The emergence of the internet has resulted in a wide range of positive benefits in our society. However, one of the main concerns of internet use relates to privacy and how companies collecting customers’ information safeguard them to prevent the risks of losing them to untrusted individuals. The studies main study research questions include the privacy concerns raised by internet users, especially online shoppers, what are the measures that organizations are taking in addressing the privacy concerns raised by customers, and the legal and legislations that the government has instituted to ensure that companies, especially those on e-commerce platforms do not violate their customer’s.
Keywords: privacy, internet, e-commerce, legislations
Internet and Privacy
The emergence of the internet is one of the technological advancements that have brought numerous changes in individuals’ general way of living. When analyzing the changes brought by the internet, it typically goes beyond instant messaging through various social media websites such as Facebook (Boerman et al., 2018). Our lives are centered on the internet, especially in doing different activities, including banking, booking commercial flights, and e-commerce, one of the recent trends in contemporary society. Many people depend on the internet to shop, place orders for different commodities, and even pay bills (Boerman et al., 2018). Despite the massive advantages linked to the internet, one question that rings in the mind of every person is how secure personal information is and who manages this data. Ranging from instant messaging, emailing, and making phone calls, it all translates to data. With the emergence of the internet, most people live in the shadow of privacy violation and constant worrying.
When analyzing the corporate sector, businesses rely on the information they collect from their customers to strengthen their brands. However, it is critical to ensure that they continuously maintain their brand image, maintain confidentiality, and assure their customers of the total protection of their information (Büchi et al., 2019). Privacy issues are one of the primary concerns among internet users hence forcing organizations to take the initiative measures geared towards strengthening their data storage mechanisms. Büchi (2019) note that despite most online users raising privacy concerns, most regulators still face hurdles in developing legislations that can adequately cover privacy concerns on the innovations. Due to such failures, it has led to the formation of ineffective legislation being passed in place of the current innovations, thus putting customer data at a greater risk of being hacked or stolen.
One of the primary mechanisms adopted by organizations, especially those on e-commerce platforms, is creating user-privacy policies. The existing privacy policies often inform the user when their data is about to be used, hence the need to grant permission. Some internet users do not have the necessary skills needed to use the internet effectively; as a result, although some of these policies may be provided, some people may be too busy to pay attention to them, or some of them intentionally skip them, an indication that the policies are not doing much in ensuring the privacy of its users. Online shopping is one of the areas that is currently gaining recognition in different spheres. Since data is often collected in almost every step when doing any online transaction, online shoppers need to be assured of their privacy.
In the modern era where different age groups widely use the internet, most people easily give out their data with the aim of accessing these services. However, most people do not carefully read the disclaimers or the privacy policies regarding how a given company may use its data. Since internet privacy is part of data privacy, it is imperative to take precautionary measures to prevent data from leaking. A study by Janakiraman et al. (2018) notes that the data collected from customers serve essential functions in a company. Schneir further states that the information collected from internet users is often collected, compiled, analyzed, and used to improve the effectiveness of how an organization delivers its services to its customers. Based on such aspects, ensuring that one’s privacy is assured when accessing social media is a huge deal. Furthermore, with the emergence of a variety of Internet of Things (IoT), it means that more data is also being generated annually (Janakiraman et al., 2018). Although not all these data can leak to the dark market, some organizations can use it to understand customer behaviors and, in turn, provide personalized advertisements centered on the learned behaviors. Unfortunately, most individuals who use the internet do not understand much about internet privacy laws and how some of the data they share online can be used without their consent. Most individuals are also primarily concerned with ease of use and hence may disregard the following steps that would ensure their data is adequately protected (Janakiraman et al., 2018). This leads us to the question of who is responsible for ensuring internet privacy and the dangers of not having measures that will ensure privacy. Therefore, there is a need to educate individuals in private and public corporations about the possible risks that may arise if stringent measures are not taken to protect the privacy of their customers. Based on such aspects, corporations that heavily rely on the internet to provide services to their users need to develop user-friendly technologies that will give their customers the opportunity of deciding and adjusting how much data they can willingly share while performing any transaction.
Data collected from online users are likely to be hacked and leaked into the black market if the necessary privacy measures are not instituted.
