Privacy Policies Versus National Culture and Legislation on the Internet
Privacy concerns are frequently cited as an impediment to the development of consumer trust in online transactions. Privacy is a complex, subjective quality, affected by numerous factors including technological advances, ethnic culture and legal tradition. We assume that users attempt to apply mental models, in the form of behavioral expectations, to the privacy implications of their online transactions. However, this is only useful when norms of behavior exist between websites, allowing users to predict their actions. We present a large-scale empirical study of privacy-sensitive actions on the Internet, which aims to determine if norms of behavior have emerged for website operators worldwide, or within different cultures. Our study is based on an automated analysis of P3P documents posted on the 100,000 most popular websites (as ranked by Alexa.com). The results of the analysis indicate that the adoption of P3P, as well as specific company policies, varies across cultural dimensions. The analysis also suggests that discrepancies exist between a culture's concern for information privacy and the adoption of privacy enhancing technologies within that culture. Finally, we find that legal frameworks have had little success in creating standard practices for privacy-sensitive actions. These findings are important guidelines for the future development of both privacy enhancing technologies and privacy protection legislation.