicative and relevant in the Australian context. Nevertheless, we hope to stimulate academic research enquiry and discussion forums through this research. (shrink)

Purpose The purpose of this paper is two-fold. First, it explores the extent to which diversity of connectivity or the connection through multiple internet access points may facilitate online privacy behavior. Second, it explains the diversity of connectivity-online privacy behavior link in terms of information literacy. Design/methodology/approach Situated in the context of urban poor youth in the Philippines, this paper used a quantitative approach, specifically an interview-administered survey technique. Respondents were from three cities in Metro Manila. (...) To test for indirect relationship, survey data were analyzed using bootstrapping technique via SPSS macro PROCESS. Findings Urban poor youth with diversified connection to the internet engaged in online privacy behavior. The more the youth are connected to the internet through diverse modalities, the more this fosters cautious online privacy behavior. In addition, information literacy explained how diversity of connectivity facilitated online privacy behavior. It suggests that differences in online privacy behavior may result from the extent of basic know-how of navigating online information. In the context of the urban poor in the Global South, the youth are constantly negotiating ways to not only connect to the internet but also acquire digital skills necessary for protective online behaviors. Originality/value To date, this is one of the few papers to contribute to conversations about online privacy among youth in the Global South. It broadens the literature on social determinants of online privacy behavior that is crucial for designing policy interventions for those in the margins. (shrink)

Empirical data from a large sample of Canadian youth aged 13 to 17 years suggest that, although the current privacy policy framework is having a positive effect on the extent to which young people are complying with the types of behavior promoted by adults as privacy protective, its primary focus on parental supervision is inadequate to fully protect children's online privacy. Respondents with high levels of either social interaction or identity play are more likely than those (...) with lower levels to divulge personal identifiers and display privacy-risky behavior, independent of their level of parental supervision. High levels of parental supervision, therefore, do not eliminate but merely reduce privacy-risky behaviors associated with social uses of the Internet. As such, parental supervision cannot adequately protect children who have integrated the Net most fully into their social lives, especially given the high premium that children place on the use of the Net to talk to friends and explore social roles. (shrink)

The initial online publication contained a typesetting mistake in the author information. The original article has been corrected.

The 2010s were a golden age of information privacy research, but its policy accomplishments tell a mixed story. Despite significant progress on the development of privacy theory and compelling demonstrations of the need for privacy in practice, real achievements in privacy law and policy have been, at best, uneven. In this chapter, I outline three broad shifts in the way scholars (and, to some degree, advocates and policy makers) are approaching privacy and social media. First, (...) a change in emphasis from individual to structural approaches. Second, increasing attention to the political economy of privacy—especially the business models of information companies, such as social media platforms. And third, a deeper understanding of privacy’s role in a healthy digital public sphere. (shrink)

Purpose– The purpose of this paper is to develop a conceptual framework to contextualize young people’s lived experiences of privacy and invasion online. Social negotiations in the construction of privacy boundaries are theorized to be dependent on individual preferences, abilities and context-dependent social meanings.Design/methodology/approach– Empirical findings of three related Ottawa-based studies dealing with young people’s online privacy are used to examine the benefits of online publicity, what online privacy means to young people (...) and the social importance of privacy. Earlier philosophical discussions of privacy and identity, as well as current scholarship, are drawn on to suggest that privacy is an inherently social practice that enables social actors to navigate the boundary between self/other and between being closed/open to social interaction.Findings– Four understandings of privacy’s value are developed in concordance with recent privacy literature and our own empirical data: privacy as contextual, relational, performative and dialectical.Social implications– A more holistic approach is necessary to understand young people’s privacy negotiations. Adopting such an approach can help re-establish an ability to address the ways in which privacy boundaries are negotiated and to challenge surveillance schemes and their social consequences.Originality/value– Findings imply that privacy policy should focus on creating conditions that support negotiations that are transparent and equitable. Additionally, policy-makers must begin to critically evaluate the ways in which surveillance interferes with the developmental need of young people to build relationships of trust with each other and also with adults. (shrink)

