Personalization vs. Privacy
212
Personalization vs. Privacy Overcoming the Users’ Privacy Concerns in the Indonesian Peer-to-peer Ridesharing Service by. Fauzi Dwi Reza Aditya
Transcript of Personalization vs. Privacy
Personalization vs. PrivacyOvercoming the Users’ Privacy Concerns in the Indonesian
Peer-to-peer Ridesharing Service
by. Fauzi Dwi Reza Aditya
Personalization vs. Privacy
Overcoming the Users’ Privacy Concerns in the Indonesian Peer-to-peer Ridesharing Service
Master thesis submitted to Delft University of Technology
in partial fulfillment of the requirements for the degree of
MASTER OF SCIENCE
in Management of Technology
Faculty of Technology, Policy and Management
by
Fauzi Dwi Reza Aditya
Student number: 4403150
To be defended in public on August 24th 2016
Graduation committee:
Chairperson : Prof.dr.ir. M.F.W.H.A. Janssen, Section ICT
First Supervisor : drs. J. Ubacht, Section ICT
Second Supervisor : Dr. ir. M. Kroesen, Section TLO
Page | i
Acknowledgment
I am indebted my gratitude to all people who helped and supported me in conducting and writing thisthesis.
Firstly, the Indonesian Endowment Fund for Education (LPDP) for providing me study grant for myentire study and research grant particularly for conducting this thesis. Without this opportunity, it isnearly impossible for me to arrive here in Delft and finish this study.
Secondly, my supervisors. I would like to specially thank Drs. Jolien Ubacht as my first supervisor, forher patient in providing me continuous constructive feedbacks in the highest exceptional manner,both to my academic fundamental theories as well as my writing style. My second supervisor, Dr. Ir.Maarten Kroesen for giving his exquisite guidance in designing the quantitative research and statisticalinterpretations as well as providing his critical constructive feedbacks for my overall thesis. And theChairman, Prof.dr.ir. Marijn Janssen for his clear critical comments that elevate my thesis in a higherlevel. I do owe you all thanks for showing your confidence as well as giving me challenge that motivatesme to produce a better thesis. Special thanks I also owe to Dr. Eric Molin for his clear (email) guidanceon the stated choice design and the use of Ngene software, and Shofi Andari, S.Stat, M.Si. for givingher guidance for me to understand how to interpret statistical results better.
Thirdly, Catur Apriono, S.T., M.T., Ph.D, Novi Mardining, and Riezka Rianty for helping me gatheringfirsthand data from the respondents. Without your help, my three weeks’ data collection timeline willbe hard to finish.
Fourthly, my fellow students in university, Reni, Erwanda, Buse, Adiska + Bagas, Rosa, Fitri, Revi, Kevin,Lusi M, Lusi P + Ilman, Riska, Aarun, Deep, Bill, Esme, and any other students who cannot be mentionedhere, thank you for the lunch talks that keep me sane for the last 6 months. Without any one of you,my thesis life will be very boring and monotonous.
Fifthly, my Mom who always gives me support and ear to listen to my outpouring talks. Even thoughnot many comments are coming out from you, you always help me in a very mysterious way.
And finally, my dear wife, Guninta, for always supporting me in my ups-and-downs, and always bepatient waiting me home. Thanks for giving me opportunity to push myself forward, from my comfortzone to the edge of my capacity, so I become a better person now. I surely will be indebted to you forthe rest of my life.
Fauzi Dwi Reza Aditya
Delft
Page | ii
Forewords
Curiosity can kill a cat.
It all started when I spent my last summer holiday back in Indonesia. I saw a lot of Ojek online drivers
(with various branding jackets) were roaming in every main street in Jakarta, with a very cheap riding
fee (at that moment the users only needed to pay IDR 10.000 ≈ €0.67 per ride to anywhere they
want!!). My first curiosity appeared: How can they sustain their profit?
Afterward, I wanted to try to use the service. I was told to register my address, my email address, and
my mobile phone. My second curiosity came to my mind; will my mobile number appear directly in
the driver’s app when he is picking up my order?
Then I started researching the possible privacy violations when using this service. I found a lot of pri-
vacy intrusion in place, especially to female users. When she had finished using the order, sometimes
the driver still contacted her just for chat or any unimportant conversation, which made her felt irri-
tated. From this point, I elevated my curiosities to be a more strategic thinking. I know that there is
personal data involvement in practice, but how to use them to help the company win the market while
minimize the privacy violation?
Therefore, I designed this project with one clear goal in mind: my research results not only have to be
scientific, but also usable and applicable in the real market. It was quite a lot of works, challenges, ups
and downs, stress, and sleepless nights. Even my supervisor told me to be careful with my level of
ambition. Thankfully, I was surrounded by people who are very supportive and care about me.
But satisfaction brings it back.
When my research is finally done, with the findings and the conclusion can be applicable right away, I
am very relieved. I am very happy with the work I have done.
Nevertheless, this thesis only makes tiny-yet-significant contribution to the big picture of personaliza-
tion and recommendation system that utilize personal data analytic as the main source of value adding
factor. It only focuses on the ethical consideration in respect to the use of personal data and neither
explains anything about the design of the recommendation system nor the technical part of the data
analytic. But yet, this small contribution will help the company that wants to play in this area to design
and market their value sensitive system and avoid rejection once the product is in the market. Be-
cause, it provides insight not only on the theoretical explanation of privacy decision making, but also
several practical matters related to the users’ privacy that can be applied directly in the business set-
ting.
I do hope you enjoy reading my thesis...!!
Page | iii
List of Acronyms
CFIP Concerns for internet privacy
DSP Data service providers
GLU General level of Utility
GRL Government regulation and legislation
ICT Information and communication technology
IPPR Individual privacy protection responses
ISP Individual self-protection
ISR Industry self-regulation
IUIPC Internet users' individual privacy concerns
LBS Location-based services
PBA Privacy of behavior and action
PbD Privacy by Design
PDI Privacy of data and image
PLS Privacy of location and space
RSP Ridesharing service provider
SD Standard deviation
WTA Willingness to accept
WTD Willingness to disclose
Page | iv
This page is intentionally left blank
Page | v
Executive Summary
The ubiquity of smartphone, internet, and positioning system, that build the so-called peer-to-peer
(P2P) ridesharing service, have transformed the transportation industry. With the digital platform as
its technology backbone, the P2P ridesharing service has created a tremendous disruptive potential
to the existing traditional taxi business (Lacy & Rutqvist, 2015). Furthermore, with the help of the
digital platform’s loosely coupled potential, the P2P ridesharing company has the opportunity to ex-
pand and develop further its service by inviting other adjacent actors and partners to collaborate in
its business ecosystem. Together, they generate a multisided ecosystem.
Additionally, the recent information and communication technology (ICT) development - especially in
the tracking technology - has made the personal data capture becomes easily conducted. Indeed, the
customers’ personal data will also be valuable for the P2P ridesharing company to innovate its services
and create additional values both for the customers as well as to the company itself. One example of
the innovations is by offering personalization to its customers. However, to offer personalization, the
company will need more sensitive personal information disclosure from its customers, which will ele-
vate their privacy concerns.
The privacy, which has become a concern since computers began to be used in public service (Dutta
et al., 2011), is known to be the main impeding factor of company to offer personalization to its cus-
tomers (Chellappa & Sin, 2005; Xu et al., 2011). Consequently, the P2P ridesharing service company
needs to find a way to innovate its services which take advantage of the customers’ personal data
while making them acceptable to its customers in respect to their privacy disclosure. Therefore, the
research objective of this study is: To make recommendations to the peer-to-peer ridesharing platform
provider in the effort of mitigating the privacy disclosure issue, by investigating the general model of
privacy mitigation strategy, segmenting the users according to their preferred mitigation strategy, and
matching the mitigation strategy to segmentations of users with respect to the view of privacy as a
right as well as an interest.
The aforementioned objective is achieved by answering the following research question:
RQ: In the view of privacy as both right and interest, what strategy fits to certain segments of
users in the effort of mitigating the users’ privacy concern in the context of Indonesian peer-to-
peer ridesharing service?
1.1 Domain of study: Indonesian P2P ridesharing service The concept of P2P ridesharing services is a derivative of the collaborative consumption concept im-
plemented in transportation sector. It emerges because of several positive claims, such as: (1) it can
grow entrepreneurial mindset of society by exploiting the previously idle assets as additional income
(Sundararajan, 2014); (2) it can also grow the consumption since the customers do not need to pur-
chase and own the asset to enjoy the benefit of an asset (Sundararajan, 2014); (3) it can also increase
the productivity of idle assets (Sundararajan, 2014); and (4) it can eliminate the moral hazard by using
social-media-type of review system (Thierer, Koopman, Hobson, et al., 2015). Yet, this concept also
has several negative claims, such as: violation of zoning law (Malhotra & Van Alstyne, 2014), promotes
invisible workers (Sundararajan, 2014), and creates a rebound effect in the society (Schor, 2014).
Page | vi
In the Indonesian market, the most well-known P2P ridesharing service is in the form of P2P motorcy-
cle taxi service, or famously known as Ojek online. Likewise, the Indonesian P2P ridesharing companies
also utilize digital platform as their backbone. Furthermore, they have also expanded their business
ecosystem to the adjacent actors, which enable them to offer not only a basic ridesharing service, but
also other innovated services, such as: restaurant delivery service, online shopping, courier service,
and any other services that may use a motorcycle as the logistic means.
Furthermore, with the expanded business ecosystem, the P2P ridesharing companies have the oppor-
tunity to offer personalization services as additional values to its users. This personalization, however,
will require personal data disclosure from its users, not only the basic personal data (such as: name,
telephone number, pickup and drop-off location), but also more sensitive data (such as: behavioral
information, traveling pattern, and spending pattern). Consequently, as the ecosystem becomes com-
plex, the users’ privacy concerns will be elevated and need to be mitigated. Therefore, to mitigate
their privacy concerns, we need also to study the users’ rationale in disclosing personal information
before offering a focused privacy mitigation strategy to them.
1.2 Theoretical framework: The privacy and privacy decision making the-
ory Privacy is traditionally seen as one of fundamental rights (Assembly, 1948; Europe, 1950). However,
the recent technology developments have made the users start to see privacy as an interest that can
be traded for certain benefits (Clarke, 2013). Furthermore, privacy can be categorized into several
dimensions, whereas the fit categorization of privacy in respect to the recent technology develop-
ments follows the Finn et al. (2013) privacy categorization, which are: Privacy of the person, Privacy
of behavior and action, Privacy of communication, Privacy of data and image, Privacy of thought
and feeling, Privacy of location and space, Privacy of association (including group privacy).
In accordance to our context of study, the involved privacy categories in the P2P ridesharing and per-
sonalization service are: the privacy of location and space (PLS), which is associated by the pickup and
drop-off location disclosure when using the ridesharing service; the privacy of behavior and action
(PBA), which is related to the traveling and buying pattern of users recorded by the company to offer
personalization; and the privacy of data and image (PDI), which is operationalized by the acceptance
of receiving advertisement from other parties.
The users’ rationale in disclosing personal information is commonly evaluated by using the privacy
calculus theory. The privacy calculus theory bases the analysis on the cost-benefit calculation of users
before deciding to disclose their personal data. The cost part of the analysis is represented by the
privacy concerns that the users have, whereas the benefit part of the analysis is described by the
potential benefits that the user may get in return to the disclosed personal information, in which they
only disclose their privacy if the benefits they may get outweigh the privacy they need to disclose. We
use two constructs to measure the privacy concerns, i.e., the internet user individual privacy concern
(IUIPC) (Malhotra et al., 2004) and the concern for internet privacy (CFIP) (Smith et al., 1996). Alto-
gether, they fit perfectly to the mainstream privacy frameworks (such as: APEC (2005) and OECD
(2013c)).
However, letting the privacy calculus theory alone to study the privacy disclosure rationale is not suf-
ficient as it has several critics (mainly because this theory bases the analysis on the cost-benefit anal-
ysis approach that unable to include the uncertainty factors), such as: (1) the assumption of all users
are utilitarian actors who have perfect foresight, especially to the risks and harms of disclosing per-
sonal information, is ill-advised (Acquisti & Grossklags, 2005); (2) disability of the theory to evaluate a
complex product or service with intertwined privacy concerns and (immaterial) benefits (Rohunen et
Page | vii
al., 2014); and (3) failure to incorporate the users’ psychological factors in making the calculation of
costs and benefits (Acquisti et al., 2009).
Based on those aforementioned critics to the privacy calculus theory, we develop our privacy decision
making conceptual framework by combining the utilitarian view of privacy as well as the right view of
privacy. To incorporate the right view of privacy, we develop our model by involving privacy right
assurance approaches in the users’ privacy disclosure rationale as complements to the privacy calculus
theory. The privacy assurance approaches are developed by exercising the control mechanism of pri-
vacy, in which the control mechanism can be divided into two parts, i.e., active approach and passive
approach (Xu et al., 2012). The active control approach can be done by performing individual self-
protection (Son & Kim, 2008), whereas the passive control is applied by using industry self-regulation
and government regulation and legislation (Xu et al., 2012).
1.3 Research design and Findings In order to answer the research question, we present a survey questionnaire that consists of two parts
of survey, i.e., the exploratory part and the experimental part, to 265 Indonesian respondents. We use
stratified sampling strategy to target the Jakarta population who are the current users and/or aware
of the P2P ridesharing service concept.
We conduct three analyses in this thesis. Firstly, the multiple regression analysis to investigate the
influential constructs from our previously developed theory in the effort of increasing personal infor-
mation disclosure. Our findings suggest that the users’ personal information disclosure is mainly
driven by the availability of tangible benefits offered by the company. This incentive has been the
most dominant variable in predicting the users’ personal information disclosure consistently across
our segregated cases based on their demographic properties. Additionally, the availability of govern-
ment regulation and legislation will also become a catalyst in the event of disclosing personal infor-
mation in the general population.
Secondly, to perform a focused effort to target specific market segment, we also conduct cluster anal-
yses in order to make classification of users according to their preferred privacy mitigation strategy.
The classifications will derive the mitigation strategy that need to be prepared by the company in
order to target a specific market segment. We use our previously developed privacy decision making
model construct, i.e., the privacy benefits (tangible and intangible benefit) and privacy assurance ap-
proaches (individual self-protection, industry self-regulation, and government regulation and legisla-
tion) as the variable properties to form a cluster.
Our findings suggest that the total solution seeker (group of people who want all type of privacy
mitigation strategy) has been the dominant cluster formed in population. Furthermore, the average
size of the privacy right assurance dominant strategy is formed bigger than the utilitarian dominant
strategy. This suggests that more people are willing to have their privacy “assured” only than to be
“bought” only. Additionally, our findings conclude that there is no weak utilitarian cluster and weak
privacy right seeker cluster, which suggests that no one wants only one type of strategy only is applied
to increase the willingness to disclose personal information. Moreover, the findings also conclude that
there is no indifferent group formed, which suggests that everyone in the population wants their pri-
vacy concerns are mitigated before disclosing his/her personal information.
Finally, to measure the buy-off (or willingness to accept – WTA) value of privacy as well as to rank the
importance level of all privacy types involved in our context of study, we develop an experimental
analysis by using conjoint analysis. We present a new hypothetical personalization service of using P2P
ridesharing service to our respondents to draw the contextual setting of the study. The personalization
Page | viii
service is developed by using PLS (pickup and drop-off information disclosure), PBA (traveling and
buying pattern disclosure), and PDI (acceptance to receive additional advertisement from 3rd party
company) variables as the main attributes. Furthermore, as the aim of the analysis to measure the
buy-off value of privacy, a monetary variable is introduced in the analysis in the form of expected
monetary saving.
Our conjoint analysis findings suggest that the most expensive privacy type is the PBA, which valued
(on average) at IDR 133K (≈ €9.2) per month. The next valuable privacy type is PDI, which valued at
(on average) IDR 29K (≈ €2) per month. However, our study cannot derive the value of PLS as this
privacy type intertwined with the basic requirement of providing ridesharing service, i.e., the pickup
and drop-off location disclosure. Nevertheless, our study concludes that PLS can be bought by using
the usefulness of the (basic) service only without giving any other tangible benefits to the data sub-
jects.
Our thesis suggests that contradictory behavior of users is found, although their level of privacy con-
cerns is high, they do not mind to disclose their privacy to the data acquirer company, regardless the
availability of any protection measures performed by the company. Additionally, their negative privacy
experience also does not influence the willingness to disclose personal data. Nevertheless, our find-
ings suggest that respondents wish to have the privacy assurance as the default condition rather than
as means to increase their willingness to disclose personal data. Also, our findings suggest that per-
sonalization is found to be the least expected benefits from disclosing privacy, but yet still significantly
high.
In addition to the aforementioned findings, the study also suggests that the most significant predictor
to predict the successfulness of the personalization service is the expected monetary saving gener-
ated by the service. The importance of the monetary saving is found higher than any type of privacy
disclosure. Furthermore, our findings also suggest that not all users can be the target of personaliza-
tion service. The sum of utility value of personalization service is not calculated positively by the high-
salaried population, the elderly population, and the high self-efficacy population; whereas the most
ideal targets for the personalization service are people in the low-salaried population and the young
population who produce the highest utility value of personalization among the others.
1.4 Contributions, limitations, and future research recommendations This thesis contributes to several scientific and business recommendations to the privacy scholars and
business decision makers as follows:
Assuring privacy right is not an option, but a mandatory condition,
Privacy should be defined in multidimensional contexts rather than unidimensional,
Contextual setting highly influences the perception of privacy,
Not everyone can be the target for personalization service,
Data subjects value different forms of privacy differently,
Be aware of the risk of storing and using personal data as more users incline to perform indi-
vidual self-protection that can be propagated to their peers,
Since the privacy assurance approaches are wished as the default condition, the company
should prepare the implementation of advance privacy enhancing technology,
Urge the regulator to create an adequate privacy protection law.
However, this thesis is written bound to several limitations, which are: firstly, limitation related to the
target population selection, in which we limit our respondents to people who are familiar with the
Page | ix
P2P ridesharing only. Secondly, the sampling method used is stratified sampling based on Jakarta pop-
ulation which may produce different results if implemented in other cities/countries. Finally, the lim-
itation related to the data collection method, in which we use a utilitarian type of incentive as the
invitation which may bias to the people who have a high utilitarian mindset.
The future research recommendations that can be performed by future scholars are related to the
improvement of this thesis by answering the aforementioned limitations. However, we also strongly
suggest the privacy scholars to develop the expansion of this study, such as: design science research
to further develop this thesis to be more applicable in market and conduct innovative study to quantify
other types of privacy.
