Paper – Marketing Research

Research Paper on
Data privacy concerns and awareness among
users

Submitted to:
JRF Ms. Neha Singh

Submitted by:
Nidhi Bharti(14)
Suraj K Rai(28)
Vivek k Shakywar(34)
MBA 2019-21 Sec A

University Business School

Panjab University, Chandigarh
 Contents
Abstract ...................................................................................................................................... 3
Introduction: .............................................................................................................................. 4
Problem analysis/literature review: ............................................................................................ 5
Background of privacy and data protection ........................................................................................ 5
Need for study: ........................................................................................................................... 7
SCOPE OF THE STUDY ........................................................................................................... 7
Research aims and purpose of the study ..................................................................................... 8
Research Methodology................................................................................................................ 8
Conceptual Model ............................................................................................................................... 8
Objective of study ............................................................................................................................... 8
Research Questions ............................................................................................................................. 8
Hypothesis of study............................................................................................................................. 9
Research Design.................................................................................................................................. 9
Measurement Scales and Instruments ............................................................................................... 10
Sampling ........................................................................................................................................... 10
Data Analysis .................................................................................................................................... 10
 Abstract
Privacy is often cited as essential to freedom of expression and democracy and, as such, has
an important impact on our wellbeing. But privacy is no longer confined to the physical space
behind our kitchen curtains or the basic anonymity of who we voted for in the last election.
As lines between the ‘real’ and ‘connected’ worlds continue to blur, online data privacy
becomes an increasingly significant part of our individual privacy tapestry.

The challenge of understanding privacy in a digital age is complex. How we view data
privacy can be highly individualised and the resulting motivations, perceptions and behaviour
can be equally diverse. There is reason to believe that the implementation of the General Data
Protection Regulation (GDPR), which starts to reassert citizens’ right to control, as well as
the significant media attention that recent data scandals have rightly received, will provide an
important catalyst for conversation, recognition and action. Long-term implications on public
understanding are as yet unclear.

However, despite the ever-growing significance of online data privacy, we often don’t have a
clear understanding of what the Indian public/millennials really thinks about this issue or how
they actually behave with their data.

This study aims to understand the awareness Indian millennials have with regard to their data
privacy online and data protection laws. It also looks at deciphering millennial attitudes
towards their data- are they concerned about their data privacy, do they indulge in risky
behaviours online and are they willing to trade data for benefits on the internet.
 Introduction:
The internet has revolutionized the world of communication with its world-wide broadcasting
capacity (Leiner et al.,2003). Today, the Internet is the most preferred medium of
communication. People shop, exchange photos and message, learn, work and even receive
medical consultations on the internet (Kaplan and Haenlein, 2010; Pitkänen & Tuunainen,
2012). A report by the international Telecommunication Union (ITU), a United Nations body,
states that out of the current world population of 7 billion people, almost 3.2 billion people
use the Internet (Itu.int, 2018). In India, almost 53.66% of people access the internet, with
85% of Internet users between the age group of 12-40 using internet on a daily basis .

Technological advancements have birthed organizations such as Facebook, snapchat and

Spotify who are known as “pure play digital companies” and provide services only through
the internet (Bharadwaj et al., 2013). These platforms are used by people worldwide for the
purpose of connecting people, communication, content sharing and much more.

These businesses collect and store consumer data, in digital format, in the course of business
operation (McAfee and Brynjolfsson 2012). This Data consist primarily of personal
information such as what type of products people buy, what are their likes and dislikes and
behavioural patterns has business value, as it can be utilized to tweak the company’s business
processes, product offerings and business strategy (Mitchell, 2016). Almost 90% of this
digital data was created in the last decade and is set to grow by 40% by the end of 2020 as the
number of internet users rises (Eggers, Hamill and Ali, 2013).

Data are measured, collected and reported, and analysed, whereupon it can be visualized
using graphs, images or other analysis tools. Data as a general concept refers to the fact that
some existing information or knowledge is represented or coded in some form suitable for
better usage or processing. The amount of data created each year is growing faster than ever
before. By 2020, every human on the planet will be creating 1.7 megabytes of information
each second. In only a year, the accumulated world data will grow to 44 zettabytes (that’s 44
trillion gigabytes)! For comparison, today it’s about 4.4 zettabytes.