Two terms, student privacy and Massive Open Online Courses, have received a significant amount of attention recently. Both represent interesting sites of change in entrenched structures, one educational and one legal. MOOCs represent something college courses have never been able to provide: universal access. Universities not wanting to miss the MOOC wave have started to build MOOC courses and integrate them into the university system in various ways. However, the design and scale of university MOOCs create tension for (...) privacy laws intended to regulate information practices exercised by educational institutions. Are MOOCs part of the educational institutions these laws and policies aim to regulate? Are MOOC users students whose data are protected by aforementioned laws and policies? Many university researchers and faculty members are asked to participate as designers and instructors in MOOCs but may not know how to approach the issues proposed. While recent scholarship has addressed the disruptive nature of MOOCs, student privacy generally, and data privacy in the K-12 system, we provide an in-depth description and analysis of the MOOC phenomenon and the privacy laws and policies that guide and regulate educational institutions today. We offer privacy case studies of three major MOOC providers active in the market today to reveal inconsistencies among MOOC platform and the level and type of legal uncertainty surrounding them. Finally, we provide a list of organizational questions to pose internally to navigate the uncertainty presented to university MOOC teams. (shrink)

Consumer surveys indicate that concerns about privacy are a principal factor discouraging consumers from shopping online. The keypublic policy issue regarding privacy is whether the US should follow its current self-regulation course, or whether a European style formal legal regulation approach should be adopted in the US.We conclude that the use of assurance seals has worked reasonably well and websites should be free to decide whether they have aprivacy seal or not. Given the narrow scope and the (...) wide variety among these seals, we do argue that the seals should commit themselves to the key features of a good privacy policy and that an opt-in provision be required. We believe that insufficient evidence exists to propose formal Government mandated Internet privacy regulation. (shrink)

This paper reviews Facebook's controversial privacy policies as a basis for considering how social network sites can better protect the personal information of their users. We argue that Facebook's architecture leaves its users too exposed, especially to online surveillance. This architecture must be modified and Facebook must be more proactive in safeguarding the rights of their customers as it seeks to find the proper balance between user privacy and its commercial interests.

The first few years of the 21st century were characterised by a progressive loss of privacy. Two phenomena converged to give rise to the data economy: the realisation that data trails from users interacting with technology could be used to develop personalised advertising, and a concern for security that led authorities to use such personal data for the purposes of intelligence and policing. In contrast to the early days of the data economy and internet surveillance, the last few years (...) have witnessed a rising concern for privacy. As bad data practices have come to light, citizens are starting to understand the real cost of using online digital technologies. Two events stamped 2018 as a landmark year for privacy: the Cambridge Analytica scandal, and the implementation of the European Union’s General Data Protection Regulation (GDPR). The former showed the extent to which personal data has been shared without data subjects’ knowledge and consent and many times for unacceptable purposes, such as swaying elections. The latter inaugurated the beginning of robust data protection regulation in the digital age. Getting privacy right is one of the biggest challenges of this new decade of the 21st century. The past year has shown that there is still much work to be done on privacy to tame the darkest aspects of the data economy. As data scandals continue to emerge, questions abound as to how to interpret and enforce regulation, how to design new and better laws, how to complement regulation with better ethics, and how to find technical solutions to data problems. The aim of the research project Data, Privacy, and the Individual is to contribute to a better understanding of the ethics of privacy and of differential privacy. The outcomes of the project are seven research papers on privacy, a survey, and this final report, which summarises each research paper, and goes on to offer a set of reflections and recommendations to implement best practices regarding privacy. (shrink)

This paper argues, against the prevailing view, that consent to privacy policies that regular internet users usually give is largely unproblematic from the moral point of view. To substantiate this claim, we rely on the idea of the right not to know (RNTK), as developed by bioethicists. Defenders of the RNTK in bioethical literature on informed consent claim that patients generally have the right to refuse medically relevant information. In this article we extend the application of the RNTK (...) to online privacy. We then argue that if internet users can be thought of as exercising their RNTK before consenting to privacy policies, their consent ought to be considered free of the standard charges leveled against it by critics. (shrink)

