Paper – Marketing Research

Research Paper on
Data privacy concerns and awareness among
users

Submitted to:
JRF Ms. Neha Singh

Submitted by:
Nidhi Bharti(14)
Suraj K Rai(28)
Vivek k Shakywar(34)
MBA 2019-21 Sec A

University Business School

Panjab University, Chandigarh

Contents
Abstract...........................................................................................................................................3
Introduction:...................................................................................................................................4
Problem analysis/literature review:................................................................................................5
Background of privacy and data protection.......................................................................................5
Need for study:................................................................................................................................7
SCOPE OF THE STUDY...............................................................................................................8
Research aims and purpose of the study.........................................................................................8
Research Methodology....................................................................................................................8
Conceptual Model.............................................................................................................................8
Objective of study..............................................................................................................................8
Research Questions...........................................................................................................................8
Hypothesis of study...........................................................................................................................9
Research Design................................................................................................................................9
Measurement Scales and Instruments..............................................................................................10
Sampling..........................................................................................................................................10
Data Analysis..................................................................................................................................10
Survey conclusions........................................................................................................................11
Conclusions....................................................................................................................................15
 Abstract
Privacy is often cited as essential to freedom of expression and democracy and, as such, has
an important impact on our wellbeing. But privacy is no longer confined to the physical space
behind our kitchen curtains or the basic anonymity of who we voted for in the last election.
As lines between the ‘real’ and ‘connected’ worlds continue to blur, online data privacy
becomes an increasingly significant part of our individual privacy tapestry.

The challenge of understanding privacy in a digital age is complex. How we view data
privacy can be highly individualised and the resulting motivations, perceptions and behaviour
can be equally diverse. There is reason to believe that the implementation of the General Data
Protection Regulation (GDPR), which starts to reassert citizens’ right to control, as well as
the significant media attention that recent data scandals have rightly received, will provide an
important catalyst for conversation, recognition and action. Long-term implications on public
understanding are as yet unclear.

However, despite the ever-growing significance of online data privacy, we often don’t have a
clear understanding of what the Indian public/millennials really thinks about this issue or how
they actually behave with their data.

This study aims to understand the awareness Indian millennials have with regard to their data
privacy online and data protection laws. It also looks at deciphering millennial attitudes
towards their data- are they concerned about their data privacy, do they indulge in risky
behaviours online and are they willing to trade data for benefits on the internet.
 Introduction:
The internet has revolutionized the world of communication with its world-wide broadcasting
capacity (Leiner et al.,2003). Today, the Internet is the most preferred medium of
communication. People shop, exchange photos and message, learn, work and even receive
medical consultations on the internet (Kaplan and Haenlein, 2010; Pitkänen & Tuunainen,
2012). A report by the international Telecommunication Union (ITU), a United Nations body,
states that out of the current world population of 7 billion people, almost 3.2 billion people
use the Internet (Itu.int, 2018). In India, almost 53.66% of people access the internet, with
85% of Internet users between the age group of 12-40 using internet on a daily basis .

Technological advancements have birthed organizations such as Facebook, snapchat and

Spotify who are known as “pure play digital companies” and provide services only through
the internet (Bharadwaj et al., 2013). These platforms are used by people worldwide for the
purpose of connecting people, communication, content sharing and much more.

These businesses collect and store consumer data, in digital format, in the course of business
operation (McAfee and Brynjolfsson 2012). This Data consist primarily of personal
information such as what type of products people buy, what are their likes and dislikes and
behavioural patterns has business value, as it can be utilized to tweak the company’s business
processes, product offerings and business strategy (Mitchell, 2016). Almost 90% of this
digital data was created in the last decade and is set to grow by 40% by the end of 2020 as the
number of internet users rises (Eggers, Hamill and Ali, 2013).

Data are measured, collected and reported, and analysed, whereupon it can be visualized
using graphs, images or other analysis tools. Data as a general concept refers to the fact that
some existing information or knowledge is represented or coded in some form suitable for
better usage or processing. The amount of data created each year is growing faster than ever
before. By 2020, every human on the planet will be creating 1.7 megabytes of information
each second. In only a year, the accumulated world data will grow to 44 zettabytes (that’s 44
trillion gigabytes)! For comparison, today it’s about 4.4 zettabytes.