- What are the primary privacy concerns related to data collected and generated by the internet, especially among online shoppers?
- How can companies offering services over the internet handle privacy concerns among their users?
- What are some of the safety, legal and ethical obligations linked to the maintenance of online data privacy?
Development of the Thesis in this Research
The extent to which people benefit from internet resources is highly dependent on the level of them disclosing their information to third parties. However, with the wide range of consumer data being readily available on different platforms, this raises the risks connected with clients losing privacy or their privacy being violated through constant surveillance. As a result, to effectively develop my thesis, my discussion will focus on discussing the primary privacy concerns among online shoppers. The second part of the discussion will be on the strategies used by companies offering their services online to handle privacy concerns among its user. Finally, the last part of the discussion will be on the analysis of the safety, legal and ethical obligations directly linked to the maintenance of online data privacy. A detailed review of the existing secondary sources revolving around this subject area will be included to ensure that the three outlined areas are adequately addressed. Additionally, studies published not more than ten years ago will be considered for inclusion in this study.
Primary Concerns Related to data collected and generated by the internet among online shoppers
The present global economic mayhem has resulted in significant change mechanisms of spending among different consumers. Most individuals have developed a mechanism regarded as the economy of fear since they are constantly being exposed to uncertainties and shocks, leading to an array of emotional responses (Auxier et al., 2019). When analyzing these changes, essential drivers or motivators push consumers to change their habits. With the emergence of the internet, many individuals had to adjust their lifestyles to fit into modern trends. Since privacy is a major concern among online users, Büchi et al., 2017 not that a large section of consumers who value their privacy may take part in more protective behaviors such as reading disclaimers and avoiding subscribing to advertisements that require the disclosure of confidential information (Büchi et al., 2017).
Fortes 2016 notes that information privacy is an aspect that should be primarily embraced in the online shopping environment. Online privacy denotes a person’s ability to control all the conditions by which their personal information is collected and used by third parties. One of the effective tools that can be used to measure privacy concerns among users is the concern for the information privacy scale (Fortes & Rita, 2016). Fortes 2016 notes that this scale has five major parts, including collecting huge chunks of person and storing. The second part is unauthorized secondary use, improper access, and errors. With many people currently relying on the internet to do their shopping, the attention of the Federal Trade Commission (FTC) has been captured (Fortes & Rita, 2016).
A study conducted by the Pew Research Centre indicates that a large section of Americans are often concerned with how businesses will use their information. As a result, this has reduced their trust in these organizations and the willingness to disclose their personal information to the companies in which they are about to perform an interaction. According to Gurung (2021), consumers, on most occasions, have concerns relating to how websites manage their personal information. Although trust is one of the major privacy concerns, Hong & Thong (2015) note that privacy concerns on online trust can be influenced by a wide range of aspects, including gender, age, and education levels. An online shopper who is well educated about privacy aspects while using the internet will take the relevant precautionary measures.
When consumers constantly worry about how an organization will use their personal information, it greatly reduces the likelihood of transacting in the online environment. The reduction in the number of individuals transacting online due to trust issues is one of the primary factors preventing e-commerce from flourishing.
Duţu (2014) notes that trust in e-commerce relates to the beliefs or expectations that a given consumer can believe the retailers’ words. In return, the retailers will not take advantage of their vulnerability by trying to manipulate their information. According to a model developed by Lee & Turban (2015), trust from online shoppers is hugely dependent on four main determinants: trustworthiness of the merchant, internet shopping medium, internet shopping contextual factors, and security of the infrastructure. Furthermore, Fortes note that lack of trust negatively influences perceived risk, which significantly influences the consumer’s purchasing behaviors and vice versa (Duţu (2014).
A study conducted by Auxier et al. (2019) indicates that a large section of U.S citizens do not trust that American companies are good stewards of protecting the consumer’s persona data. Approximately 70 percent of Americans affirm that they do not trust U.S Corporations since they do not securely store their information (Auxier et al., 2019). Apart from trust, 72 percent believe that U.S corporations that have majored in e-commerce use the collected data to track them. Additionally, with the customer’s information being channeled directly to an organization’s website, chances of hacking are also high. As a result, this has often pushed most of them to manually walk-in stores and purchase the products they require without sharing their information on the internet (Auxier et al., 2019).