Page | x
This page is intentionally left blank
Page | xi
Table of Contents
Acknowledgment ..................................................................................................................................... i
Forewords ............................................................................................................................................... ii
List of Acronyms ..................................................................................................................................... iii
Executive Summary ................................................................................................................................. v
1.1 Domain of study: Indonesian P2P ridesharing service ............................................................ v
1.2 Theoretical framework: The privacy and privacy decision making theory ............................ vi
1.3 Research design and Findings ............................................................................................... vii
1.4 Contributions, limitations, and future research recommendations .................................... viii
Table of Contents ................................................................................................................................... xi
List of Figures ........................................................................................................................................ xv
List of Tables .........................................................................................................................................xvi
List of Textboxes ................................................................................................................................. xviii
1 Introduction .................................................................................................................................... 1
1.1 Problem Identification ............................................................................................................ 1
1.2 Research Objective ................................................................................................................. 4
1.3 Research Question .................................................................................................................. 4
1.5 Research Strategy ................................................................................................................... 6
1.6 Report Structure ................................................................................................................... 10
2 Domain definition: Indonesian peer-to-peer ridesharing service ................................................ 11
2.1 Collaborative consumption: definition and concept ............................................................ 12
2.1.1 Claims of collaborative consumption ............................................................................ 14
2.1.2 The role of ICT in collaborative consumption ............................................................... 14
2.2 Ridesharing ........................................................................................................................... 17
2.2.1 Motivation to participate in the ridesharing ................................................................ 18
2.3 The ridesharing ecosystem ................................................................................................... 19
2.4 Ridesharing ecosystem in Indonesia: Two cases of Ojek Online .......................................... 23
2.4.1 Gojek ............................................................................................................................. 24
2.4.2 GrabBike ........................................................................................................................ 28
2.5 Conclusion ............................................................................................................................. 31
2.6 Discussion .............................................................................................................................. 32
Page | xii
3 Theoretical Framework: The privacy and Privacy decision making theory .................................. 35
3.1 What is Privacy? .................................................................................................................... 36
3.1.1 Privacy as a right ........................................................................................................... 37
3.1.2 Privacy as an interest .................................................................................................... 41
3.2 Categorization of privacy ...................................................................................................... 42
3.2.1 Privacy in peer-to-peer ridesharing service .................................................................. 43
3.3 Privacy decision making theory ............................................................................................ 43
3.3.1 The privacy calculus ...................................................................................................... 43
3.3.2 Beyond the privacy calculus .......................................................................................... 51
3.4 Hypotheses development ..................................................................................................... 54
3.5 Preparing the implementation of privacy mitigation strategies ........................................... 57
3.6 Personal data valuation ........................................................................................................ 59
3.6.1 Market perspective ....................................................................................................... 59
3.6.2 Individual perspective ................................................................................................... 60
3.7 Conclusion ............................................................................................................................. 61
4 Survey design ................................................................................................................................ 65
4.1 Sampling strategy and data collection method .................................................................... 66
4.2 Explorative and predictive assessment ................................................................................. 67
4.2.1 Survey questionnaire and instruments development .................................................. 68
4.2.2 Data cleansing and preparation .................................................................................... 74
4.3 Conjoint assessment of the privacy buy-off value ................................................................ 79
4.3.1 Contextual setting: personalization service in peer-to-peer ridesharing service ......... 80
4.3.2 Personal data disclosure definition and attribute selection ......................................... 81
4.3.3 Choice set design .......................................................................................................... 83
4.3.4 Questionnaire design and development ....................................................................... 84
4.3.5 Data processing and analysis ........................................................................................ 84
5 Survey Results, Data Analyses, and Discussion ............................................................................. 87
5.1 Descriptive Statistics ............................................................................................................. 88
5.1.1 Willingness to disclose (WTD) ....................................................................................... 88
5.1.2 Privacy concerns ........................................................................................................... 88
5.1.3 Privacy benefits ............................................................................................................. 89
5.1.4 Privacy assurance approaches ...................................................................................... 89
5.2 Multiple Regression Analysis ................................................................................................ 91
5.2.1 Generic multiple regression analysis ............................................................................ 91
5.2.2 Consistency test based on demographic variables ....................................................... 93
5.2.3 Conclusion ..................................................................................................................... 99
Page | xiii
5.3 Cluster Analysis ................................................................................................................... 101
5.3.1 Generic cluster analysis............................................................................................... 101
5.3.2 Cluster analysis to the segregated data based on demographic variables ................. 103
5.3.3 Conclusion ................................................................................................................... 105
5.4 Conjoint Analysis ................................................................................................................. 105
5.4.1 Generic estimated coefficient ..................................................................................... 106
5.4.2 Estimation to the segregation data based on demographic variables ....................... 109
5.4.3 Estimation to segregated data based on initial perception of WTD, privacy concerns,
and the privacy mitigation construct .......................................................................................... 111
5.4.4 Conclusion ................................................................................................................... 113
5.5 Discussion ............................................................................................................................ 115
6 Concluding chapter ..................................................................................................................... 121
6.1 Conclusion ........................................................................................................................... 121
6.2 Contributions ...................................................................................................................... 127
6.2.1 Academic contribution ................................................................................................ 127
6.2.2 Societal implication and managerial recommendation .............................................. 127
6.3 Limitations........................................................................................................................... 129
6.4 Future research recommendations .................................................................................... 130
7 Critical reflections ....................................................................................................................... 133
References .......................................................................................................................................... 137
Appendixes .......................................................................................................................................... 147
Appendix 2.1. Digital platform categorization ................................................................................ 147
Appendix 4.1. Survey Questionnaire .............................................................................................. 149
Appendix 4.2. Respondents’ demography ...................................................................................... 150
Appendix 4.3 Normality and homoscedasticity test ....................................................................... 152
Standardized Residual total case ................................................................................................ 152
Standardized Residual gender split ............................................................................................. 153
Standardized Residual salary split ............................................................................................... 154
Standardized Residual previous privacy experience split ........................................................... 155
Standardized Residual education split ........................................................................................ 156
Standardized Residual age split .................................................................................................. 157
Standardized Residual self-efficacy split ..................................................................................... 158
Appendix 4.4 Linearity test ............................................................................................................. 159
Appendix 4.5 Factor Analysis .......................................................................................................... 160
Willingness to disclose = FAC_WTD ............................................................................................ 160
Privacy concerns = FAC_IUIPC & FAC_CFIP ................................................................................. 163
Page | xiv
Tangible Benefits = FAC_TANG_BEN ........................................................................................... 166
Intangible Benefits = FAC_INTANG_BEN .................................................................................... 167
Individual self-protection = FAC_IPPR......................................................................................... 168
Industry self-regulation = FAC_ISR .............................................................................................. 174
Appendix 4.6. Correlation matrix .................................................................................................... 177
Appendix 4.7. A more detailed explanation about Conjoint Analysis ............................................ 178
Appendix 4.8. Choice sets configuration ........................................................................................ 179
Appendix 5.1 Multiple regression analysis of IUIPC and CFIP......................................................... 180
IUIPC ............................................................................................................................................ 180
CFIP ............................................................................................................................................. 182
Appendix 5.2 Cluster properties of data segregated based on demographic variables ................. 184
Appendix 5.3 Mean difference of the WTD vs. demographic Variables ......................................... 187
wtd vs. self-efficacy ..................................................................................................................... 187
wtd vs. previous experience ....................................................................................................... 187
wtd vs. education ........................................................................................................................ 187
wtd vs. salary ............................................................................................................................... 188
wtd vs. age .................................................................................................................................. 188
wtd vs. dsex ................................................................................................................................. 189
Page | xv
List of Figures
Figure 1.1. Research approach................................................................................................................ 9
Figure 2.1. Ecosystem of ridesharing platform overview ..................................................................... 21
Figure 2.2. Ridesharing value network ................................................................................................. 22
Figure 2.3. Gojek application's main page ............................................................................................ 25
Figure 2.4. Actors' relationship with Gojek platform ............................................................................ 27
Figure 2.5. Gojek value network ........................................................................................................... 27
Figure 2.6. Grab application main page (GrabBike page) ..................................................................... 29
Figure 2.7. Grab ecosystem .................................................................................................................. 30
Figure 2.8. Grab value network ............................................................................................................ 30
Figure 3.1. Summary of privacy mitigation strategy ............................................................................. 54
Figure 3.2. Conceptual model of Privacy decision making ................................................................... 57
Figure 4.1. Respondents’ demography dispersion ............................................................................... 75
Figure 4.2. Ngene syntax ....................................................................................................................... 83
Figure 4.3. Biogeme syntax ................................................................................................................... 85
Figure 5.1. Final cluster properties ..................................................................................................... 102
Figure 5.2. Groups’ potential market share ........................................................................................ 103
Figure 5.3. Graphical presentation of the estimated coefficients ...................................................... 107
Figure 5.4. Graphical presentation of privacy buy-off value to the segregated data based on control
variables .............................................................................................................................................. 114
Figure 5.5. Graphical presentation of privacy buy-off value to the segregated data based on privacy
mitigation strategies ........................................................................................................................... 114
Page | xvi
List of Tables
Table 1.1. Research Strategy and its deliverable(s) ................................................................................ 8
Table 1.2. Chapters overview................................................................................................................ 10
Table 2.1. Ridesharing topology............................................................................................................ 18
Table 3.1. Summary of the privacy conception .................................................................................... 37
Table 3.2. Privacy concern mapping ..................................................................................................... 46
Table 3.3. Previous studies of privacy mitigation efforts ..................................................................... 49
Table 3.4. Privacy assurance approach (Xu et al., 2012)....................................................................... 53
Table 3.5. Cluster profiling .................................................................................................................... 59
Table 3.6. Table of hypotheses ............................................................................................................. 63
Table 4.1. Stratified Sampling of Jakarta Population ............................................................................ 66
Table 4.2. Privacy concerns construct definition .................................................................................. 68
Table 4.3. Privacy concerns operationalization .................................................................................... 69
Table 4.4. Final instruments used to measure privacy concerns. ......................................................... 70
Table 4.5. Privacy benefits operationalization ...................................................................................... 71
Table 4.6. Privacy assurance approaches instruments ......................................................................... 72
Table 4.7. Willingness to disclose personal data instruments .............................................................. 72
Table 4.8. Variables and coding summary ............................................................................................ 73
Table 4.9. Respondents’ comparison to the population ....................................................................... 75
Table 4.10. Factor analysis results and the corresponding variables ................................................... 77
Table 4.11. Number of cases in each segregation based on demographic variables ........................... 79
Table 4.12. Privacy type operationalization attributes ......................................................................... 82
Table 4.13. Attribute dummy coding .................................................................................................... 82
Table 4.14. Attribute effect coding ....................................................................................................... 82
Table 5.1. Willingness to disclose descriptive statistic ......................................................................... 88
Table 5.2. Privacy concerns descriptive statistic ................................................................................... 89
Table 5.3. Descriptive statistic of privacy benefits ............................................................................... 89
Table 5.4. Descriptive statistic of Individual self-protection ................................................................ 90
Table 5.5. Descriptive statistic of Industry self-regulation ................................................................... 90
Table 5.6. Descriptive statistic of Government regulation and legislation ........................................... 91
Table 5.7. Correlation test of variables ................................................................................................. 91
Table 5.8. Multiple regression analysis output ..................................................................................... 92
Table 5.9. IUIPC and CFIP multiple regression outputs ........................................................................ 93
Table 5.10. Multiple regression output based on gender segregation ................................................ 94
Table 5.11. Multiple regression output based on salary segregation .................................................. 94
Table 5.12. Multiple regression output based on privacy experience segregation .............................. 95
Table 5.13. Multiple regression output based on education level segregation ................................... 96
Table 5.14. Multiple regression output based on age level segregation .............................................. 96
Table 5.15. Multiple regression output based on self-efficacy level segregation ................................ 97
Table 5.16. Multiple regression analyses summary .............................................................................. 98
Table 5.17. Hypotheses testing summary ........................................................................................... 100
Table 5.18. Potential market size ........................................................................................................ 104
Page | xvii
Table 5.19. Estimated coefficients for generic model ........................................................................ 107
Table 5.20. Recoded coefficients and the calculation of the importance .......................................... 108
Table 5.21. Buy-off value of each privacy type ................................................................................... 109
Table 5.22. Coefficient estimation based on demographic variables segregations ........................... 110
Table 5.23. Buy-off value of privacy based on control variables segregations ................................... 110
Table 5.24. Coefficient estimations based on privacy constructs segregations ................................. 112
Table 5.25. Buy-off value of privacy based on privacy constructs segregations ................................ 112
Table 5.26. Research strategic summary ............................................................................................ 118
Table 6.27. Recommendations for company related to privacy concerns mitigation strategy.......... 126
Table Ap.2.7.1. Platform categorization based on control over users and providers (Walravens &
Ballon, 2009) ....................................................................................................................................... 147
Table Ap.2.7.2. Platform categorization based on asset distribution (Hill & Wellman, 2011) ........... 148
Page | xviii
List of Textboxes
Textbox 2.1. ZipCar ............................................................................................................................... 16
Textbox 2.2. Lyft .................................................................................................................................... 16
Textbox 2.3. Uber .................................................................................................................................. 17
Textbox 2.4. Ridesharing illustration .................................................................................................... 19
Textbox 2.5. Ojek online ....................................................................................................................... 23
Textbox 4.1. Ojek online personalization use-case ............................................................................... 81
Page | 1
1 Introduction1
1.1 Problem Identification Nowadays, the concept of ridesharing services has been frequently discussed. Online community and
ubiquity of data connection make ridesharing concept becomes more prevailing in the recent years
(Botsman & Rogers, 2011). One of the valid reasons could be: a company that plays in this field can
have a disruptive potential to the existing business without owning a big number of asset, and relies
on the technology instead (Jenk, 2015; Laurell & Sandström, 2016; Riemer et al., 2015). Take a look at
Uber for example. Uber, the largest transportation network company, has been valued $62.5 billion
and makes this company regarded as the most valuable private startup which disrupts traditional taxi
service (Laurell & Sandström, 2016; Shah, 2015). Yet, this company does not have (even a single) trans-
portation vehicle to deliver its service to their customers. Instead of calling itself as a transportation
company, Uber claims itself as a technology company that helps users and drivers to meet and transact
(Uber.com, 2016b).
Information and communication technology (ICT) has a big role in these ridesharing services. ICT can
minimize (if not remove) the transaction costs (e.g., information and searching cost, middleman cost,
advertising cost, and barrier to entry) in the value exchange process (Botsman & Rogers, 2011). More-
over, ICT can also become the main source of innovation to offer additional values, both for the cus-
tomers and the ridesharing company. The popular examples of technology use in ridesharing service
are the use of digital platform, which acts as the mediator that connects the users and the drivers in
the peer-to-peer type of ridesharing, and the positioning technology to locate the users and the driv-
ers.
Moreover, the emergence of smartphones and its context aware apps has supported the concept to
become massively approachable (Böckmann, 2013; Nadler, 2014). Supported by the rise of mobile
payment2, which takes its part to increase the convenience when making a payment, they have further
developed and strengthened the ridesharing service concept. With the help of mobile payment, ubiq-
uity of smartphone, and positioning service, the digital platform can amplify the disruptive potential
of the ridesharing business model innovation (Lacy & Rutqvist, 2015).
Those phenomena motivate several business actors to build their own ridesharing platform
(Böckmann, 2013), not only in developed market, but also in emerging markets. Indonesian market
for example. With numerous potential customers, Indonesian market is a very attractive place to put
an investment (captured by the 18.1% growth of Q3-2015 Foreign Direct Investment in Indonesia)
(indonesia-investment, 2015; tradingeconomics, 2016). In this country, the most well-known imple-
mentation of ridesharing is in the form of peer-to-peer ridesharing. In this form, the mobile app is
1 A big part of this chapter 1 was developed during preparation for master thesis course as a master thesis proposal 2 The number of commerce transactions from mobile devices has increased rapidly. For example: in the US market, the CAGR revenue share of commerce transaction via mobile phone is reaching 11% (statistica.com, 2015b), whereas more than 27% of global online transactions are coming from mobile devices. The number of global mobile transactions is pro-jected to grow to 28% - 32% in the upcoming years (adyen.com, 2015; Statistica.com, 2015a).
Page | 2
used as the ridesharing marketplace and the company behind the app does not own any vehicle as its
main assets. As of 2016, 37 Peer-to-peer motorcycle ridesharing providers are established in the mar-
ket (fantasticblue, 2016), excluding the car-sharing services; which will indeed make the competition
becomes malignant. Therefore, the platform owners have to innovate creatively to defend and grow
their market share in order to sustain their profit.
To innovate, the platform owners can choose not to benefit directly from the primary value exchange
process. Instead, they can innovate their business model in the workaround by expanding the ecosys-
tem to the adjacent actors and capturing the users’ behavioral data as their assets and presenting
them as a value adding factor in the ecosystem. For example: by using this data, combined with the
product/service offering from the adjacent actors in the ecosystem, they can offer personalized push
recommendation to the users by analyzing the data (common correlational data cross-matched with
the user behavior data) and trace it back to the user. However, this value offering process is also pre-
carious, because failing to meet the accurate personalization requirement will have dire and risky con-
sequences; for example, it will make the users ignore the future communication from the company
and even unsubscribe from the service completely (Gigya, 2015). Hence, the personal information
collection and data processing becomes very critical in the business process.
Managerial and Societal Problem
When it comes to the personal information and personal data processing, the company needs to com-
ply to (at least the fundamental) personal data protection practice (such as: OECD (2013b) and APEC
(2005)); for example, it needs to completely explain what kind of personal data collection activities
are in place. This activity is critical to minimize any information asymmetry (especially between the
data subjects and the company) that might happen later in the process, which may lead to unsustain
business practice (Hughes et al., 2008). However, at the same time, this activity might also elevate the
users’ privacy concerns as the users now gain more understanding on what, what for, and to whom
the data will be used and transferred.
The high level of privacy concerns is known to become one of the impeding factors in implementing
the personalization (Chellappa & Sin, 2005). Moreover, as the personalization requires submissions of
more sensitive personal information, it would further amplify the users’ privacy concerns level3
(Bansal & Gefen, 2010). Also, because of this reason, many users chose to submit their personal infor-
mation anonymously to the provider (Gruteser & Grunwald, 2003), thus will create another difficulty
for the company to deliver the personalization service.
This complication creates a dilemma for the company. On the one hand, the company needs more
sensitive personal information disclosure from the users to offer personalization. On the other hand,
the users have the right to reject any information disclosure because of their substantial privacy con-
cerns. Therefore, the company needs to ensure the privacy protection practice by applying privacy by
design and/or implementing sufficient privacy enhancing technologies prior to personal data acquisi-
tion activity (Goldberg et al., 1997; Van Audenhove et al., 2011). This activity is critically important to
increase the data security as well as minimize any loss for the company caused by personal data leak-
age.
3 Research concludes that more than 90% of customers say that they are concerned about their privacy and how companies will use their data (Gigya, 2015). A survey by Orange concludes that 78% of respondents are experiencing a difficulty to trust the company when it comes to use of their personal data (Orange, 2014).
Page | 3
Furthermore, as many laws forbid any personal data collection without the users consent (written
and/or electronically) (MCIT, 2015; Wulansari & Hakim, 2015), the company cannot “harvest” the us-
ers’ personal data directly without having the users’ consent. Therefore, “persuasion” to users to give
their consent also becomes critical in the process.
From the above mentioned challenges, the managerial and societal problem that might appear when
implementing this opportunity is the difficulty to minimize information asymmetry between company
and its customers while at the same time avoid rejections by the customers from disclosing their per-
sonal information. Hence, the platform owners have to find solutions on extending their services on
the basis of the personal data analytics while making them acceptable to the users in the aspect of
disclosure of more sensitive personal information.
Scientific Problem and Knowledge Gap
In the scientific setting, privacy is initially understood as a right since it is mentioned in the universal
declaration of human right (Assembly, 1948). However, the recent technological and economic devel-
opment have opened another view of privacy as an interest that can be traded in order to receive
additional benefits (Clarke, 2013). Therefore, it is important to ensure the users’ right of privacy as
well as provide adequate benefits in order to mitigate the users’ privacy concerns in the process of
personal data acquisition.
With regard to both aforementioned views, many previous studies have concluded that the organiza-
tion can mitigate the privacy concern by applying two methods, i.e., (1) offering an adequate privacy
policy to the customer regarding the use and handling of their personal information to ensure their
privacy right, and/or (2) offering both tangible and intangible benefits to the customer (Hann et al.,
2007). The effort of offering a privacy policy can be done properly by implementing a privacy frame-
work in the organization, which is available and structured in some levels (for example: Privacy by
Design (PbD) (Cavoukian & Jonas, 2012; Van Audenhove et al., 2011) or Privacy Framework such as
(OECD, 2013c) & (APEC, 2005)). On the contrary, offering both tangible and intangible benefits will be
strongly reliant to the context of where the personal data capture is taking place (Acquisti et al., 2009;
Acquisti, Taylor, et al., 2015; Roosendaal et al., 2014).
