Article Preview
TopIntroduction
Privacy issues have become increasingly important with the rapid adoption of digital technologies; in general, people have become increasingly worried about their online privacy (Acquisti et al., 2015; Gerber et al., 2018; Ginosar & Ariel, 2017; Preibusch et al., 2016). As people’s lives are being embedded in various digital platforms, personal data are easily recorded, monitored, and shared without consent (Wu et al., 2019). While the collection and use of personal data can provide advantages to individuals and businesses (Sánchez & Viejo, 2017), it also encourages the abuse of consumers’ personal data and may cause serious changes to their behavior (Hong et al., 2019). Consumer concerns regarding the inappropriate use of personal data can also create potential threats, jeopardizing participation in the online market. Therefore, it is imperative for both academia and industry to understand privacy concerns and develop effective strategies to protect consumer privacy.
Privacy regulation is an instrument of institutional privacy protection that provides a sense of security and safety (Nam, 2019). It is applied widely, across various areas (Banerjee et al., 2018). Lwin et al. (2007) argue that regulation is important for decreasing privacy concerns so that users will be less worried about the abuse of their personal data if companies behave responsibly and implement all necessary protection rules. Similarly, Ginosar and Ariel (2017) state that privacy concerns could be significantly decreased if sufficient resources were provided. Notably, most prior studies focus on emphasizing the benefits of offering more consumer control in privacy regulations, while overwhelmingly ignoring the potential negative effects of too much control.
According to Westin (1967), information privacy is defined as “the ability of the individual to control the terms under which personal information is acquired and used.” From this definition, it may be interpreted that one way to decrease the level of perceived privacy risk for consumers is to increase their control over personal information. Therefore, strengthening privacy protection through offering more control has been a central theme of recent regulations. There are several ways through which regulations can strengthen consumer control over personal data. For instance, previous regulations usually attached importance to notice that no data should be collected from individuals who were not aware it was being collected (Langenderfer & Cook, 2004). Another important method is to ensure that consumers are informed about the misuse of their personal data and can react promptly. For example, globally, many privacy regulations share common principles. These include prompt reporting to users if their personal data are being sold to or shared with a third party.
Although increasing control is well intentioned, enhancing it unilaterally may restrict consumer rights and harm them emotionally (e.g., regarding the choice of not being informed about the misuse). When facing restrictions in regard to accessible alternative options, people may perceive themselves as having limited freedom of choice and will thus be motivated to restore this freedom (Rosenberg & Siegel, 2018). This motivational state may lead to undesired coping responses, such as negative attitudes and emotions (Chang & Wong, 2018). Therefore, the reported misuse of personal data could lead to undesired coping consequences.
Most studies of privacy focus on desired coping responses that are adaptive, such as avoiding IT threats (Liang & Xue, 2009, 2010) and adopting protective behavior (Boss et al., 2015; Johnston et al., 2015; Johnston & Warkentin, 2010). For example, Xu et al. (2009) found that government regulation is negatively related to the perceived risk of personal information disclosure. Miltgen and Smith (2015) determined that higher levels of perceived privacy regulatory protection were associated with higher levels of trust and lower levels of privacy concerns. Andrew and Baker (2019) argued that privacy regulations could have a significant influence on protecting individual privacy. However, very little research has been conducted to investigate consumers’ undesired or maladaptive reactions toward the reported misuse of personal data.