CREATe is happy to announce the publication of a new paper ‘Tell me more, tell me more: repeated personal data requests increase disclosure‘ by Piers Fleming and colleagues at the University of East Anglia in the Journal of Cybersecurity, Volume 9, Issue 1 2023.
The paper examines whether the repetitive nature of data requests changes consumers’ behaviour but not their concerns about the use of personal/sensitive data. Based on the privacy paradox, the researchers analyse whether these repeated data requests may lead consumers to do things – such as share personal information – that they would not otherwise want to do. According to the authors, this could happen ‘partly because of the complexity and uncertainty around the costs, benefits and consequences of personal data-sharing—which is technologically, legally and logistically complex.’ Theoretically, they based their analysis in the ‘foot in the door’ (FITD) research, where small initial requests facilitate subsequent larger requests. For the purposes of this paper, two studies investigated repeated requests for personal data. An initial laboratory study analysing incentivised requests for real data found greater willingness to disclose on the second request. A second study, using the same methodology but with hypothetical data requests, replicated this effect.
This research was conducted as part of the project ‘The Value of Personal Data Privacy: an experimental approach‘ and funded by CREATe (New Funds Projects 2012-2018).
Tell me more, tell me more: repeated personal data requests increase disclosure
Abstract
Personal data is of great commercial benefit and potential sensitivity. However, for the consumers who provide their personal data, doing so comes with potential costs, benefits and security risks. Typically, consumers have the option to consent to the use of personal/sensitive data but existing research suggests consumer choices may only be weakly related to their concerns (the privacy paradox). Here, we examine if the repetitive nature of data requests alters behaviour but not concern, therefore, explaining the divergence. This work is theoretically grounded in ‘Foot in the door’ research in which small initial requests facilitate subsequent larger requests. An initial laboratory study asking for real, personal data demonstrated increased information disclosure at a subsequent request. A second online study replicated the increased information disclosure effect and found no change in associated privacy concern. We find this supports foot-in-the-door as one explanation of the privacy paradox. We suggest ways for businesses and consumers to encourage an acceptable level of disclosure to match personal beliefs for mutual trust and benefit.