While this data is driving efficiency and innovation on one hand, it is raising privacy
concerns on the other(Tene,2010). As data grows, the job of protecting privacy and security
online becomes more complex. Consumers, in order to avail of full benefits of online
transactions, such as the ease and speed of processing an online order, trade off by allowing
companies access and use of private data (Feldman, 2000) .The companies who hold this
data, build vast data bases of consumer behaviour, mine this data to extract and create
behaviour profiles (Rygielski, Wang and Yen, 2002). Most companies usually de-identify this
data during analysis but over the last few years, findings have emerged that this encrypted
data can be re-identified and therefore is a cause for concern (Ohm, 2010) .The issue of
online privacy is aggravated due to the structure of the internet with the absence of “Physical
Indicators” of violation of privacy that are observable and apparent to human senses and as
newer technologies emerge, weaving themselves deeper into people’s lives, there is an
erosion of the concept of “personal space (Bellotti, 1997).

This research examined the attitudes and awareness levels of Irish millennial consumers on
the internet. The aims of this research were to understand how aware these millennials are of
their being collected and used. It also looked at their behaviours and attitudes towards their
data.

Problem analysis/literature review:

This chapter discusses and critically assess the literature behind different concepts such as
privacy, data protection, millennials consumers and the internet, their attitudes and awareness
levels towards their personal data. The literature review with regard to Privacy and data
protection will begin with an exploration of the origin of concepts of “Privacy” and “data
protection” and trace the evolution of these concepts with the emergence of the internet. It
will then outline the legal framework on privacy and data protection currently in place in
India for consumers on the internet

Background of privacy and data protection

Privacy- The concept of privacy has had an important role in sociological, political,
economic, religious studies from antiquity to the modern world. The concept of privacy can
be found in Aristotle’s books on politics, John Locke’s works in the 1600’s on public and
private property, where the authors create distinctions between public and private spaces and
denote the latter as an aspect of p privacy (DeCew, 2016). Samuel D. Warren and Louis D.
Brandeis stated that every individual was entitled to privacy of body and mind and this right
came with enforceability, a right today known as the right to privacy (Warren & Brandeis,
1890).
Westin, considered to be the pioneer of the modern concept of privacy defined it as the claim
of an individual or a group or organization to determine, when, how and to what extent can
information about them be communicated to others (Westin, 1967)

Several academics in various field have attempted to provide subject relevant definitions of
privacy that range from the subject of moral ethic to medical privacy, yet there is no agreed
upon, universal definition of privacy in academic research (Dinev, Xu, Smith & Hart, 201;
Goodwin, 1991; Nowak & Phelps, 1995) leading to the conclusion that the concept of privacy
is multi-dimensional (Burgoon et al, 1989) and that the term privacy can be understood to be
an umbrella term that covers a wide range of interest and can be broadly be divided into
constitutional or decisional privacy which relates to a person’s liberty to make his own
choices on matters intimate or personal such as marriage or contraception and information
privacy- which refers to a person being able to control the access to his personal data
(DeCew,1997).In the course of this research, information privacy is being referred .

However, the introduction and accessibility of internet has furthered the scope of Information
privacy or data privacy to include the digital environment and today, Information privacy
deals with the interest of individuals in holding control over what information about them
could be circulated on digital platforms (H. Jeff Smith, 2011)

Data protection:

Data protection is described as the legal control exerted against improper access and usage of
an individual’s personal information by a third party. This term was coined in Europe to
initially refer to privacy protective legislation (Swire and Ahmad, 2012) . Data protection
laws can be dated back to the 1970’s when processing of individual data became widespread
amongst business organizations and laws regulating this seemed necessary (Cate, 1995). The
Data protection commission in India outlines data protection in layman terms as process
where a company or person handling an individual’s personal data has a duty to keep such
data private and safe (Dataprotection.ie, 2018).

Data privacy laws and regulations vary from country to country and even from state to state,
and there's a constant stream of new ones. China's data privacy law went into effect June 1,
2017. The European Union's General Data Protection Regulation (GDPR) went into effect in
2018. Compliance with any one set of rules is complicated and challenging.

