Trusting organisations online Contextual integrity in public privacy concern

The introduction of the General Data Protection Regulation (GDPR) in the European Union has brought important changes in how personal information gets distributed and handled online, by individuals and organisations. Applying the theory of contextual integrity, holding that to approach data subjects’ privacy we ought to look towards the flow of information in specific contexts, this study tests whether the collection and use of different types and amounts of personal data, collected by distinct public, private and hybrid organisations, result in significant differences in privacy concern among Dutch citizen-consumers. Moreover, individual factors have been considered, given how organisational trust was expected to negatively affect privacy concern, with less trust leading to more individual worry. Individual privacy knowledge, the extent to which people know how to handle and secure their data, was thought to strengthen this effect. To test these expectations, this study made use of an already existing dataset, created from a survey that was filled out by 510 Dutch participants, 311 of whom were included in the analyses of this study. To determine the role of contextual integrity in public privacy concern, respondents' answers on approximately 6912 unique vignette combinations were used, portraying hypothetical scenarios in which individuals shared data to different organisations, asking to what extent they felt worried about the sharing of their personal information in each circumstance. These vignettes were analysed using repeated measures ANOVA, also known as one-way within-subjects ANOVA, allowing for the testing of contextual differences in privacy concern depending on the organisation collecting the data, the amount of data collected, and the type of data collected. Additionally, a hierarchical regression analysis was conducted to account for individual factors influencing privacy concern, using survey responses outside the scope of the vignette study. This analysis could explain some of the variation in organisational trust, privacy knowledge, and privacy concern among individuals. These factors have been controlled for using age, levels of education, and frequency of smartphone use. The findings revealed that organisational trust was negatively related to privacy concern, however, privacy knowledge did not strengthen this relationship as a moderating variable, though it was still found to be a separate significant negative predictor of privacy concern instead. Significant differences were found in privacy concern depending on the organisation that collected the data, though this finding was only limited to some organisations, and varied scarcely depending on the type or amount of data. This study has provided new insights regarding public privacy concern in a context where strict privacy policies, courtesy of the GDPR, dictate how organisations can and should handle the personal data of the individual. The increased knowledge that the EU’s GDPR has provided its citizen-consumers has shown to have changed people’s perceptions on their rights to privacy and their concerns over organisations’ collection of their personal data.