In order to understand where online privacy concerns of consumers origins from it first need to be noted what OBA is and what is the main mechanism behind it. It is of great importance to note that this main mechanism behind OBA are cookies. These cookies in accordance cause privacy concerns among consumers.
1.1 Online behavioral advertising
Online advertising is the provision of content and service for free, from the website publishers to the website visitors. In this case advertisements are aimed at everyone visiting their websites (networkadvertising.org, 2012). However, there is a type of online advertising specifically aimed at providing tailored advertisement content to a specific customer. This type of advertisement is known as Online Behavioral Advertising. Online behavioral advertising is the practice of gathering information regarding someone’s activities online. This data is used in order to determine which form and content to display to the web site visitor (McDonald & Cranor, 2009). This practice provides advertisements on the websites the individual visits and make them with the collection of their content relevant to their specific interests (Leon et al., 2012). When they consequently visit a website which correlates with their specific interests, suiting advertisement will be provided.
Consumers can control OBA by the application of tools, including those concerned with self-regulatory programs. If these tools are applied appropriately, the consumer could reach more control of self-disclosure. Tools to control OBA are for instance op-outs tools, built-in browser settings, blocking tools (Leon et al., 2011). Tools such as Do Not Track headers to websites show a message that the website visitor does not prefer to be tracked. Opt-out tools on other side, create the ability for the user to set opt-out cookies for multiple advertising networks. The issue that arises with the latter case is that if a consumer chooses to opt-out, the network of the establisher will discontinue to show customized advertising but on the other hand will keep tracking and profiling the website visitor (Leon et al., 2011). The continuation of tracking and profiling website visitors has caused considerate privacy concerns among consumers. This situation shows high correlation with the case of NPO. NPO didn’t make the consumer aware of an opt-out option even before using an opt-out option, which is expected to create even more privacy concerns (B. Comb??e, 2013).
The most important feature of OBA is the utilization of cookies. Third-party HTTP cookies are the main mechanism used for online tracking. In comparison to first party cookies, which are located by the domain the website user is visiting. Third party cookies are visited by a different domain such as an advertising network. Other cookies such as flash cookies and HTML 5 (local storage) continue to stay on the user ‘s PC even if the website visitor deleted cookies or change browsers (B. Krishnamurthy and C. Wills, 2009;M. Ayenson et al., 2011 and M. Dahlen and S. Rosengren, 2005).
Cookies are directly linked to OBA because as earlier explained OBA uses third-party cookies to provide customized advertisements. A cookie is a small document of signs in the form of numbers and letters. For example: lghinbgiyt7695nb. The computer provides the cookie an unique code. These signs are downloaded on an individuals’ web browser when they access most websites (Zuiderveen Borgesius, 2011). Cookies enable websites to notice them whenever they return back to a website. Only the server that sent the cookie can read and therefore utilize that cookie. These cookies are vital in order to offer a more customized experience. (youronlinechoices.com, 2015).
1.2.1 Types of Cookies
There are different types of cookies. The most important cookies relevant to this research are discussed. The selection of cookies are derived from the cookies used by NPO. There are 2 different categories of cookies. First party cookies are cookies which make sure the website functions optimally. The behavior of the website visitor is tracked within one website, the website the consumer visits. Third party cookies on the other hand, are placed by third parties, in order for the website to be analyzed by google analytics. This type of cookie makes sure the website visitor will receive customized advertisements (Zuiderveen Borgesius, 2011 ).
First party cookies (npo.nl, 2015):
‘ Functional cookies: Cookies that make the website functioning as it should. These cookies keep track of the web site visitors’ preferences and memorize the individual previously visited the website.
Third party cookies (npo.nl, 2015):
‘ Analytics: Cookies to measure utilization of website.
‘ Social media: Cookies to share the content of the NPO website through social media. The video’s and articles opened on the website can be shared through buttons. To make these buttons function, social media cookies are used by different social media parties. This in order for them to recognize the website visitor whenever it wants to share an article or video.
‘ Advertisement cookies: Cookies to show Star- adverts. These advertisements are placed by the website owner or third parties on the website of the website owner.
‘ Recommendations: Cookies to make more suitable recommendations. The NPO wants to make suggestions to website visitors on other program’s for consumers to watch online.
