American Privacy Perceptions in the COVID Pandemic
The on-going COVID-19 pandemic has brought surveillance and privacy concerns to the forefront, given that contact tracing has been seen as a very effective tool to prevent the spread of infectious disease and that public authorities and government officials hope to use it to contain the spread of COVID-19. On the other hand, the rejection of contact tracing tools has also been widely reported, partly due to privacy concerns. We conducted an online survey to identify participants’ privacy concerns and their risk perceptions during the on-going COVID-19 pandemic. Our results contradict media claims that people are more willing to share their private information in a public health crisis. We identified a significant difference depending on the information recipient, the type of device, the intended purpose, and thus concretize the claims rather than suggesting a fundamental difference. We note that participants’ privacy preferences are largely impacted by their perceived autonomy and the perceived severity of consequences related to privacy risks. Contrarily, even during an on-going COVID-19 pandemic, health risk perceptions had limited influence on participants’ privacy preference, given only the perceived newness of the risk could weakly increase their comfort level. Finally, our results show that participants’ computer expertise has a positive influence on their privacy preference while their knowledge to security make them less comfortable with sharing.
ACM Europe Technology Policy Committee. (2020). LEADING EUROPEAN COMPUTING SOCIETY CALLS FOR TRANSPARENCY, INTEROPERABILITY, PRIVACY, AND SCRUTINY IN COVID CONTACT TRACING. Retrieved from https://www.acm.org/binaries/content/assets/press-releases/2020/may/acm-europe-tpc-statement-on-contact-tracing.pdf
ACM Europe Technology Policy Committee. (2020). STATEMENT ON ESSENTIAL PRINCIPLES AND PRACTICES FOR COVID-19 CONTACT TRACING APPLICATIONS. Retrieved from https://www.acm.org/binaries/content/assets/public-policy/europe-tpc-contact-tracing-statement.pdf
Altmann, S., Milsom, L., Zillessen, H., Blasone, R., Gerdon, F., Bach, R., . . . Abeler, J. (2020). Acceptability of app-based contact tracing for COVID-19: Cross-country survey evidence. medRxiv.
Andrea Spikes. (2011, May 16th). Smart Meters and a Smarter Grid. Retrieved from Department of Energy: https://www.energy.gov/energysaver/articles/smart-meters-and-smarter-grid
Australian Government Department of Health. (2020). COVIDSafe app. Retrieved from https://www.health.gov.au/resources/apps-and-tools/covidsafe-app
Bauer, R. A. (1960). Consumer behavior as risk taking. In M. J. Baker, Marketing: Critical Perspectives on Business and Management (Vol. 3, pp. 384-398). Chicago: Routledge.
Bhasin, M. L. (2006). Guarding privacy on the Internet. Global Business Review, 137-156.
Blank, G., Dutton, W. H., & Lefkowitz, J. (2019). Perceived Threats to Privacy Online: The Internet in Britain, the Oxford Internet Survey. the Oxford Internet Survey.
Blendon, R. J., Benson, J. M., DesRoches, C. M., Raleigh, E., & Taylor-Clark, K. (2004). The public’s response to severe acute respiratory syndrome in Toronto and the United States. Clinical infectious diseases, 38(7), 925-931.
Brace, I. (2008). Questionnaire Design: How to Plan, Structure and Write Survey Material for Effective Market Research. Kogan Page. Retrieved from https://books.google.com/books?id=0r8xOI5rBZoC
Brandimarte, L., Acquisti, A., & Loewenstein, G. (2013). Misplaced Confidences: Privacy and the Control Paradox. Social Psychological and Personality Science, 4(3), 340-347.
Brush, A. B., Krumm, J., & Scott, J. (2010). Exploring end user preferences for location obfuscation, location-based services, and the value of location. 12th ACM International Conference on Ubiquitous Computing (pp. 95-104). Association for Computing Machinery.
Castañeda, J. A., & Montoro, F. J. (2007). The effect of Internet general privacy concern on customer behavior. Electronic Commerce Research, 7(2), 117-141.