How Companies handle internet Privacy Concerns from their users
Breaching customers’ data from organizations is a topic that has been hitting the headlines over the past decades. As a result, most individuals have strived to take control of their data BY restricting what they share with organizations where they are required to give their personal information. Although companies collecting personal information may have good intentions, such as using the information to improve their brands, some use this information to have a deeper understanding of their customer’s religion, health issues, political beliefs, ethnicity, sexual orientation. Some of this information is often personal, and if another person gets access, it may contribute to detrimental impacts.
A study by Janakiraman et al. (2019) indicates that approximately 5,183 data breaches were reported towards the end of 2019, exposing the customer’s information to compromised records. This, therefore, calls for organizations to institute the necessary corrective measures. In research, most scholars strive to protect their customers from harm by requesting their consent before using any of their information (Janakiraman et al., 2019). However, in the modern era where most transactions are conducting their activities online, most companies are using information from their customers without their consent.
Due to the privacy concerns raised by customers, companies have instituted several measures to aid in addressing them. For instance, organizations have instituted different internal review boards that help assess and evaluate to what extent they can use their customers’ information without compromising their privacy (Janakiraman et al., 2019). In addition, in situations where organizations can predict the sexual orientation of their customers through facial recognition, the organization has made it voluntary for customers to include them when necessary and not through coercion or strict organizational rules.
Binary Authentication Systems
One of the last and most crucial strategies organizations use to help address privacy concerns raised by their customers is through the use of various authentication systems. Although companies’ information systems are also at risk of being attacked and losing customer’s information, the modern security systems come with various inbuilt security measures that are designed to ensure that their customers operate in a secure environment and that they do not worry about the probability of their data being lost to hackers or being used by organizations (Wu et al., 2010). On most occasions, customers can lose their information since an attacker can easily compromise and modify executable codes, making it difficult for the organization to make any further changes to the file system. As a result, organizations adopting binary authentication systems helps their customer’s data to remain intact through binary content authentication and binary location authentication (Wu et al., 2010).
Regarding binary content authentication, it helps ensure that a given binary has not been tampered with. This, in turn, minimizes the chances of personal information being confused with another one or leaking out. However, organizations need to ensure that both the files containing customer data and shell binaries are well authenticated. If this is not done effectively, it may provide an avenue for an attacker to easily swipe their pathnames and gain access to particular customer information that is needed (Wu et al., 2010).
The central systems that can provide effective binary authentication are Unix/Linux. The effectiveness of these systems has been backed up by studies conducted by Apriville et al., 2004: Pu & Yang, 2011 and Williams, 2002). However, the remaining systems only offer one or two privacy authentication guarantees hence the need for organizations to institute further measures that will prevent privacy breaks (Wu et al., 2010).
One aspect that makes binary authentication systems ensure their users’ privacy is attributed to the fact that their operating systems are effective in preventing the execution of a given code due to buffer overflow. This process is achieved through the use of hardware-based data execution protection (Wu et al., 2010). As a result, when an organization combines stack protection with binary authentication, it is difficult for an attacker to gain access to personal information. Additionally, this technique makes it impossible for the information to leak or be accessed by third parties, and this serves as one of the ways through which companies can gain the trust of their customers.
To ensure that a binary authentication system is effective, it needs to be flexible and effectively operate under different conditions that they are subjected to. One example of such a system is the HMAC construction: a prototype that uses fingerprint binaries. As time progress, the merging issues over the internet make it necessary for organizations to institute the necessary changes to keep with the pace (Wu et al., 2010). As a result, an organization should constantly maintain its software and discover vulnerabilities. By doing so, customers will be assured of the safety of their information, which will influence the chances of them using online services. In the long run, it will help in the success of businesses operating in the online environment (Wu et al., 2010).
Safety, legal and ethical obligations linked to the maintenance of online data privacy?