As a key constituent of China's approach to fighting COVID-19, Health Code apps (HCAs) not only serve the pandemic control imperatives but also exercise the agency of digital surveillance. As such, HCAs pave a new avenue for ongoing discussions on contact tracing solutions and privacy amid the global pandemic. This article attends to the perceived privacy protection among HCA users via the lens of the contextual integrity theory. Drawing on an online survey of adult HCA users in (...) Wuhan and Hangzhou (N = 1551), we find users’ perceived convenience, attention towards privacy policy, trust in government, and acceptance of government purposes regarding HCA data management are significant contributors to users’ perceived privacy protection in using the apps. By contrast, users’ frequency of mobile privacy protection behaviors has limited influence, and their degrees of perceived protection do not vary by sociodemographic status. These findings shed new light on China's distinctive approach to pandemic control with respect to the state's expansion of big data-driven surveillance capacity. Also, the findings foreground the heuristic value of contextual integrity theory to examine controversial digital surveillance in non-Western contexts. Put tougher, our findings contribute to the thriving scholarly conversations around digital privacy and surveillance in China, as well as contact tracing solutions and privacy amid the global pandemic. (shrink)

Online privacy policies or terms and conditions ideally provide users with information about how their personal data are being used. The reality is that very few users read them: they are long, often hard to understand, and ubiquitous. The average internet user cannot realistically read and understand all aspects that apply to them and thus give informed consent to the companies who use their personal data. In this article, we provide a basic overview of a solution to (...) the problem. We suggest that software could allow users to delegate the consent process and consent could thus be automated. The article investigates the practical feasibility of this idea. After suggesting that it is feasible, we develop some normative issues that we believe should be addressed before automated consent is implemented. (shrink)

This paper argues, against the prevailing view, that consent to privacy policies that regular internet users usually give is largely unproblematic from the moral point of view. To substantiate this claim, we rely on the idea of the right not to know (RNTK), as developed by bioethicists. Defenders of the RNTK in bioethical literature on informed consent claim that patients generally have the right to refuse medically relevant information. In this article we extend the application of the RNTK (...) to online privacy. We then argue that if internet users can be thought of as exercising their RNTK before consenting to privacy policies, their consent ought to be considered free of the standard charges leveled against it by critics. (shrink)

The potential to collect brain data more directly, with higher resolution, and in greater amounts has heightened worries about mental and brain privacy. In order to manage the risks to individuals posed by these privacy challenges, some have suggested codifying new privacy rights, including a right to “mental privacy.” In this paper, we consider these arguments and conclude that while neurotechnologies do raise significant privacy concerns, such concerns are—at least for now—no different from those raised (...) by other well-understood data collection technologies, such as gene sequencing tools and online surveillance. To better understand the privacy stakes of brain data, we suggest the use of a conceptual framework from information ethics, Helen Nissenbaum’s “contextual integrity” theory. To illustrate the importance of context, we examine neurotechnologies and the information flows they produce in three familiar contexts—healthcare and medical research, criminal justice, and consumer marketing. We argue that by emphasizing what is distinct about brain privacy issues, rather than what they share with other data privacy concerns, risks weakening broader efforts to enact more robust privacy law and policy. (shrink)

This paper addresses the always online behavior of the data owner in proxy re- encryption schemes for re-encryption keys issuing. We extend and adapt multi-authority ciphertext policy attribute based encryption techniques to type-based proxy re-encryption to build our solution. As a result, user authentication and user authorization are moved to the cloud server which does not require further interaction with the data owner, data owner and data users identities are hidden from the cloud server, and re-encryption keys are only (...) issued to legitimate users. An in depth analysis shows that our scheme is secure, flexible and efficient for mobile cloud computing. (shrink)

There is increasing interest in the EU about the central place of eIdentity (eID) in people’s lives. eID is increasingly seen as a bridge between the commercial viability of models based on large-scale provision of e-services and users’ need for privacy and security in online transactions. This paper examines technological, social and legal developments in the field of eID and asks whether there is the need for a new regulatory framework that both preserves users’ identity and enables the (...) provision of advanced services. Firstly, the paper interprets recent market moves in the eID field as a response to a rising regulatory tide. Secondly, it examines some of the challenges arising from Web2.0, and four emerging socio-legal issues associated with eID—behavioural profiling, social engineering, redlining and other unsocial practices. Thirdly, the paper examines the capacity of the current regulatory framework to absorb this turbulence, and finds it wanting. Finally, it advances a novel model of eID regulation that may help regulators create an identity-preserving, transaction-friendly eID environment. (shrink)

