The Concept of Information Privacy in E-Commerce A

Taina Kaapu

University of Tampere

Taina.Kaapu@uta.fi

Abstract. Many researchers have pointed out that one major problem of e-commerce is increased fear for information privacy. The aim of this study is to understand how consumers see privacy – and the variation of their views. Based on the analysis of consumer interviews, I divide results in two sections: factors influencing to information privacy and issues connected to information privacy. The goal of this paper is to highlight the meanings of privacy in different contexts and call for a greater attention to the importance of consumers’ concerns for privacy. The results show that for maximazing the potential of e-commerce it is essentially important that e-vendors meet their consumers’ expectations when privacy is concerned.

Keywords. Information privacy, Consumer, E-Commerce, Phenomenography.

Introduction

The number of online consumers have grown, but also the fears for information privacy have increased. (Smith 2004.) However, the question of privacy is essential from the business point-of-view: Prabhaker (2000) identifies three specific implications how consumer privacy concerns impact the sales of goods and services. First, consumers whose privacy concerns have not been addressed will tend to delay their purchases or even forgo them. Second, some concerned consumers want to use more traditional ways of purchasing. Third, consumerswho use the Internet for making purchases have to pay also the privacy costs caused by other consumers’ privacy concerns. In other words, to maximize the potential of e-commerce, it seems critical to accurately understand online consumers’ concerns for privacy.

The goal of this paper is to call for a greater attention to the importance of consumers’ concerns for privacy in the context of e-commerce. Malhotra, Kim and Agarwal (2004) state that privacy issues has drown considerable attention among disciplines such as law, public policy, marketing, organizational behaviour and information systems. However, much of the literature on privacy concerns still the context of traditional direct marketing environment (Phelps et al. 2000, in Malhotra et al. 2004). Furthermore, in information systems science consumers’ side is rarely taken into account (Saarenpää & Tiainen 2004). I seek for understanding of what consumers say about their views on privacy in e-commerce by using phenomenography as a qualitative research method: this paper attempts to identify the major factors of privacy.

Literacy includes several definitions for privacy. It is possible to argue that privacy must be understood as a legal concept (De Hert Leiden & Gutwirth 2003). Privacy is also seen as the right to be let alone (Warren & Brandeis 10, in Chung 2002). Westin (1967) say it is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. Chung (2002) adds that when dealing with Internet privacy, the concern is with information privacy. Invasions of privacy occur when individuals cannot maintain a substantial degree of control over their personal information and its use. I understand information privacy as the ability of the individual to personally control information about one’s self. In this paper I use also the word “privacy” to mean “information privacy”.

As this study deals with information privacy in e-commerce (see Figure 1), the other main concept is e-commerce. It has three main elements: consumers, vendors and technology (Saarenpää et al. 2004, based on Rosenbloom 2003). Consumers are individuals who want to buy goods or services and they are willing to use the systems of e-commerce (Schiffman & Kanuk 2000). Vendors sell products via the Internet and it is needed for buying online (Turban et al. 2000). However, in the original figure the closed triangle is used between three elements;

I use arrows to emphasize that elements are in an open space where they all affect to each other (Figure 1). Information privacy is in the middle because it may affect to all relations between consumers, vendors, technology and society. Additionally, I modified this figure by adding society because e-commerce is always in a certain context. I understand that the society contains for example laws and practices.

Figure 1. Information privacy and the elements of e-commerce.

First, I briefly describe the method of study and interviews that provide information on consumers. Second, I focus on the classification of consumers’ views based on the analysis of research material. Third, I put my results in proportion to the scientific literature. Finally, there are conclusions and I discuss about limitations and implications.

Methodology

My aim is to have a closer look to the prospects, which will arise when observing consumers’ understanding of privacy towards e-commerce. Here I focus on methodology used in this research.