Different countries have instituted various policies and laws geared towards safeguarding their users’ privacy and regulating how different organizations should handle their customers’ information. When talking about regulating, it denotes the government’s interventions to help address the existing market deficiencies and failures. The online environment is filled with various inefficiencies; as a result, failure to be adequately regulated by the government may make it impossible to incentivize service providers to respect their users’ privacy (Nyoni et al., 2020). Furthermore, most organizations operating on e-commerce platforms are likely to misuse their customer’s information for purposes other than business. As a result, the instituted regulations help gather information, establish standards, and change how the online environment should operate. This is an essential step since customers have sensitive data that needs to be adequately protected (Nyoni et al., 2020).
One of the laws that effectively protect customers’ information in the United States is the Electronic Communications Privacy Act (ECPA). According to this law, the government or other establishments cannot access electronic communications and personal records such as emails, social media chats. This law has different aspects of privacy, including what the government can lawfully do or not.
Before the emergence of this law, the Omnibus crime control and safe streets act, developed in 1968, was mainly geared towards safeguarding the information that could be heard or understood by the ear, such as telephone conversations or wire-based on public systems microphones (Nyoni et al., 2020). However, this Omnibus law did not address data protection from emerging technologies such as the internet and conversations made by cordless telephones. With the emergence of new technologies, a wide range of uncertainties predisposed to online users necessitated the formation of the ECPA. The formation of ECPA expanded the list of crimes that are justified under the law to be intercepted by law enforcement agencies if companies breach them. The incorporated adjustments limit companies from accessing customers’ emails without their consent and prohibit any interferences that may be made on personal data (Nyoni et al., 2020).
Apart from the United States, other countries such as South Africa and Australia have also instituted measures towards protecting information produced over the internet by its users. A study conducted by Ntaluba 2018: Roos 2016 indicates that customer privacy is a right; as a result, they dedicate vast amounts of financial resources to the relevant regulatory bodies to help uphold customer privacy (Nyoni et al., 2020). Different frameworks have been proposed to address this issue effectively to ensure that this issue is well addressed. For instance, the National Cybersecurity Policy Framework (NCPF) 2015 and Cybercrimes Bill (CCB) help create cybersecurity structures that can aid in reducing threats and vulnerabilities posed on customers’ information. The CCB, in particular, was formulated to help in conducting an investigation related to cybercrimes and the use of customers’ information against their consent. Additionally, CCB Provides a bill that provides an organized approach to reporting any breaches and enforcing penalties on organizations that do not adhere to the outlined regulations.
The Australian government is one of the additional countries that have instituted various legislation geared towards safeguarding the privacy of all individuals whose information is likely to be misused by organizations. The Australian government believes that every citizen has the right to privacy; as a result, this has played a major role in the successful implementation of any laws relating to privacy. Australian privacy laws can be traced back to the 1980s. Since its formation, it has played an influential role in developing guidelines whose central role is in protecting the privacy and Transborder flow of personal Data (Moussa, 2015). The Australian government instituted further legislation in the subsequent years, with the most common one having been passed in 2014. According to the Federal Privacy Act enacted in 2014, it empowers people with more rights to protect their private information in this era of IoT. One of the central features that have made this Act successful is that it imposes enormous fines among companies and organizations that violate any of the Act’s clauses. Through the implementation of strict statutes, different governments are primarily concerned with maximizing is the duty of data protecting and enlightening their citizens regarding how data should flow in the different websites (Moussa, 2015).
Limitations in the Implementation Data Privacy Legislations
The implementation of various legislations and privacy laws is marred with a wide range of limitations. One of the major limitations relates to the unclear categories the law has on the elements of privacy. For instance, some of the clauses are geared towards protecting the telephone numbers of customers. However, this type of information is always linked to other types of personal information. As a result, when an organization links them to other databases, making it easy for an attacker to gain access to them. When such a case occurs, it results in a discount on the legal validity of a given clause (Moussa, 2015).
With such limitations being evident, the governments must strive to strengthen the legislation it makes, especially regarding protecting internet privacy. It should offer some forms of oversight on all corporate activities. Although some of these laws may be present, some organizations do not adhere to them and use their customer’s persona information without their consent (Moussa, 2015). Subsequently, the government, in collaboration with public law regulatory infrastructure, should oversee the implementation of the prevailing theories of how privacy can be effectively enforced in the different jurisdictions. When a government institutes laws geared towards safeguarding customer privacy, most organizations view this as a measure of preventing them from maximizing their profits. This is attributed to the fact that most of the collected information is used to enhance their products, which leads to an increase in their sales (Moussa, 2015).