While much attention has gone towards ethical, legal, and social implications of direct-to-consumer genetic testing over the past decades, the rise of new forms of consumer omics has largely escaped scrutiny. In this paper, we analyze the product descriptions, promotional messages, terms of service, and privacy policies of five epigenetic and seven microbiomic testing companies. The advent of such tests online represents a significant shift in consumer omics, from a focus on inherited molecules with genetic tests, to (...) broader interest for information about the lives of individuals, such as chronological and biological age, exposures, and lifestyle. Building on previous literature about direct-to-consumer genetic testing, and taking this shift into account, we identify limitations, gaps and inconsistencies in current practices and policies of the new companies. Best practice standards and regulations applicable across different omic sample and data types is a necessary first step in the promotion of responsible consumer omics. (shrink)

Background: When a genetic mutation is identified in a family member, internationally, it is usually the proband’s or another responsible family member’s role to disclose the information to at-risk relatives. However, both active and passive non-disclosure in families occurs: choosing not to communicate the information or failing to communicate the information despite intention to do so, respectively. The ethical obligations to prevent harm to at-risk relatives and promote the duty of care by genetic health professionals is in conflict with (...) class='Hi'>Privacy laws and professional regulations that prohibits disclosure of information to a third party without the consent of the proband. In New South Wales, Australia, amendments to Privacy legislation permits such disclosure to living genetic relatives with the process defined under guidelines although there is no legal duty to warn. This study assessed NSW GHP’s awareness and experience of the legislation and guidelines. Methods: An online survey collected demographics; theoretical knowledge; clinical scenarios to assess application knowledge; attitudes; confidence; experience with active non-disclosure. A link to correct answers was provided after completion. Knowledge scores above the median for non-parametric data or above the mean for parametric data were classified as ‘good’ or ‘poor’. Chi square tests assessed associations between confidence and knowledge scores. Results: While many of the 37 participants reported reading the guidelines, there was limited awareness of their scope and clinical application; that there is no legal duty to warn; and that the threat does not need to be imminent to warrant disclosure. No association between confidence and ‘good’ theoretical or applied clinical knowledge was identified. Uncertainty of their professional responsibility was identified and in the several case examples of active non-disclosure that were reported this uncertainty reflected the need for further understanding of the guidelines in regard to the processes required before disclosure was initiated. Conclusions: There is a need for further education and training about the guidelines associated with the legislation that would be relevant to support disclosure. The findings may inform future strategies to support introduction of policy changes in other jurisdictions where similar regulatory regimes are introduced. (shrink)

The individual management of online identity, as part of a wider politics of personal information, privacy, and dataveillance, is an area where public policy is developing and where the public sector attempts to intervene. This paper attempts to understand the strategies and methods through which the UK government and public sector is engaging in online identity management. The analysis is framed by the analytics of government (Dean 2010 ) and governmentality (Miller and Rose 2008 ). This approach (...) draws attention to the wide assemblage of public and private actors with shared regimes of practice and fields of visibility, as well as to the extent to which individual actors are made responsible for their own identity management. The paper also uses communication and discursive research to examine the potential failings of engagement efforts. Communication theory suggested that the assumption of individual responsibility, alongside linguistic distortions created by this way of understanding the problematic of identity management, complicate and fundamentally limit engagement activity. (shrink)

This chapter provides an analysis of the long process of introducing an electronic identity for online authentication in Germany. This process is described as a multi-facet innovation, involving actors from different policy fields shifting over time. The eID process started in the late ‘90s in the context of eGovernment and eCommerce with the legislation on e-signatures, which were supposed to allow for online authentication of citizens. When after 5 years it was recognized that this was not the case, (...) a new digital ID card, which had meanwhile been announced, was chosen as token for the eID. This process was dominated by the concerns for visual inspection and border control, including the storage of digital fingerprints. Under the leadership of the Ministry of the Interior (BMI) and technical guidance of the Federal Agency for Information Security (BSI), technical specifications have to a large extent been adopted from the electronic passport, which had been smoothly introduced 2 years before. However, in the legislative process some concern regarding digital fingerprints on the eID card was raised and led to an opt-in solution. In 2009, a bill on the new ID card was passed which regulates the eID function for online authentication as well. This is characterized as a radical innovation by introducing a double-sided, mutual authentication of the citizen and the service provider and implementing the principle of proportionality regarding the access of service providers to data on the chip. At the time of writing, field tests are conducted. Roll-out of the new eID card is to start in November 2010. Therefore no figures about adoption can be provided here. (shrink)