While this data is driving efficiency and innovation on one hand, it is raising privacy
concerns on the other(Tene,2010). As data grows, the job of protecting privacy and security
online becomes more complex. Consumers, in order to avail of full benefits of online
transactions, such as the ease and speed of processing an online order, trade off by allowing
companies access and use of private data (Feldman, 2000) .The companies who hold this
data, build vast data bases of consumer behaviour, mine this data to extract and create
behaviour profiles (Rygielski, Wang and Yen, 2002). Most companies usually de-identify this
data during analysis but over the last few years, findings have emerged that this encrypted
data can be re-identified and therefore is a cause for concern (Ohm, 2010) .The issue of
online privacy is aggravated due to the structure of the internet with the absence of “Physical
Indicators” of violation of privacy that are observable and apparent to human senses and as
newer technologies emerge, weaving themselves deeper into people’s lives, there is an
erosion of the concept of “personal space (Bellotti, 1997).

This research examined the attitudes and awareness levels of Irish millennial consumers on
the internet. The aims of this research were to understand how aware these millennials are of
their being collected and used. It also looked at their behaviours and attitudes towards their
data.

Problem analysis/literature review:

This chapter discusses and critically assess the literature behind different concepts such as
privacy, data protection, millennials consumers and the internet, their attitudes and awareness
levels towards their personal data. The literature review with regard to Privacy and data
protection will begin with an exploration of the origin of concepts of “Privacy” and “data
protection” and trace the evolution of these concepts with the emergence of the internet. It
will then outline the legal framework on privacy and data protection currently in place in
India for consumers on the internet

Background of privacy and data protection

Privacy- The concept of privacy has had an important role in sociological, political,
economic, religious studies from antiquity to the modern world. The concept of privacy can
be found in Aristotle’s books on politics, John Locke’s works in the 1600’s on public and
private property, where the authors create distinctions between public and private spaces and
denote the latter as an aspect of p privacy (DeCew, 2016). Samuel D. Warren and Louis D.
Brandeis stated that every individual was entitled to privacy of body and mind and this right
came with enforceability, a right today known as the right to privacy (Warren & Brandeis,
1890).
Westin, considered to be the pioneer of the modern concept of privacy defined it as the claim
of an individual or a group or organization to determine, when, how and to what extent can
information about them be communicated to others (Westin, 1967)

Several academics in various field have attempted to provide subject relevant definitions of
privacy that range from the subject of moral ethic to medical privacy, yet there is no agreed
upon, universal definition of privacy in academic research (Dinev, Xu, Smith & Hart, 201;
Goodwin, 1991; Nowak & Phelps, 1995) leading to the conclusion that the concept of privacy
is multi-dimensional (Burgoon et al, 1989) and that the term privacy can be understood to be
an umbrella term that covers a wide range of interest and can be broadly be divided into
constitutional or decisional privacy which relates to a person’s liberty to make his own
choices on matters intimate or personal such as marriage or contraception and information
privacy- which refers to a person being able to control the access to his personal data
(DeCew,1997).In the course of this research, information privacy is being referred .

However, the introduction and accessibility of internet has furthered the scope of Information
privacy or data privacy to include the digital environment and today, Information privacy
deals with the interest of individuals in holding control over what information about them
could be circulated on digital platforms (H. Jeff Smith, 2011)

Data protection:

Data protection is described as the legal control exerted against improper access and usage of
an individual’s personal information by a third party. This term was coined in Europe to
initially refer to privacy protective legislation (Swire and Ahmad, 2012) . Data protection
laws can be dated back to the 1970’s when processing of individual data became widespread
amongst business organizations and laws regulating this seemed necessary (Cate, 1995). The
Data protection commission in India outlines data protection in layman terms as process
where a company or person handling an individual’s personal data has a duty to keep such
data private and safe (Dataprotection.ie, 2018).