The main information these cookies store are:
‘ Keeping track of visitors on their webpages
‘ Keeping track of time it spends on its visit
‘ What are areas the website should take notice of in order to improve
‘ Keeping track of the order of visits of different webpages within the website
If this information is gathered, this data can be added to the existing profile information. In time third parties will be able to create a personal profile of the consumer, even though there is no name attached to it. Today third-party tracking is subject to privacy debates (Zuiderveen Borgesius, 2011 ). Consumers can feel invaded in their privacy if they suspect digital marketers from creating a personal profile, by gathered information from consumers visiting websites. Third party tracking and consumer privacy get a significant amount of attention from the government and consumer protection (Zuiderveen Borgesius, 2011 )
1.2.2 Cookie use by marketers
Since the law is updated continuously on privacy regulations and there is no uniform law concerning privacy of consumers marketers are recommended to weigh out the benefits of using practices that are not 100% conform privacy regulations against the financial and risks on their reputation that comes along with this consideration. (Chaffey & Ellis-Chadwick, 2012; Zuiderveen Borgesius, 2011)The organization must inform the website visitors properly the reasons and the procedure of data collection. The marketers’ website needs to provide its visitors with information on how they will make use of a website visitors’ data . Next to that, the consumer has to give consent for the utilization of consumer data. The figure below, indicates the issues that should get considerate attention when a data subject is informed by how his/her data will be utilized. These issues are described below the figure.
Figure 1. Information flows that need to be understood for compliance with data protection legislation.
Source: D. Chaffey and F. Ellis-Chadwick, Digital Marketing, 2012, p. 163
‘ Whether the consumer will receive future communications
‘ Whether the data will be passed on to third parties with consent explicitly required. Referring to section 2.1 on privacy and the recommendation section, on privacy issues regarding NPO, it can be obtained that the NPO didn’t comply with explicit ‘consent’ from the website visitor which caused their bad publicity.
‘ The length of data storage. Referring to the models in section 2.3 confidence, knowledge and control are major indicators on consumer behavior regarding OBA.
According to marketingsherpa.com (2011) A business making use of OBA has to know whether it properly understands its application. It is important to adopt an ‘cookie audit’. A cookie audit is the principle of understanding the types of third-party tracking systems that are available and which are located on the browser of consumers when they visit the company’s website. This is important since third-party tracking can cause deceleration on a company’s website. Next to that, information obtained from customers can leak out to even unknown companies.
Furthermore, it is important to clearly give website visitors the option to opt out and to provide them with information on any form of tracking. First the website visitor needs to be aware where the website is about. Secondly the consumer need to be provided with information about the substance of the ads. Last the website visitor should get the ability to learn more about how to opt-out.
An opt out means a company will discontinue collecting and utilizing information from different web domains for the aim of providing personalized based advertising from data gathering using third party cookies in OBA. However it should be noted to the website visitor that opting out does not specifically mean they will cease receiving online advertising. The website visitor will continue to receive advertisements but not tailored to their specific preferences. (networkadvertising.org, 2012; youronlinechoices.com, 2009). Some companies make use of flash cookies. These cookies make regular cookies come to life again after the website visitor has deleted the cookies. The new cookie will get the same code as the web site visitor has removed (Soltani, 2009).
In addition it is of great importance to give website visitors the control of their data. 67% of the website visitors entrust transparent brands more. This confidence makes the chance of purchase 36% more likely than if a brand is not transparent. Companies that do not obey regulations regarding privacy also showed decreases in turnover. (Brown, 2009). Furthermore it is important to take measures for website visitors to manage cookie tracking and privacy. The website visitor should very easily know what the purpose if of the data obtained from them. As earlier explained they should also have the quick option to opt-out. (marketingsherpa.com, 2011)
1.2.3 Drawbacks cookie use
Netscape Navigator, the first successfully implemented web browser, introduced cookies. Version 1.0 of the web browser was introduced in 1994. In Netscape 1.0 cookies where introduced. (Turnbull, 2013). Even though the cookies are introduced almost 20 years ago, until recently two thirds of the samples used in research are not even able to explain what a cookie actually is. Even up to now customers believe more data is collected from them than is the case. Next to that consumers do not understand who are involved and how these companies are involved in OBA. Neither there is a understanding of technologies present (Ur et al 2012).