For studying people’s different conceptions of information privacy, phenomenography is used as a qualitative research method. Term phenomenography comes from two Greek words fenomenon (come to light) and grafi (describe something) (Uljens 1991, in Järvinen 2004). Phenomenography is a method to describe, analyze and understand conceptions (Marton 1982, in Järvinen 2004). The idea is to describe the variation of how a certain population views something; the purpose is not to explain the reasons for the variation (Isomäki 2002). Thus, a researcher must not correct whether some conceptions are true or not. The aim of this study is not to understand what information privacy is, but to understand how consumers see it – and the variation of their views. The result is a categorization of alternative views. (Marton 1982, in Järvinen 2004.)A standpoint was that when a person thinks or feels, (s)he always thinks or feels something in some way (Uljens 1991, in Järvinen 2004). The research procedure consisted of five steps: (1) the phenomenon (research object) or an aspect of it, is defined or limited, (2) the chosen population is interviewed about the focus of study, (3) the interviews are carefully transcribed, (4) the interviews are analyzed, (5) the analysis results in categories of description (Järvinen 2004). While analyzing results, the whole text of the interview was divided into meaningful units with the main focus on the subjects’ utterances, and these units were transformed into a more general language. Then units belonging to the same subdomain were compared with each other, and characterizations on the individual level are analyzed in relation to others. The result of a phenomenographic analysis is presented in form of categories of description in the next section.

For this study there are two interview sets, which both were collected during spring and summer 2004 in the western part of Finland. The theme of the interview set 1 was privacy and the theme of set 2 was electronic journals. The duration of interview situations were from 30 minutes up to 2 hours and 30 minutes because some of the interviewees liked to give shorter answers than others. The interview set 1 focuses on privacy and it was direct asked from interviewees. In the interview consumers were able to tell with their own words about privacy, I had also some themes and open-ended questions in following topics: e-commerce in general, the concept of privacy, security in e-commerce, marketing and advertising. The set 2 gives another kind of empirical material, as privacy was not direct asked but the interviewees dealt with it a lot, and so it gives useful empirical material for analyzing the views of privacy. In second interviews the topics were: background of the interviewee, e-commerce services in general, use of traditional journals and use of electronic journals.

The interview set 1 includes twelve interviews and the set 2 ten, so all together there were 22 different interviews. The interviewees were found by advertising on local newspaper’s website, in one seminar, and by asking possible interviewees. For the first set interviewees were selected by their backgrounds and for the second set by their answers in a value questionnaire. There were 13 female and 9 male interviewees, whose ages were between 25 and 66 years. In both sets of interviews the consumers had different professional backgrounds, which can be characterized as follows: health and social affairs; teaching and education; technological specialist; trade and administration; legal profession; agriculture; entrepreneurial activity.

The interviews started from general discussion about interviewees’ backgrounds and continued to discussion about privacy issues in e-commerce or electronic journals and e-commerce. When same conceptions started to come up again in the interviews, the interviews could be finished. It is important to take into consideration that the interviewees represent only part of consumers of e-commerce. One limitation of this qualitative methodology is that it is impossible to say when there is not any new information to catch because usually all the cases in the research are finally unique. Based on Sandberg (2000) 22 interviews is enough large empirical material to reach the saturation. Another limitation of phenomenography approach is that the interviewer easily affects to the interviewees and the situation. This was taken into account: for example there were peaceful surroundings for each interview and the interviewer tried to learn from the interviewees, not vice versa. Afterwards the interviewees checked what they had said and was it understood correctly.

Classification of consumers’ views

The classification presented here is based on the analysis of interviews and how the interviewees understood the concept of privacy in e-commerce. Here I describe the classification of consumers’ views in two sections, which are factors influencing to information privacy and issues connected to information privacy. Based on the analysis of research material the first class, factors influencing to information privacy, contains six subclasses I1-I6 (Table 1). Otherwise, the subclasses describe factors that affect to a certain consumer in a certain situation how he feels about his own privacy.

Table 1. Factors influencing to information privacy.

Class Description Examples

I1 Expectations combined to e-commerce Expectations that are

usually related to products

or e-vendor.

What kind of products you are buying;

do products fit in e-commerce;

the importance of brand.

I2 Understanding of

e-commerce systems as a business environment Factors related directly to

e-commerce and

e-commerce systems.

What it is like to do business with

e-commerce systems versus human;

what e-commerce is like.

I3 Views related to information security How consumer’s views of

information security affect

to views of privacy.

Being afraid of information security as

an obstacle giving your own

information; firewall or protecting

viruses as a solution.

I4 Effects of society Issues related to society;

something you just have to

usually accept.

How laws affect;

what kind of differences there are

between different countries.

I5 Consumer’s own skills Consumer’s skills,

self-confidence and

attitudes.

Consumer’s willingness to test and use

e-commerce systems;

how consumer estimates own skills.