Castro, D., & McLaughlin, M. (2019). Survey: Majority of Americans Willing to Share Their Most Sensitive Personal Data. Retrieved from https://www.datainnovation.org/2019/01/survey-majority-of-americans-willing-to-share-their-most-sensitive-personal-data/
Centers for Disease Control and Prevention. (2019). Healthy Habits to Help Prevent Flu. Retrieved from https://www.cdc.gov/flu/prevent/actions-prevent-flu.htm
Centers for Disease Control and Prevention. (2019). How to Prevent the Spread of Respiratory Illnesses in Disaster Evacuation Centers. Retrieved from https://www.cdc.gov/disasters/disease/respiratoryic.html
Centers for Disease Control and Prevention. (2019). How to Protect Yourself and Others. Retrieved from https://www.cdc.gov/coronavirus/2019-ncov/prevent-getting-sick/prevention.html
Centers for Disease Control and Prevention. (2020). Contact Tracing: Contact tracing is key to slowing the spread of COVID-19 and helps protect you, your family, and your community. Retrieved from CDC 24/7: Saving Lives, Protecting People: https://www.cdc.gov/coronavirus/2019-ncov/daily-life-coping/contact-tracing.html
Christiane, A., & Peter M., S. (2010). Experimental Vignette Studies in Survey Research. Methodology, 128-138. Retrieved from https://doi.org/10.1027/1614-2241/a000014
Cvrcek, D., Kumpost, M., Matyas, V., & Danezis, G. (2006). A study on the value of location privacy. 5th ACM Workshop on Privacy in Electronic Society (pp. 109-118). Association for Computing Machinery.
Department of Justice. (n.d.). 1122. INTRODUCTION TO THE ECONOMIC ESPIONAGE ACT. Retrieved from justice.gov: https://www.justice.gov/jm/criminal-resource-manual-1122-introduction-economic-espionage-act
Department of Justice. (2015, July 17th). Privacy Act of 1974. Retrieved from Department of Justice: https://www.justice.gov/opcl/privacy-act-1974
Department of Justice. (2019, February 13th). E-Government Act of 2002. Retrieved from Department of Justice: https://www.justice.gov/opcl/e-government-act-2002
Department of Justice. (2019, April 23rd). Electronic Communications Privacy Act of 1986 (ECPA). Retrieved from Justice Information Sharing: https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1285
Department of Motor Vehicles. (1994). Driver’s Privacy Protection Act. US. Retrieved from https://dmv.ny.gov/forms/mv15dppa.pdf
Dolnicar, S., & Jordaan, Y. (2006). Protecting consumer privacy in the company’s best interest. Australasian Marketing Journal, 14(1), 39-61.
Egelman, S., Tsai, J., Cranor, L. F., & Acquisti, A. (2009). Timing is everything?: the effects of timing and placement of online privacy indicators. the SIGCHI Conference on Human Factors in Computing Systems (pp. 319–328). Association for Computing Machinery.
European Commission. (2020). Coronavirus: a common approach for safe and efficient mobile tracing apps across the EU*. Retrieved from https://ec.europa.eu/commission/presscorner/detail/en/qanda_20_869
Evans, J. R., & Mathur, A. (2005). The value of online surveys. Internet research, 195-219. Retrieved from https://doi.org/10.1108/10662240510590360
FDIC.gov. (2006, June). Right to Financial Privacy Act. FDIC Consumer Compliance Examination Manual, 3.1-3.2. Retrieved from https://www.fdic.gov/regulations/compliance/manual/8/viii-3.1.pdf
Federal Trade Comission. (2000, May 24th). Privacy of Consumer Financial Inforamtion; Final Rule. Federal Register, 65(101), 33645-33689. Retrieved from https://www.ftc.gov/sites/default/files/documents/federal_register_notices/privacy-consumer-financial-information-16-cfr-part-313/000524privacyofconsumer.pdf
Federal Trade Commission. (2013). Children’s Online Privacy Protection Act of 1998. Retrieved from Federal Trade Commission: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule
Federal Trade Commission. (2018, September). Fair Credit Reporting Act. Retrieved from ftc.gov: https://www.ftc.gov/system/files/545a_fair-credit-reporting-act-0918.pdf
Finch, J. (1987). The Vignette Technique in Survey Research. Sociology, 21(1), 105-114. Retrieved from https://doi.org/10.1177/0038038587021001008
Fincham, J. E. (2008). Response rates and responsiveness for surveys, standards, and the Journal. American journal of pharmaceutical education, 72(2), 43.