In respect to the context of our study in the peer-to-peer ridesharing, there is no “silver bullet” proven
to be the effective measure to mitigate the users’ privacy concerns. Even though studies about privacy
concern mitigation efforts are found in various applications; such as: e-commerce industry (Dinev &
Hart, 2006; Li et al., 2010), social network (Sun et al., 2015), multi-modal transportation (Moussa et
al., 2013), location based services (Ahmed & Ho, 2011; Xu et al., 2011; Xu et al., 2009), pay-as-you-go
travel insurance (Derikx, 2014), mobile apps (Keith et al., 2013; Liu et al., 2014; Morosan & DeFranco,
2015), and e-health services (Lee & Kwon, 2015); little we know whether we can combine those miti-
gation efforts to the context of peer-to-peer ridesharing transportation.
Furthermore, to mitigate the privacy concern by offering both privacy right assurance and privacy
benefits, the companies have to be careful in planning, as offering all right assurance and all benefits
to all customer en masse may require a lot of investment. Hence, a focused and targeted measurable
effort should be performed to address specific segment of market. Consequently, segmentations of
customers and valuation of their privacy may be needed before deciding the privacy concern mitiga-
tion strategy.
Moreover, with respect to the newly emerged privacy perception as an interest, the mitigation effort
is further complicated by the absence of knowledge about the users’ willingness to accept (WTA) value
Page | 4
of their privacy in order to offer privacy benefits, specifically in the ridesharing service context. There-
fore, privacy valuation may be needed to measure the investment effort required to mitigate the us-
ers’ privacy concerns.
As a conclusion, to implement business model innovation to capture the users’ data as the valuable
asset to offer value in the ecosystem, the platform owners might experience difficulty due to the pri-
vacy concerns of the users. Excluding the preventive efforts that can be conducted by the company
(such as: implementing privacy enhancing technology and privacy by design), this thesis focuses on
persuasion effort to the users to disclose their personal information with respect to the view of privacy
as a right as well as an interest. Aligned with the abovementioned background, this research aims to
make recommendations to the peer-to-peer ridesharing platform provider in the effort of mitigating
the users’ privacy disclosure issue. By gaining the knowledge about these mitigation strategies, the
company can better unleash the potential use of personal data analytic for business model innovation
in an ethical and appropriate way without promoting any trade-offs which may lead to unsustainable
business practice.
In this thesis, we try to understand the rationales of the users in disclosing personal information by
studying the privacy decision making theory, including human cost-benefit analysis and privacy assur-
ance approach, in the process of disclosing personal information. By these rationales, we perform
hypotheses testing to understand the influential variables in personal information disclosure in the
context of peer-to-peer ridesharing services. Furthermore, we also classify the users related to its mit-
igation strategy by using a cluster analysis approach. And finally, we measure the monetary value of
relevant types of personal information to quantify the expected investment to implement the recom-
mendation.
1.2 Research Objective From the previous problem identification, the main objective of this research is:
To make recommendations to the peer-to-peer ridesharing platform provider in the effort of mit-
igating the privacy disclosure issue, by investigating the general model of privacy mitigation strat-
egy, segmenting the users according to their preferred mitigation strategy, and matching the mit-
igation strategy to segmentations of users with respect to the view of privacy as a right as well as
an interest.
This thesis will help the platform owner to decide the type of investment toward the mitigating effort
of privacy concern effectively by choosing the class of users that fits to the company’s strategy (e.g.,
the biggest market share or the niche market), especially in Indonesian market.
1.3 Research Question In accordance with the aforementioned research objectives, the main research question is formed as
follows:
RQ: In the view of privacy as both right and interest, what strategy fits to certain segments of
users in the effort of mitigating the users’ privacy concern in the context of Indonesian peer-to-
peer ridesharing service?
To answer the main research question, we need to formulate sub-questions to structure the study.
Firstly, we need to understand the domain of the study; i.e., the peer-to-peer (P2P) ridesharing ser-
vice, especially the trends that exist in Indonesia. By understanding this domain, we can determine
the setting of the study and the complication of offering personalization that utilizes personal data
Page | 5
analytics in P2P ridesharing service. While in the same time, we can also prepare an appropriate strat-
egy to collect the empirical data to test our hypotheses. Therefore, the first sub-question is formed as
follows.
SQ1. What is the peer-to-peer ridesharing service and how is the elaboration of the concept and
its application in the Indonesian market?
Secondly, we need to understand the theoretical framework in the study, i.e., the definition of privacy,
the elaboration and the classification of privacy, and the privacy decision making theory. Also, we need
to understand the constructs that explain this component and how to operationalize these constructs.
Moreover, we would like to understand what the company can do to prepare the implementation of
privacy mitigation strategy as well as the privacy valuation theory in order to measure the effort to
implement the strategy. Consequently, the next sub-question is formed as follows:
SQ2: What is privacy, what are the constructs that build up the privacy decision making theory,
and how can the company prepare the implementation of privacy mitigation strategy?
Thirdly, we want to perform hypotheses testing based on the users in Jakarta about their rationale in
disclosing their personal information, in the context of peer-to-peer ridesharing services. These hy-
potheses testing will help us to understand the general influential variables in peer-to-peer transpor-
tation users’ privacy decision making. Therefore, this following question is formed:
SQ3. To what extent are the privacy decision making constructs influencing the users’ willingness
to disclose their personal information?
Furthermore, we also want to make segmentation of users related to the mitigation effort based on
the privacy decision making constructs accordingly. The segmentation of users will help the platform
owner to do focused and targeted mitigation efforts to increase the privacy disclosure of the specific
customer segment. Therefore, the following sub-question is formed:
SQ 4: How can users be segmented based on the privacy concern mitigation efforts?
However, the segmentation alone will not be enough, because the users may have a uniform percep-
tion toward privacy mitigation efforts. Therefore, there might be a chance that all users want a similar
(or even a same) mitigation strategy. Consequently, as supplementary approach as well as to make
the mitigation efforts become measureable, we also want to understand users’ perceived value of
each personal information, relative to other types of personal information, and the expected tangible
(monetary) value of specific personal information. Furthermore, the personal information valuation
will also be useful to quantify the effort need to be performed by the company to acquire the users’
personal data. Consequently, the following sub-question is formed:
SQ 5: To what extent do the users rank the value of each personal information relative to the
other type of personal information and how much is the buy-off value for each of their personal
data?
As the businesslike outcome, the service provider can harness the information of the user classifica-
tion (from the SQ4), combined with the buy-off value (from the SQ5), to offer the money value benefits
to the specific customer segment that it wants to target as well as to measure the investment needed
to offer the benefit.
Page | 6
1.5 Research Strategy To answer the abovementioned research questions, the research strategy must be formed. Firstly, a
desk research approach is conducted to answer the first sub-question. The knowledge of the ecosys-
tem of the peer-to-peer ridesharing platform is obtained by conducting literature reviews through
case studies about the development of a similar concept, such as: Uber and Lyft. Moreover, the con-
cept of the collaborative consumption and the role of technology to the development of its concept
are also studied to develop this knowledge. Additionally, we also explore the ridesharing business
infrastructure to grasp the general value network and its business ecosystem. Specific to the rideshar-
ing implementation in Indonesian market, in which (to best of our knowledge) there is no scientific
literature available, we develop our literature through studying the Indonesian ridesharing companies’
website as well as online forums that discuss about their business operation.
Secondly, we also perform desk research about the concept of the privacy calculus and its develop-
ment and expansion. We understand there are a lot of studies about privacy, therefore, we will limit
the study to the literature that was published from 2010 onwards to keep the literature still up-to-
date with the development of e-commerce, mobile apps, and location based services. Still, we also
follow a snowball method to avoid the risk of exclusion of important literature from our study. We use
online archives to browse the literature, such as: TU Delft Worldcat Library database and Google
scholar, and use these following keywords: “privacy calculus transportation”, “personalization Pri-
vacy”, “location Based Service Privacy”, “mobile application privacy”, “mobile transaction privacy”,
and “e-commerce privacy”. The outcome of this strategy is the theoretical framework that will be
tested in the next step. We summarize the mitigation efforts of e-commerce, mobile apps, and LBS
applications as a buildup of our model, which will be tested in the next sub-question.
The empirical part of the research (SQ3, SQ4, and SQ5) uses the population of Jakarta as the object of
study. However, we understand that it is almost impossible to access all the population as the object
of study, therefore, we perform a stratified sampling for this research to get the overall image of the
population as well as to increase the generalizability of the research. The population of Jakarta is strat-
ified based on demographic age-ranges.
To answer the third sub-question, we perform hypotheses testing using multiple regression analysis
to the constructs (from SQ2) to investigate the influential variables of the privacy calculus in the pro-
cess of disclosing more sensitive personal information, especially in the context of the Indonesian
market’s peer-to-peer ridesharing service. Both offline and online survey questionnaire are used to
gather the firsthand data from our respondents. The questionnaire is designed by combining the con-
structs of the privacy calculus from the previous research, in which we use likert 7 scale as the rating
mechanism.
Next, to answer the fourth sub-question, the cluster analysis is performed to classify the users based
on their preferred privacy mitigation strategy. The goal of this approach is to find out the most efficient
means to get the maximum amount of personal information data in order to focusing the company’s
effort to perform mitigation strategy. We use a non-hierarchical (K-means) cluster analysis by using
the variables from the privacy mitigation strategies (SQ3) as the cluster properties. We classify the
cluster based on the important variables that appear in this cluster. We expect to have 4-5 clusters to
be classified as the segments of users and analyze the mitigation strategy for each cluster accordingly.
From this clusterization, we also get the information of the segments’ composition to measure the
market share potential of each cluster, and the means to acquire the personal information data from
this segment.
Page | 7
Finally, we carry out an experimental analysis by using a conjoint analysis to investigate how the users
value each type of personal data, relative to other personal data. In this experiment, we introduce the
concept of buy-off value (represented by monetary benefit) to our respondent to measure their will-
ingness-to-accept (WTA) of each privacy type. Presenting the monetary benefit as the buy-off value
serves two main purposes in this experiment, i.e., to provide single uniform measurement to value
privacy and to achieve the practicability of the research outcomes.
In carrying the conjoint analysis, we present a new hypothetical service package to our respondents
in the form of personalization service, that enable the ridesharing users to save their transportation
cost, in return to their privacy disclosure. A set of choices to the users which are varying the disclosure
of: traveling pattern, buying pattern, and receiving advertisement from other companies is presented
to the respondents. Furthermore, the four levels expected monthly transportation saving will also be
presented to measure the buy-off value of those privacy disclosures.
As a conclusion, Table 1.1 summarizes the research sub questions and their deliverables. Also, Figure
1.1 summarizes the research strategy and approach that will be applied in the study.
Page | 8
Table 1.1. Research Strategy and its deliverable(s)
Question Research Strategy
Sources Method for collecting data Deliverable(s)
RQ In the view of privacy as both right and interest, what strategy fits to certain segments of users in the effort of mitigating the users’ privacy con-cern in the context of Indonesian peer-to-peer ridesharing service?
- - The conclusion of the following sub-questions.
The table of user classification and its mitigation strategy to in-crease the personal information disclosure. The table of buy-off value of each type of personal information.
SQ1 What is the peer-to-peer ridesharing service and how is the elaboration of the concept and its ap-plication in the Indonesian market ?
Desk re-search
Documents Literature review on the collabo-rative consumption, especially in the peer-to-peer ridesharing.
Domain Specification.
SQ2 What is privacy, what are the constructs that build up the privacy decision making theory, and how can the company prepare the implementa-tion of privacy mitigation strategy?
Desk re-search
Documents Literature review on the privacy calculus and its development.
Theoretical Framework and the constructs of personal infor-mation disclosure rationale. Hypotheses of the constructs and its relation to the personal infor-mation disclosure.
SQ3 To what extent are the privacy decision making constructs influencing the users’ willingness to disclose their personal information?
Survey Individuals Online questionnaire and hy-potheses testing based on the conceptual framework (from SQ 2). Multiple regression analysis is used to perform the analysis.
The variables and their influential magnitude related to the per-sonal information disclosure ra-tionale.
SQ4 How can users be segmented based on the pri-vacy concern mitigation efforts?
Survey Individuals Online questionnaire and cluster analysis.
Classification of users, based on the perceived influential variables to increase the personal infor-mation disclosure.
SQ 5 To what extent do the users rank the value of each personal information relative to the other type of personal information and how much is the buy-off value for each of their personal in-formation?
Survey Individuals Stated choice conjoint analysis. The data collection will be per-formed at the same time with the survey.
The ranking of privacy and its buy-off value.
Page | 9
Figure 1.1. Research approach
Research Objective and Research Question
Research Framework and conceptual model
Determine number of cluster
Full conceptual framework with magnitude value
Monetary value of specific personal
informationResult
Hypothesis testing Classifying the users
Investigating to what extent the user values
specific personal information
Cluster analysis
Non Hierarchical K-Means analysis
Multiple Regression Conjoint AnalysisResearch Methodology
Preliminary research
SQ3 SQ5
Literature review on Privacy
mitigation effortSQ2
Domain Specification
Literature review on collaborative
consumptionSQ1
SQ4
Page | 10
1.6 Report Structure The rest of the paper is organized as follows. This introductory chapter explains the background, ob-
jective, research questions, and the organization of the paper. Next, the domain specification of peer-
to-peer ridesharing services and its implementation in Indonesia will be analyzed in chapter 2. Chapter
3 will discuss the privacy decision making theory and the hypotheses development. Furthermore, the
survey design will be explained in the chapter 4 whereas the analysis of the survey results and the
discussion will be discussed in the chapter 5. Next, the conclusion will be elaborated in chapter 6. And
finally, the critical reflection to this research is provided in the last chapter.
Table 1.2 details the chapters that will be written in respect to the abovementioned research question
and sub-questions.
Table 1.2. Chapters overview
Chapter Research Question Product of the chapter
1. Introduction - Research objective, research ques-tions, research methodology, organ-ization of the paper
2. Domain: Peer-to-peer ridesharing service
SQ 1 Domain specification
3. Theoretical framework SQ 2 Definition of privacy, typology of pri-vacy, hypotheses
4. Survey design - Survey and stated choice design
5. Survey results, data anal-ysis, and discussion
SQ 3, SQ4, SQ 5 Hypotheses testing, cluster analysis, conjoint analysis
6. Discussion and conclu-sion
RQ Conclusion, discussion, implications, and recommendations
7. Critical reflection Reflection of the research result and the research process
Page | 11
2 Domain definition: Indonesian
peer-to-peer ridesharing service
This chapter is written to specifically answer SQ1 (What is the peer-to-peer ridesharing service and
how is the elaboration of the concept and its application in the Indonesian market?) to help us
understand and get acquainted with the peer-to-peer ridesharing service as the domain, contextual
factors, as well as the scope of the study. Additionally, the knowledge on the how the system creates
value to its users and the involvement of personal data to offer value added service is also explored.
To structure the chapter, the following sub-division questions will be answered:
SQ1a. What is collaborative consumption, its drivers, and categories?
SQ1b. What is the role of information technology to the development of collaborative con-
sumption?
SQ1c. What is ridesharing service, its categorization, and participants’ motivations in joining
the system?
SQ1d. How can the general ecosystem of a ridesharing company be drawn and how is its re-
lation to the users’ personal data involvement?
SQ1e. How is the ridesharing implementation and ecosystem in Indonesia?
By means of TU Delft Worldcat database and Google scholar, we performed a literature reviews of
online journals to elaborate and assess the collaborative consumption and the ridesharing concepts.
An additional effort was performed to filter the literature material that discussed the business model
of a certain type of collaborative consumption and/or ridesharing practice to understand their general
business ecosystem.
Focusing on the ridesharing ecosystem in Indonesia, two cases of ridesharing in Indonesia were stud-
ied to write this chapter. As the ridesharing implementation in Indonesia was still quite new and (to
best of our knowledge) there was no formal literature published about the Indonesian ridesharing, we
browsed the website of two Indonesian ridesharing companies, i.e., Gojek and Grab, to look for liter-
ature about ridesharing implementation in Indonesia. Furthermore, the business operation of both
companies were investigated by using online forums that discussed specific matters related to the
Gojek and Grab business operation and business model in Indonesia.
The intended contribution of this chapter is twofold: to help us to understand the context of the re-
search, i.e., the collaborative consumption which will be detailed on the ridesharing concept in Indo-
nesia, and to introduce a discussion of the personal data involvement in the ridesharing business
model. To do that, firstly, we introduce the general concept of collaborative consumption and the
detailed concept of the ridesharing (paragraph 2.2). Secondly, we also present the elaboration of the
ridesharing ecosystem to grasp the complication of the value network and the involvement of the
users’ personal data (paragraph 2.3 and paragraph 2.4). Finally, we illustrate the ridesharing imple-
mentation in Indonesia by using two cases of Indonesian Ojek online companies (paragraph 2.5).
Page | 12
2.1 Collaborative consumption: definition and concept The concept of collaborative consumption has been frequently discussed recently. It can be imple-
mented and presented in many configurations, such as: ridesharing in transportation field, peer-to-
peer lending in financial, secondhand good swap market in e-commerce (such as Marktplaats.nl), and
any other peer-to-peer form of collaboration.
Even though the collaborative consumption has become a buzzword, defining the concept in a solid
definition, however, is almost imposible (Schor, 2014). A lot of words and definitions are often used
by scholars and economists to explain the collaborative consumption concept; such as: “sharing econ-
omy”, “collaborative consumption”, “collaborative economy”, “peer-economy”, and “on-demand ser-
vices”.
Botsman and Rogers (2011) use both collaborative consumption and sharing economy in their book
that discusses about the general idea and main drivers of collaborative consumption. Botsman (2015)
defines collaborative consumption as “[a]n economic system of decentralized networks and market-
places that unlocks the value of underutilized assets by matching the needs and haves, in ways that
bypass traditional middlemen” (Botsman, 2015, p. na.). Furthermore, she also explains that the shar-
ing economy, which is defined as “An economic system based on sharing underutilized assets or ser-
vices, for free or for a fee, directly from individuals” (Botsman, 2015, p. na.), as one form of collabo-
rative consumption. Additionally, according to April Rinne, the former chief strategy officer of Collab-
orative Labs, the main difference of sharing economy and collaborative consumption is in the social
component. The community involvement, which has been a central part of the sharing economy, has
a minimal role in collaborative consumption (Lacy & Rutqvist, 2015).
Conversely, Belk (2014) argues that defining collaborative economy as sharing economy is problematic
as “sharing” does not and should not involve any compensation in the value exchange process. He
therefore defines collaborative consumption as “people coordinating the acquisition and distribution
of a resource for a fee or other compensation” (Belk, 2014, p. 1597). Even though this definition in-
cludes other compensation; which covers barter, trade, and swap, that also involve giving and receiv-
ing non-monetary compensation; it excludes the gift-giving, which involves transfer the ownership
permanently; and a pure sharing, which does not require any compensation (Belk, 2014).
In contrast, Thierer, Koopman, Hobson, et al. (2015) do not really make specific definition to the col-
laborative consumption concept. Instead, they explain the collaborative consumption in a general
characteristic, i.e.: “any marketplace that uses the internet to bring together distributed networks of
individuals to share or exchange otherwise underutilized assets” (Thierer, Koopman, Hobson, et al.,
2015, p. 5). Additionally, Schor and Fitzmaurice (2015) use the term “connected consumption”, which
includes digital and social dimensions of the concept in the explanation. They argue that the con-
nected consumption can be distinguished from the traditional economy by its ability to facilitate shar-
ing of high cultural capital consumers with strangers by using digital technology (Schor & Fitzmaurice,
2015). Both definitions focus on the technology role in the collaborative consumption.