I6 Advices of neighborhood How people nearby

influence to consumer’s

views of privacy.

Recommendations or warnings to use a

certain e-commerce system from a

relative or a friend.

While the first class contains factors that influence to privacy and how the privacy is understood in different situations, the second class called issuesconnected to information privacy is more about privacy itself. Many of these issues are problems: this was the way the consumers discussed about privacy in the interviews. The second class consists of five subclasses C1-C5 (Table 2). Table 2. Issues connected to information privacy.

Class Description Examples

C1 Use of customer information Consumer’s personal

information as customer

information, and how

information is used.

From the consumer point-of-view:

can you affect to the use of your

personal information.

C2 Consumer’s surveillance How consumer feel about

his surveillance when he is

using e-commerce systems.

E-vendor follows consumer’s behavior

or police is observing in the Internet.

C3 Not-wanted e-mail The role of e-mail that

consumer thinks is spam as

a part of privacy demands.

E-mail advertising;

how e-mail registers are used.

C4 Hackers and viruses Consumer’s views on

hackers and viruses as a

factor of privacy.

There can be hackers;

e-vendor does not take care of

consumers’ information.

C5 Threats concerning payment How issues related to

making payment in the

Internet are problems of

privacy.

Giving credit card information;

using bank services on the web.

At first, here is presented the subclass that was the most common in the interviews and the last one is the least referenced subclass. It is important to notice that a researcher must not correct whether some conceptions are true or not. The qualitative aim of this study is to understand how consumers see privacy, not why they understand privacy in some way or how common the subclasses are generally.

Factors influencing to information privacy

Class I1, expectations combined to e-commerce, is for expectations that are related to products or e-vendor, and they are important also in the traditional commerce. All of the interviewed consumers had very alike opinions despite of professional position, gender or age. Consumers said that it is easier to order and give information if you know exactly what you are getting. However, some products seem to fit better to e-commerce than others according to the interviewees:

“If I would order one bottle of scotch once a month then I could type it there… payment to any international bank’s account. But if you do not know anything about the product…”

The interviewees sometimes wanted to confirm product details by phone, but also they liked possibilities to come down on the price. Some were concerned about deliveries of products and they wanted to have a confirmation for example in a letter. Most of the interviewees noted that if you give personal information

the amount of information is related to e-vendor – well-known and trusted brand seemed important. Consumers brought under discussion many known Finnish brands like Veikkaus (offering betting online) and NetAnttila (an e-shop of clothes and home goods) as places where it is safe to give their personal information.

The main principle seemed to be: you can trust only to somebody, not everybody on the web. The interviewees said also that if you think that you are not going to the web pages again it is same which information you give if you have to give something. They pointed out that it is important what kind of web pages e-vendor has and pages are easy to use. At the same time, the interviewees have not paid attention to register report concerning customers’ personal information use and handling required by Finnish law. How you can trust to your own privacy if it is difficult to find where the e-vendor is located geographically or sometimes it is hard to find even e-mail address, the interviewees asked.

Class I2, understanding of e-commerce systems as a business environment, is a subclass for factors that are related directly to e-commerce and e-commerce systems. Older consumers were not so ready to use e-commerce systems and give their personal information than younger ones. Some of the interviewees were more demanding than others when we talked about privacy; they liked traditional ways more than any new information systems:

”For example if I have to go to the National Pension Institute with some kind of my own matter. I really do not want that my personal information is only in some kind of computer. (-) Then when there is a pen and a paper, I can really know that it is in there and stays there. (-) I am really only that kind of series of numbers.”

However, the interviewees raised up also the positive sides of e-commerce systems for example: a computer can know if you choose an option that is not possible; the system can check if there is typing errors; it is easier to compare different products; use of e-commerce system can be cheep and fast. These are important factors why the interviewees are willing to give their personal information.

Class I3, views related to information security, is about how information security affects to privacy. All of the interviewees had very similar approach when they discussed their privacy issues concerning especially information security. Technology was understood as an external force without social processes. The interviewees usually said that information security concerning privacy is the security of bank account or the secrecy of credit card number; they also told about firewalls or protecting viruses. One of the interviewed consumers noted that there is an invisible hand and he cannot really do anything. In conclusion, the interviewees saw security and privacy as a technical problem. When the interviewees feel that everything is fine they can do shopping on the web.