To ensure that e-commerce does not develop such opinions, the government should strive to consult with other stakeholders on e-commerce platforms and advocacy groups to enlighten them on the scope of such laws. The cooperation between the cooperate sector and the government helps provide higher levels of privacy protection to its users and manage any risks involved (Nyoni et al., 2020). The policymakers also need to ensure that they know the specifics associated with the emerging technologies. Most policymakers approve technologies with a wide range of deficiencies, which predisposes its users and society at large to a wide range of risks. Lastly, the government also needs to ensure that it develops fair regulatory approaches and does not put most organizations towards the losing end. For instance, one of the proactive measures that the government can adopt is by encouraging industries to adopt self-regulation measures (Nyoni et al., 2020). By developing self-regulation measures, industries and the government can come together in implementing voluntary codes of conduct. This move will help ensure that organizations adhere to and embrace high moral standards when handling their customers’ information (Nyoni et al., 2020).
Based on the findings of this study, the results are in accordance with the stated hypothesis that states data collected online from customers can be leaked to third parties if the necessary protective measures are not taken into consideration. When customers have many privacy concerns regarding how organizations will use their personal information, they become reluctant to share it. As a result, they block all the possible avenues that an organization can use to gather the information that can be used to enhance their brands. As a result, this study is crucial since it helps in providing a detailed analysis of the privacy concerns consumers have concerning e-commerce sharing their personal information to their parties. Furthermore, the study has also offered a detailed analysis of the measures different organizations have instituted to safeguard the privacy of the information from their customers. Lastly, by providing a discussion regarding the legal concerns and legislative measures, it helps enlighten different groups, especially customers, regarding how the government is dedicated to safeguarding the privacy of its citizens.
The future implications of this study are that more consistent and reliable protective measures are instituted to ensure that all the gaps that can result in customers’ information being leaked or being used without their consent. The government should also provide more policies that are geared towards protecting the consumer’s privacy. When a scheme consisting of different interventions is included, it will limit the actions that data controllers can execute.
Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M., & Turner, E. (2019). Americans and privacy: Concerned, confused, and feeling lack of control over their personal information. Pew Research Center, 15, 175-190. https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/
Boerman, S. C., Kruikemeier, S., & Zuiderveen Borgesius, F. J. (2018). Exploring motivations for online privacy protection behavior: Insights from panel data. Communication Research, 0093650218800915. https://journals.sagepub.com/doi/full/10.1177/0093650218800915
Büchi, M., Just, N., & Latzer, M. (2017). Caring is not enough: the importance of Internet skills for online privacy protection. Information, Communication & Society, 20(8), 1261-1278.
Duţu, A. (2014). Understanding Consumers’ Behaviour Change in Uncertainty Conditions: A Psychological Perspective. In Handbook of Research on Retailer-Consumer Relationship Development (pp. 45-69). IGI Global.
Fortes, N., & Rita, P. (2016). Privacy concerns and online purchasing behavior: Towards an integrated model. European Research on Management and Business Economics, 22(3), 167-176.
Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The effect of a data breach announcement on customer behavior: Evidence from a multichannel retailer. Journal of Marketing, 82(2), 85-105. https://journals.sagepub.com/doi/abs/10.1509/jm.16.0124
Loader, B. D., & Thomas, D. (Eds.). (2013). Cybercrime: Security and surveillance in the information age. Routledge.
Moussa, M. (2015). Monitoring employee behavior through the use of technology and issues of employee privacy in America. Sage Open, 5(2), 2158244015580168.
Nyoni, P., Velempini, M., & Mavetera, N. (2020). Emerging Internet Technologies and the Regulation of User Privacy. The African Journal of Information Systems, 13(1), 1.
Wu, Y., Yap, R. H., Ramnath, R., & Halim, F. (2010). Establishing software integrity trust: A survey and lightweight authentication system for windows. In Trust Modeling and Management in Digital Environments: From Social Concept to System Development (pp. 78-100). IGI Global.