Data privacy laws and regulations vary from country to country and even from state to state,
and there's a constant stream of new ones. China's data privacy law went into effect June 1,
2017. The European Union's General Data Protection Regulation (GDPR) went into effect in
2018. Compliance with any one set of rules is complicated and challenging.

Coordinating among all the disparate rules and regulations is a massive task. Being out of
compliance can mean steep fines and other penalties, including having to stop doing business
in the country or region covered by the law or regulation.
For a global organization, experts recommend having a data protection policy that complies
with the most stringent set of rules the business faces, while, at the same time, using a
security and compliance framework that covers a broad set of requirements. The basics of
data protection and privacy apply across the board and include:

 safeguarding data;
 getting consent from the person whose data is being collected;
 identifying the regulations that apply to the organization in question and the data it
collects; and
 Ensuring employees are fully trained in the nuances of data privacy and security.

Need for study:

Studies indicate that the number of internet user’s in India is growing, with millennials
leading the usage. Almost 98% millennials users logging into the web on a frequent basis
(Central statistics office, 2017). They also demonstrate that while most millennials, spend
most of their time on the net, they aren’t fully aware of who and what monitors/ saves/ uses
their activities on the net. The government has taken several measures to protect population’s
data on the internet by creating awareness programmes (Dataprotection.ie, 2020). However,
there are no studies indicating if these measures are successful. There is gap in literature
about the consumer’s awareness on what is created specifically for them. Millennials, are the
largest group of users on the internet and are therefore most likely to suffer violations of data
privacy. Yet there are no studies that specifically address their awareness levels or target their
understanding of these concepts. Understanding their awareness levels and attitudes data will
enable the governments to formulate better strategies to improve awareness amongst them.
Millennials are digital natives and there is significant evidence that indicates that they learn
differently, understand privacy differently and have unique world views (Taylor, 2012).
Traditional methods of generating awareness wouldn’t work on them. Therefore, to address
these gaps in literature, this study is undertaken.

SCOPE OF THE STUDY

This paper is based on primary data collected through questionnaires from users of online
courses. The questionnaire design is built up to understand how much users understand and
know about data privacy and what their perception about data security is. So basically it
states that with the help of the questionnaires we will know about the consumer’s awareness
for their personal data.

Research aims and purpose of the study

This study seeks to understand how millennial consumers on the internet view their digital
data. As highlighted in the literature review, there appears to be arguments supported by
evidence for both sides of the spectrum, with some studies indicating that millennials
consumers are increasingly aware and concerned about data privacy and protection and are
actively seeking to enforce the same, while other sides show that there is a merely prima facie
awareness of these concepts amongst millennials Indian consumers.

Research Methodology

Conceptual Model

The existing literatures very well describe the phenomenon of Privacy Paradox existing in
our society and have successfully been able to discover the reason behind the existence of
such paradox up to an extent. However, it’s extremely important to find which kind of people
are truly facing these privacy issues as well as getting affected by them. Hence this research
work will focus on trying to answer the above stated questions and draw implications of the
same as well.

Objective of study

As the research intends to gain insight on the current situation in India amongst millennial
consumers on the internet, the following objectives have been set out to answer the primary
research question based on themes identified within existing literature on the subject.

1) To determine the extent of millennial consumers awareness of how their personal data
is collected and used on the internet.
2) To investigate their knowledge levels of data privacy rights and data protection
measure available to them.

Research Questions

1) Which kind of people are really facing privacy issues and which kind of people are
least affected by it?
 2) In what ways has the privacy of people been affected as a result of the usage of
internet and mobile phones?
3) Do they take risk with regards to personal data on the internet?
4) Are they protective of their personal data or are they willing to compromise this for
perceived benefits?

Hypothesis of study

H0 : Individuals are concerned about privacy concerns with increasing technology.

H1 : Individuals are not concerned about privacy concerns.