Most of the interviewees combined subclass I4 (effects of society) to this class. They emphasized that information security is better in Finland and it is easier to give personal information to Finnish vendors than others. Many of theinterviewees told about issues that they had read from newspapers or heard from TV. In any case, they did not usually notice that also consumers can make mistakes on the web, they do not follow always instructions and for different reasons they may cause harm by themselves. There was one exceptional opinion: ”There is that pay automatics are leaving away… that you almost have to use web bank. And in the matter of fact the security is better… when somebody is not stretching out behind your back… when you pay.”

Almost all of the interviewees seem to accept those mistakes and problems that you have to deal with traditional commerce. At the same time they required that e-commerce systems have to work perfectly.

Class I4, effects of society, concerns issues related to society. These issues are usually something you just have to accept: for example you cannot change laws. Many of the interviewed consumers noted that ordering from abroad is not safe, or they would not give their personal information abroad - only EU countries are possible. The interviewees had very strong views on security in different countries and the opinions were alike. Some also wanted to reveal that they had knowledge from media:

”I take this somehow very carefully, for example this bank matter. By the way, I looked that – yeah, it was in Finnish Broadcasting Network’s pages – I looked at that kind of manuscript of a program where they tell precisely like these cheatings in the Internet (-) from everything I have read, so I have understood, that you cannot very easily give your personal information to anywhere.”

Relating to this subclass, there were also common attitudes in our society like the interviewees said that computers are not for everyone:

”What kind of systems will we have if they would be done to some grandmother. They (systems) will be then so clumsy.”

Class I5, consumer’s own skills, is a subclass for individuals’ personal skills, self-confidence, attitudes, and how these affect to views on privacy. Older interviewees were not sure how they will manage with new e-commerce systems - some of the younger ones said that they do not really use anything even though they had used many kind of services. Men had more self-confidence than women, and because of that men were more willing to give their personal information.

Many of the interviewees said that some third parties can be observing your Internet use, and many times this discussion get back to self-confidence and own skills:

”I have heard about the trace of use. When I have not used the Internet for a very long time they give me notification that your ink is running short. I looked, for God’s sake, so fast this my ink is running short. Then I understood that this was an advertisement. Could they know somehow is my ink running short?”

Class I6, advices of neighborhood, is about how people nearby influence to consumer’s views of privacy. For example friends or relatives can tell what you should or should not use in the Internet. Usually consumers seemed to believe tothe given recommendations, and for example consumers can give other people’s e-mail addresses in a good faith based on an advice:

”It was something that I got via e-mail from Riina and Eeva-Liisa. (-) I do not remember anybody’s e-mail addresses… when you should send it always to three persons. (-) But it was only some kind of magazine in the Internet… that I did not check that magazine better.”

Few of the interviewees said that they use some kind of communities in the Internet (for example news-groups) to find recommendations.

Issues connected to information privacy

Class C1, use of customer information, is about consumers’ personal information as customer information, and how information is used. All of the interviewed consumers despite of professional position, age or gender were concerned that e-mail addresses and personal information will be used for marketing or other purposes without their permission. Nobody mentioned directly that personal information can be sold to third parties without permission; they usually said that there can be hackers or the e-vendor does not take care of their information. Some of the interviewed consumers commented that sometimes it is difficult to change your personal information, it is not easy to remember user accounts and passwords, or e-vendors ask something that is not essential:

”There comes many forms for registration, that fill this area, fill this area, fill this area, then I do not. I think that let it be. However, I do not have an energy to write my hole curriculum vitae to some registration.”

In these situations it is easier from the consumer point-of-view not to give any information to e-vendor. The interviewees were so concerned that almost all of them said that they sometimes give other than their right personal information. However, there were few exceptions when the interviewees thought that they are usually willing to give their personal information.

Class C2, consumer’s surveillance, is how consumers feel about their surveillance when they are using e-commerce systems. Interviewees were concerned that visits to websites will be tracked secretly and added to other personal information. Some of the interviewees thought that for example banks have some kind of surveillance in their web pages. Others feel that all of their actions might be in some kind of register:

”I buy for a dog lots of HK’s sausages and liver casserole. Probably these investigators think that I eat only sausages… We do not eat either ones. If we would have many dogs…”

Older interviewees seemed to be more doubter than younger ones but differences were quite minor. It was remarkable that persons who know more about the Internet were more afraid of this surveillance than others. Few admitted that they do not know enough – probably they also do not like giving their personal information, because they do not actually know or see what happens. The interviewees also commented that some kind of right to anonymous visiting toweb pages is the basic thing of privacy. However, some of the interviewed consumers wondered that net use can be observed by third parties secretly: ”Except that the police is probably observing. I assume so they can for example investigate that there are not any stolen goods in sale. And then they, say, can be asking.”