Botsman and Rogers (2011) categorize the collaborative consumption in the three distinct systems,
which are: (1) Redistribution markets, i.e., the activities to redistribute unused or underutilized assets
for free, in exchange for money, or for points; (2) Collaborative lifestyle, which is the new way to
exchange activities of tangible and intangible assets, such as: skills, time, space, and money; and (3)
Product service system (PSS), which means to purchase the use/access to the benefit of a product
without acquiring the ownership. All of those three systems can be operable in Business to Business
(B2B), Business to Consumers (B2C), and Peer to Peer (P2P) market.
Page | 13
On the contrary, Schor (2014) categorizes the collaborative consumption concept into four broad
categories, i.e.: (1) Recirculation of goods, which shares the same explanation with Botsman and
Rogers (2011) redistributon markets; (2) Intensive (durable) assets utilization, which focuses the
activities to facilitate the assets’ usage more intensively; (3) Exchange of services, in which the collab-
orating actor uses his/her skills as “tradable service” to seek for help from another people who have
other type of skills; and (4) Sharing of productive assets, which focuses on assets sharing for productive
use rather than consumptive use, such as “farming land” sharing.
All of the words, definitions, and concepts have the same commonalities. The first commonality is the
distributed power which motivates the individuals to create communities and networks with a shared
value and trust (Botsman, 2013). It dismisses the role of a centralized institution as intermediary sys-
tem in the value exchange activity. Furthermore, the experience of the consumer is also changing.
From the passive role of customers towards the active and connected collaborators, producers, crea-
tors, providers, and even financers (Botsman, 2013).
The second commonality is all of the terms have shared drivers, which are, (1) the consumerization
and the ubiquity of digital technology, which help to expand the concept in a wide (or even global)
scale; (2) the shift in the concept of value, that promotes access to use goods rather than ownership
of goods; (3) a new thinking of the way assets create wealth from economic lenses, that grows the
entrepreneurial mindset of people; and (4) environmental awareness, that makes people aware of the
harm of “over consuming” new assets (Botsman, 2013; Sundararajan, 2014).
And the last commonality is the innovative and efficient asset utilization as a result of technology
innovation (Botsman, 2013). Technology enables us to value the idle assets more than they were. It
helps us to see where the idle assets are; to connect to them; and to monitor, to control, and to put a
billing to the usage of the assets.
Additionally, those collaborative consumption concepts also share the same principles. There are four
principles of collaborative consumption. The first principle is the critical mass which measures the
potential momentum of the collaborative consumption system before it becomes self-sustaining
(Botsman & Rogers, 2011). The reason why the critical mass point becomes vital is twofold: firstly, it
is related to choice, the more (broader) choices available in the collaborative consumption system,
the more the system becomes attractive to the users as the system will provide enough products for
them to find the product they may like (Botsman & Rogers, 2011). Secondly, the critical mass will be
able to attract the frequent users, which will become the core users of the collaborative consumption
(Botsman & Rogers, 2011).
The second principles of collaborative consumption is there are idling capacities (Botsman & Rogers,
2011). The idling capacity in the collaborative consumption system can be applied not only limited to
physical products (such as: car, bike, drill, and room), but also to less tangible assets (such as: time,
skills, and commodity). Without these idle products, there will be no things to share between the
collaborators.
The third principle of collaborative consumption is there are beliefs in common (Botsman & Rogers,
2011). The collaborative consumption concept builds its concept on the shared common, i.e., give to
get. Which means the actors collaborate in the system by giving something (time, skill, money) in
return to product and/or service they get (room, access to car, access to bike). This common builds
the “collaborative” way of “consuming” products and services.
And finally, the fourth principal of collaborative consumption is the trust between actors and the
strangers (Botsman & Rogers, 2011). In most forms of collaborative consumption, actors often do not
Page | 14
know each other. Thus, the willingness to trust strangers will be mandatory. Since they all share a
common belief, they can self-govern the shared resource by using common tools to monitor, measure,
and provide feedback for another.
2.1.1 Claims of collaborative consumption There are several positive claims to the concept of collaborative consumption. Firstly, it can stimulate
entrepreneurship of people by exploiting their unused assets as additional incomes (Sundararajan,
2014). For example, an office worker can also work as a ridesharing driver to get additional value over
his/her car after office hour, or while he/she drives to go home. Secondly, Sundararajan (2014) also
argues that the collaborative consumption can grow the consumption since the users do not have to
own the asset to enjoy the service. It incredibly lowers the cost to get access to the asset’s functionality
and benefits. Thirdly, it can increase the productivity of the assets that were previously idle
(Sundararajan, 2014). Lastly, it could also eliminate moral hazards by using the crowd sourced review
system that provides information of the providers’ quality, hence the collaborators are informed
about the qualification of the person they are transacting with (Thierer, Koopman, & Mitchell, 2015).
However, this concept also has several negative claims. Malhotra and Van Alstyne (2014) argue that
collaborative consumption promotes abusement of zoning laws, especially in the use of residential
housing as a rented hotel (such as through the AirBnB platform). Furthermore, since the quality of the
service is derived from a crowd sourced review system, some of the user reputation ratings may be
biased by ingenuine reviews (Malhotra & Van Alstyne, 2014). Additionally, the system also promotes
the rise of an invisible workforce, as they get income without paying any taxes as well as potentially
disrupting the existing (traditional) business (Cheng, 2014; Malhotra & Van Alstyne, 2014; Nadler,
2014; Sundararajan, 2014).
Even worse, the system could also create a rebound effect. Instead of promoting the green environ-
ment due to a more efficient use of assets, the collaborative consumption system may increase the
carbon footprint (Schor, 2014). For example: AirBnB users that incline to do more journeys because
AirBnB is helping them reduce their staying costs (Schor, 2014). Another source also empirically con-
cludes that there is a shift in the use of public transportation to a ridesharing service, because the
ridesharing service is able to offer more comfortable and cheaper transportation, especially in the
area where a convenient public transportation system is not available (Bert et al., 2016; Rayle et al.,
2014).
2.1.2 The role of ICT in collaborative consumption Information and communication technology (ICT) has a big role in the emerging concept of collabora-
tive consumption. ICT can minimize (if not remove) the transaction costs (e.g., information and search-
ing costs, middleman costs, and advertising costs) in the value exchange process (Botsman & Rogers,
2011). Lacy and Rutqvist (2015) argue that all successful collaborative consumption companies use
the recent ICT developments including social communities, positioning service, and mobile application
as the backbone of the service. By providing the means to perform negotiation and gather all infor-
mation required on a real time basis (including the other providers/competitors available), ICT has
helped collaborative consumption to create a more competitive market. Moreover, the ubiquity of
smartphones and its context aware apps have made the collaborative consumption becomes ap-
proachable on a large scale (Böckmann, 2013; Nadler, 2014).
Additionally, the ICT has enabled a potential business model innovation in collaborative consumption
concept. The most prominent use of ICT that amplifies the disruption potential of the collaborative
consumption in creating business model innovation is the use of digital platforms (Lacy & Rutqvist,
Page | 15
2015). The digital platform is used by all today’s successful collaborative consumption as its market-
place that acts as the mediator in transactions. Together with the previous mentioned ICT develop-
ments, the digital platform has improved the speed, security, and the convenience of the transaction
(Lacy & Rutqvist, 2015).
Kenney and Zysman (2015) argue that the use of a platform in the collaborative consumption ecosys-
tem becomes pervasive because the platform is proven to be a winner-takes-all model which often
positions the platform owners as the monopolists that can maximize their welfare in the place where
the transaction occurs. Yet, there are numerous platform types with a very strong heterogeneity be-
tween them which create a difficulty to explain how (a specific) platform works (Walravens & Ballon,
2009). Noting this argumentation and with regard to the collaborative consumption context, we argue
that the important classification of a platform can be determined from (1) its ability to control the
users and the providers (control mechanism), in which we can measure the monopolistic potential of
a platform, and (2) its assets distribution mechanism, in which we can measure the scalability potential
of a platform. The detail explanation of these categorizations is explained in Appendix 2.1. Digital plat-
form categorization
Furthermore, the companies that provide the platform and mediate the transaction will pose the us-
ers’ personal information. For example, a ridesharing company will collect and store information
about who is using the service, how, when, and where it is being used when a user uses its service
(Gansky, 2010). They can use this information to better understand their customers that can be di-
vided into certain demographic properties. They could also perform data analytics that will be useful
for better marketing activities; for example, to predict the users’ behaviors, interests, and preferences;
and to create additional values for the customers, so they can create a positive sum condition
(Walravens & Ballon, 2009). Furthermore, they could also resell this information to other companies
that might be interested in the data.
Despite the potential use of collected data involved in the digital platform, the use of a digital platform
will bring common challenges of developing the platform to the attention of the collaborative con-
sumption owners. There are two challenges that have to be solved to ensure the platform is sustaining
its ecosystem, i.e.: the chicken and egg dilemma and the penguin problem (Tiwana, 2013).
The chicken and egg dilemma might occur because of the indirect network externalities in which the
increasing number of users on the one side will interact with users from the other side to take part in
the system (Nguyen, 2014). Due to these indirect network externalities, a platform has to reach a
critical mass – a condition at which the number of users on both sides are able to interact with each
other and create positive feedback loops to the system – before it can sustain the ecosystem and make
the platform viable (Nguyen, 2014). Furthermore, the penguin problem also often becomes an issue.
The penguin problem is an uncertainty condition when users with potentially strong network effects
are unsure to take part in the system because they are not confident whether others will take part in
the system as well (Tiwana, 2013). To overcome this problem, the platform owner may perform a
divide and conquer strategy (Nguyen, 2014), in which the platform owner must choose one side as
the cost leader who will be receiving subsidies, and the other side as the revenue generator. This is
one of the logical reasons why most platform owners are “burning cash” in their initial release in the
market (to provide subsidies to the cost leader side to reach the critical mass) (Huet, 2014; Panji,
2015b).
Additionally, the platform owner can utilize the digital platform to reach its critical mass. By harnessing
the loosely-coupled ability of digital platform competently (Tiwana, 2013), it will be able to create
tremendous value added to its service. The loosely coupled ability of digital platform will be able to
Page | 16
help the platform owner to easily combine its basic service (for example ridesharing services that will
be explained in detail in the next paragraph) with various adjacent services (such as: restaurant, online
shopping, offline shopping, etc.). This service expansion will indeed create a positive feedback loop to
help the platform to reach its critical mass faster. A more elaborated explanation of the ridesharing,
its ecosystem, and the possible ecosystem expansion will be discussed in the following paragraphs.
Textbox 2.1. ZipCar
Zipcar is a form of car sharing service which operates in US, France, Canada, UK, Spain, and Austria.
The main service of Zipcar is car rental which includes the gas fee and insurance fee in the service
(Zipcar.com, 2016). Zipcar users have to pay a membership fee in addition to their reservation
charges. After the users join the membership, they will receive a Zipcard that can be used as the
access key to the Zipcar car.
When a user wants to use a Zipcar, he/she needs to log in into its application to reserve a car. Once
he/she confirms the reservation, he/she can use the Zipcard to open a Zipcar car door. After finish-
ing the trip, he/she needs to park the car in the selected parking location.
In addition to that, the users are responsible to keep the car clean and has (at least) ¼ tank of fuel
(Zipcar.com, 2016). If the users find the car is not clean, they can complain directly to the company.
However, if they find the gas level is low, they can directly buy the gas to fill in the tank by using the
prepared gas card in the car.
Textbox 2.2. Lyft
Lyft is a transportation network company which facilitates peer-to-peer ridesharing service. The
company has a mobile app that connects the passengers who need a ride to the drivers who have a
car. As of April 2016, Lyft operates in 200 US cities.
To use Lyft service, the passengers must download the Lyft app, sign up, and enter a valid phone
number as well as a valid form of payment (Lyft.com, 2016a). When they need a ride, they need to
open the app and order a ride service from the nearby drivers. Once the order is confirmed, the
driver’s name, rating, photos as well as the estimation of trip fee will appear in their app (Lyft.com,
2016b).
Page | 17
2.2 Ridesharing Ridesharing service is one of the collaborative consumption forms. It translates the Product service
system type of collaborative consumption in the transportation sector. When using a ridesharing ser-
vice, the user pays for the access to the benefit of a product (i.e., to move from one place to another)
without acquiring the ownership of the product. Similar to the collaborative consumption drivers, the
ridesharing concept has been ubiquitous due to three main drivers. Firstly, the ICT development. The
ridesharing is prevalent because most people, especially in the metropolitan area, have and use
smartphones on a daily basis. There will be no issue for them to operate the application which uses
the phone’s GPS capability. Secondly, the value shift that allows people to value the access to use
assets more than the ownership of the assets, for example in the Uber case, they enjoy riding a car
rental that looks like their own private car without owning the ownership of the car and being both-
ered by performing a regular maintenance of the car. Finally, ridesharing provides a new thinking in
the way assets create wealth. People who have idle assets can now act like micro-entrepreneurs who
are able to seek for additional incomes from their underutilized assets. There are many successful
companies that base their services on the ridesharing concept, such as: Zipcar (Textbox 2.1. ZipCar),
Lyft (Textbox 2.2. Lyft), and Uber (Textbox 2.3. Uber). They have similar core concepts, yet still have
differences on a more detailed level. Moreover, as the involved actors are increasing, to define the
complete characterization of ridesharing is nearly impossible, as the services are evolving rapidly
(Rayle et al., 2014).
Ridesharing companies can be classified based on their organizational perspective and market orien-
tation perspective. In the organizational perspective, the ridesharing can be distinguished to business-
to-consumers (B2C) and peer-to-peer (P2P) form (Schor & Fitzmaurice, 2015). In the B2C form, the
ridesharing service providers own all the assets and distribute the assets centrally. In other words, the
B2C ridesharing commonly adopts the centralized rental mechanism (see Appendix 2.1. Digital plat-
form categorization). On the contrary, the ridesharing company in the P2P form acts only as the
mediator of transactions between the collaborators, i.e., the asset owners and the users. As the com-
pany does not control the assets, both assets rental and transfer mechanism follow a decentralization
mechanism (also see Appendix 2.1. Digital platform categorization.).
Textbox 2.3. Uber
Uber is a transportation network company which facilitates car ridesharing taxi services. It estab-
lished in San Francisco US in 2009. As of May 2016 this service is operational in 71 countries
(Uber.com, 2016a).
Uber develops, markets, and operates its service by using its Uber app. When a user wants to use
the service, he/she needs to log in to the app and submit his/her trip information through the app.
Likewise, the Uber drivers also need to log in to this app to receive an order. The user’s trip infor-
mation then will be routed to the nearby Uber drivers who use their own cars. In some cities, Uber
allows the users to pay by cash, whereas normally, the application only allows user to pay by credit
card (Uber.com, 2016c).
Uber introduces surge charge when there are too many demands at the same time. The surge oper-
ates as the multiplication of the normal tariff. The surge charge has 2 main effects, i.e., it makes the
users wait till the high-demand ends and it motivates the drivers to head to the high-demand area
(Uber.com, 2016d). Once the demand level returns to normal, the fare calculation will back to nor-
mal.
Page | 18
Furthermore, the market orientation model can also be distinguished as notprofit and for-profit (Schor
& Fitzmaurice, 2015). In the nonprofit ridesharing service, the collaborating actors act based on
altruism motives to provide rides to and use rides from strangers. While in the for-profit form the
actors, specifically the asset owners, act on the basis of revenue (and profit) seeking. However, those
previous mentioned classifications do not forclose the possibility of other forms of operation and
market orientation models; for example: a freemium model, which is a combination of nonprofit and
for-profit form for ridesharing (assets from peer providers, free use the basic service, pay-per-use pre-
mium service). Table 2.1 provides examples of each type of form.
Table 2.1. Ridesharing topology
Organizational form
Peer-to-peer (P2P) Business-to-consumer (B2C)
Mar
ket
O
rien
tati
on
Nonprofit Nonprofit Peer-to-peer: Haxi4
Nonprofit business-to-consumer5
For-profit For-profit Peer-to-peer: Uber, Lyft
For-profit Business-to-consumer: Zipcar
2.2.1 Motivation to participate in the ridesharing In several studies, the motivation of actors to participate in ridesharing were explored. Schor and
Fitzmaurice (2015) argue there are several motivations to participate in the ridesharing. Firstly, the
economic motivation. Since the assets owners have the opportunity to get additional income over
their underutilized assets, they are willing to participate in the system (Schor & Fitzmaurice, 2015).
Furthermore, as most of the income generated in ridesharing activity is untaxed (Sundararajan, 2014),
the price of getting access to use the assets become cheaper, which will interact the users to partici-
pate in the system as well (Lacy & Rutqvist, 2015).
Secondly, the ecological impact and carbon footprint reduction as a result of less consumption of
newly produced goods also becomes the motivation of environmentally aware users (Schor &
Fitzmaurice, 2015). However, there is no substantial amount of carbon footprint reduction generated
since the system also produces a rebound effect (Schor, 2014). Thirdly, people participating in the
system are also interested in the social impact and the social networking potential of the system (Schor
& Fitzmaurice, 2015), even though the network ties generated in these transactions are very weak
(Dubois et al., 2014; Fenton, 2013). Fourthly, the euphoria of doing something efficiently and effec-
tively via internet and smartphone that creates “technophilia” also becomes one of the motivations
to use ridesharing services (Schor & Fitzmaurice, 2015). And finally, the ideology that criticizes the
traditional taxi market; e.g., lack of competition and unsatisfactory services, also becomes one of the
motives of using ridesharing especially for the early adopters (Schor & Fitzmaurice, 2015).
Additionally, Van de Glind (2013) suggests that the motives of actors participating in the ridesharing
can be divided into two type of motives, i.e., intrinsic motive and extrinsic motive. He discovers the
intrinsic motivations that include social networking, helping others, and a contribution to make a
4According to Wikipedia, Haxi is a nonprofit P2P ridesharing, however, the Haxi’s website claims that currently the com-
pany is working on facilitating payment via application (haxi.no, 2016). 5To the best of our knowledge, there is no company that operates with a B2C nonprofit form, unless in a form of corporate
social responsibility or for its employees.
Page | 19
“greener” environment still become the main motives of people participating in the ridesharing (Van
de Glind, 2013). Furthermore, he also concludes that the financial gain and convenience appear to be
the extrinsic motives of people participating in the ridesharing system (Van de Glind, 2013).
In contrast, Bellotti et al. (2015) in their research conclude that the idealistic motivation to make the
world a better place, such as: increasing sustainability and creating sustainability, is only found in the
service provider companies’ motivation, whereas the users only look for services that are able to pro-
vide them additional value and convenience (Bellotti et al., 2015).
In summary, ridesharing is a form of collaborative consumption concept implemented in transporta-
tion field. The topology of ridesharing can be distinguished by both its market orientation and organ-
izational form. However, the motivations of actors participating in the today’s ridesharing have moved
away from the initial utopian motives of ridesharing. Both of the providers and the users of the service
have lost their altruism motives of “sharing” and seek for profit and convenience instead (Lacy &
Rutqvist, 2015). Even though the service providers (sometimes) have a “pure” optimistic motivation
to create a better world, the participating actors are only motivated by the hedonistic and utilitarian
potentials of the system. Therefore, the term ridesourcing is more well suited to the today’s concept
of ridesharing (Rayle et al., 2014). Nevertheless, to avoid confusion, we continue to use the term rides-
haring in the rest of the study.
2.3 The ridesharing ecosystem The use of a digital platform in ridesharing will empower the ridesharing concept with the ability to
adopt the loosely coupled mechanism. Noting this, the ride sharing service providers (RSPs) can ex-
pand the ecosystem by inviting other (adjacent) actors to participate and collaborate in the system.
The adjacent actors can be but not limited to the companies/users that utilize the platform directly
(such as: transportation company and the ride providers), but also other companies that can exploit
the ridesharing users as their target customers and/or exercise the other peer actors as the value
differentiator. Furthermore, as personal data are involved in practice, the RSPs can also invite indirect
actors (such as: a company that might be interested in the mined behavioral user information) to join
in the ecosystem. Together, they are collaborating to create a multisided ridesharing ecosystem.