Next to that, the majority of web users don’t know about opt out cookies. Even nowadays the perception still exists it can be done through turning to their web browsers or delete cookies.(Ur et al., 2012). However if the website visitors are aware that if they have the ability to opt out and gain more knowledge on privacy matters, visitors feel more positive about the application of OBA by businesses (McDonald & Cranor , 2008) . If consumers do not understand their rights on privacy, they are pre-biased on this matter. This issue will be discussed further in chapter 2. If organizations easily and properly inform website visitors on their privacy rights they can possibly break through this pre-assumption. (McDonald& Cranor, 2008 and 2009)
In addition, the icon for opt-out options demonstrated in section 2.1, is subject to discussion whether the aim of this icon is reached. According to critics the meaning of this icon is not known by consumers, therefore opt-out possibilities are perceived as difficult. (‘Volg-me-niet register is wassen neus’, 2011).
Furthermore, according to marketingsherpa.com (2011) consumers should be better informed about opt-out opportunities in order to take away uncertainty of privacy matters. The privacy issues that are involved as partly discussed above will be further analyzed in chapter 2 and with the assistance of models the effects of privacy matters on consumer behavior are analyzed.
2. How do consumers react to current privacy concerns in OBA?
Privacy is defined as a moral right of having the possibility to prevent intrusion into someone’s personal information. Nowadays, privacy is of high importance to consumers with increasing technology increasing possibilities to more enhanced practices in identity theft, such as hacking or just invasion of consumers’ online privacy practices. By gathering personal information of consumers with the use of earlier explained cookies, the degree of customization can highly increase. (Chaffey & Ellis-Chadwick, 2012)
2.1.1 Root of privacy concerns online
J. Zuiderveen (2011) did research on to what extent practice is complying with data protection directives on ‘permission’: a willingly, specific, based on information volition. Research has shown that the processing of personal data cannot be based on article 7.b data protection directives: there should be a positive agreement. There is no form of agreement if consumers are not aware of exchanging personal information in turn for a service. Next to that collection of personal information can neither be justified by article 7.f which states that the interests of third parties are important, unless the privacy of the concerned is invaded. Privacy interests also means that the right on privacy is a significantly important right. By following online behavior of web site visitors, Dutch companies cannot refer to these 2 articles. However in 2011 article 2.h came to attention which states that with unambiguous permission the website is not allowed to make to quick assumptions that the website user give permission to make use of personal information (European commission, 2003; 2006). This latter was specifically the case with NPO as described in the introduction. They explicitly did not asked for permission before collecting data.
Even though policies on cookies are changing continuously, it is important to describe how consumers are up dated on getting more insight into their privacy rights and consequently what effect the extent of privacy has on consumer behavior discussed with models in chapter 2.3.
Components consumer update on privacy (iab.net, 2015):
‘ Advertising option Icon : This icon will represent that the form of advertising is supported by a self-regulatory program. If the consumer clicks on this icon it will be provided with a disclosure statement concerning data gathering and where the information is used for and a simple opt-out system.
‘ Consumer choice mechanism: At AboutAds.info consumers are provide with information on how to opt out.
‘ Accountability and enforcement: Since 2011, DMA (Direct marketing association) and CBBB employed technologies to provide website visitors with information on a company’s transparency and control purveyance.
‘ Educational programs: Businesses and consumers will be educated on opt-out options and thus self-regulatory systems.
For now self-regulatory systems are opt-outs with the future possibilities of opt-ins. These mentioned components above all provide consumers with more information on opt-out possibilities. According to privacy concerns this self-regulatory systems proofs that consumers should be educated about opt-out options. Privacy regarding personal information using cookies needs considerate attention. Previous research has shown that if consumers have the perception their privacy is invaded they consider it as invasive and obstructive. Therefore, it is important for companies to be transparent. (Goldfarb & Tucker 2011). Even though advertisement becomes more personalized web site visitors do feel uncomfortable with companies tracking their online affairs. (Beales, 2010; Goldfarb & Tucker 2011).
With assistance of statistics it will be analyzed in which area the problems of consumers and their privacy occur. If this is obtained, with the application of multiple online behavior models in section 2.3 , the problem areas can be theoretically analyzed in order to come up with a decent recommendation on how consumers actually are behaving and how marketers can respond to this.