Actually, this consumer does not like this observing but he bears that. Some of the interviewees noted that as a matter of fact the surveillance is a good issue: for example one of the interviewees said that they do not send some kind of baby diaper ads; if the purpose is that ads go to the right person, it do not bother.

Class C3, not-wanted e-mail, is a subclass for the role of e-mail that a certain consumer thinks is spam as a part of privacy demands. Most of the interviewees combined spam and privacy but they differed clearly spam and other use of consumer information. All of the interviewees agreed that not-wanted e-mail is irritating and annoying:

”I do not have much to say to them, only that… Those who send you mail for advertising purposes can be pierce with a spear like caliphs in Baghdad in the time of Saddam Hussein. It is irritating when you try to do something and there will be an advertisement…”

It is difficult to define is e-mail wanted or not-wanted. For example, couple of the interviewees hoped mail from e-vendors after registration while others did not want any ads ever. It seemed to be a personal matter is e-mail spam or is not. In many opinions, the interviewees noticed that well-known e-vendor or brands are important.

Class C4, hackers and viruses, concerns views related to hackers and viruses as a factor of privacy. The concept of hacker is used in here because the interviewees used that, and usually they added that hackers use viruses to get their personal information from e-vendors. Some interviewees had more information based on their education, interests or from media but their opinions were still quite alike. They said that the e-vendor does not take care of their information or there can be hackers:

”That problem is emphasized if it is (abroad) for example some fly-fishing firm and you register to there for example in your own information. Then there is this risk that some hacker goes there and gets those information from there. And after that it comes then this junk mail.”

The interviewees liked to have more surveillance on the web so that hackers can be caught. But at the same time they wished more privacy to themselves. Because of privacy problems caused by viruses and worms one consumer said that she is nearly avoiding using e-mail.

Class C5, threats concerning payment, means how issues related to making payment in the Internet are problems of privacy. Thus, one large part of giving your information is paying. Only few of interviewed consumers told that they have used credit card on the web. It might also be that it is easy to reject e-commerce and giving your own information by saying “it is not safe”. The interviewees were concerned that credit card information can be stolen or used somewhere without their permission:”When you pay with (credit card) Visa it is some how risky. I have not used (Visa) but from abroad you have to use it.”

Even though this consumer was afraid he had used his credit card because of the benefits of e-commerce. It was interesting that the interviewees had so much alike opinions about paying and problems related to payment. Older interviewees liked less paying online but few of the younger ones seemed to be very trusting. Results versus privacy in the scientific literature

In this section, I put my results of analysis in proportion to the scientific literature in two parts: context of privacy and privacy concerns. Many researchers (e.g. Curran & Richards 2004, Malhotra et al. 2004) have pointed out that invasion of privacy is a serious, frightening concept for many people, and privacy has been identified as a major threat in online business transactions.

Overall, interviewed consumers felt strongly about protecting their privacy and they were afraid of invasion of privacy. According to Camp (2000) electronic information technology changes the balance between privacy and information availability because monitoring every keystroke of users of information technology requires little amount of effort. Results based on consumer interviews support these statements, consumers’ privacy concerns in e-commerce seems to be a true problem for these interviewees.

However, there have been also opposite results in some research projects. Forsythe & Shi (2003) argue that although privacy concerns were a frequently cited reason for not purchasing on-line, it did not significantly influence any of the Internet shopping behaviors examined. According to Chung (2002) some people say it is possible to state that the Internet privacy concerns are nothing special: that shopping online is no different to traditional shopping in terms of tracking customer behaviour; although cookies can be used to identify visitors, they cannot find out names, addresses and other personal information unless visitors have provided such information voluntarily by themselves.

