Privacy Calculus Theory and Its Applicability

for Emerging Technologies

Adrija Majumdar ✉ and Indranil Bose

( )

Management Information Systems, Indian Institute of Management Calcutta,

Kolkata, India
{adrijam13,bose}@iimcal.ac.in

Abstract. One of the most important theories to be used and modified subse‐
quently in the IS literature is the privacy calculus theory. This calculus governs
the decision-making process of individuals to predict certain behavioral outcome
like, disclosing personal information, intention to use an e-commerce site, in the
presence of perceived privacy risk and perceived benefits. In this paper, we seek
to analyze the relevancy of privacy calculus theory for certain emerging technol‐
ogies and platforms (i) Bring Your Own Device (BYOD) (ii) Internet Of Things
(IoT). We identify some of the perceived privacy risks and benefits in these
emerging technologies. The insights gained from this study will enable
researchers to further study the behavioral intention of organizations/people to
use these technologies in the presence of privacy risks and benefits.

Keywords: Information privacy · Privacy calculus · Privacy risks · BYOD · IoT

1 Introduction

Privacy is not highlighted in terms of its physical, legal and behavioural aspects in the
IS discipline. The focus of IS discipline is in on the information aspect of privacy. Often
it is seen individuals indulge in a cost-benefit analysis in terms of whether to disclose
their personal information or not. It has been found that consumers sacrifice a certain
portion of their privacy in lieu of some benefits consisting of financial incentives or
convenience [1]. A growing amount of literature has emphasized on the privacy-related
decision making as a cognitive process by which individuals weigh the (a) anticipated
costs or the risks of disclosing information (b) perceived benefits from disclosing such
information. In this research in progress, we focus on the use of such a “privacy calculus”
in information privacy literature. To the best of our knowledge, this is the first paper in
IS literature which critically examines the academic literature on privacy calculus to
develop a greater understanding on its applicability for emerging technologies. Insights
shared in this study will help academic scholars to appreciate the privacy calculus better
in these emerging fields.

© Springer International Publishing Switzerland 2016

V. Sugumaran et al. (Eds.): WEB 2015, LNBIP 258, pp. 191–195, 2016.
DOI: 10.1007/978-3-319-45408-5_20
192 A. Majumdar and I. Bose

2 Theoretical Background

The term privacy calculus was first used to denote the “calculus of human behav‐
iour” [2]. This calculus governs the decision-making process of individuals to decide
whether to disclose personal information. Privacy calculus acknowledges the contri‐
bution of expectancy theory that proposes that human agents act in ways that maxi‐
mizes the positive outcomes and minimizes the negative results. The principal
components that are connected to the concept of privacy calculus are perceived risk
and perceived benefits. In this section, we briefly discuss the notion of ‘Privacy Risk’
and ‘Privacy Benefits’.

2.1 Privacy Risk

Perceived risk is the fear that the consumer’s private information could be used by
organizations for unfair purposes, like price discrimination or it could be sold to other
third parties who should not have access. It is the subjective evaluation of potential
privacy related losses that could affect a consumer. Privacy risks can be categorized
along five risk dimensions i.e. social, financial, time, psychological and physical [3].
Existing literature shows a significant positive relationship between privacy concerns
and the risk beliefs [4]. These privacy concerns are in turn dependent on the way the
personal information is collected, on the extent of control an individual has over personal
information and on his/her awareness of information practices. There is reasonable
accord among IS scholars that perceived privacy risks have a negative impact on the
intention to disclose personal information [4].

2.2 Perceived Benefit

It is the subjective evaluation of potential gains or positives. IS scholars have identified

three significant factors that contribute to the perceived benefit component, namely, the
inclination of consumers towards financial rewards, the love for personalization and the
desire for social adjustment benefits [5]. Reducing search time for locating appropriate
promotional messages, providing convenience for instant access to personalised
messages, having an overall satisfaction with the personalised service are some of the
items used in the literature to capture the notion of perceived benefit due to personali‐
sation. On one hand, consumers treasure the benefits of personalized guidance and, on
the other hand, they have privacy concerns about providing personal information that
are required to build these features of personalization.

3 Use of Privacy Calculus in Emerging Technologies

In this section we analyze the applicability of privacy calculus theory in the context of
two emerging trends in Information Technology, (i) BYOD and, (ii) IoT. According to
the industry reports, it is expected that around 78.48 % of organizations in the USA will
have BYOD activity by 2018 [6]. According to International Data Corporation, the
 Privacy Calculus Theory and Its Applicability 193

worldwide IoT market is estimated to grow at a CAGR of 16.9 % and touch $1.7 trillion
in 2020 [7]. IoT aids real time decision making and handles challenges with aging
workforce. IoT promises to create billion dollar markets in the form of smart cities, smart
factories, smart supply chains etc.