(TRUSTe, 2008) Areas of consumer concerns regarding to online privacy in OBA:
‘ Of 87% respondents, 25% of the ads were actually personalized.
‘ 64% would only choose to see ads of online stores they are familiar with and trust.
‘ 72% find OBA intrusive if it’s not to their specific needs.
Awareness of OBA:
‘ 40% are familiar with OBA and a higher percentage knows of tracking. 71% knows their browsing data is gathered by third parties.
Attitudes toward OBA:
‘ 57% say they are not comfortable with collecting browsing history for customized advertising.
‘ 54% state they delete their cookies 2-3 times monthly.
‘ 55% are willing to get customized online ads in order by filing in an anonymous form. 19% did not. 37% would still fill out a form about products services and brands to buy even if they aren’t held anonymous.
‘ 40% of participants in our online study agree or strongly agree they would watch what they do
online more carefully if advertisers were collecting data. (McDonald & Cranor, 2010)
Intent to take measures:
‘ 96% want to take measures on protecting their privacy settings. However respondents don’t state they don’t want to be part of OBA at al. even 56% won’t click to reduce unwanted ads. And 58% would not register in the don’t-follow-me registration.
From these statistics it can be obtained that the majority of respondents of this study have negative attitudes towards privacy matters in OBA. However referring to the first heading advertising relevance and the last heading; intent to take measures, it could be stated that the majority of consumers do prefer some form of OBA. This implies cookies are needed. Therefore the problem area as earlier discussed lies more in that consumers do not know enough about opt-out and are not confident with privacy statements. Therefore knowledge and trust will be the major factors to be analyzed in order to see how companies can overcome this issue.
These factors which will be analyzed using models are of great importance. This because TRUSTe states that knowledge and trust are great factors influencing online behavior since there is an increased level of awareness that website visitors are being tracked, to be provided with customized advertisements. Even though they are aware that they are anonymous because their name is not obtained (google.com, 2015; J. Zuiderveen 2011) they do not feel comfortable with them being followed and targeted. Therefore website visitors strongly prefer to limit and have more control on OBA practices. (TRUSTe, 2008).
2.3 Models concerned with consumer behavior
2.3.1 Knowledge: Consumer Privacy States Framework
In order to assess to what extent consumers consider their privacy as important and what are the factors that influence this degree, the use of a Consumer Privacy States Framework will be applied. This framework is derived from the Journal of Policy & Marketing and established by G. Milne and A. Rohm. According to G. Milne and A. Rohm, this framework focuses on 2 dimension. The dimensions of this framework are a reaction to consumers privacy concerns and their willingness to provide marketers with their personal information (Sheehan & Hoy 2000; Milne & Rohm 2000). These dimensions are awareness of data collection and knowledge of name removal mechanism.
According to this model privacy is only present in cell 1. In this stage consumers are aware that their personal information is being gathered. Next to that they know how to opt-out. In this stage consumers are more satisfied and react more positive towards direct marketing relationships (Milne & Rohm 2000). Research has shown that consumers are willing to exchange private information for benefits. Consumers will give more information to digital marketers if there are perceived long term benefits. Next to that, if consumers are able to control their privacy, consumers are more willing to give up their personal information. (Ariely, 2000).
Table 1: Consumer Privacy States Framework (G. Milne and A. Rohm, 2000)
Consumer is knowledgeable about name removal mechanisms Consumer is not knowledgeable about name removal mechanisms
Consumer is aware of data collection Cell 1: Privacy exists Cell 2: Privacy does not exist
Consumer is not aware of data collection Cell 2: Privacy does not exist Cell 4: Privacy does not exist
( Note: opt-out options in the study of 2008 is used as a similar concept as name removal mechanisms in the study of 2000)
Research has shown that 34% of the population is positioned in cell 1, 74% was aware of data collection and 45% knew how to handle name removal mechanisms. This research has shown that organizations need to educate consumers more intensively about name removal mechanisms (Culnan 1995; Milne 1997). Nowadays this issue is still the case. According to TRUST E marketwire.com (2008) 70% of consumers is aware of data collection and 40% knows about opt-out options.