In the interviews consumers told that their privacy concerns are very special. For example, the interviewees commented that e-mail addresses and personal information can be used without their permission. Because of that risk some of the interviewees do not like using e-commerce systems and giving their personal information at all. One reason for these differences might be a cultural viewpoint, for example Singh et al. (2003) have pointed out that consumers in Germany react differently to marketing practices that people in the USA might consider the norm.Context of privacy

Malhotra et al. (2004) find out that in many cases the several pioneering studies examine online privacy in general without paying attention to external environment. In this paper, the first class, factors influencing to information privacy, belongs to the context of privacy. Singh et al. (2003) state that in order to understand consumers’ views about Internet use and online behaviors, it is also important to understand their views regarding privacy in general, their personal expertise in Internet technologies, and how they view the role of the government and the role of companies in protecting consumer privacy. Malhotra et al. (2004) have a broader view-point and they use the concept of external conditions which can influence to an individual’s privacy concerns.

Malthotra et al. continue that an individual’s perceptions of such external conditions will also vary with personal characteristics and past experiences. Therefore, consumers often have different opinions about what is fair and what is not fair concerning a firm’s collection and use of personal information. However, Paakki (2005) states that surrounding society or third parties have an impact on consumer, and media is sometimes in a key role affecting consumer’s understanding of the security of e-commerce.

The context of privacy as a whole seems to be an important factor for the interviewees’ privacy concerns. Turban et al. (2002) observe that the benefits of e-commerce are for example: easier to compare different products, using e-commerce system can be cheep and fast, consumer can buy directly from manufacturer. In the interviews the consumers had also noticed these points and they seem to be important factors why the interviewees are willing to give their personal information. Most of the interviewees noted that it is related to e-vendor if you give information. The main principle seemed to be: you can trust only to somebody, not everybody on the web. One important factor was that if you can know as much as possible from product in advantage, it is easier to order and give your personal information to e-vendor.

Nakra (2001) says that consumers need unambiguous statements explaining what information is collected, for what purpose it is used, and with whom it is shared. In the interviews most of the interviewees noted that e-vendors ask too much and irrelevant information: then the interviewees do not fill those forms and may stop using those e-services. Desai et al. (2003) state that consumers might like to give information that is less personal like e-mail address or favorite program in TV. The interviewed consumers did not agree, usually they did not like to give any information unless they have to do so. Singh et al. (2003) notify that laws covering e-commerce in EU are geared to unify and homogenize e-commerce environments in many member nations.

Many of the interviewees noted that ordering from abroad is not safe, or they do not give their personal information abroad – only EU countries are possible. The consumers had very strong views on security in different countries and the

opinions were alike. According to Mäensivu (2003) usually the level of personal expertise overall and knowledge of the Internet is related to consumers' intended use of the Internet to purchase goods and services. Then the assumption is that more you know, more careful you are. Based on the interviews it seemed to be true on knowledge of the Internet but not personal expertise overall. Consumers’ skills and knowledge affected to that how they give their information, they did not have differences concerning professional position. But age and gender affected for example to that how they estimated their own actions in relation to privacy. Older consumers were more afraid than younger ones. Men seemed to be more self-confident and more desired to make an experiment than women.

Privacy concerns

The main privacy concern, according to Willebrand (2001), is that following is done without the consumer’s knowledge: consumer is prompted to enter personal information like e-mail address, and this information can be packaged into a cookie and sent to the consumer’s hard drive, which stores it for later identification. The interviewed consumers raised this issue up among others.

Chung (2003) defines that researchers have found four particular issues for consumer privacy concerns: (1) visits to websites will be tracked secretly, (2) e-mail addresses and other personal information will be captured and used for marketing or other purposes without permission, (3) personal information will be sold to third parties without permission, (4) credit card information will be stolen. The interviewees agreed other three but not the third concern. Nobody mentioned directly that personal information can be sold to third parties without permission; they usually said that there can be hackers or the e-vendor do not take care of their information. In this sense consumers were very trusting.

The interviewees wanted to know more about what happens to their information. Interestingly, their trust in companies’ ability to protect their information is rather low. Concerns about what might happen to the personal information that is collected might prohibit the interviewees from using the Internet to its full potential especially if they are not quite sure about how companies would use this information. The interviewees liked to have more surveillance on the web so that hackers can be caught. But at the same time they wish more privacy to themselves.

Invasion of privacy and privacy concerns can evoke images of big brother (Curran & Richards 2004). This was obvious based on the analysis of the interviews. Perhaps the most important finding is that all of the interviewees had very similar approach when they discussed their privacy issues. This approach could be defined to technological determinism. Vehviläinen (2000) says that in technological determinism approach technology is understood as a force that is external to society, and there are no social processes in it. Also consumers can make mistakes on the web, they do not follow always instructions and fordifferent reasons they may cause harm by themselves. But the interviewed consumers saw security and privacy mainly as a technical problem.