E-health and telemedicine programmes and systems offer much potential for supporting the health and wellbeing of older people, and are set to be promoted within the changing health-care landscape. This evolving model of technology-centred health care raises a number of ethical and regulatory issues, such as privacy, data protection, online professional practice, consent, accessibility and risk of confinement. Through this review we sought to analyse the European debate on the ethical and policy implications of e-health and telemedicine by (...) identifying key ethical and regulatory issues and considering them against potential policy solutions. (shrink)

Some of the challenges in Sanders et al. (this issue) can be aptly illustrated by means of charity nudges, that is, nudges designed to increase charitable donations. These nudges raise many ethical questions. First, Oxfam’s triptychs with suggested donations are designed to increase giving. If successful, do our actions match ex ante or ex post preferences? Does this make a difference to the autonomy of the donor? Second, the Behavioural Insights Team conducted experiments using social networks to nudge people to (...) give more. Do these appeals steer clear of exploiting power relations? Do they respect boundaries of privacy? Third, in an online campaign by Kiva, donors are asked to contribute directly to personalized initiatives. In many cases, the initiative has already been funded and donor money is funnelled to a new cause. Is such a “pre-disbursal” arrangement truthful and true to purpose as a social business model? (shrink)

BackgroundWhile genomic data sharing can facilitate important health research and discovery benefits, these must be balanced against potential privacy risks and harms to individuals. Understanding public attitudes and perspectives on data sharing is important given these potential risks and to inform genomic research and policy that aligns with public preferences and needs.MethodsA cross sectional online survey measured attitudes towards genomic data sharing among members of the general public in an Eastern Canadian province.ResultsResults showed a moderate comfort level with (...) sharing genomic data, usually into restricted scientific databases with controlled access. Much lower comfort levels were observed for sharing data into open or publicly accessible databases. While respondents largely approved of sharing genomic data for health research permitted by a research ethics board, many general public members were concerned with who would have access to their data, with higher rates of approval for access from clinical or academic actors, but much more limited approval of access from commercial entities or governments. Prior knowledge about sequencing and about research ethics boards were both related to data sharing attitudes.ConclusionsWith evolving regulations and guidelines for genomics research and data sharing, it is important to consider the perspectives of participants most impacted by these changes. Participant information materials and informed consent documents must be explicit about the safeguards in place to protect genomic data and the policies governing the sharing of data. Increased public awareness of the role of research ethics boards and of the need for genomic data sharing more broadly is also needed. (shrink)

This study focuses on two specific privacy policies, namely privacy assurance and personalization declaration. Specifically, we investigate how these distinct privacy policies affect customers’ privacy concerns and subsequent purchase responses. We have developed a conceptual model that addresses the independent effects of privacy assurance and personalization declaration, as well as the mechanism of these effects. Our model is grounded in motivation theory and supported by a field experiment and a controlled experiment. Our study (...) demonstrates that privacy assurance that claims security protection negatively affects customers’ purchase probability and purchase amount. By contrast, personalization declaration that addresses personalized benefits positively affects customers’ purchase probability and purchase amount. Privacy concerns significantly mediate the negative effects of privacy assurance on purchase responses and the positive effects of personalization declaration on purchase responses. Overall, our findings inform managers of how to deploy privacy policies to reduce customers’ privacy concerns and boost purchase responses. (shrink)

Health Wearable Devices enhance the quality of life, promote positive lifestyle changes and save time and money in medical appointments. However, Wearable Devices store large amounts of personal information that is accessed by third parties without user consent. This creates ethical issues regarding privacy, security and informed consent. This paper aims to demonstrate users’ ethical perceptions of the use of Wearable Devices in the health sector. The impact of ethics is determined by an online survey which was conducted (...) from patients and users with random female and male division. Results from this survey demonstrate that Wearable Device users are highly concerned regarding privacy issues and consider informed consent as “very important” when sharing information with third parties. However, users do not appear to relate privacy issues with informed consent. Additionally, users expressed the need for having shorter privacy policies that are easier to read, a more understandable informed consent form that involves regulatory authorities and there should be legal consequences the violation or misuse of health information provided to Wearable Devices. The survey results present an ethical framework that will enhance the ethical development of Wearable Technology. (shrink)