Fischhoff, B., Slovic, P., Lichtenstein, S., Read, S. J., & Combs, B. (1978). How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits. Policy Sciences, 9(2), 127-152.
Garg, V., & Camp, L. (2012). End User Perception of Online Risk under Uncertainty. Annual Hawaii International Conference on System Sciences, 3278-3287.
Gopavaram, S., Momenzadeh, B., & Camp, L. J. (2020). Can You Hear Me Now?: Audio and Visual Interactions that Change App Choices. under revision for Frontiers in Psychology, 2227.
Grossklags, J., & Acquisti, A. (2007). When 25 Cents is Too Much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information. 6th Annual Workshop on the Economics of Information Security (WEIS).
Grunert, K. G. (2005). Food quality and safety: consumer perception and demand. European Review of Agricultural Economics, 32(3), 369-391.
Hardin, G. (1968, December 13th). The Tragedy of the Commons. Science, 162(2859), 1243-1248. doi:10.1126/science.162.3859.1243
Hauser, D. J., & Schwarz, N. (2016). Attentive Turkers: MTurk participants perform better on online attention checks than do subject pool participants. Behavior research methods, 48(1), 400-407.
Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106-125.
HHS. (2013, July 26th). Summary of the HIPAA Privacy Rule. Retrieved from HHS.gov: https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html
Huebner, M., Vach, W., & le Cessie, S. (2016). A systematic approach to initial data analysis is good research practice. The Journal of Thoracic and Cardiovascular Surgery, 25-27.
Johnston, A. C., & Warkentin, M. (2010). Fear Appeals and Information Security Behaviors: An Empirical Study. MIS Quarterly, 549-566.
Kaye, K. (2019, June 19th). Portland lawmakers pass privacy resolution to guide policies for facial recognition, other data use. Retrieved from GeekWire: https://www.geekwire.com/2019/facial-recognition-video-surveillance-highlight-new-privacy-resolution-passed-portland-lawmakers/
Kline, P. (2014). An Easy Guide to Factor Analysis. Taylor & Francis.
Lau, J. T., Yang, X., Tsui, H., & Kim, J. H. (2003). Monitoring community responses to the SARS epidemic in Hong Kong: from day 10 to day 62. Journal of Epidemiology & Community Health, 57(11), 864-870.
Liu, C. M., Lu, J., & Yu, C.-S. (2005). Beyond concern—a privacy-trust-behavioral intention model of electronic commerce. Information & Management, 42(2), 289-304.
M.Smith, S., A.Roster, C., L.Golden, L., & S.Albaumb, G. (2016). A multi-group analysis of online survey respondent data quality: Comparing a regular USA consumer panel to MTurk samples. Journal of Business Research, 69(8), 3139-3148.
Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users’ information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information systems research, 15(4), 336-355.
McKnight, P. E., & Najab, J. (2010). Mann-Whitney U Test. In The Corsini Encyclopedia of Psychology (pp. 1-1). Wiley Online Library.
Naeini, P. E., Bhagavatula, S., Habib, H., Degeling, M., Bauer, L., Cranor, L. F., & Sadeh, N. (2017). Privacy Expectations and Preferences in an IoT World. the Thirteenth USENIX Conference on Usable Privacy and Security (pp. 399-412). USENIX Association. Retrieved from https://dl.acm.org/doi/10.5555/3235924.3235956
Norberg, P. A., Horne, D. R., & Horne, D. A. (2007). The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of consumer affairs, 41(1), 100-126.