On the other hand, Wood & Quinn (2003) evaluated the effects on attitudes of forewarnings. If consumers are pre-informed on what is the function of cookies, biased thinking can be encouraged which will generate negative attitudes to its function. However, if people are not provided with information on how to opt-out or opt-in possibilities they are more likely to share their personal information. The cookie-icon could be seen as a pre-warning. This makes consumers see a pre-warning as being warned for something which makes their behavior turn to resistance. This resistance occurs because individuals will feel invaded in their privacy. Next to that consumers do not feel comfortable with others knowing their preferences. Therefore, according to Jacks and Devine (2000), resistance occurs in the form of keeping personal freedom. If resistance occurs, resistance strategies could be applied.
According to Jacks and Cameron (2003) consumers could respond with resistance strategies. These strategies are built as described below. The individual could show resistance by not responding to the customized advertisement message or by leaving the situation as it is. This is called selective exposure. Either the receiving individual could immediately start making counter arguments. In this case counter arguing finds place. On the other side, attitude bolstering implies the individual strengthens its own original view without directly making up counter arguments. Source derogation implies insulting the source or reject the validity of the source. In case of social validation, individuals resist the customized message and bring to mind others who share the same viewpoint. In case of negative effect, individuals get angry because their personal information is utilized without the source indicating what it is used for.
Eventually resistance doesn’t have to appear when getting a pre-warming in the form of an icon. Instead of resistance strategies, individuals could choose to make adjustments to their cookie settings or choose to register to not be followed anymore by signing in an authorized non-registration register. As explained under the heading statistics it could be stated that indeed 40% would take measures if their personal information would be collected (TRUSTe, 2008), therefore resisting strategies play a significant role.
2.3.2 Rank order table: Trust
Next to this framework Earp & Baumer (2003) introduced a rank order of most influential factors affecting consumer behavior regarding their privacy. The table below states that consumers that have high confidence in privacy practices of a website are more willing to provide personal information.
Table 2: Rank ordering of stated influential factors in confidence of privacy practices of web site . Bron: J. Earp and D. Baumer, 2003
Rank of most influential factors Factor
1 Company name
2 Option ‘to opt out’
4 Presence of a web seal
5 Design of the site
2.3.3 The consumer profile
The consumer profile is relevant to this particular situation in the sense that the effect of consumers’ perceptions of OBA can be measured. Risk and privacy invasion are major areas of concern among consumers and therefore it could be analyzed to what extent these perceptions will affect their online behavior. By making an analyses, companies could get more focused on what areas to improve in order to not deal with privacy issues in future.
The first factor in the consumer profile that should be analyzed is that security and privacy information should be considered. As described earlier, consumers need to be secured that accurate privacy information is provided to them, however in reality this doesn’t make them read it. Referring back to the rank order table, 66% of website visitors expect proper privacy disclosure but only 54% of the website visitors is actually reading it (Earp & Baumer, 2003). Therefore it could be stated that customers are not focused on explicitly security but only on the idea of security. Therefore the issue that evolves around privacy is more on the security of privacy information but not specifically the content of privacy information. Therefore websites with just being able to demonstrate proper regulations on privacy will have greater chance of creating customers having a more positive perception on online privacy practices. Next tot that according to C. Hoofnagle (2010) internet users rarely read privacy statements. However on the other side, if consumers are better informed on opt-out options there is a possibility this knowledge will create resistance as earlier described (Wood & Quinn, 2003) .
Secondly risk plays an important role in behavior on consumers online. The degree of online sales effectiveness can be raised substantially if the perception of risk is reduced. If customers would read the stipulations it would even be questionable whether they realize the consequences of gathering and analyzing their personal information by cookies (Barocas & Nissenbaum, 2009). Even if anonymized information can be linked to an individual, this individual might think there is a small chance of this happening (Zuiderveen Borgesius, 2011). Therefore again privacy regulations are supposed to just be there to gain security. Risk is sometimes not even considered in its essence but more the perception of risk. Because if web site visitors think there is a small chance of third party’s getting access to information perceived personal, evaluation of risk is seemingly poor.