It was interesting that the interviewees had so much alike opinions about paying and problems related to that. Also Terämaa (2001) states that consumers consider usually these risks: credit card information will be sold or stolen; e-vendor does not deliver already paid products. But these risks are also in traditional commerce. Only few of interviewed consumers told that they have used credit card on the web.

However, many of the consumers seem to expect that e-vendors are experts in their own field and consider consumer point-of-view (Paakki et al. 2004). The findings of this study indicate that the interviewees have very strong views about protecting their privacy. They believe that companies are obligated to protect the information of their customers. Singh et al. (2003) notice that assuring privacy is an important factor. Thus, the more the interviewees agreed that if they were assured of their privacy they are willing to use the Internet more to purchase goods and services.

Conclusions

In conclusions, I discuss some of the limitations of study approach and I present implications of my results for future research on information privacy and for e-vendors.

The aim of this study is not to understand what information privacy is, but to understand how these interviewed consumers see it – and the variation of their views. According to Järvinen (2004) this second-order perspective means that the researcher describes some aspect of reality as it is conceived by a certain group of people. By contrast, in ethnographical, anthopological or observational studies the first-order perspective is used: the researcher describes some aspect of reality directly, as s/he meets it. However, the idea is in this paper to describe the variation of how a certain population views something; the purpose is not to explain the reasons for the variation.

One limitation of this qualitative methodology is that it is impossible to say when there is not any new information to catch because usually all the cases are finally unique. Another limitation of phenomenography approach is that the interviewer easily effects to the interviewees and the situation. This was taken into account while making interviews. Additionally, it is important to notice that in the interviews there were plenty of answers, which could be placed to many subclasses. In those situations the answers are presented in the context that fits the best, and there has been under consideration other subclasses.

For future research, this paper gives information to other researchers in topics relating to privacy, consumer and e-commerce. The classes identified in this study can be observed more, particularly factors influencing to information privacy. Forexample, consumer’s own skills and advices of neighborhood were much discussed between lines. Furthermore, it will be interesting to focus on privacy problems in other perspectives than consumer point-of-view: like e-vendor, technology, or legislation. Consumer and e-vendor view-points can be compared or privacy issues can be analyzed in certain cases and the differences between age groups and gender can be an interesting topic for further research.

For e-vendors, the results of this study show that it is essentially important for maximizing the potential of e-commerce to understand online consumers’ concerns of privacy. Understanding how consumers view privacy issues provides a means to understanding whether people would be open to marketing efforts, which require information sharing and information exchange. In addition, the results help to understand what safeguards and other actions must be in place to ensure that consumers would be willing to give their information and use e-commerce systems. In practice, this requires for example that the e-vendors should: tell how consumers’ personal information is taken care of and used; give more advice for consumers how to give and handle personal information safely; tell if some third party can use personal information to marketing purposes; take good care of their own brands, reputation and usability; give possibility to their customers to check, correct and delete their own personal information. Acknowledgments

I am grateful to Professor Tarja Tiainen and Researcher Minna-Kristiina Paakki for their valuable comments and helpful guidance.

References

Camp, L. J. (2000). Trust and Risk in Internet Commerce. Cambridge, Massachusetts London, England: The MIT Press.

Chung, W. (2002). “A Snoop at Privacy Issues on the Internet in New Zealand”, University of Auckland, Business Review, vol.4, no.3, pp.2-15.

Curran, C. M., Richards, J. I. (2004). “Misplaced Marketing. Public Privacy and Politics”, Journal of Consumer Marketing, vol.21, no.1, pp.7-9.

De Hert Leiden, P., Gutwirth, S. (2003). “Balancing Security and Privacy in the Information Society”, In Security and Privacy for the Citizen in the Post-September 11 Digital age: A Prospective Overview. LIBE, pp.-105.

Desai, M. S, Richards, T. C., Desai, K. J. (2003). “E-commerce Policies and Customer Privacy”, Information Management & Computer Security 11/1, pp.19-27.

Forsythe, S. M., Shi, B. (2003). “Consumer Patronage and Risk Perceptions in Internet Shopping”, Journal of Business Research, vol.56, pp.867-875.