Purpose This study aims to ascertain the impact of data collecting awareness on perceived information security concerns and information-sharing behavior on social networking sites. Design/methodology/approach Based on communication privacy management theory, the study forecasted the relationship between information-sharing behavior and awareness of data collecting purposes, data collection tactics and perceived security risk using structural equation modeling analysis and one-way ANOVA. The sample size of 521 young social media users in Vietnam, ages 18 to 34, was made up of 26.7% (...) men and 73.3% women. When constructing the questionnaire survey method with lone source respondents, the individual’s unique awareness and experiences with using online social networks (OSNs) were taken into account. Findings The results of the investigation demonstrate a significant relationship between information-sharing and awareness of data collecting, perceptions of information security threats and behavior. Social media users have used OSN privacy settings and paid attention to the sharing restriction because they are concerned about data harvesting. Research limitations/implications This study was conducted among young Vietnamese social media users, reflecting specific characteristics prevalent in the Vietnamese environment, and hence may be invalid in other nations’ circumstances. Practical implications Social media platform providers should improve user connectivity by implementing transparent privacy policies that allow users to choose how their data are used; have clear privacy statements and specific policies governing the use of social media users’ data that respect users’ consent to use their data; and thoroughly communicate how they collect and use user data while promptly detecting any potential vulnerabilities within their systems. Originality/value The authors ascertain that the material presented in this manuscript will not infringe upon any statutory copyright and that the manuscript will not be submitted elsewhere while under Journal of Information, Communication and Ethics in Society review. (shrink)

Information technology and the Internet have added a new stakeholder concern to the corporate social responsibility (CSR) agenda: online privacy. While theory suggests that online privacy is a CSR, only very few studies in the business ethics literature have connected these two. Based on a study of CSR disclosures, this article contributes to the existing literature by exploring whether and how the largest IT companies embrace online privacy as a CSR. The findings indicate that (...) only a small proportion of the companies have comprehensive privacy programs, although more than half of them voice moral or relational motives for addressing online privacy. The privacy measures they have taken are primarily compliance measures, while measures that stimulate a stakeholder dialogue are rare. Overall, a wide variety of approaches to addressing privacy was found, which suggests that no institutionalization of privacy practices has taken place as yet. The study therefore indicates that online privacy is rather new on the CSR agenda, currently playing only a minor role. (shrink)

A primer on legal issues relating to cyberspace, this textbook introduces business, policy and ethical considerations raised by our use of information technology. With a focus on the most significant issues impacting internet users and businesses in the United States of America, the book provides coverage of key topics such as social media, online privacy, artificial intelligence, and cybercrime as well as emerging themes such as doxing, ransomware, revenge porn, data-mining, e-sports and fake news. The authors, experienced in (...) journalism, technology and legal practice, provide readers with expert insights into the nuts and bolts of cyber law. Cyber Law and Ethics: Regulation of the Connected World provides a practical presentation of legal principles, and the book is essential reading for non-specialist students dealing with the intersection of the internet and the law. (shrink)

Purpose This study aims to analyse the impacts of Edward Snowden’s revelations in Spain focusing on issues of privacy and state surveillance. This research takes into consideration the Spanish context from a multidimensional perspective: social, cultural, legal and political. Design/methodology/approach The paper reviews the Spanish privacy and state surveillance situation. Responses to a questionnaire were collected from 207 university students studying at Universitat Rovira i Virgili or Burgos University. The quantitative responses to the survey were statistically analysed as (...) well as qualitative considerations of free-text answers. Findings The survey outcomes demonstrate that a majority of respondents are aware of Snowden’s revelations, but only a few have even considered taking serious actions to improve their online privacy. One of the most relevant findings is that Spanish citizens find it acceptable to lose privacy and be subject to state surveillance if that provides a benefit in security. Practical implications The research points out the importance of privacy in a multicultural environment. A sensitised society is a keystone for the healthy and balanced development of state surveillance policy and practice. Social implications Training programmes are a critical dimension to ensure awareness across society regarding privacy and digital technologies. Suitable educational policies and curricula at all levels should be fostered. Originality/value Privacy and state surveillance based on information and communication technologies is an emerging research topic with important consequences for social values and ethics. This study provides an overview of Spanish higher education students’ attitudes in these areas. (shrink)