Third, trust is highly correlated to risk. Increased trust is the consequence of a decrease in perceived risk. This will cause positive beliefs in the business’s online reputation. Fourth, Perceived usefulness. This incorporates the time and effort required for an individual to educate itself on how to opt-out (Perea et al., 2004). Website visitors only have limited knowledge on technology, information and communication technology. Consumers need to understand what is written in privacy statements and what they actually sign an agreement with (Perea et al., 2004). As earlier described, educating web site visitors more by forewarnings can create resistance, which will negatively impact their purchasing behavior (W. Wood & J. Quinn 2003) .
At last the ease of use also has significant impact on consumers their online behavior. Using a new technology need to be free of effort. If an internet user visits a website, he or she experiences this as very time consuming to completely analyze the statement. This makes the website visitor not read it and either state they do not care about their privacy. In statics this is about 3%. On the other side incorporating the law, it cannot be assumed that website visitors not reading the privacy statements willingly accepts the browser settings of cookies. Therefore according to article 2 subsection h Data protection directive which demand for permission a free, specific and on information founded volition will cause considerate problems. (Group privacy protection 29, 2008)
3 What strategies should marketers apply to respond to current privacy concerns regarding cookies in OBA?
3.1 Coercive vs. non- coercive strategies
Organizations that deal with online privacy concerns among consumers should realize whether they are adopting an coercive influence strategy or a non-coercive influence strategy. The coercive influence strategy involves web sites offering incentives to consequently make consumers increase self-disclosure (provide more personal information) (Acquisti & Varian, 2005). Incentives to provide personal information can be categorized into economic incentives such as promotions, discounts and coupons. Non-economic incentives are for instance translated into customization, personalization and access to exclusive content. Threats indicate a penalty or exclusion of benefits for noncompliance. Therefore if the request is not honored, the website visitor cannot make use of the content of the website. For example, NPO, like more websites demand from customers to provide their personal information to get the ability to register on the website and to access specific information on the website. This method of data gathering is aimed at punishing people who refuse to provide their personal information by not providing them with the website content they requested (Sheehan, 2005).
Non-coercive influence strategies. In this case NPO would still take the same actions but without making use of rewards or penalties. For example, a website could explicitly demand the web site visitor by using web forms for these visitors to provide their personal information without the use of non-economic incentives, in this case providing customized advertisement. Instead of providing incentives, NPO could start providing recommendations, such as making the consumer believe, if they provide personal information it can improve their experience on the website (customization) and therefore making the website still reach its original aim. In this case websites can make use of information provision, where they can provide web site visitors with privacy policies which states how and why information will be collected (Milne, Rohm and Bahl, 2004) . Next to that they will provide seals of trust to provide website visitors the guarantee of privacy protection. (Gabbish, 2011).
The main focus for websites such as NPO is identifying strategies for gathering information from website visitors that provide the opportunity to reduce privacy concerns and increase consumers’ trust. According to Payan & McFarland (2005) the application of non-coercive influence strategies have shown positive relational effects. On the other side, coercive strategies have shown the opposite effect. According to Hausman & Johnston (2009) non- coercive strategies have a positive influence on trust while coercive strategies show the opposite. Privacy literature also shows that privacy policies and seals make concerns on privacy decrease and trust to rise. Rewards and threats on the other side makes trust decrease and privacy concerns to increase (Gabbish, 2011).
Source: Wu et al., 2012
Notice is the most important parameter, stating that consumers should be informed about the collection of personal data before personal data is gathered from these individuals (Wu et al., 2012). In the NPO case, personal data from consumers was collected from consumers without them being aware of it (Pijnenburg, 2014). Choice gives consumers the ability to control the personal data obtained from them. Access gives web site users the ability to have insight into their data. Next to that, website visitors can check whether the data collected from them is correct and complete. Security is concerned with checking whether information is secure and correct.
In order for data integrity to occur, web site owners and third-parties should take measures that provide consumers the ability to have insight into data, erase information and change it to anonymous characters. Enforcement is one of the most important parameters of privacy protection, since privacy can only be assured if there are measures that enforce privacy protection (Wu et al., 2012).
According to Wu et al. (2012) the study came to the conclusion that security ranks highest in concerns of consumers. If the web site owner is aimed at increasing trust among web site visitors, in order for them to provide more personal information, they increase their focus on the provision of security and security data along with creating privacy statements.