Textbox 2.4. Ridesharing illustration
Anna is a frequent car sharing service user. When she signs up to the service, she has to disclose her
name, age, email address, and mobile phone. Furthermore, if she wants to get a more convenience
payment method, she also needs to register her credit card information. When she opens the rides-
haring app from her mobile phone, the app will include her phone’s GPS information when com-
municating with the ridesharing server. This information is required to locate and inform the near-
est ride providers to her. Likewise, the ride providers will need to disclose their location information
to get informed about when potential users are nearby.
Anna’s pick up and drop off location will be announced to the potential providers. The providers
then propose the trip fee for Anna’s trip. When Anna is accepting a certain proposal, the server will
see and save the fee and from whom the fee was proposed. Sometimes, when there are no potential
providers willing to give proposal, the system will announce a “surge” condition, in which the pro-
posed fee will be multiplied by a certain surge factor to engage the providers to participate in the
transaction.
Page | 20
With the help of technology development, the personal data capture becomes easier which makes
the ridesharing ecosystem become more appealing. For illustration purpose, we present the rideshar-
ing use case in Textbox 2.4.
If Anna always uses the service consistently at the same time and from/to the same location, the RSP’s
server can now learn Anna’s traveling behavior. Furthermore, when Anna is accepting a certain surge
factor, the server can learn Anna’s spending behavior indicated by the willingness to pay for the surge
level (which level of income Anna can be categorized at). By using the aggregation of these two types
of information only (location and willingness to pay), the ridesharing company can learn certain de-
mographic behavior that will be valuable to understand its customer better and to be sold to other
actors (such as: marketing agency or insurance providers).
Now we can imagine the case that the RSPs involve adjacent actors, such as online stores and restau-
rants. The ridesharing company will be able to gather complex-but-worth-to-extract behavioral infor-
mation of its users. Not only the users’ spending and traveling behavior, but also extended to the
users’ shopping behavior and their honest interest. This information can be useful to provide addi-
tional services that can deliver additional value of the company, such as: personalization services that
are tailored and presented “natively” to the users6. Furthermore, the “mined” behavioral information
can be sold to other parties, such as the transportation planning authorities and market research com-
panies.
From the abovementioned Ridesharing illustration and elaboration of ridesharing service example
(such as: Textbox 2.1. ZipCar, Textbox 2.2. Lyft, and Textbox 2.3. Uber), we can draw the possible
ridesharing ecosystem. We divide the actors into two types of actor, i.e., direct actors and indirect
actors. The first direct actors are the peer users as the transportation service users. These actors,
which are illustrated by Anna in the previous illustration, will become both revenue generator and
data provider for the RSPs. The second direct actors are the peer providers. The peer providers are
the drivers who rent out their vehicle through the use of RSPs’ digital platform. Likewise, the peer
providers will also become the revenue generator (by the collected fee per transaction) and the data
provider (the willingness to accept surge information). The third direct actors are the adjacent collab-
orators. These actors often only act as the revenue generator for the RSPs by paying an adequate
transaction fee for each transaction conducted with the users.
In contrast to the direct actors who utilize the digital platform directly when making transactions, the
indirect actors are more interested in the secondary product of the digital platform. Focusing on the
behavioral analysis of the (both) users, we classify the indirect actors as the adjacent actors (who ex-
ploit the behavioral analysis results as the value generator that can be offered back to the users) and
the adjacent users (who exploit the behavioral analysis results for their own purpose). In the adjacent
actors, we identify three possible companies, i.e., (1) the insurance company which provides the pay-
as-you-go and tailored insurance in which the fee is calculated based on the behavioral information
collected from both drivers and users (Feeney, 2015), (2) the data collectors, the parties who collect
and decide the purpose of the processing the data, and (3) data processors who process the users’
behavioral data on behalf of the data controller.
On the other hand, we identify two actors that can be classified into the adjacent users. The first ad-
jacent user is the transportation planning authority which can use the users’ behavioral data to per-
form traffic engineering and simulations, whereas the second adjacent user is the market research
6 Native advertising is a method to present advertisement in which the ads placement and experience follow the natural form of the application at which it is placed (sharethrough.com, 2016).
Page | 21
companies which can use the users’ behavioral data to formulate a new product that can be targeted
to certain users.
Additionally, we also make a distinction in the type of value transfer in the ecosystem, i.e., directly
and indirectly. We define the direct value transfer as the transfer of main value involved in the system,
whereas the indirect value transfer is the transfer of by-product value in the system. The direct value
transfer consists of the transfer of tangible and intangible value, such as: fee for using the service,
transaction fee, and exposure of product offerings to the ridesharing users. On the contrary, the indi-
rect value transfer revolves around the use of users’ data and the behavioral analysis of these data.
To summarize, Figure 2.1 portrays the overview of the ridesharing ecosystem while Figure 2.2 portrays
the value network of this ecosystem.
Digital Platform Ridesharing service provider
Peer providers
Peer users
Adjacent collaborator
Adjacent actors
Data Collector
Data Processor
Adjacent Users
Transport planning authority
Market research company
Payment gateway
Restaurant
Online stores
Offline stores
Insurance Company
Figure 2.1. Ecosystem of ridesharing platform overview
Page | 22
Figure 2.2. Ridesharing value network
Ridesharing service provider
Peer providers
Peer users
Data Collector
Data Processor
Transport planning authority
Market research company
Payment gateway Restaurant Online stores Offline stores
Insurance Company
Payment handling
fee fee fee
Service, Peer providers data
fee
fee
Revenue, Users data
fee
Fee, analytics service
fee
Users data, peer providers data
Users data, peer providers data
Users data, peer providers data
Transportation service
Behavior analysis
Behavioranalysis
Exposure,Service fee
Client,Exposure
Exposure,Logistic service
Exposure,Logistic service
Logistic service
Direct value transfer Indirect value transfer
Tailored Insurancepremium
Pay-as-you-go insurance
MarketingadvisoryPersonalization
Marketingadvisory
Page | 23
From the abovementioned illustration, we understand that the users’ personal information can be the
value differentiator as well as value generator to the ridesharing service provider. However, the use
of personal information is closely related to the privacy matter as using personal data (i.e., data that
can be referred back to the users) without consent of the data subjects will violate the users’ privacy
rights. Therefore, the RSPs have to ensure the users are aware about the companies’ privacy policy
and getting adequate compensations in return to their privacy disclosure. The detailed discussion
about privacy matters will be thoroughly explored in the chapter 3.
2.4 Ridesharing ecosystem in Indonesia: Two cases of Ojek Online The success and the media exposure of mainstream ridesharing startups have invited young innova-
tors to create similar services in Indonesia. There are various ridesharing service providers in Indone-
sia, from the carsharing service (such as: UberX and GrabCar) to the motorcycle sharing service, or
Ojek online (see Textbox 2.5). In the motorcycle sharing service only, 37 peer-to-peer motorcycle
ridesharing (Ojek online) providers are established in the Indonesian market (as of January 2016)
(fantasticblue, 2016). Furthermore, as of May 2016, Uber just released similar motorcycle sharing ser-
vice in Indonesia named UberMotor (Safitri, 2016). Noting that the number of competitors will make
the market become saturated, the Indonesian RSPs have to creatively innovate their business model
and offerings to their customers, especially in the use of personal data analytics to enhance the com-
panies’ value proposition. Because of this reason, we will focus on the Indonesian motorcycle rides-
haring service in this study.
To understand the P2P ridesharing ecosystem in Indonesia, especially in the case of Ojek online, we
will introduce two examples of Ojek online providers with the biggest market share in Indonesia, i.e.,
Textbox 2.5. Ojek online
As the traffic congestion in Jakarta has become a daily occurrence, motorcycle taxi (Ojek) has be-
come a solution competing with traditional taxi services (car based). By using motorcycle, the
Ojek users can reach their destination in a shorter time compared to their car based counterpart.
In contrast to the traditional taxi drivers who use the taxi company’s cars as the vehicle to pro-
vide the service, Ojek drivers use their own motorcycle to provide the ride service. Ojek drivers
usually base and park their motorcycle in the selected location (usually in the corner of an alley
or next to a bus stop). They will wait in this base until the Ojek user hails them to use the service.
As there is no specific information when the user wants to use their service, most of the drivers’
time is often wasted inefficiently for waiting for orders.
With development and ubiquity of smartphone, Ojek online has emerged as a form or P2P rides-
haring service. The drivers only need to install a driver app to receive an order from the cus-
tomer and locate the pickup and drop off point. Likewise, the users also need to install the user
app to “hail” the Ojek online. By using this app, the both the drivers and users have agreed to
the tariff policy set by the app company. Also, the Ojek drivers are now threatening the taxi busi-
ness as their previously informal work are now being formalized with the name of P2P rideshar-
ing brand.
By using this mobile app, the Ojek drivers do not need to base their operation in a certain place
anymore and they can wait for the order in any place they want. Yet, for the drivers, there is no
working time commitment held with the company.
Page | 24
Gojek (60% market share) and GrabBike (35% Market share) (Bohang, 2016; Hermawan, 2015). Fur-
thermore, we also briefly elaborate the companies’ privacy policy to understand how the Indonesian
ridesharing companies deal with the users’ personal data. This knowledge will help us to understand
what kind of P2P ridesharing service the Indonesian customers are facing. Based on this knowledge,
we can then design our contextual framework better (especially the conjoint analysis study, see para-
graph 4.3.1).
2.4.1 Gojek Gojek is a social enterprise startup founded by Nadiem Makarim, Brian Cu, and Michaelangelo Moran
in February 2011 as the winner of the Global Entrepreneurship Program Indonesia (Jakarta, 2015b;
Silaban, 2015). Their main vision building this startup is to professionalize the Ojek drivers, who were
recognized as lazy workers (due to the fact that most of their time is spent on waiting for the custom-
ers – see Textbox 2.5), by using smartphones to optimize/improve the drivers’ productivity
(Koesmawardhani, 2015). After the company was founded in 2011, the activities were slowing down
because the founders were joining Rocket Internet to build Zalora (a fashion e-commerce platform) in
Indonesia. In February 2015, only Nadiem Makarim was back to Gojek and re-launched the Gojek
brand with support from angel investors (such as: Arthur Benjamin) and venture capitalists (such as:
NSI Ventures) (Christie, 2011; Silaban, 2015).
Initially, the ordering process was using a telephone call to the call center (Silaban, 2015). However,
the company realized that this way of working would not be able to keep up with the market devel-
opment of Ojek users, hence, the company adopted the digital platform business model and launched
a smartphone application that facilitated the users to perform an ordering process directly from their
hand (Silaban, 2015). Even though the company is famously known as ridesharing providers, Gojek
claims itself not as a transportation company but a technology company instead, which provides in-
termediary marketplaces to facilitate negotiation between providers (Ojek drivers) and customers
(Ojek users) (Gojek, 2016b).
Even though Gojek uses a peer-to-peer ridesharing platform model, the company wants to control the
quality over the motorcycle drivers. Adhering to the above mentioned ridesharing platform categori-
zation, Gojek is adopting a for-profit peer-to-peer type ridesharing platform. The Gojek platform acts
as the enabler of the service facilitating an efficient ordering and assets transfer process.
Gojek controls the Ojek drivers by providing a clear tariff and revenue sharing policy with the drivers.
The tariff policy of Gojek consists of: the minimum tariff, per kilometers tariff, per minute tariff (for
waiting), and surge tariff (in the busy hour) (gojakgojek.com, 2016b). When the users use the service,
the company will get 20% of the fee whereas the other 80% goes to the Ojek drivers (Satria, 2015).
Furthermore, the driver will receive another IDR 100.000 if he/she manages to get 10 or more orders
in one day (Hutabarat, 2015). On the other hand, Gojek also tries to control the users by expanding
the ecosystem and inviting other actors to collaborate in its platform. Gojek started to offer delivery
services from Gojek partners that advertise their products/services through the Gojek platform
(Gojek, 2015a).
As both users and partners have increased, heterogeneous service offerings can be offered to the
customers. The more customers are accessing the Gojek app, the more the app interacts the (poten-
tial) opposite users to collaborate in the platform. Thus, they create a positive feedback loop which
can help the company to reach its critical mass.
Anyone with a motorcycle can be a Gojek driver. To be Gojek drivers, a driver needs to submit an
application to get the driver app download access (Gojek, 2015b). However, before the driver can ride
Page | 25
as a Gojek driver, the company needs to ensure that this candidate is criminal-free and has legitimate
documents to proof the vehicle ownership. After all the documentations are complete, the driver then
is allowed to use the Gojek partner app.
Not only recruiting Ojek drivers, Gojek also expands its offering by inviting other actors, such as (but
not limited to): restaurants and stores to list their products offering on the Gojek platform. Addition-
ally, Gojek also makes a strategic partnership with major e-commerce services in Indonesia, namely
Lazada.co.id (one stop solution online shopping commerce) (Maulana, 2016), that uses the Gojek cou-
rier service to provide the same day delivery service to its customers. Moreover, apart from partners
listed in the platform application, the company also has a strategic partnership with CIMB Niaga Bank,
specifically Rekening Ponsel CIMB (CIMB mobile payment), to offer mobile payment services (Gojek
Credit) to both the users (to pay the Gojek service) and the drivers (to receive the payment from the
company) (sweetcheerysh.com, 2015).
Both Gojek’s customers and drivers are provided with insurance (Panji, 2015a). It has been reported
in its website that Allianz Indonesia is the one that provides the insurance (Allianz, 2015). However,
the insurance is covering passengers only when they are using the service (pay as you go insurance).
The insurance will cover both medical and death compensation.
Gojek offerings
The Gojek’s users only need to download the Gojek app from Google play or Apple AppStore to use
the service. They will be asked to provide their name, an email address, and a valid mobile phone
number. After receiving the activation code via a short message service, the users can order the ser-
vice directly via this mobile app. Figure 2.3 shows the main page of Gojek application.
Figure 2.3. Gojek application's main page
The main page is showing all Gojek offerings, i.e.:
1. Go-Send: to order a courier service,
2. Go-Ride: to order a ride service,
Page | 26
3. Go-Food: to order food from listed restaurants,
4. Go-Mart: to order goods from listed stores,
5. Go-Busway: to monitor the schedule of Jakarta’s Bus Rapid Transit (Transjakarta) and to order
a ride to the nearest bus stop,
6. Go-Tix: to order various tickets from movie tickets to concert tickets,
7. Go-Box: to order a van to move bulky goods,
8. Go-Clean: to order a house cleaning service and ask the Ojek driver to pick up the house
cleaner,
9. Go-Glam: to order a beautician and ask the Ojek driver to pick up the beautician, and
10. Go-Massage: to order a massage therapist and ask the Ojek driver to pick up the massager.
Gojek ecosystem
Based on the Gojek’s service offering and its business model publications, we can list the actors in-
volved in Gojek ecosystem. The first actor is the users as the main users who use the Ojek service. The
second actor is the Ojek drivers, who will provide the basic ride sharing service to the users. Addition-
ally, as Gojek now offers a moving box rental service, the van owners and drivers are now involved in
the ecosystem as the peer providers. Furthermore, based on Gojek service offering, we also include
the beauticians, movie theater companies, ticketing offices, house cleaners (maid), massage thera-
pists, restaurants, and offline stores in the ecosystem as the Gojek partners.
The other actors involved in the ecosystem are the Transjakarta, a Jakarta bus rapid transit service
which advertises its bus schedule in the Gojek app, which also facilitates the users to order a ride to
Transjakarta bus stops, and the insurance provider which provides pay-as-you-go insurance to both
drivers and passengers. Even though there is no clear evidence, we might suggest that data processor
and 3rd party companies that utilize the users’ data are involved in the Gojek ecosystem.
In general, the relationship of actors with the Gojek platform can be divided into two types of rela-
tionship. The first type of relationship is the direct relationship, in which the actors will use the plat-
form directly when doing and processing transactions. The actors in the direct relationship are: the
peer providers (motorcycle owners and drivers and van owners and drivers), the partners (beauticians,
home cleaners, massage therapists, movie theaters, bank as the Gojek credit’s processor, restaurants,
ticketing offices, and stores – both offline and online), and the peer users. The second type of rela-
tionship is an indirect relationship, in which the transaction occurs only when transfer of personal data
related information is performed. Therefore, the actors in the indirect relationship are: the data pro-
cessor, insurance company, and the third party companies as the data recipients. Figure 2.4 and Figure
2.5 portray the relationship of actors and their value network within the Gojek ecosystem.
Page | 27
GOJEK PLATFORM(also the data collector)
Peer providers
Peer users
Partners
Adjacent actors
Data Processor
Adjacent Users
3rd Party company
Payment gatewayGojek Credit
Restaurant
Online store: Lazada.co.id
Offline stores
Insurance Company
House cleaner
Massage therapist
TransjakartaMovie theaterConcert, sport, and art ticketing office
BeauticianMotorcycle owner and drivers
Van owner and drivers
Direct interaction Indirect interaction
Figure 2.4. Actors' relationship with Gojek platform
GOJEKPeer
providers
Peer users
Data Processor
3rd party company
Payment gateway
Insurance Company
Payment handling
fee
Service, Peer providers data
fee
Revenue, Users data
fee
Fee, analytics service
Users data, peer providers data
Users data, peer providers data
Transportation service
Behavior analysis
Exposure,Service fee
Client,Exposure Exposure,
Logistic service
Direct value transfer Indirect value transfer
Pay-as-you-goInsurance
Pay-as-you-go insurance
Partners
Restaurant
Online stores
Offline stores
House cleaner
Massage therapist
Movie theaterConcert, sport, and art ticketing office
Beautician
Saving accounts
Transjakarta
Figure 2.5. Gojek value network
Page | 28
Gojek’s Privacy policies
The privacy policy is only explained on the company’s website. Aside from information provided di-
rectly when signing up to the service (such as: name, email address, and phone number), the company
will also collect information about the IP address and MAC address of the device, geo-location, and
browser used by the users and its cookies (Gojek, 2016a). The company will use those data to provide
the service to the customer (Gojek, 2016a). However, the company may also transfer these data to
the third party, even though it claims that it will not sell, rent, or lease the information (Gojek, 2016a).
Furthermore, the company will retain the data as long as the users do not cancel or unsubscribe to
the application. If there is any update to the privacy policy, Gojek will announce the change (at least)
one day before the effective date of the new policy (Gojek, 2016a).
2.4.2 GrabBike GrabBike is another motorcycle ridesharing service company in Indonesia. The GrabBike is one of the
ridesharing products of Grab Company, which consists of: GrabCar (a P2P car rental service), GrabTaxi
(a B2P taxi service), GrabBike (a P2P Ojek online service), and GrabExpress (a package delivery service).
Grab Company is a Malaysian startup company founded by Anthony Tan and Tan Hooi Ling in 2012
(Cosseboom, 2015). Initially, Grab Company entered Indonesia with GrabTaxi product in June 2014,
while later in May 2015 GrabBike was introduced to the Indonesian market (Cosseboom, 2015;
Iskandar, 2015). However, to make comparable assessment with Gojek, only GrabBike will be further
elaborated in the following paragraphs.
Like Gojek, Grab also claims itself as a technology company which does not provide any transportation
and delivery service (Grab, 2016e). Furthermore, the company also claims that the negotiation and
transaction are up to the peer providers and the users independently without any interference from
the company (Grab, 2016e). The GrabBike business model is acting as a marketplace in which motor-
cycle drivers and users meet via its mobile application. Furthermore, the tariff policy is also similar
with Gojek, which are: minimum tariff, per kilometer tariff, per minute tariff for waiting, and a surge
tariff in the busy hours (Gojakgojek.com, 2016a). However, the revenue sharing between drivers and
the company is slightly different with Gojek. The GrabBike drivers will get the 90% of the revenue
while the company will only receive 10% of the revenue (Fajrina, 2015). Nevertheless, the number of
orders in GrabBike will be fewer as there are no other direct partners involved in the ecosystem other
than the peer drivers.