In the "big data age", providing informed consent online has never been more challenging. Countless companies collect and share our personal data through devices, apps, and websites, fuelling a growing data economy and the emergence of surveillance capitalism. Few of us have the time to read the associated privacy policies and terms and conditions, and thus are often unaware of how our personal data are being used. This is a problem, as in the last few years, large (...) tech companies have abused our personal data. As privacy self-management, through the mechanism of providing online consent, has become increasingly difficult, some have argued that surveillance capitalism, and the data economy more broadly, need to be overthrown. This book presents a different perspective. It departs from the concept of revolutionary change to focus on pragmatic, incremental solutions tailored to everyday contexts. It scrutinizes how consent is currently sought and provided online and offers suggestions about how online consent practices can be improved upon. These include: the possibility of subjecting consent-gathering practices to ethics committees for review; the creation of visual-based consent agreements and privacy policies, to help with transparency and engagement; the development of software to protect privacy; and the idea of automated consent functionalities that allow users to bypass the task of reading vast amounts of online consent agreements. The author suggests that these "small-scale" changes to online consent-obtaining procedures, could, if successfully implemented, provide us with a way of self-managing our privacy in a way that avoids a revolutionary dismantling of the data economy. In the process, readers are encouraged to rethink the very purpose of providing inform consent online. Rethinking Informed Consent in the Big Data Age will appeal to researchers in normative ethics, applied ethics, philosophy of law, and the philosophy of AI. It will also be of interest to business scholars, communication researchers, students, and those in industry. (shrink)

This article attempts to explain and analyse the nature and characteristic features of a person’s privacy in the on‐line environment in order to assess how these features shape the need for protection. Since the internet has invaded our everyday lives, individual privacy is exposed in different ways in cyberspace. It is important to note that the Internet lacks the traditional characteristics of a ‘physical’ space, but the interests and inherent values protected by privacy remain the same in (...) cyberspace. The article discusses the factors that shape a different nature of online privacy compared to its off line counterpart. Online privacy may not be a novel right, but it is definitely one exposed to a whole new environment which has its own special need for protection. (shrink)

This article reviews the debate over electronic data bases and privacy, with an emphasis on the United States since the Privacy Act of 1974. Proposals that have value for the 1990s, both nationally and internationally, are synthesized. Some current controversies are discussed, including some of the reasons for the failure of previous privacy legislation. The way social values affect both statistical and intelligence systems is reviewed, and the debate over organizational necessity and computerization is examined. Some controversial (...) systems and programs are described, along with suggestions designed to move closer to state-of-the-art privacy oversight. (shrink)

Since 2016, when the Facebook/Cambridge Analytica scandal began to emerge, public concern has grown around the threat of “online manipulation”. While these worries are familiar to privacy researchers, this paper aims to make them more salient to policymakers — first, by defining “online manipulation”, thus enabling identification of manipulative practices; and second, by drawing attention to the specific harms online manipulation threatens. We argue that online manipulation is the use of information technology to covertly influence (...) another person’s decision-making, by targeting and exploiting their decision-making vulnerabilities. Engaging in such practices can harm individuals by diminishing their economic interests, but its deeper, more insidious harm is its challenge to individual autonomy. We explore this autonomy harm, emphasising its implications for both individuals and society, and we briefly outline some strategies for combating online manipulation and strengthening autonomy in an increasingly digital world. (shrink)