Research Design

Nature: The proposed study is of exploratory nature. As the term suggests, exploratory
research is often conducted because a problem has not been clearly defined as yet, or its real
scope is as yet unclear. It allows the researcher to familiarize him/herself with the problem or
concept to be studied, and perhaps generate hypotheses (definition of hypothesis) to be tested.
It is the initial research, before more conclusive research (definition of conclusive research) is
undertaken. Exploratory research helps determine the best research design, data collection
method and selection of subjects, and sometimes it even concludes that the problem does not
exist.

Another common reason for conducting exploratory research is to test concepts before they
are put in the marketplace, always a very costly Endeavour. In concept testing, consumers are
provided either with a written concept or a prototype for a new, revised or repositioned
product, service or strategy. Exploratory research can be quite informal, relying on secondary
research such as reviewing available literature and/or data, or qualitative approaches such as
informal discussions with consumers, employees, management or competitors, and more
formal approaches through in-depth interviews, focus groups, projective methods, case
studies or pilot studies. The results of exploratory research are not usually useful for decision-
making by themselves, but they can provide significant insight into a given situation.
Although the results of qualitative research can give some indication as to the "why", "how"
and "when" something occurs, it cannot tell us "how often" or "how many". In other words,
the results can neither be generalized; they are not representative of the whole population
being studied.

Nature of Data:
•The data collected for the research purpose is of primary nature. It means the data collected
first hand by using the questionnaire method.
•While the data put into the introduction and the research methodology section of the report is
of secondary nature.
Scope: All the respondents will be from different geographical regions.

Measurement Scales and Instruments

Scales used will be Name, gender, age, Phone technology, personal interest which will be
mixture of Nominal, Ordinal and ratio.
Instruments used for collection of data will be questionnaires.

Sampling

Sample Size: A sample size of more than 500 respondents (tentative) from different locations
is expected by us to collect their responses.

Sampling Method: Sample size is the number of respondents chosen to represent the
population being studies and the sampling technique is the method used to pick up these
participants (Newman, 1998). The technique used in this study is probabilistic sampling,
which rely on random selection and not depends upon researcher’s approach.
Simple random sampling method was adopted. Basically, google form with questionnaire
was sent to various WhatsApp groups, message boxes and also through emails.
Also, the sampling was convenience sampling, since the first 500(tentative) people who filled
this questionnaire, their responses has been used to conduct this research.

Data Analysis

In this study, the data collected will be analysed using “thematic analysis”. Thematic
analysis is a method of data analysis, where data is systematically studied and common
reoccurring ideologies relevant to the research topic are identified and interpreted. This
process revolves around identifying a pattern amongst the data and interpreting it.
Thematic analysis is a widely used method of analysis in qualitative research. In 2006 Braun
and Clarke published an article that described to novice researchers how to use thematic
analysis in a step-by-step manner. Braun and Clarke (2006) state that thematic analysis is a
foundational method of analysis that needed to be defined and described to solidify its place
in qualitative research.
The research work will initiate through an online questionnaire that would primarily be
focused on research questions stated above. The data collected from these questionnaires
could then be used in research methodologies such as Cluster analysis or conjoint analysis.
 Survey conclusions
Here, we present each of the questions presented to the participants, along with the
percentage of participants who responded to the options presented to them. We have
presented N, the sample for each of the questions in the survey. Since the questionnaire were
also filled in physical copies where we did not have any control over the participants; some of
the mandatory questions were also skipped. If the N is not present in the question / table,
please assume that it is 10,427. All values in the tables are in percentages.

1. When you hear the word privacy, what comes to your mind?

N=10,372
Bodily privacy (e.g. your physical body) 32.54
Communication privacy (e.g. calls received 48.33
or dialed through telephone)
Information privacy (e.g. information 51.24
exchanged on the Internet)
Territorial privacy (e.g. your living space, 31.59
working space)
All of the above 28.43
Others 0.68

2. Which of the following information is personal to you that you would NOT like to share?

N=10,377
Annual house hold income 53.64
Bank account details 64.63
Credit card number 68.18
Date of birth 5.80
Email address 6.25
Family details 14.86
Full name 2.03
Health and medical history 27.17
Landline number 8.42
Marital status 3.95
Mobile number 13.45
Passport number 64.45
Passwords 88.39
Personal income 62.77
Pictures and videos featuring-self 18.67
Postal mailing address 5.51
Religion 2.70
Physical details - height, weight, eye colour 8.47
All of the above 3.65
Others 2.00

3. Does privacy for you change with situation and context, i.e. what information you share
with whom may be different at different time and context?