Similar to Gojek, GrabBike also wants to control the drivers. The GrabBike is also adopting for-profit
peer-to-peer type ridesharing platform. However, as its service offering is not as varied as Gojek, Grab-
Bike has less control over their users. The only business partner of GrabBike in Indonesia is Mataha-
riMall.com (an e-commerce platform). MatahariMall.com uses GrabBike drivers as its official courier
service in Jakarta (Grab, 2016a).
GrabBike also provides insurance for both drivers and users. The insurance provided by GrabBike only
covers the medical insurance for accidents but not for deathly accidents (Grab, 2016c). However, it is
not clearly stated, specifically for the drivers, whether the insurance covers only the journey or at-
tached to the drivers even though they do not drive for the customers.
GrabBike offerings
The GrabBike application is integrated into the Grab application, whilst the offering is not as diverse
as Gojek. With other ridesharing service offerings listed in the Grab application, such as: GrabCar and
GrabTaxi, Grab only offers two motorcycle based products, i.e., GrabBike and GrabExpress (Grab,
Page | 29
2016b). In March 2016, the company announced that it pursues a strategic partnership with Mataha-
riMall.com and provide GrabExpress as the official courier for the goods bought in the MatahariM-
all.com website (Grab, 2016a). Figure 2.6 displays the main page of the Grab application, especially
GrabBike.
Figure 2.6. Grab application main page (GrabBike page)
GrabBike ecosystem
Since the GrabBike offerings are very simple, so is the ecosystem. The direct actors only consist of the
motorcycle drivers and the peer users. However, the indirect actor may vary due to the fact that Grab
is a company that operates in several countries, thus the customers’ data may be transferred to the
other countries as well. Figure 2.7 and Figure 2.8 portray the GrabBike ecosystem and value network.
Page | 30
GRAB PLATFORM
Peer providers
Peer users
Adjacent actors
Data Processor
Adjacent Users3rd Party company
Insurance Company
Other Grab subsidiary
Motorcycle owner and drivers
Direct interaction Indirect interaction
Partners
Online stores: MatahariMall.com
Figure 2.7. Grab ecosystem
GRABPeer
providers
Peer users
Data Processor
3rd party company
Other Grab subsidiary
Payment gateway
Insurance Company
Payment handling
fee
Service, Peer providers data
fee
fee
Revenue, Users data
fee
Fee, analytics service
Users data, peer providers data
Users data, peer providers data
Transportation service
Behavior analysis
Behavior analysis
Exposure,Service fee
Client,Exposure
Logistic service
Direct value transfer Indirect value transfer
Pay-as-you-goInsurance
Pay-as-you-go insurance
Online stores
Saving accounts
Figure 2.8. Grab value network
Page | 31
GrabBike privacy policy
It is mentioned on the Grab website (but not in the application) that the company collects, stores,
uses, and processes users’ personal information that is provided directly when the users register to
use the service, such as (but not limited to): name, identification number, birth certificate number,
passport number, nationality, address, telephone number, credit or debit card details, race, gender,
date of birth, and email address (Grab, 2016e). However, the information is not limited to those di-
rectly provided data, but also other sensitive personal data, such as: data related to health, religious,
and other similar beliefs (Grab, 2016d, 2016e).
The company also explains the purpose of data collection, such as: to perform service fulfilment and
maintain communication with the customer (Grab, 2016e). Furthermore, the company explicitly states
that it will also transfer all those types of data to the third party for advertising and marketing purpose
(Grab, 2016e). Moreover, since the company also has presence in other countries, the stored data
may be transferred to, stored, used, and processed in other jurisdictions than Indonesia (Grab, 2016d).
However, the company also provides the users opportunity to opt out on the use of their data from
any purposes other than service fulfilment by contacting the company by email or simply by clicking
the unsubscribe link in the company’s marketing email (Grab, 2016d).
2.5 Conclusion As previously mentioned in the introductory paragraph, this chapter discusses the contextual factors,
domain, as well as the scope of the study. Specifically, the chapter aims to answer SQ1. (What is the
peer-to-peer ridesharing service and how is the elaboration of the concept and its application in the
Indonesian market?).
We elaborate the ridesharing service as a derivation of the collaboration consumption concept, in
which from the discussion, we cannot give collaborative consumption a shared definition. Yet, we can
still conclude that the collaborative consumption is a concept of sharing which has certain character-
istics, i.e.: (1) the distributed power of actors who can provide and distribute their goods to another
based on a shared value and trust without the role of centralized institution (Botsman, 2013); (2) the
changing experience of the consumer from the passive role to the active and connected collaborators,
producers, creators, providers, and even financers (Botsman, 2013); and (3) the use of technology as
an efficient mediation tools (Botsman, 2013).
Furthermore, there are four drivers of collaborative consumption, which are: (1) the consumerization
and the ubiquity of digital technology; (2) shift concept of value, that promote access to use goods
rather than ownership to goods; (3) a new thinking of the way assets create wealth from economic
lenses; and (4) environmental awareness (Botsman, 2013; Sundararajan, 2014).
In general, there are three categories of collaborative consumption, which are (according to Botsman
and Rogers (2011)):
1. Redistribution markets, is the activities to redistribute unused or underutilized assets; for exam-
ple: tweedehands.nl, www.half.ebay.com,
2. Collaborative lifestyle, is the new ways to do an exchange process of tangible and intangible as-
sets, such as: skill, time, space, and money; for example: skillshare.com,
3. Product service system (PSS), which means to purchase the use/access to the benefit of product
without owning the ownership; for example: Uber and Lyft.
The ICT development has elevated the business potential of collaboration consumption concept. The
digital platform, as the most prominent use of technology development in collaborative consumption,
Page | 32
has created further business innovation. Together with social media communities, global positioning
service, and mobile application, they have produced a more efficient market environment.
The specific collaborative consumption discussed is the ridesharing as a PSS type of collaborative con-
sumption implemented in the transportation field. The ridesharing categorization can be distinguished
by both market orientation and the organizational form. The above mentioned Table 2.1 details the
categorization of ridesharing. Furthermore, the motives of participating in the ridesharing system is
also varied, in which only the service providers may have the optimistic motives to make the world a
better place while the other participating actors are only motivated by the hedonistic and utilitarian
motives.
The general ecosystem of P2P ridesharing mainly focused on the (digital) platform owner as the me-
diator of transaction when the users use the service. Also, with the loosely-coupled potential of digital
platform, the platform owner can further extend the ecosystem by inviting adjacent actors to collab-
orate in the ridesharing system. When a user uses the service, his/her personal data might be involved
in the value exchange process. The data not only limited to the basic data to provide the service (such
as: pick up and drop off location and the mobile phone number), but also more sensitive data (such
as: behavior of users when using the service).
Going deeper to the two cases of Indonesian P2P ridesharing implementation, our study concludes
that: like Uber, the Indonesian ridesharing providers do not want to be identified as transportation
service providers. Instead, they claim themselves as technology companies that provide a marketplace
to perform negotiation and transaction between the peer providers and the users. Nevertheless, both
companies still want to control the quality over the peer providers to ensure the sustainability of their
service. Furthermore, the complexity of the ridesharing ecosystem depends on the service offerings
and the involved actors. In the study, we also found out that even though both companies provide a
clear privacy policy, this privacy policy is not easily accessible from the application.
2.6 Discussion From the above mentioned elaboration, we may conclude that P2P ridesharing service is actually an
implementation of collaboration consumption concept which translates the product service system in
transportation field. This concept heavily bases the operation at the digital platform as the intermedi-
ary infrastructure to provide the service to its users. The recent innovation of P2P ridesharing service
in Indonesia is in the form of Ojek online service, in which the ridesharing ecosystem has been devel-
oped to other adjacent actors/partners through the use of technology development (specifically the
digital platform).
ICT becomes a vital aspect in the development of a ridesharing service due to its ability to create a
more competitive markets and to remove information asymmetry. Moreover, by using a digital plat-
form, a ridesharing company can exploit the loosely coupled capability of a digital platform to further
expand its ecosystem.
Also, the ICT development has made data capture become more feasible. The users’ personal data,
including not only the basic data (such as: name, phone number, and address), but also more sensitive
data (such as: spending behavior, traveling behavior, and user interests) are easily captured by the
tracking capability bestowed by the technology when they are using the service. The basic personal
data (such as pick up and drop off location) are used to provide the basic service. Besides, more ad-
vanced personal data that can be gathered and mined by the use of ICT (such as behavioral and pref-
erences information) can be used to create additional values on top of the basic service. Thus, these
potentials will invite other actors to be part of a more complicated ridesharing ecosystem.
Page | 33
As the ridesharing ecosystem becomes more complicated, the use of personal data may raise issue of
privacy concerns. The users who disclose personal data may not know what data, what for, and to
whom their data will be distributed and who will use the data. At such, the business practice can create
another information asymmetry as the users may be unaware of the harm and/or risk of disclosing
their personal data, before the privacy violation is occurred. Because of this information asymmetry,
the ecosystem will be unsustainable as the users do not fully realize the real cost they are paying in
order to use the service. On the other hand, the RPSs can also have the risk of being sued by the
customer if they do not explain completely to their customers related to the use of the users’ personal
data. Therefore, before the RSPs start to expand their ecosystem (and create their multisided ecosys-
tem), they have to prepare privacy right assurance measures and/or the additional value to be given
to the users in return to their disclosed personal data.
Page | 34
This page is intentionally left blank
Page | 35
3 Theoretical Framework: The
privacy and Privacy decision
making theory
This chapter specifically answers the sub-question 2 (What is privacy, what are the constructs that
build up the privacy decision making theory, and how can the company prepare the implementation
of privacy mitigation strategy?). By answering this question, we develop our conceptual model, in-
cluding the type of privacy involved in the peer-to-peer ridesharing service as well as the privacy mit-
igation strategies that can be applied in such service. With the aim to structure the chapter, the fol-
lowing sub-division questions will be answered in this chapter:
SQ2a. How is privacy defined?
SQ2b. How can the concept of privacy be categorized and what types of privacy are related to
the context of peer-to-peer ridesharing service?
SQ2c. How is the privacy decision making theory elaborated?
SQ2d. How are the previous studies about privacy mitigation approaches concluded?
SQ2e. What can the company do to prepare the implementation of privacy mitigation strate-
gies?
SQ2f. How is privacy valued?
To answer those questions, a literature reviews was conducted to identify the knowledge gap and to
explore the underlying theories. Furthermore, the previous studies related to the privacy concerns
were also explored to ensure all variables and important discussions related to the theories were not
left out in the study. The literature was collected from textbooks, journals, peer-reviewed journals,
conference proceedings, theses, reports, business white papers, industry expert reviews, and the in-
ternet.
This chapter is structured as follows. This first section explains the subdivisions of sub-research ques-
tion, the research strategy of this chapter, and the chapter organization. Next, the definition of privacy
will be elaborated in paragraph 3.1. There are two approaches to define privacy, i.e., as a right (para-
graph 3.1.1) and as an interest (paragraph 3.1.2). Moreover, the categorization of privacy will be dis-
cussed in paragraph 3.2. Next, the privacy decision making theory will be elaborated on in paragraph
3.4 to study about privacy concerns measurement and their mitigation strategies, whereas the hy-
potheses development based on the privacy decision making is formed as the base line of the survey
and statistical analyses that we wish to develop are presented in paragraph 3.5. Next, the privacy
mitigation strategies implementation preparation is explained in paragraph 3.6, while the privacy val-
uation theory is elaborated in paragraph 3.7. Finally, the conclusion of the chapter will be formulated
in paragraph 3.8.
Page | 36
3.1 What is Privacy? Nowadays, personal data become more valuable and “threatening”. Waldo et al. (2007), in their book
that discusses privacy engagement practice in the digital age and extensive information technology,
portray the organization holding personal data is like Damocles who is partying under the sword.
Moreover, a workshop of World Economic Forum (WEF) concludes that personal information can now
both create and destroy value (WEF, 2012). Personal data and privacy have been a concern since com-
puters began to be used in public sector, even long before the internet era (Dutta et al., 2011). Nev-
ertheless, the massively available literature on privacy is still not able to ensure the users in the aspect
of privacy protection practice, especially in the information age (Waldo et al., 2007). Moreover, recent
research shows that privacy concern is still become the biggest thread to innovations that harness the
digitalization (Lee & Kwon, 2015; Li et al., 2010).
Even though privacy has been studied for a long time, the concept, however, is still ambiguous with
multiple meanings, interpretations, and value judgments (Xu et al., 2012). The concept of privacy is
vague but yet well-understood (Waldo et al., 2007). Privacy must be portrayed like a terrain in a land-
scape because there is no predominant concept of it (Solove, 2008), while the other scholars prefer
to use the “umbrella term” to explain privacy, such as: problems that arise from information collec-
tion, processing, dissemination, and invasion activities (Xu et al., 2012).
On the contrary, Waldo et al. (2007) try to conceptualize privacy in a broader concept rather than on
the individual level, they define privacy as “a set of social concern related to the control of, access to,
and use of (personal) information” (Waldo et al., 2007, p. 84). Even though the concept of privacy is
pluralistic, it is also well-understood at the same time, as people who use this term share their own
definition and are valuing the privacy in the same direction (Waldo et al., 2007). Moreover, the term
of privacy has many connotations; e.g., control over personal information, right to be left alone, or
access to person and property. In general, privacy is seen as the necessary condition needed by indi-
viduals to separate their personal and public lives and to outline what should be kept as personal
information and what should be available for public (Waldo et al., 2007).
Additionally, Warnier et al. (2015) argue that privacy is associated with the three main points, i.e.: (1)
the right to be left alone and freedom of intrusion from others, or the negative liberty; (2) the ability
to control the information about oneself; and (3) freedom of surveillance, which includes the right not
to be monitored, tracked, or followed. Furthermore, they also argue that the degree of privacy is rel-
ative and dependent to the context and the data subject (Warnier et al., 2015). For example, ones
might have occupation that requires them to have a limited (or even not having) privacy, such as ce-
lebrities and royalties.
Moreover, other privacy scholars also make definition of privacy in the economic dimension. Noting
that individuals are economic actors, economists define the economics of privacy as: the control over
protection and disclosure of one’s personal data that will produce trade-offs with tangible and intan-
gible economic benefits (Acquisti, Taylor, et al., 2015). For example: Culnan and Bies (2003) make the
economic conception of privacy, in which they define the privacy as an instrument to make a second-
ary exchange transaction, such as: a non-monetary exchange transaction of their personal data for
additional value (for example: a higher level quality of service).
Based on the above mentioned explanation, Table 3.1. Summary of the privacy conception summa-
rizes the scholars’ conception of privacy.
Page | 37
Table 3.1. Summary of the privacy conception
Privacy conception and definition Scholars
Problems that arise from information collection, processing, dissemination, and invasion activities
(Xu et al., 2012).
A set of social concern with many connotations (such as: control over ones’ personal information and the right to be left alone) that related to the control of, access to, and use of (personal) information.
(Waldo et al., 2007).
Privacy is associated with right to be left alone, control over ones’ personal data, and freedom of surveillance.
(Warnier et al., 2015)
“the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (p. 7)
(Westin, 1968)
“The ability (i.e., capacity) of the individual to control personally (vis-à-vis other individuals, groups, organizations, etc.) information about one's self” (p. 460)
(Stone et al., 1983)
Control over personal data that is able to generate trade-offs with economic benefits.
(Acquisti, Taylor, et al., 2015)
An instrument for non-monetary secondary exchange in order to “purchase” additional value added service
(Culnan & Bies, 2003)
Seeing the ground purpose, the privacy disclosure is a mandatory condition in some cases, specifically
in the activity related to the emergency and governmental activities. It creates trade-offs between the
privacy right invasion and the societal benefit of privacy disclosure. For example: the need to track the
users’ cell phone vs. the ability to instantly locate the dialer in an emergency dialing service, or the
need to install closed-circuit-television (CCTV) that able to locate and monitor individuals’ activities
vs. the increase of the public safety. Moreover, in other cases, the privacy disclosure will also be useful
to offer value added service. A lot of business innovation opportunities are coming from the use of
personal data, for example: Facebook adverts with its targeted marketing audience (facebook.com,
2016), personalization services (Chellappa & Sin, 2005; Xu et al., 2011; Xu et al., 2009), and privacy
protection as the business value proposition (Liu et al., 2011).
One might see privacy as part of his/her fundamental right. However, due to the development of
technology, the perception about privacy is evolving in recent days. People start to see privacy as an
interest that exchangeable for certain benefits, and “sell” it to the company – or the data service pro-
viders (DSPs) - that collects, uses, processes, disseminates, stores, and/or aggregates the personal
information and that offer services, both to the users and third party in the ecosystem (Roosendaal et
al., 2014). In the next two sub-sections, we will explain the definition of privacy in two contradicting
approaches, i.e., as a right and as a tradable interest.
3.1.1 Privacy as a right Privacy is traditionally defined as a right. Scholars in the earlier days define privacy as part of the fun-
damental right (for example: Westin (1968), Altman (1976), and Parent (1983)). Furthermore, a lot of
laws and conventions also state privacy as part of the basic human right that need to be protected.
For example, the article 12 of Universal Declaration of Human Right explicitly states that “No one shall
be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks
upon his honor or reputation” (Assembly, 1948, p. n.a.). More recent law, the article 8 of European
Convention of Human Right also states privacy as one of the fundamental rights. It explicitly says
“[e]veryone has the right to respect for his private and family life, his home and his correspondence”
Page | 38
(Europe, 1950, p. 10). In addition, the Privacy International Organization also defines privacy as “[a]
fundamental right, (that) essential to autonomy and the protection of human dignity, serving as the
foundation upon which many other human rights are built” (privacyinternational.org, 2016, p. n.a.). It
enables the people to create barriers and manage the boundaries between private and public space
(privacyinternational.org, 2016). They all support the connotation of privacy as the right to be left
alone.
Seeing privacy as a fundamental human right means that the DSPs have to ensure the protection of
the personal data. A lot of laws, directions, guidelines, and frameworks have been formed to support
this notion. One of most well-known privacy frameworks is the OECD Privacy Framework (OECD, 1980)
that has been updated in 2013 to keep up with the development of digitalization with some updates
on volume, range of analytics, threats, value, actors, interactions, and global availability (OECD,
2013b). The OECD privacy framework has 8 principles, i.e.:
1. Collection limitation principle, the collection of personal data should be limited to the pur-
pose of the collection and any such data should be obtained by lawful and fair means and with
consent of the personal data subjects.
2. Data quality principle, the collected personal data should be complete, accurate, and kept
up-to-date.
3. Purpose specification principle, the purpose of which personal data are collected has to be
specified no later than the collection process is taking place, and the use of this data is limited
to this purpose.
4. Use limitation principle, the personal data should not be disclosed and used other than the
purpose that stated in the collection process, except with the consent from the data owner or
under the direction of law.
5. Security safeguards principle, DSPs should protect the personal data against risks of loss, un-
authorized access, modification, destruction, use, or disclosure of data.
6. Openness principle, DSPs has to be transparent about the practices, policies, and the devel-
opment of the collected personal data.
7. Individual participation principle, the personal data subjects have the right to have control
over their personal data.
8. Accountability principle, DSPs should be accountable related to the seven principles stated
above.
Additionally, APEC7 region has also developed a privacy framework for its economic members. The
APEC Privacy Frameworks aims to balance and promote the information privacy protection across its
economic members without creating unnecessary barriers of information flow among them (APEC,
2005). This framework is also consistent with the core principles of OECD Privacy Framework.