Coordinating among all the disparate rules and regulations is a massive task. Being out of
compliance can mean steep fines and other penalties, including having to stop doing business
in the country or region covered by the law or regulation.
For a global organization, experts recommend having a data protection policy that complies
with the most stringent set of rules the business faces, while, at the same time, using a
security and compliance framework that covers a broad set of requirements. The basics of
data protection and privacy apply across the board and include:

 safeguarding data;
 getting consent from the person whose data is being collected;
 identifying the regulations that apply to the organization in question and the data it
collects; and
 Ensuring employees are fully trained in the nuances of data privacy and security.

Need for study:

Studies indicate that the number of internet user’s in India is growing, with millennials
leading the usage. Almost 98% millennials users logging into the web on a frequent basis
(Central statistics office, 2017). They also demonstrate that while most millennials, spend
most of their time on the net, they aren’t fully aware of who and what monitors/ saves/ uses
their activities on the net. The government has taken several measures to protect population’s
data on the internet by creating awareness programmes (Dataprotection.ie, 2020). However,
there are no studies indicating if these measures are successful. There is gap in literature
about the consumer’s awareness on what is created specifically for them. Millennials, are the
largest group of users on the internet and are therefore most likely to suffer violations of data
privacy. Yet there are no studies that specifically address their awareness levels or target their
understanding of these concepts. Understanding their awareness levels and attitudes data will
enable the governments to formulate better strategies to improve awareness amongst them.
Millennials are digital natives and there is significant evidence that indicates that they learn
differently, understand privacy differently and have unique world views (Taylor, 2012).
Traditional methods of generating awareness wouldn’t work on them. Therefore, to address
these gaps in literature, this study is undertaken.

SCOPE OF THE STUDY

This paper is based on primary data collected through questionnaires from users of online
courses. The questionnaire design is built up to understand how much users understand and
know about data privacy and what their perception about data security is. So basically it
states that with the help of the questionnaires we will know about the consumer’s awareness
for their personal data.

Research aims and purpose of the study

This study seeks to understand how millennial consumers on the internet view their digital
data. As highlighted in the literature review, there appears to be arguments supported by
evidence for both sides of the spectrum, with some studies indicating that millennials
consumers are increasingly aware and concerned about data privacy and protection and are
actively seeking to enforce the same, while other sides show that there is a merely prima facie
awareness of these concepts amongst millennials Indian consumers.

Research Methodology

Conceptual Model

The existing literatures very well describe the phenomenon of Privacy Paradox existing in
our society and have successfully been able to discover the reason behind the existence of
such paradox up to an extent. However, it’s extremely important to find which kind of people
are truly facing these privacy issues as well as getting affected by them. Hence this research
work will focus on trying to answer the above stated questions and draw implications of the
same as well.

Objective of study

As the research intends to gain insight on the current situation in India amongst millennial
consumers on the internet, the following objectives have been set out to answer the primary
research question based on themes identified within existing literature on the subject.

1) To determine the extent of millennial consumers awareness of how their personal data
is collected and used on the internet.
2) To investigate their knowledge levels of data privacy rights and data protection
measure available to them.

Research Questions

1) Which kind of people are really facing privacy issues and which kind of people are
least affected by it?
 2) In what ways has the privacy of people been affected as a result of the usage of
internet and mobile phones?
3) Do they take risk with regards to personal data on the internet?
4) Are they protective of their personal data or are they willing to compromise this for
perceived benefits?

Hypothesis of study

H0 : Individuals are concerned about privacy concerns with increasing technology.

H1 : Individuals are not concerned about privacy concerns.

Research Design

Nature: The proposed study is of exploratory nature. As the term suggests, exploratory
research is often conducted because a problem has not been clearly defined as yet, or its real
scope is as yet unclear. It allows the researcher to familiarize him/herself with the problem or
concept to be studied, and perhaps generate hypotheses (definition of hypothesis) to be tested.
It is the initial research, before more conclusive research (definition of conclusive research) is
undertaken. Exploratory research helps determine the best research design, data collection
method and selection of subjects, and sometimes it even concludes that the problem does not
exist.