N=9,633
Yes 52.79
No 17.83
May be 29.38

4. With whom would you share the following information?

Friends Family Relatives Relatives Banks Government Everybod Nobody

y
Annual 17.30 58.32 15.42 2.17 7.44 21.40 2.54 35.01
house hold
income
(N=10,403)
Bank 7.53 47.82 6.83 1.10 24.24 14.14 1.14 43.46
account
details
(N=10,390)
Credit card 5.02 38.65 3.75 0.91 10.66 5.05 1.31 54.66
number
(N=10,349)

Date of 31.38 40.03 27.91 7.59 13.54 12.85 54.54 1.67

birth
(N=10,371)
Email 32.36 39.69 26.74 6.44 11.85 9.98 51.57 50.46
address
(N=10,360)

Family 35.47 50.46 39.22 6.47 8.17 11.57 32.24 5.54

details
(N=10,348)
Full name 20.74 26.45 17.93 5.92 9.75 10.09 68.98 1.17
(N=10,354)
Health and 26.79 59.66 27.96 2.85 3.99 5.97 14.42 17.94
medical
history
(N=10,336)
Landline 36.45 44.41 36.57 5.63 11.38 8.74 47.34 2.11
number
(N=10,352)

Marital 27.06 34.05 25.14 7.84 9.58 10.02 57.89 2.15

status
(N=10,295)
Mobile 39.54 43.80 34.90 5.57 16.54 12.54 46.31 3.79
number
(N=10,342)

Passport 9.00 34.49 6.85 1.35 5.36 11.22 4.2 55.73

number
(N=10,319)
Passwords 2.1 13.38 1.3 0.52 0.80 1.01 1.24 83.97
(N=10,308)
Personal 12.1 41.99 9.43 1.43 5.04 6.16 2.9 51.55
income
(N=10,308)

Pictures 44.81 56.53 34.74 3.02 2.12 3.47 23.75 10.09

and videos
featuring
self
(N=10,322)
Physical 33.97 50.75 29.84 3.74 3.74 6.14 34.85 6.19
details-
(N=10,363)
Postal 32.05 41.29 29.46 6.00 15.04 15.46 47.16 2.77
mailing
address
(N=10,351)
Religion 18.12 25.84 19.16 6.40 8.07 8.94 61.94 3.46
(N=10,349)

5. Imagine you are walking through a shopping mall, where you observe a camera capturing
the movements of people in the shops, what would be your reaction?

N=10,299
I would not change my actions 49.75
I would try to avoid the camera 27.22
I would never go to the shopping mall again 14.25
If at all, a camera captures my movements, I 14.25
would be curious to know the reasons for
capturing the video
Others 0.80

6. How much do you agree / disagree with these statements?

N=10,415
Strongly Agree Neutral Disagre Strongly
agree e Disagree
Consumers have lost all control over 23.66 52.97 15.94 5.84 1.13
how personal information about them is
circulated and used by companies
Most businesses handle the personal 13.76 44.87 27.37 13.49 1.97
information they collect about
consumers in a proper and confidential
way
Mobile phones can be privacy invasive 14.42 55.17 21.35 7.75 0.63
Landline phones can interfere with 14.29 45.4 27.18 11.39 1.00
individuals privacy
Websites can hinder privacy by 20.23 50.99 20.60 6.41 0.84
collecting personal information
Credit cards can be privacy invasive 18.98 44.93 24.99 9.40 0.93
Phone banking can invade privacy 15.95 47.24 24.71 9.14 1.57

7. Consider a scenario where you visit a coffee shop which provides a free Wi-Fi connectivity
for its customers. It doesn’t ask for password for connectivity. Would you access the Wi-Fi
facility to log-in your email?