APEC Privacy Framework is developed to address the specific issues related to the APEC countries and
other diversities in the members. For example: most of the countries in APEC are emerging countries
that just recently embrace the development of internet in which the privacy awareness (sometimes)
is minimal (Dutton et al., 2014), therefore the depth of the framework implementation may vary from
one country to another. However, the APEC Privacy framework is not far different with the OECD Pri-
7 The members of APEC Countries are: The United States; Australia; Brunei Darussalam; Canada; Chile; China; Hong Kong, China; Indonesia; Japan; Malaysia; Mexico; New Zealand; Papua New Guinea; Peru; The Philippines; Russia; Singapore; Re-public of Korea; Chinese Taipei; Thailand; and Viet Nam
Page | 39
vacy Framework. The major differences between OECD Privacy Framework and APEC Privacy Frame-
work lie on the practical basis, where the members are allowed to justify the level of adoption accord-
ing to their needs. The principles are:
1. Preventing harm principle, DSPs should protect the personal data subjects from the harm
resulting from the wrong collection or misuse of their personal data.
2. Notice principle, DSPs should ensure that the personal data subjects are aware and under-
stand what information is collected, the purpose of it being collected, to whom the personal
data will be disclosed, and the choice and control over the collected personal data. With this
notice, the personal data subjects are able to make more informed decision.
3. Collection limitation, the collection of personal data is limited to the data that is relevant to
the purpose of collection, and it has to be obtained by lawful and fair means, with notice and
consent from the personal data subjects.
4. Uses of personal data, the collected personal data should be used only for the purpose of
collection or related purpose, except with consent from the data subjects, in necessity condi-
tions to provide product or service requested by the data subjects, or by the authority of laws.
This principle also governs the transfer or disclosure of personal information to a third party.
5. Choice, where appropriate, DSPs should provide the data subjects clear, understandable, easy
to understand, and affordable mechanisms to exercise the choices related to the collection,
use, transfer, and disclosure of the personal data.
6. Integrity of personal information, DSPs have to maintain the completeness and accuracy of
the data and keep the data up-to-date.
7. Security safeguards, DSPs should provide proportional safety and protection against risks of
loss, unauthorized access, modification, destruction, use, or disclosure of data. Such safe-
guards have to be reviewed and reassessed periodically.
8. Access and correction, DSPs should empower the data subjects with the ability to access and
correct their personal data in a reasonable manner and form.
9. Accountability, DSPs must be accountable to comply with the principles above. In the case of
the data are transferred to another party, DSPs must ensure that the recipient will protect the
data consistently to those principles.
Furthermore, on the national level, the Indonesian Government also prepares a law related to per-
sonal data handling. This law governs the specific process of collecting, processing, analyzing, storing,
presenting, transferring, publishing, and deletion of personal data, and also noticing to the data sub-
ject (MCIT, 2015). However, the detailed level of governance is still lacking compared to the APEC and
OECD Privacy framework. It neither addresses the implementation mechanism (for example: the
standards used and the assessors) nor audit mechanism of the regulation. The principles of personal
data handling according to this law are:
1. Purpose, the data collection should be accurate and the analysis should be limited to the rel-
evant purpose. This data should also be verified by the data subject.
2. Choice and control, the data subjects have choices whether the collected data are treated as
private data or publicly available data. DSPs must provide access for data subjects to modify,
add/delete, or update the collected data.
3. Consent, DSPs must obtain the consent from the data owner related to the data collection
process.
4. Protection, DSPs must be credible and able to perform protection measures to the collected
data. The protection measures have to be audited regularly.
Page | 40
5. Storing, the physical data centers and disaster recovery center used to store the data have to
be located in Indonesia.
6. Presenting, transferring, publishing the data are not allowed unless with the data subjects’
consent or under the directive of law.
The three above mentioned frameworks (and law) have similar general principles, which are: Personal
data must be collected only for specific purposes; they can be processed only if the data subjects have
given their consent; they must be processed fairly and lawfully; they must be protected from any risks;
and control over the data has to be given to the data subjects.
Taking into account the development of technology which cannot be separated from the privacy right,
the concept of Privacy by Design (PbD) has been developed. It is derived by the notion that the tech-
nology is fundamentally neutral, the operator, however, is the one who can use the technology to
protect as well as to invade the privacy (Irani et al., 2013). Additionally, the technology development
also contributes to systemic risk of privacy in which the data collection becomes possible to be inferred
without the users’ consent and knowledge (Dhar et al., 2011).
The PbD approach aims to protect the privacy right proactively up-front in the design phase of arti-
facts, systems, business processes, physical and networked infrastructure, and the entire ecosystem
and governance model (Cavoukian, 2006; Cavoukian & Jonas, 2012). The principles of PbD are:
1. Proactive not reactive; Preventative not remedial. It begins with a recognition of value and
benefit of proactive implementation of strong privacy practice, early and consistently. It an-
ticipates and prevents privacy invasion from happening.
2. Privacy as the default. PbD aims to deliver maximum degree of privacy protection, therefore,
it is built into the system by default.
3. Privacy embedded into design. PbD is embedded within the design of the artifacts, systems,
business processes, and not as add-ons.
4. Full functionality – Positive sum, not Zero sum. PbD aims to accommodate all actors to pro-
tect their interests and to realize the benefits of privacy protection in a positive sum, not zero
sum where the unnecessary trade-offs are present.
5. End-to-end security – Lifecycle protection. PbD aims to ensure the security or personal data
throughout the entire lifecycle of the artefact in which personal data is involved.
6. Visibility and transparency. PbD aims to assure all actors operating according to the promises,
subject to independent audit, and it has to be visible and transparent to both users and pro-
viders.
7. Respect for user privacy. PbD aims to keep the operation user-centric.
Additionally, Warnier et al. (2015) argue PbD has been studied for a long time, especially in the field
of computer science, derived from value sensitive design approach. In summary, there are three dif-
ferent methods to design a privacy preserving (computer) system, i.e.: (1) never store any personal
data, (2) develop strict policies when storing and processing personal data, and (3) only use anony-
mization of personal data (Warnier et al., 2015). However, not all the methods are fit to be imple-
mented in the today’s technology development, especially the first method. Nowadays, many of or-
ganizations store and process personal data as their source of marketing intelligent activities. Never-
theless, Warnier et al. (2015) also argue that many data directives and PbD approaches are still vague
and lack of common understanding between actors, especially in the implementation phase. They also
suggest that there is a need to develop the detailed PbD guidance.
Page | 41
Despite the availability of privacy frameworks and approaches, all those available frameworks and
approaches are only applicable to the DSPs from an organizational point of view. On the contrary,
from the data subjects’ point of view, the empirical analysis related to the data subjects’ ability to
control their right is still lacking (Rohunen et al., 2014).
Xu (2007) argues that to ensure the individuals’ privacy right, the data subjects can exercise control
over their personal data. The privacy control consists of both individual control and proxy control
based on the notion that when the possibility to exercise of individual control is unavailable, users will
renounce their control to the available proxy control, which is defined as the attempt of individuals to
gain control through powerful others when they do not have adequate resource or power to exercise
their individual control (Xu, 2007; Yamaguchi, 2001).
Xu et al. (2012) develop the privacy assurance approaches to cover those abovementioned privacy
controls. This approach focuses on two types of control, i.e., the individual control and the proxy con-
trol (Xu et al., 2012). Firstly, the individual control, which is developed based on Individual Privacy
Protection Responses (IPPR) taxonomy by Son and Kim (2008). The IPPR is divided into three nomo-
logical terms, i.e.: (1) Information provision (refusal & misrepresentation of information); (2) Private
action (removal & negative word-of-mouth); (3) Public action (complaining directly to the company &
complaining indirectly to third party) (Son & Kim, 2008). Secondly, the proxy control, in which the
other actors acts as the control agents, it includes industry self-regulation (such as: third party privacy
auditor & privacy protection seal) and the government legislation in this group (Xu et al., 2012).
3.1.2 Privacy as an interest In contrast to the previous theories, Clarke (1997) defines privacy as an interest. He argues that defin-
ing privacy as a right is problematic as it does not have an absolute standard and it is also cloudy
between the legal rights terminology and moral rights terminology (Clarke, 2006). He specifically de-
fines privacy as something that people like to have, or using his original word: “the interest that indi-
viduals have in sustaining a 'personal space', free from interference by other people and organiza-
tions”(Clarke, 2006, p. n.a.). Defining privacy as an interest means viewing privacy through economic
lenses that can be given up for utilitarian interest. In this case, the privacy protection measure means
balancing the interest between actors (Clarke, 2013), i.e., the data subjects’ interest to protect their
privacy versus the DSPs’ interest to acquire the data for their own benefit.
Furthermore, Clarke also details the privacy with many dimensions (Clarke, 2013). First, the privacy of
the person, which is also referred as “the bodily privacy”. This privacy protects the information of the
human body structure and information. The example of privacy intrusion in this type of privacy is:
when the company asks a candidate to submit a compulsory sample of DNA and/or body tissue to be
analyzed before the candidate is joining the company. Second, the privacy of personal behavior, which
controls the information related to all aspect of behavior, such as: religion, sexual preference, and
political views, both in private and public spheres. Third, the privacy of personal communication,
which explains the individual interest in being able to communicate in any means without being mon-
itored by others. Last, the privacy of personal data, which explains the individuals claim to prevent
their data to become available without their consent.
Additionally, he also forms another dimension from the couple of two previously developed privacy
dimensions, i.e., privacy of personal communication and privacy of personal data. This new dimension
is formed due to the development of communication technology, particularly in the development of
the internet, which increases the use of public attention. He termed this new dimension as “infor-
mation privacy” (Clarke, 2006).
Page | 42
Furthermore, because of the new disturbing development has occurred, where individuals like to “rec-
ord” the experience they are getting from meeting people or buying goods or services in both online
and offline form (for example: diary, blogs, and social media), he further developed these dimensions
by adding another dimension, i.e., the privacy of personal experience, which limits the “recorded ex-
perience” from becoming automatically available for exploitation and being exploited (Clarke, 2013).
For example: people can write anything in their micro blogging page or application. However, the ap-
plication should empower the users to control and moderate to whom the blog-posting will be avail-
able. Examples of applications that use this approach are Facebook, Google+, and Path. In addition,
Solove (2007) also develops his own taxonomy of privacy based on the privacy problems and harms
due to the conflicting interests between actors. His taxonomy includes: (1) the information collection,
e.g., CCTV surveillance and interrogation; (2) information processing, such as: identification, aggrega-
tion, and secondary use; (3) information dissemination, including disclosure to other parties, and
blackmailing; (4) and invasion, e.g., decisional interference and intrusion (Solove, 2007).
To conclude the section, the privacy can be defined both as a right as well as an interest. Defining
privacy as a right means the DSPs have to make the privacy right properties are assured when they
acquire the users’ personal data. On the contrary, defining privacy as an interest means the privacy
can be traded over certain (additional) benefits expected by the users. Therefore, the DSPs can pre-
pare the “benefits” that might be wanted by the data subjects before trying to acquire the users’
personal information.
3.2 Categorization of privacy In the previous section, we presented Clarke’s version of privacy dimensions (Clarke, 2013). However,
this categorization of privacy does not fully fit to the recent development of technology. For example:
with the development of unmanned aerial vehicle (such as drone), people can have the risk of privacy
intrusion. Based on this case, Clarke’s privacy dimension fails to define what kind of privacy intrusion
it is, particularly in the segregation of public and private space. Furthermore, the categorization of
privacy involved in the recent development of e-commerce, in which the e-commerce website/appli-
cation is able to monitor the users’ behavior in making purchase (famuharan, 2015); or the use of
cookies in the web browser, which enables the web browser to monitor the “click-and-browse” be-
havior of the users (bigcommerce, 2015); is failed to be defined by Clarke’s privacy dimension. More-
over, the categorization of privacy involved in the practice of personal data market and the data driven
marketing (for example: Deighton and Johnson (2013), Spiekermann et al. (2015), & Roosendaal et al.
(2014)) are also failed to be defined in the Clarke’s privacy dimension. In other words, the Clarke’s
categorization of privacy is still too general to be applied in the context of the recent developments
of technology. Therefore, Finn et al. (2013) try to expand the dimensions so that they can fit to these
development of technology. The dimensions are:
1. Privacy of the person that includes the right or interest to keep the human body information
(such as: DNA code and biometric identity) and characteristics private. This privacy dimension
is shared the same definition with Clarke’s privacy of the person.
2. Privacy of behavior and action that includes the intimate issues such as: religion, sexual pref-
erence and habit, and political views. It also includes the ability to act or behave in public,
semi-public, and personal space without being monitored and/controlled by others.
3. Privacy of communication, which includes the concerns related to the “sniffing” of communi-
cation activities, including the use of bugs, email tapping, and telephone or wireless commu-
nication interception.
Page | 43
4. Privacy of data and image that contains the concerns about assurance that “the individuals’
data are not automatically available to other individuals and organizations and that people
can exercise a substantial degree of control over that data and its use” (Finn et al., 2013, p. 8).
5. Privacy of thought and feeling includes the concerns of the individuals’ right to think and feel
whatever they like. They also have the right not to have their thoughts and feelings revealed.
This type of privacy is important to balance the power of creative freedom of individuals and
the control power of the state.
6. Privacy of location and space comprises the concerns of individuals to have the right to move
and travel without being identified, monitored, and/or tracked. It also includes the right of
privacy in the different spaces, such as: in the office, in the moving car, or in the home.
7. Privacy of association (including group privacy) includes the concerns of individuals’ right to
associate themselves with whomever they wish without being monitored by other individuals
or organizations. This dimension of privacy is closely related to the freedom of speech that
has been associated with democratic live of society.
3.2.1 Privacy in peer-to-peer ridesharing service Based on Finn’s privacy categorization, combined with the explanation in chapter 2 (specifically in the
paragraph 2.4), we can conclude that in the use of personal data analytics in the peer-to-peer rides-
haring service, only three types of privacy are involved and will be explored. Firstly, the privacy of
location and space; because of the mobile app ordering model of P2P ridesharing will use the device’s
geolocation information, the users of this service have to disclose their location to the company. Fur-
thermore, the ending point (and its correlated track) will also be recorded to calculate the transpor-
tation fee. In some cases, the company (with the proxy of the mobile application) also gives the op-
portunity for the user to name the certain location as “home” or “office” to make the next ordering
process becomes easier. In this case, the user’s location and space information are disclosed alto-
gether.
Secondly, the privacy of behavioral and action will also be studied in this research. The opportunity to
offer a personalization service based on personal data analytics requires the buying and traveling be-
havior of the users. This behavioral information is mined to predict the users’ preferences toward
certain products and services. The mined results are presented in the form of suggestions and recom-
mendations to the users.
Finally, the privacy of data and image will also be analyzed. With the notion that users’ personal data
are valuable, the company could resell the users’ behavioral information, or the analysis of the behav-
ior, to other parties so the other parties will have this information in order to upsell their product
through the company’s application (both as a bundling product or a separate product). In this case,
the data subjects will have the risk of losing their privacy of data and image.
3.3 Privacy decision making theory The privacy mitigation strategy is developed using the justice theory, especially two forms of justice,
i.e., the wealth distribution justice and the procedural justice. The sub-section 3.3.1 will focus on the
wealth distribution justice that sees privacy as utilitarian tool to get certain benefits whereas the pro-
cedural justice that sees privacy as a right will be elaborated in the next sub-section (paragraph 3.3.2
The outcome of the analysis is the foundation for the privacy decision making constructs.
3.3.1 The privacy calculus In the process of making decisions to disclose personal information, the data subjects often calculate
the trade-off of wealth, i.e., trade-off between the privacy cost and the privacy benefit. Privacy calcu-
lus theory is one of the theories in the privacy decision making based on this cost-benefit analysis. It
Page | 44
infers the privacy interests as an exchange tool when data subjects demand for certain benefit as a
return for disclosing their personal information (Xu et al., 2009). The consumers (or the data subjects)
would perform the analysis to assess whether the benefit they are getting offsets the perceived cost
they have to pay (in the form of disclosing their personal data), and respond accordingly.
Privacy calculus theory is developed by Culnan and Armstrong (1999) based on the fairness theory.
They argue that customers will be willing to disclose their personal information if the company pro-
vides a fair procedure to the customers to address their privacy concerns (Culnan & Armstrong, 1999).
When DSPs collect personal data from data subjects, they will see the collection of personal data as
social contracts with the data subjects. Furthermore, the data subjects will keep participating in this
social contract as long as the benefits they receive exceed the costs and the risks associated to the
disclosure (Culnan & Armstrong, 1999). Moreover, Culnan and Bies (2003) also propose the concept
of “secondary exchange” to explain the privacy calculus, in which they argue that the utilitarian users
will perform the exchange of personal information for utilitarian benefits as by-product (secondary
exchange) of the products and services exchange (the primary exchange) (Culnan & Bies, 2003).
Additionally, Dinev and Hart (2006) also extend the privacy calculus model. They add the perceived
risk factor as the antecedent of privacy concerns in the privacy calculus model. Using data gathered
from 369 samples, a structural equation model was performed to confirm the relation. Moreover, Xu
et al. (2009) also developed the model further by incorporating justice theory in the privacy calculus
model. They include compensations, industry-self regulation, and government regulation as part of
the privacy intervention approach (Xu et al., 2009). By incorporating those approaches, the data sub-
jects will be able to evaluate the fairness of the distribution outcome in one hand as well as the fairness
of procedure of information collection and use in the other hand (Xu et al., 2009).
More recent, Kehr et al. (2015) improved this model by developing an extension to the privacy calculus
model. They propose the situational-specific privacy calculus, in which the cost and benefit assess-
ment is influenced by pre-existing attitude, e.g., the data subjects’ general privacy concerns and their
institutional trust to the system they are involved in, and the bounded rationality of the data subjects
(Kehr et al., 2015). They also argue that when users are presented with positive effect of privacy dis-
closure, they often underestimate the risk of information disclosure (Kehr et al., 2015). Their research
suggests that the users are facing a bounded rationality in doing an evaluation of privacy decision
making. Furthermore, Gu et al. (2015) also try to expand the privacy calculus model by studying the
interaction effects of the contextual factors to the privacy calculus model. Their research suggests that
contextual factors; specifically the application popularity, permission sensitivity, and the permission
explanation; are influencing the users’ calculus behavior (Gu et al., 2015).
3.4.1.1 The cost In the privacy calculus model, the cost part of the privacy calculus is often represented by the privacy
concerns (for example: Lee and Kwon (2015), Dinev and Hart (2006), Xu et al. (2009), Morosan and
DeFranco (2015), Keith et al. (2013), Kehr et al. (2015), Sun et al. (2015), and Guo et al. (2012)). Many
scholars have tried to operationalize the privacy concern. Smith et al. (1996) conceptualize the privacy
concerns with four dimensions of construct. Firstly, the collection, this construct measures the con-
cerns that the data subjects experience when the company collects and stores their personally iden-
tifiable data. Secondly, the error, which operationalizes the data subjects’ concerns related error that
might happen to the personal data. Thirdly, the unauthorized secondary use, which measures the data
subjects’ concerns that information collected is used for secondary purpose other than the initial col-
lection purpose. Fourthly, the improper access, related to the data subjects’ concerns that their data
are automatically available to others. This construct is often called concern for information privacy
Page | 45
(CFIP). However, Smith et al. (1996) test these dimensions only use exploratory analysis without doing
the next step, i.e., confirmatory analysis.
In addition to that, Smith et al. (1996) also develop two more rarely used constructs, i.e.: reduced
judgment and combining data. The reduced judgment explains the concerns related to the use of data
collected as (inadequate) automated decision making source (Smith et al., 1996). For example, the
improper use of personal data to automate the decision about the creditworthiness of a person in
applying a loan from a bank. This construct, however, is not used often because scholars seldom iden-
tify reduced judgment as privacy concern (Smith et al., 1996). The second construct, the combining
data, explains the concerns related to the use of personal data that are combined with other database
to create a “mosaic effect” – single information become meaningful if it is combined with other data
– (Smith et al., 1996). This concern is rarely used because it is similar to the collection and unauthorized
secondary use construct (Smith et al., 1996). These two constructs are later empirically proven insig-
nificant.