Purpose This study aims to explore the main concerns and attitudes Basque adolescents have regarding online privacy. It analyzes their motivations for sharing private information and the kind of information they share. Likewise, it examines whether they consider the potential consequences of revealing certain information online and analyzes if there are any differences between the motivations and attitudes of young people from Gipuzkoa and Labourd. Design/methodology/approach For this study, three methods were combined to collect the data in (...) 17 schools in the Basque provinces of Gipuzkoa and Labourd: a survey carried out among 1,133 students, out of which 242 also completed a diary and 482 took part in discussion groups. Findings The data from this research does not fully support the “youth cultures of disclosure” in the Basque Country; however, some of these practices have been observed. Originality/value Time spent online by adolescents has increased sharply in recent years. This increase has brought with it concerns about youth’s level of awareness regarding online privacy. This is the first cross-border study conducted in the Basque Country addressing this topic. (shrink)

Technology used in online marketing has advanced to a state where collection, enhancement and aggregation of information are instantaneous. This proliferation of customer information focused technology brings with it a host of issues surrounding customer privacy. This article makes two key contributions to the debate concerning digital privacy. First, we use theories of justice to help understand the way consumers conceive of, and react to, privacy concerns. Specifically, it is argued that an important component of consumers' (...) privacy concerns relates to fairness judgments, which in turn comprise of the two primary components of distributive and procedural justice. Second, we make a number of prescriptions, aimed at both firms and regulators, based on the notion that consumers respond to perceived privacy violations in much the same way they would respond to an unfair exchange. (shrink)

Major online platforms deploy an array of policies and data-driven legislative and enforcement mechanisms, transforming economic, social, and technological powers into political might. While platforms use private law to legitimate the exercise of this form of power, the novel political relations and tools have a tremendous public impact, both on individuals’ and communities’ political freedom and on the public sphere. Digital rights literature that tends to focus on particular rights, such as privacy or freedom of expression, deals (...) less with the implications of platforms’ emerging political authority. The article addresses this lacuna by (1) analyzing the quasi-sovereign power of platforms, (2) mapping how this form of power disrupts political freedom and the public sphere, (3) revealing a theoretical trap that blocks existing attempts to address the threats and (4) developing a bottom-up approach to resolve this bind. The article proposes the creation of “Users Unions” – legal structures that create affordance for users to have a collective voice within platforms’ corporate governance and decision-making mechanisms. The proposed structural reform could mitigate the power disparities between users and online platforms and assist in respecting, protecting, and fulfilling users’ political rights. (shrink)

Human flesh search engine can be a double-edged sword, bringing convenience on the one hand and leading to infringement of personal privacy on the other hand. This paper discusses the ethical problems brought about by the human flesh search engine, as well as possible solutions.

Self-disclosures on online social networks have received increased attention in the last two decades. Researchers from different disciplines investigated manifold influencing variables, and studies applied different theories to explain why many users share very sensitive and personal information despite potential risks and negative consequences, whereas others do not. Oftentimes, it is argued that self-disclosure decisions result from a kind of rational “calculus” of risks and benefits. However, such an assumption of rationality can and has been criticized. Nevertheless, fundamental cognitive (...) and affective mechanisms that underlie self-disclosure decision making on social networks are still under-explored. By building upon previous self-disclosure theories and models, dual-and tripartite-system perspectives of decision making, and former empirical findings, we propose a Tripartite Self-Disclosure Decision model that conceptualizes inner processes of online self-disclosure decision making. Central to this model is the proposed interaction of three neural and cognitive/affective systems: a reflective, an impulsive, and an interoceptive system. We further highlight individual and environmental features, which can impact individuals’ online self-disclosure decisions by influencing the proposed inner decision-making processes targeting the aforementioned three systems. Possible short- and long-term consequences are also discussed, which in turn can affect certain model components in subsequent self-disclosure decision situations. By taking such a neurocognitive perspective, we expand current research and models, which helps to better understand potentially risky information sharing on online social networks and can support attempts to prevent users from incautious self-disclosures. (shrink)

Paper-based privacy policies fail to resolve the new changes posed by electronic healthcare. Protecting patient privacy through electronic systems has become a serious concern and is the subject of several recent studies. The shift towards an electronic privacy policy introduces new ethical challenges that cannot be solved merely by technical measures. Structured Patient Privacy Policy (S3P) is a software tool assuming an automated electronic privacy policy in an electronic healthcare setting. It is designed to (...) simulate different access levels and rights of various professionals involved in healthcare in order to assess the emerging ethical problems. The authors discuss ethical issues concerning electronic patient privacy policies that have become apparent during the development and application of S3P. (shrink)