3.3 Web bugs
According to Goldfarb &Tucker (2010) web bugs can be described as 1×1-pixel parts of a code that give online advertisers the ability to follow consumers online. Web bugs are not similar to cookies since they are not visible to the website user and are not saved on the computer of the website visitor. A consumer is therefore not aware of being tracked, unless they analyze the html. code of the webpage. Web bugs track the consumer from website to website. Next to that, web bugs are able to track how far a visitor scrolls down a page. This will have a positive impact on the collection of the preferences of the website visitor (Goldfarb &Tucker, 2010). According to Murray &Cowart (2001) web bugs are used by approximately 95% of top brands. Since consumers are not aware of data collection, privacy concerns will not occur as much as with cookies. However if the law would make websites inform consumers about web bugs, privacy concerns could rise again (Goldfarb &Tucker, 2010). Therefore web bugs could be seen as an alternative for cookies. But if the Privacy Directive adjusts the law, web bugs would become similar to cookies, with the same privacy concerns as consequence.
4 Conclusion/ Recommendation
The reason why this paper focuses on NPO is because in July 2014 they received a penalty by the Dutch authority for consumers and markets known as ACM (acm.nl, 2014). The NPO placed cookies which track the web site visitors without giving accurate information to its visitors. ACM claimed the NPO was not complying with article 11.7A of the Dutch telecommunication, neither complying with the Dutch data protection act. The NPO is only allowed to track consumers if consent of the web-site visitor is given willingly and unambiguously, according to the information that is disclosed (Fouad, 2014). Referring back to section chapter 2 it can be obtained that the NPO didn’t comply with laws referring to article 2.h. In 2011 article 2.h came to attention that with ‘unambiguous’ permission the website is not allowed to make to quick assumptions that the website user gives permission to make use of personal information (European commission, 2003; 2006).
From the models of factors influencing consumer behavior in section 2.3, it can be obtained that the Consumer Privacy States Framework states that according to consumers if the consumer is aware of data collection and the consumer is knowledgeable about opt-out practices, it could be stated that privacy exists, therefore NPO went wrong in not giving consumers the idea that privacy exists.
Referring back to the Customer profile model in 2.3.3, influencing factors in consumer behavior online show that if consumers feel more secure on how to control their privacy online they will show a more positive perception about OBA. However on the other side, more control would mean more resistance (Wood & Quinn 2003) . Next to that actual risk is not really experienced but the perception of risk.
Therefore NPO should in the future focus on having their privacy statements accurate and clear and create confidence among website visitors. In the end, the consumers are not specifically worried about their privacy and the detailed information in privacy statements but more on their degree of control, what all 3 models confirm.
In order for consumers not to choose to turn to resistance strategies, influence strategies could be applied. Some of these influence strategies could be considered as manipulative. However on the other side, other influence strategies could increase consumers’ perception of security (Kirmani & Campbell, 2004). The effect of influence strategies is not similar to all individual website visitors. Differences may appear in privacy concerns, consumers ‘trust and their willingness to provide personal information (Milne et al., 2009). Research has shown that non-coercive strategies, such as placing privacy policies on a website, decreases concerns on disclosure of personal information. However on the other side, coercive strategies offering a reward would increase privacy concern and decrease self-disclosure willingness (Andrade et al., 2002). Therefore it is recommended to NPO to adopt a non-coercive strategy to increase trust and willingness to provide personal information.
Referring back to the structural model of Wu et al. (2012) the study came to the conclusion that security ranks highest in concerns of consumers. If the web site owner is aimed at increasing trust among web site visitors, in order for them to provide more personal information they increase their focus on the provision of security and security data along with creating privacy statements or building the website. Therefore again, this strategy shows that NPO should increase attention to the parameter trust in order to increase willingness to provide personal information. This strategy highly correlates with the non-coercive strategy. In the coercive strategy NPO would put too much focus on trying to let customers know about the customization provided which would increase resistance and reduce trust. The non-coercive strategy and (the importance of trust in) the structural model both focus on providing security to increase trust and in turn reach a higher willingness to provide personal information.
The alternative of using cookies could be the application of web bugs. However the application of web bugs is only a short term solution until privacy regulations will change. When privacy regulations will change web bugs would become similar to cookies. Therefore it is recommended that NPO as an example organization should not turn to this strategy.