3.1 Bring Your Own Device (BYOD)

Mobile devices offer immense convenience, efficiency and flexibility for users [8].
BYOD is defined as the use of privately owned mobile devices for official corporate
work [9]. Employees could use their privately owned mobile devices for various reasons,
viz. to access the official mail, to create and store and manage official data, to access
company databases. The usage of BYOD, however, entails security and privacy
concerns. The connection of privately owned devices with the corporate facilities
increases the chance of malware intrusion and the likelihood of data loss and theft [8].
Employees’ privacy concerns could be heightened as they fear their loss of private
information into the hands of their employers. Furthermore, owing to advanced GPS
technology, the location data of the employees could be tracked in real time which
aggravates their privacy concerns. However, the use of BYOD also provides sufficient
advantage for both the organization and the employees. It increases the job satisfaction
of the employees as it increases their personal freedom, jobholders can now work
according to their preferred place and time. Thus, BYOD is associated with a set of
contrary factors and it provides an appropriate background for the use of Privacy calculus
theory. In fact, researchers have integrated the privacy calculus framework and the
technology acceptance model to study the influence of security, privacy and legal
concerns on the intention to use BYOD mobile devices [8]. Figure 1 lists some of the
important decision facilitators and inhibitors of this domain.

Fig. 1. Privacy calculus framework for BYOD

194 A. Majumdar and I. Bose

3.2 Internet of Things (IoT)

Internet of Things comprises of sensor-based IS services, whose functionality is facili‐
tated by the identification technologies consisting of barcodes, RFID, global satellite
communication, etc. [10]. There is a huge opportunity of collecting real-time data from
these new technological artifacts. These data could be mined and organizations could
earn a competitive advantage. IOT is gaining immense popularity in the wireless tele‐
communications domain. The primary essence of IOT is its pervasive presence and
interaction and co-operation with their neighboring sensors to reach commonly shared
goals [11]. The advantage gained from implementing such technologies is immense;
however it also entails sacrificing a share of consumer’s privacy. For example, a typical
IOT technology RFID provides benefits especially for consumers in the logistics and
marketing domain for tracking purpose. However, there is sufficient privacy risks asso‐
ciated with this technology. RFIDs could suffer from the clandestine scanning of tags
by unauthorized personnel. Furthermore, real-time tracking of location could be over
intrusive at times. Thus, we notice a set of trade-offs exists in this emerging technology
that provides us the background to use the theory of privacy calculus. Figure 2 highlights
some of the important decision facilitators and inhibitors for IoT.

Fig. 2. Privacy calculus framework for IoT

4 Conclusion

This is a research in progress and we attempted to analyze the suitability of privacy

calculus theory in the promising fields of BYOD and IoT. We plan to conduct interviews/
focus group interviews with the stakeholders of these technologies to gain better insights
on the perceived benefits and risks for these emerging fields. As a future work we want
to additionally examine few other emerging areas like, cloud computing and online
social networks with the lens of privacy calculus theory. The insights gained from this
 Privacy Calculus Theory and Its Applicability 195

study will help researchers to analyze the behavioral intention of organizations/people

to use these technologies in the presence of privacy concerns.

References

1. Hann, I.H., Hui, K.L., Lee, S.Y.T., Png, I.P.: Overcoming online information privacy
concerns: an information-processing theory approach. J. Manage. Inform. Syst. 24, 13–42
(2007)
2. Laufer, R.S., Wolfe, M.: Privacy as a concept and a social issue: a multidimensional
developmental theory. J. Soc. Issues. 33, 22–42 (1977)
3. Youn, S.: Determinants of online privacy concern and its influence on privacy protection
behaviors among young adolescents. J. Consum. Aff. 43, 389–418 (2009)
4. Malhotra, N.K., Kim, S.S., Agarwal, J.: Internet users’ information privacy concerns (IUIPC):
the construct, the scale, and a causal model. Inform. Syst. Res. 15, 336–355 (2004)
5. Smith, H.J., Dinev, T., Xu, H.: Information privacy research: an interdisciplinary review. MIS
Quart. 35, 989–1016 (2011)
6. Gandhi, V.: Bring Your Own Device (BYOD)—Key Trends and Considerations. Industry
Report, Frost & Sullivan (2013)
7. Explosive Internet of Things Spending to Reach $1.7 Trillion in 2020, http://
www.gartner.com/newsroom/id/2905717
8. Lebek, B., Degirmenci, K., Breitner, M. H.: Investigating the influence of security, privacy,
and legal concerns on employees’ intention to use BYOD mobile devices. In: 19th Americas
Conference on Information Systems, pp. 1–8. AIS Press, Atlanta (2013)
9. Johnson, N., Joshi, K.: The pathway to enterprise mobile readiness: analysis of perceptions,
pressures, preparedness, and progression. In: 18th Americas Conference on Information
Systems, pp. 1–8. AIS Press, Atlanta (2012)
10. Kowatsch, T., Maass, W.: Critical privacy factors of internet of things services: an empirical
investigation with domain experts. In: Rahman, H., Mesquita, A., Ramos, I., Pernici, B. (eds.)
MCIS 2012. LNBIP, vol. 129, pp. 200–211. Springer, Heidelberg (2012)
11. Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54, 2787–
2805 (2010)