Isomäki, H. (2002). The Prevailing Conceptions of the Human Being in Information Systems Development: Systems Designers’ Reflections. A-2002-6. Tampere: Department of computer and information sciences, University of Tampere.Järvinen, P. (2004). On Research Methods. Tampere: Opinpajan kirja.

Malhotra, N. K., Kim, S. S., Agarwal, J. (2004). “Internet Users’ Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model”, Information Systems Research, vol.15, no.4, pp.336-355.

Marton, F. (1982). Towards phenomenography of learning, Integratial experiments aspects, University of Göteborg, Dept. Education.

Mäensivu, V. (2003). Ikääntyvien viestintävalmiudet ja digitaalinen epätasa-arvo. Jyväskylä: Gummerus Kirjapaino Oy.

Nakra, P. (2001). “Consumer privacy rights: CPR and the age of the Internet”, Management Decision, vol.39, no.4, pp.272-278.

Paakki, M-K. (2005). ”Framework for Consumer Related Trust Issues in E-Commerce”, In Seppä, M., Hannula, M., Järvelin, A-M., Kujala, J., Ruohonen, M. and Tiainen, T. (Eds.), ”Frontiers of e-Business Research 2004” e-Business Research Forum, Conference Proceedings, Tampere, pp.332-339.

Paakki, M-K., Kaapu, T., Tiainen, T. (2004). ”Media netissä”, In Tiainen, T., Luomala, H., Kurki, S., Mäkelä K. (Eds.), Luottamus sähköisissä palveluissa. Kuluttajan ja palveluntarjoajan vuorovaikutus. Report B-2004-11. Department of computer sciences, University of Tampere. Phelps, J., Nowak, G., Ferrell, E. (2000). “Privacy Concerns and Consumer Willingness to provide Personal Information”, Journal of Public Policy Marketing, vol.19, no.1, pp.27-41. Prabhaker, P. R. (2000). “Who owns the online consumer?”, Journal of Consumer Marketing, vol.17, no.2, pp.158-171.

Rosenbloom, B. (2003). “Guest editorial: behavioural dimensions of e-commerce: augmenting technology and economics”, Psychology and Marketing, vol.20, no.2, pp.93-98.

Saarenpää, T., Tiainen, T. (2004). ”Consumers and e-Commerce in Information System Studies”, In Hannula, M., Järvelin, A-M., Seppä, M. (Eds.), ”Frontiers of e-Business Research 2003”

e-Business Research Forum, Conference Proceedings, Tampere, pp.62-76.

Sandberg, J. (2000). “Understanding human competence at work: an interpretive approach”, Academy of Management Journal, vol.43, no.1, pp.9-25.

Schiffman, L. G., Kanuk, L. (2000). Consumer Behaviour. Prentice Hall, Upper Saddle River, NJ. Singh, T., Hill, M. E. (2003). “Consumer privacy and the Internet in Europe: a view from Germany”, Journal of Consumer Marketing, vol.20, no.7, pp.634-651.

Smith, H. J. (2004). “Information Privacy and Its Management”, MIS Quarterly Executive, vol.3, no.4, pp.291-313.

Terämaa, J. (2001). ”Rahasuoritus ja sähköinen kauppa”, In Laine, J. (Ed.) Verkkokauppaoikeus, Porvoo: WSOY, pp.247-328.

Turban, E., Lee, J., King, K., Chung H. M. (2002). Electronic Commerce: A managerial perspective. Prentice Hall, Upper Saddle River, NJ.

Uljens M. (1991). “Phenomenography – a qualitative approach in educational research”, In Merenheimo, Syrjälä (Eds.), Qualitative approaches to educational research, no.39, University of Oulu, pp.80-107.

Vehviläinen, M. (2000). “Gender And Information Technology”, In Mörtberg, C. (Ed.), Where Do We Go From Here? Feminist Challenges Of Information Technology, Division Gender And Technology, LuleåUniversity Of Technology, Luleå, Sweden, pp.17-37.

Warren, S., Brandeis, L. (10). The Right to Privacy. Harward Law Review 4.

Westin, A. F. (1967). Privacy and Freedom, Atheneum, New York.

Willebrand, M. (2001). ”Informaatio, Internet ja markkinointi”, In Laine, J. (Ed.), Verkkokauppaoikeus. Porvoo: WSOY, pp.87-130.