N=10,343
Definitely would 19.72
Probably would 33.88
Not sure 11.58
Probably not 10. 56
Definitely not 24.26

9. While traveling in long-distance trains, a reservation chart with details e.g. last name, first
name, age, gender, boarding station, destination, seat number, PNR number for each
passenger is displayed on the platform and the compartment. How would you feel about your
information being displayed as in this scenario?

N=10,164
Always feel comfortable 36.74
Usually feel comfortable 43.43
Sometimes feel comfortable 8.06
Rarely feel comfortable 4.45
Never feel comfortable 7.33

Conclusions
The concept of privacy in India has not been investigated in detail, and also lack of empirical
data with respect to privacy perceptions among Indian citizens. Recent developments in the
Indian scenario e.g. privacy bill, NATGRID, UID project, signify need for privacy awareness
and understanding in Indian masses. It is also important for policy makers to comprehend
sentiment and opinion of masses for structuring effective laws and policies for citizens of
India. Our study focuses on understanding privacy perceptions and expectations of Indian
citizens. In the first phase, we conducted interviews among 20 participants and 4 focus group
discussions with 31 participants in total, to collect qualitative data about the privacy
perceptions. In the second phase, we developed a survey questionnaire to collect quantitative
data. We collected responses (10,427) from various cities in India which could help in
creating an information base for masses and policy makers, showcasing the true (perceived)
picture of privacy in India on various platforms e.g. mobile phone, credit cards, online social
networks, and government related issues.
Key takeaways from this research work are stated below:
Citizens have misinformed mental models of the privacy situation; e.g. some portion of the
participants felt that there is a law which protects them where there is no privacy law in India,
but.
Most participants felt passwords to be the most protected Personally Identifiable Information
(PII) and then, financial information (bank, credit card details). In comparison to this,
religion, mobile phone number, and health related information were rated as less protected
PII.
Mobile phones are becoming the next destination for storing private information. Participants
stored personal information like passwords, credit card numbers, Permanent Account Number
(PAN), PINs, etc. Privacy seems to be the primary concern for not storing personal
information on the mobile phones for the rest.
About 5% of the survey participants tend to accept friends request from strangers or people
whom they dont know, but just have common friends. This behavior seems to be same even
with the third party applications.
About 80% of the survey respondents were aware of identity theft issue through credit cards.
48
About 65% of the survey respondents felt comfortable to use the ATM center with more than
one machine in it.
About 5% of the survey participants tend to accept friends requests from strangers or people
whom they dont know, but just have common friends.
This behavior seems to be same even with the third party applications. We are in the process
writing a more academic style paper on reasons, and implications of the results from this
data.

References:
1. Awad and Krishnan (2006). The Personalization Privacy Paradox: An Empirical
Evaluation of Information Transparency and the Willingness to Be Profiled Online for
Personalization. MIS Quarterly, 30(1), p.13.
2. Barnes, S., B. (2006) A Privacy Paradox: Social Networking in the United States
[Electronic Version]. First Monday, 11 (9).
http://www.firstmonday.org/ISSUES/issue11_9/barnes/ (Accessed 12 sep. 2020).
3. Carmichael, S. (2014). Do Millennials Believe in Data Security? Harvard Business
Review. [online] Available at: https://hbr.org/2014/02/do-millennials-believe-in-
datasecurity#comment-section [Accessed 12 sep. 2020]
4. Online Data Privacy from Attitudes to Action: an evidence review by Ipsos MORI
Scotland for Carnegie UK Trust.
5. Privacy in India: Attitudes and Awareness V 2.0 by Indraprastha Institute of
Information Technology, Delhi
6. DeCew, J. W., 2016. Privacy and Its Importance with Advancing Technology. 42
Ohio Northern University Law Review, Issue 42, pp. 471-492.
7. Kumaraguru, P., and Cranor, L. Privacy in India: Attitudes and Awareness. In
Proceedings of the 2005 Workshop on Privacy Enhancing Technologies (PET2005)
(30 May - 1 June 2005).