Nordgren, L. F., Van Der Pligt, J., & Van Harreveld, F. (2007). Unpacking perceived control in risk perception: The mediating role of anticipated regret. Journal of Behavioral Decision Making, 20(5), 533-544.
Office of The Assistant Securetary for Planning and Evaluation. (1996). Health Insurance Portability and Accountability Act of 1996. Retrieved from Office of The Assistant Securetary for Planning and Evaluation: https://aspe.hhs.gov/report/health-insurance-portability-and-accountability-act-1996
Oulasvirta, A., Pihlajamaa, A., Perkiö, J., Ray, D., Vähäkangas, T., Hasu, T., . . . Myllymäki, P. (2012). Long-term effects of ubiquitous surveillance in the home. 2012 ACM Conference on Ubiquitous Computing (pp. 41-50). Association for Computing Machinery.
Patil, S., Norcie, G., Kapadia, A., & Lee, A. J. (2012). Reasons, rewards, regrets: privacy considerations in location sharing as an interactive practice. Eighth Symposium on Usable Privacy and Security (pp. 1-15). Association for Computing Machinery.
Prosser, W. L. (1960). Privacy. California Law Reivew, 48(3), 383-423. doi:10.15779/Z383J3C
Rainie, L., & Duggan, M. (2016). Privacy and Information Sharing. Pew Research Center. Retrieved from https://www.pewresearch.org/internet/2016/01/14/privacy-and-information-sharing/
Rajivan, P., Moriano, P., Kelley, T., & Camp, L. J. (2017). Factors in an end user security expertise instrument. Information and Computer Security, 190-205.
Sjöberg, L. (2000). Factors in risk perception. Risk analysis, 1-12.
Slovic, P. E. (2000). The perception of risk. Science, 280-285.
Slovic, P., Fischhoff, B., & Lichtenstein, S. (1980). Facts and fears: Understanding perceived risk. Societal risk assessment, 181-216.
Snook, S. C., & Gorsuch, R. L. (1989). Component analysis versus common factor analysis: A Monte Carlo study. Psychological Bulletin, 19(1), 148–154.
Starr, C. (1969). Social benefit versus technological risk. Science, 1232-1238.
Statistics How To. (2016). Holm-Bonferroni Method: Step by Step. Retrieved from https://www.statisticshowto.com/holm-bonferroni-method/
Taylor, H. (2003). Most People Are “Privacy Pragmatists” Who, While Concerned about Privacy, Will Sometimes Trade It Off for Other Benefits. The Harris Poll, 17(19), 44.
Teltzrow, M., Meyer, B., & Lenz, H.-J. (2007). Multi-channel consumer perceptions. Journal of Electronic Commerce Research, 8(1), 18-31.
Trope, Y., & Liberman, N. (2010). Construal-level theory of psychological distance. Psychological review, 117(2), 440.
University of Maryland. (2020). Washington Post-University of Maryland national poll, April 21-26, 2020. WashingtonPost. Retrieved from https://www.washingtonpost.com/context/washington-post-university-of-maryland-national-poll-april-21-26-2020/3583b4e9-66be-4ed6-a457-f6630a550ddf/?itid=lk_inline_manual_3
Waddell, K. (2019, June 29th). Cities are writing privacy policies. Retrieved from AXIOS.com: https://www.axios.com/cities-data-privacy-laws-fa0be8cb-234f-4237-b670-10ad042a772e.html
Weinstein, N. D. (1984). Why it won’t happen to me: perceptions of risk factors and susceptibility. Health psychology, 3(5), 431.
Weinstein, N. D. (1988). The Precaution Adoption Process. Health psychology3, 7(4), 355.
Zetter, K. (2014, November 28th). Hacker Lexicon: What Is the Computer Fraud and Abuse Act? Retrieved from WIRED.com: https://www.wired.com/2014/11/hacker-lexicon-computer-fraud-abuse-act/
Zhang, B., Kreps, S. E., & McMurry, N. (2020). Americans’ perceptions of privacy and surveillance in the COVID-19 Pandemic. OSF Preprints.