Exploring Impacts of Secondary Information Use on Individual Privacy

Sammanfattning: Information collected from individuals via online social networks and Internet of things devices can be used by institutions and service providers for different business purposes to tailor and customize their services, which is defined as secondary use of information. Although the literature on secondary use is well developed, prior studies have largely focused on direct use of information such as those instances of information use that do not stem from data mining. Advances in data mining and information-processing techniques facilitate discovery of customers’ and users’ behaviors and needs. Research shows that individuals’ behavior can be inferred with high accuracy from their shared information, which may in turn jeopardize privacy. A recent scandal of Cambridge Analytica using about 87 million Facebook profiles to target those users with customized micro-targeted political ads has created public outrage and raised criticisms of secondary use. Given this background, the purpose of this thesis is to explore impacts of organizations’ and service providers’ secondary use of personal information in order to draw conclusions related to how individuals’ attitudes are formed and what role secondary use plays in managing privacy.This research investigates user awareness and attitudes towards potential secondary uses of information. To pursue this, a multi-method qualitative approach using a descriptive questionnaire with 1000 European citizens and a total of 10 focus groups with 43 participants was employed. A qualitative content analysis using both inductive and deductive approaches was conducted to analyze the results. The conceptual framework employed in this thesis was genres of disclosure.The research results suggest that user awareness of the potential for indirect personal information disclosure was relatively low. It was consequently found that participant attitudes toward privacy and disclosure shifted from affective to cognitive when they experienced firsthand the potential inferences that could be made from their own data. Generally, the participant users only considered their direct disclosure of information; through observing potential indirect inferences about their own shared contents and information, however, the participants became more aware of potential infringements on their privacy.The study contributes to information privacy and information systems literature by raising understanding of the impacts of secondary use, in particular its effects on individual privacy management. In addition, this thesis suggests that information privacy is affected differently by direct and indirect uses. Its contribution to information privacy research is to complement previous methodological approaches by suggesting that if users are made aware of indirect inferences that can be made from their content, negative affective responses decrease while cognitive reactions increase through the processing of information related to their disclosure genres. The reason is that indirect use of information inhibits the negotiation of information privacy boundaries and creating unresolved tensions within those boundaries. Cognitive awareness of inferences made to individual information significantly affects the privacy decision-making process. The implication is that there is a need for more dynamic privacy awareness mechanisms that can empower users by providing them with increased awareness of the indirect information they are sharing.