Skip to content

The effect of fear appeals on online privacy protection behavior

research areas

Behavioral cybersecurity
Law

timeframe

2022 - 2025

contact

ebet@zhaw.ch

It has been shown repeatedly that the degree to which individuals are willing to disclose personal information appears to be independent or only weakly related to their individual privacy concerns or their intentions. In the domain of data privacy, this gap between attitudes and intentions on the one hand and actual behavior on the other hand has been termed the “privacy paradox”.

The project is located at the intersection between human-computer interaction and psychology and proposes to design and evaluate a risk-oriented communication approach based on fear-inducing arguments for data processing practices of organizations. Our goal is to study the effectiveness of risk-oriented communication based on fear appeals on individuals’ actual online privacy protection behavior. Fear appeals are persuasive messages that communicate threats to elicit protection motivation among recipients. The protection motivation theory (PMT), which was originally devised in the area of health prevention research and is now applied in information security, will serve as the basis for our hypothesis. The basic idea behind PMT is that persuasive and fear-inducing forms of communication may result in a heightened protection motivation at the individual level when adequate coping opportunities exist.

Aim

In the domain of data privacy, there is a gap between people’s attitudes and intentions, and their actual behavior, termed the “privacy paradox”. One of many potential explanations for this phenomenon is that communication towards individuals in practice does not address privacy risks associated with personal information sharing.  Fear appeals are persuasive messages that communicate threats to elicit protection motivation among recipients. The aim of this project is to study the effectiveness of risk-oriented communication based on fear appeals on individuals’ actual online privacy protection behavior.

Approach

The project is located at the intersection between human-computer interaction and psychology and proposes to design and evaluate a risk-oriented communication approach based on fear-inducing arguments for data processing practices of organizations. The protection motivation theory (PMT) will serve as the theoretical basis for our hypotheses.  To narrow down the scope of the project, we will focus on a specific type of threat to online privacy, namely browser cookies and online tracking, which are increasingly used privacy-invasive techniques found on many websites. To address our research question, we will use a mixed-method approach including an online experiment to collect empirical data on individuals’ protection behavior when confronted with potential threats imposed by cookies.

Relevance

The results of this research will not only be beneficial to the field of information privacy and help to further explain the privacy paradox. They will also contribute to the related field of information security because empirical data on actual behavior – rather than mere behavioral intentions – will be collected. Furthermore, our project will also likely have a broader impact that may affect individuals, organizations and policy makers. In contrast to long and complex privacy policies as means of privacy communication, privacy information that focuses on the communication of threats in individual privacy-decision making may be more effective at supporting individuals to decide in accordance with their privacy attitudes and intentions, thereby fostering individual protection behavior.