Another common reason for conducting exploratory research is to test concepts before they
are put in the marketplace, always a very costly Endeavour. In concept testing, consumers are
provided either with a written concept or a prototype for a new, revised or repositioned
product, service or strategy. Exploratory research can be quite informal, relying on secondary
research such as reviewing available literature and/or data, or qualitative approaches such as
informal discussions with consumers, employees, management or competitors, and more
formal approaches through in-depth interviews, focus groups, projective methods, case
studies or pilot studies. The results of exploratory research are not usually useful for decision-
making by themselves, but they can provide significant insight into a given situation.
Although the results of qualitative research can give some indication as to the "why", "how"
and "when" something occurs, it cannot tell us "how often" or "how many". In other words,
the results can neither be generalized; they are not representative of the whole population
being studied.

Nature of Data:
•The data collected for the research purpose is of primary nature. It means the data collected
first hand by using the questionnaire method.
•While the data put into the introduction and the research methodology section of the report is
of secondary nature.
Scope: All the respondents will be from different geographical regions.

Measurement Scales and Instruments

Scales used will be Name, gender, age, Phone technology, personal interest which will be
mixture of Nominal, Ordinal and ratio.
Instruments used for collection of data will be questionnaires.

Sampling

Sample Size: A sample size of more than 500 respondents (tentative) from different locations
is expected by us to collect their responses.

Sampling Method: Sample size is the number of respondents chosen to represent the
population being studies and the sampling technique is the method used to pick up these
participants (Newman, 1998). The technique used in this study is probabilistic sampling,
which rely on random selection and not depends upon researcher’s approach.
Simple random sampling method was adopted. Basically, google form with questionnaire
was sent to various WhatsApp groups, message boxes and also through emails.
Also, the sampling was convenience sampling, since the first 500(tentative) people who filled
this questionnaire, their responses has been used to conduct this research.

Data Analysis

In this study, the data collected will be analysed using “thematic analysis”. Thematic
analysis is a method of data analysis, where data is systematically studied and common
reoccurring ideologies relevant to the research topic are identified and interpreted. This
process revolves around identifying a pattern amongst the data and interpreting it.
Thematic analysis is a widely used method of analysis in qualitative research. In 2006 Braun
and Clarke published an article that described to novice researchers how to use thematic
analysis in a step-by-step manner. Braun and Clarke (2006) state that thematic analysis is a
foundational method of analysis that needed to be defined and described to solidify its place
in qualitative research.
The research work will initiate through an online questionnaire that would primarily be
focused on research questions stated above. The data collected from these questionnaires
could then be used in research methodologies such as Cluster analysis or conjoint analysis.
 Conjoint analysis: The questionnaires can carry privacy as one of the attributes and using
conjoint analysis the above stated research questions can subsequently be acknowledged.

References:
1. Awad and Krishnan (2006). The Personalization Privacy Paradox: An Empirical
Evaluation of Information Transparency and the Willingness to Be Profiled Online for
Personalization. MIS Quarterly, 30(1), p.13.
2. Barnes, S., B. (2006) A Privacy Paradox: Social Networking in the United States
[Electronic Version]. First Monday, 11 (9).
http://www.firstmonday.org/ISSUES/issue11_9/barnes/ (Accessed 12 sep. 2020).
3. Carmichael, S. (2014). Do Millennials Believe in Data Security? Harvard Business
Review. [online] Available at: https://hbr.org/2014/02/do-millennials-believe-in-
datasecurity#comment-section [Accessed 12 sep. 2020]
4. Online Data Privacy from Attitudes to Action: an evidence review by Ipsos MORI
Scotland for Carnegie UK Trust.
5. Privacy in India: Attitudes and Awareness V 2.0 by Indraprastha Institute of
Information Technology, Delhi
6. DeCew, J. W., 2016. Privacy and Its Importance with Advancing Technology. 42
Ohio Northern University Law Review, Issue 42, pp. 471-492.
7. Kumaraguru, P., and Cranor, L. Privacy in India: Attitudes and Awareness. In
Proceedings of the 2005 Workshop on Privacy Enhancing Technologies (PET2005)
(30 May - 1 June 2005).