More recent, Stewart and Segars (2002) try to improve the CFIP construct with second-order factors
using the scale from Smith et al. (1996). They drew a sample of 355 consumers and developed a con-
firmatory factor analysis framework to improve the parsimoniousness of CFIP constructs (Stewart &
Segars, 2002). They conclude that their research results are consistent with the prior findings and
suggest that the CFIP construct is better analyzed using confirmatory analysis to avoid the risk of mul-
ticollinearity (Hair et al., 2013; Stewart & Segars, 2002). This suggestion concludes that CFIP is a solid
construct to measure privacy concerns because it shows consistent result between exploratory and
confirmatory analysis.
Focusing on internet privacy concern, Malhotra et al. (2004) develop another privacy concern con-
struct called internet users’ information privacy concerns (IUIPC). They argue that IUIPC will better
explain privacy concerns in the online environment which has two-ways interaction between data
subjects and the DSPs (Malhotra et al., 2004). They propose three dimensions of construct, i.e., con-
trol, awareness, and collection (Malhotra et al., 2004). Malhotra et al. (2004) argue that the control is
important because of two reasons, i.e., (1) the consumers have taken high risk in submitting their
personal information, and (2) the previous studies (e.g.: Phelps et al. (2000) and Nowak and Phelps
(1995)) suggest that the majority of consumers perceive control as one of the important things to
reflect privacy concerns. If control is the active dimension part of the consumer, the awareness, more-
over, is also important to reflect the passive dimension of the privacy concerns. It explains the degree
to which consumers are aware about the organization’s policy related to the information privacy prac-
tice (Malhotra et al., 2004).
Additionally, Dinev and Hart (2004) also try to develop the privacy concerns dimension for the e-com-
merce model. By means of regression analysis to develop the privacy concerns construct, they con-
clude that the internet privacy concerns are measured by: (1) abuse (as the result of access vulnera-
bility), in which the users concerns that their submitted personal data are misused by the DSPs; and
(2) finding, explains the users’ concerns related to the risk of exposure of their personal data (Dinev &
Hart, 2004). These two constructs are also aligned with the CFIP constructs, i.e., the unauthorized sec-
ondary use (analogue with abuse) and the improper access (analogue with finding).
3.4.1.2 Privacy concerns constructs and its relation to the Privacy Frameworks From the abovementioned analysis, we can conclude that privacy concerns can be measured using
CFIP and IUIPC constructs. Furthermore, if we take a look to these constructs and confront them to
the privacy principles in the mainstream privacy frameworks (paragraph 3.2.1); i.e.: OECD and APEC
Page | 46
privacy framework; the privacy concerns dimensions are tightly related to the principles in the frame-
work. In the CFIP construct, the collection is representing the collection limitation principle in both
privacy frameworks, while the improper access is representing security safeguard principle also in
both frameworks. Moreover, the error is representing the data quality principle in the OECD privacy
framework and integrity of personal data principle in APEC privacy framework. Furthermore, the un-
authorized secondary use is representing the use limitation principle in both principles.
Additionally, the framework is also represented by the IUIPC privacy construct. First, the control is
representing the individual participation principle in the OECD privacy framework and choice, and ac-
cess and correction principle in the APEC privacy framework. And second, the awareness as repre-
sentative of openness and purpose specification principle in the OECD privacy framework and notice
principle in the APEC privacy framework. In summary, Table 3.2 summarizes the privacy concern and
its mapping to the privacy right frameworks.
Table 3.2. Privacy concern mapping
Privacy Concerns OECD Privacy frame-work principles
APEC Privacy frame-work principles
CFIP IUIPC
Collection Collection Collection limitation Collection limitation
Unauthorized/im-proper access
Security safeguards - Security safeguards - Preventing harm
Unauthorized second-ary use
Use limitation Use of personal infor-mation
Error Data quality Integrity of personal information
Control Individual participa-tion
- Choice - Access and correc-
tion
Awareness - Openness - Purpose specifica-
tion
Notice
Applicable only to the internal organization Accountability Accountability
3.4.1.3 The benefit The second part of the calculus, i.e., the benefit part, is explored by many privacy scholars as the
utilitarian measures to mitigate the privacy concerns (the cost part of the privacy calculus). Utilitarian
scholars often brake down the benefits into two types of benefits, i.e., tangible and intangible benefits.
In the tangible benefit part, Li et al. (2010) suggest that the monetary reward is dependent on the
fairness information exchange. They also argue that the “situation specific”, or contextual factor, will
influence (or have moderating effect to) the effectiveness of the monetary reward; for example: the
monetary reward would undermine the personal information disclosure if the fairness of information
exchange has not been achieved (Li et al., 2010).
Additionally, Xu et al. (2009) try to measure the effectiveness of monetary benefits to mitigate the
privacy concerns in the context of location based services (push and pull based information providing).
By using a quasi-experimental survey on the data from 528 respondents, they suggest that providing
monetary benefit is more important in push based location based services rather than pull based (Xu
Page | 47
et al., 2009). In more recent research, Derikx et al. (2016) try to measure the buy-off value of certain
type of personal information based on Finn et al. (2013) privacy categorization. Their research con-
cludes that privacy behavior and action, which is operationalized by registration of driving behavior,
is perceived as the most substantial privacy type by the mobile insurance users (Derikx et al., 2016).
In practice, the monetary reward could be a form of discount and coupon (Li et al., 2010) or specific
to the context of the personal data collection, such as: calling time and rebate of a monthly phone bill
in mobile based location based service (LBS) (Xu et al., 2009), or discount in monthly insurance in the
context of M-insurance (Derikx et al., 2016).
On the other hand, the intangible benefit is also explored thoroughly to mitigate the privacy concern.
Li et al. (2010) use usefulness to measure the intangible benefits that can be applied to mitigate the
privacy concerns. They suggest that the perceived usefulness of products and services will effectively
mitigate the privacy concerns (Li et al., 2010). Furthermore, in a more recent survey, Derikx (2014)
suggest that the perceived usefulness compensates the privacy concerns more effectively rather than
the expected monetary benefit.
Compared to the perceived usefulness, the concept of personalization has been investigated more
often to overcome the privacy concerns. Personalization is defined as “the ability to provide contents
and services that are tailored to individuals based on knowledge about their preferences and behav-
iors” (Adomavicius & Tuzhilin, 2005, p. 84). The personalization is often juxtaposed with privacy dis-
closure, because the consumers’ personal information is the company’s main source to provide per-
sonalization (Taylor et al., 2009). Because of this reason, the privacy-personalization paradox has been
studied in many contexts.
Chellappa and Sin (2005) explore the mitigation ability of personalization to the privacy concerns in a
general online environment. Aligned with the previous studies, they conclude that personalization will
effectively mitigate the privacy concerns (Chellappa & Sin, 2005). They also suggest that the company
can mitigate the users’ privacy concerns by conducting trust building activities, because their research
empirically concludes that that trust in the company will have significant negative effect (albeit small)
to the users’ privacy concerns (Chellappa & Sin, 2005). In addition, Awad and Krishnan (2006) also
empirically confirm the that personalization is able to effectively mitigate the privacy concerns. Based
on a survey to 400 online consumers, they suggest that the consumers who have a desire to higher
level of information transparency will be more reluctant to be profiled online (Awad & Krishnan, 2006).
In the context of media communication, Li and Unger (2012) explore the extent of personalized news
recommendations to mitigate privacy concerns. They suggest that the quality of recommendation is
one of the important things to mitigate privacy concerns (Li & Unger, 2012).
In the context of LBS, research by Xu et al. (2011) confirms that personalization is one of the anteced-
ents of privacy benefit. Furthermore, the personalization services will effectively mitigate the privacy
concern in the context of location aware marketing. In the same context, Liu et al. (2011) also study
the effect of personalization in the user payoff perception in using location based service. Using a field
experiment, they conclude that the amount of personalization available will effectively mitigate (di-
rectly and indirectly) the privacy concerns (Liu et al., 2011).
Morosan and DeFranco (2015) also explore personalization as a privacy concerns mitigation measure
in mobile applications, specifically in a hotel application. In addition to the benefit of personalization,
they conclude that the trust to the mobile application effectively increases the information disclosure
(Morosan & DeFranco, 2015). Furthermore, they incorporate the role of emotion in their study, which
Page | 48
suggests that only positive emotion will influence the personal information disclosure (Morosan &
DeFranco, 2015).
Moreover, Guo et al. (2012) study the personalization-privacy paradox in the context of m-health.
Their study confirms the ability of personalization in mitigating privacy concerns (Guo et al., 2012).
Furthermore, they discover the mediation role of trust in the adoption of personalized m-health ser-
vices (Guo et al., 2012). Additionally, Lee and Kwon (2015) explore the ability of personalization to
mitigate privacy concerns in the m-health. They suggest that the service accuracy, as the operational-
ization of personalization, will effectively mitigate the privacy concern (Lee & Kwon, 2015). Table 3.3
summarizes the previous studies of concepts that can be part of the privacy calculus.
Page | 49
Table 3.3. Previous studies of privacy mitigation efforts
No Author Context Method Privacy cost construct Privacy benefit con-struct
Note
1 Li et al. (2010) e-commerce Experiment Perceived risk Monetary rewards, per-ceived usefulness
The effectiveness of monetary reward is dependent on the context of the service
2 Xu et al. (2009) Location based ser-vices
Quasi experi-mental
Perceived risk Compensation Compensation is more effective to mitigate privacy concern in push-based LBS than in pull-based LBS
3 Derikx et al. (2016)
m-insurance Conjoint anal-ysis
Information of data and image, information of location and space, in-formation of behavior and action
Discount in monthly in-surance
Users perceive the information of behavior and actions as the most substantial personal infor-mation
4 Derikx (2014) m-insurance Survey, Multi-ple regression
General privacy con-cern
Perceived usefulness The usefulness is more effec-tive than monetary benefits to overcome privacy concerns
5 Li and Unger (2012)
e-news Experiment Perceived risk Personalized news rec-ommendation
Previous experience may also influence the privacy concerns
6 Xu et al. (2011) Location based ser-vices
Experiment Perceived risk Personalized advertise-ment
Explicit personalization has stronger impact to the privacy concerns
7 Liu et al., (2011) Location based ser-vices
DSRM Personal data disclosed
Personalization Presented that the privacy pro-tection can be a new value proposition for mobile busi-ness.
Page | 50
No Author Context Method Privacy cost construct Privacy benefit con-struct
Note
8 Morosan and DeFranco (2015)
Hotel mobile application
Survey, SEM Perceived risk Personalization Trust to the application is more effective to mitigate privacy concerns than trust to the com-pany
9 Chellappa and Sin (2005)
General online envi-ronment
Survey, SEM General privacy con-cern
Personalization General trust can give moderat-ing effect to the privacy con-cerns
10 Awad and Krish-nan (2006
General online envi-ronment
Survey, SEM General privacy con-cern
Personalization There are minority people who never be willing to be profiled online, no matter what the mit-igation strategy done by the company
11 Guo et al. (2012) m-health Survey, SEM Privacy concern (adopted from Cocosila and Archer (2009))
Personalization Trust is the mediating factor to the privacy concerns, personal-ization, and behavioral inten-tion to use m-health service.
12 Lee and Kwon (2015)
m-health Experiment Behavior information Service accuracy They suggest the m-health pro-viders to prepare a set of choices of personalization ser-vice with various disclosure level to address the m-health users
In conclusion, Table 3.3 above summarizes that various privacy benefits are tested to mitigate the users’ privacy concerns. Both tangible and
intangible benefits are able to efficiently mitigate the privacy concerns. However, there is no silver bullet that can be applied as we cannot gener-
alize those strategies in all types of contexts. For example, Li et al. (2010) find that the monetary rewards shows its inefficiency to mitigate privacy
concerns when the collected information has low relevancy to the e-commerce transaction. Another example is research by Xu et al. (2009) con-
firms that compensation only works on the push based advertisement. In contrast, the compensation is less efficient to mitigate the privacy con-
cerns in the mobile insurance service (Derikx, 2014). This conclusion becomes the basis of our empirical research to investigate the type of miti-
gation strategy that will efficiently mitigate the privacy concerns in the peer-to-peer ridesharing service.
Page | 51
3.3.2 Beyond the privacy calculus In the previous sub-section, we have discussed the privacy mitigation strategy in respect to the wealth
distribution justice, i.e., the privacy calculus theory. However, the privacy calculus has potential draw-
backs. Mainly due to the fact that this theory is developed based on the cost benefit analysis theory,
which assumes all individuals are utilitarian agents that have perfect foresight about the future con-
sequences in every decision related to the privacy concern. Also, this theory requires the actors to
show utility-maximizing behavior, to be fully informed about the possibilities based on random prob-
ability, and act as “utility-maximizing Bayesian updaters” (Acquisti & Grossklags, 2005).
The privacy calculus concept only measures the privacy concern and the privacy benefit as tangible
value. However, the complexity to measure the value of privacy concern and the immateriality of ben-
efits become the main limitations of this theory (Rohunen et al., 2014). Moreover, the risk and uncer-
tainty that might appear because of the complexity of the business model and the ecosystem (see
chapter 2 paragraph 2.4) of the DSPs are often unknown. It entails that the subjects do not necessarily
know when the data collection process is performed or may not know the consequences of such col-
lection and intrusion (Acquisti, Brandimarte, et al., 2015). Also, the benefits and costs associated with
this trade-off are complex and often bundled with the product or services, in which the real costs are
only revealed after violation of the personal data has occurred (Acquisti, Brandimarte, et al., 2015).
From the users’ perspective, many empirical researches discover several other psychological factors
that support the critics to the privacy calculus. For example, a research by Acquisti et al. (2009) which
tries to find out the value of willingness to accept (WTA) (in order to accept a decrease in privacy) and
willingness to pay (WTP) (in order to increase the control over the privacy). Their research concludes
that there are endowment effects, in which people tend to put a higher value to what they own com-
pared to what they do not own (Kahneman et al., 1991), and order effect (the order of offerings influ-
ences behavior of people in making decision). Furthermore, people also tend to overvalue the benefits
and undervalue the losses (Acquisti & Grossklags, 2004)(i.e., hyperbolic discounting, (Rabin, 2013)) as
well as are likely to trade long term privacy risks over the immediate rewards (Acquisti & Grossklags,
2005) (i.e., instant gratification (O'Donoghue & Rabin, 1999)).
Acquisti, Brandimarte, et al. (2015) argue that the privacy calculus concept is problematic because of
three main reasons, i.e.: (1) the users’ uncertainty about the consequences of they are disclosing their
personal data (the primary uncertainty) and the uncertainty about their response to these conse-
quences (the secondary uncertainty), (2) the context dependence that would amplify those uncertain-
ties, (3) the manipulability of privacy concerns.
The first critic to the privacy calculus theory is the uncertainty that always exists in the process. The
uncertainty is mainly caused by: the incomplete information, bounded rationality, and deviation from
rational strategy that always take place in the decision making process (Acquisti & Grossklags, 2005;
Waldo et al., 2007). Because of the complexity of the business ecosystem where they are involved in,
data subjects are rarely fully informed, nor completely understand about what, when, how, and what
for the data collection is required (Tsai et al., 2011). This full information is often only known by the
DSPs, which creates incomplete information for the data subjects and information asymmetry be-
tween data subjects and DSPs.
Even if people have access to this information, they cannot process all of the information due to limi-
tation of the human ability to process the data (Simon, 1982). Furthermore, the privacy calculus is
based on social contract theory, in which the major assumption is bounded rationality that may limit
the users’ ability to process immense amounts of information in a limited time (Acquisti & Grossklags,
Page | 52
2005). Therefore, users often only make satisfactory decisions and are unable to maximize the utility
they may get.
Even if the data subjects are able to get and calculate all information, the psychological distortion (i.e.,
emotions) is often taking place (Roeser, 2012). For example: people seem overconfident in assessing
the risks involved in privacy disclosure. Furthermore, the lack of available substitute to the bundle (of
privacy disclosure and products and services) that are offered by the DSPs also amplify the psycholog-
ical distortion (Grossklags & Acquisti, 2007). Often, the consumer (data subjects) are faced in the
“take-it or leave-it” condition which may amplify the psychological distortion. In a social experiment,
Grossklags and Acquisti (2007) also discovered the paradox between users privacy behavior and their
privacy attitude. Their research suggests that even though people perceive their privacy is important,
a limited efforts are done to protect their privacy (Grossklags & Acquisti, 2007). They argue that one
of the causes of this phenomenon is the lack of substitutability of the products and services offered
by the service providers that are intertwined with the requirement to disclose users’ personal data
(Grossklags & Acquisti, 2007).
Those three reasons (incomplete information, bounded rationality, and deviation from rational strat-
egy) make the Pareto frontier unknown. The data subjects will never be able to behave rationally to
maximize their utility and become the victim of unequal wealth distribution. It creates the first uncer-
tainty – the primary uncertainty. This reason also stimulates individuals to underestimate the possible
future consequences of disclosing personal information and to choose instantaneous rewards as a
return of their disclosed personal information (Acquisti & Grossklags, 2005). Their choice to choose
instantaneous rewards is one of the examples of the secondary uncertainty.
The second and third critics to the privacy calculus model are the lack of context dependencies and
malleability of privacy concerns. A couple of scholars already explored the contextual factor effect to
the privacy calculus (see Table 3.3). However, they still fail to explain the effect of the societal contex-
tual factors, such as: euphoria that are manipulable by commercial, industry self-regulation, and gov-
ernment regulation (Acquisti, Brandimarte, et al., 2015). In their research, Acquisti, Brandimarte, et
al. (2015) argue that when individuals are uncertain about their preferences toward privacy concerns,
they will look to social guidance and see what other people might respond to this uncertainty. Fur-
thermore, they argue that the social guidance is also a function of context and social behavior which
can be influenced by commercial, industry self-regulation, and government regulation too (Acquisti,
Brandimarte, et al., 2015).
Based on those aforementioned critics, we can argue that exploring privacy mitigation only from the
privacy calculus perspective, which bases the rationale in the privacy definition as an interest, is prob-
lematic. Therefore, we should include the analysis of privacy mitigation strategies that bases the the-
ory on the privacy definition as a right.
Seeing privacy as a right, users can exercise the control over their personal data to ensure their privacy
right (Xu et al., 2012), because control is associated with the perceived privacy risks of the users
(Olivero & Lunt, 2004). Additionally, Xu (2007) argues that the notion of privacy intrusion can be cap-
tured by the loss of control of personal data. He therefore argues that the control can be increased by
using two control approaches developed by (Yamaguchi, 2001), i.e., individual control and proxy con-
trol (Xu, 2007), in which Xu et al. (2012) define those exercise of controls as the privacy assurance
approaches.
Page | 53
In respect to privacy mitigation strategy, Xu and Teo (2004) argue that the users’ perceived control
over their disclosed personal data has positive influence to mitigate their privacy concerns. As previ-
ously discussed in the paragraph 3.2.1, the control can be exercised by using privacy assurance ap-
proaches (Xu et al., 2012). Firstly, it can be exercised by using the individual control, which is devel-
oped based on Individual Privacy Protection Responses (IPPR) taxonomy by Son and Kim (2008). IPPR
consists of three categories, which are: (1) Information provision, includes refusal to disclose personal
information completely and misrepresentation of information by using several approaches (for exam-
ple: by using a pseudoname and anonymity); (2) Private action, includes removal of submitted per-
sonal information and negative word-of-mouth about the mishandling of the personal information;
(3) Public action, which includes complaining directly to the company and complaining indirectly to a
third party (usually the regulatory body) (Son & Kim, 2008).
Secondly, the privacy assurance approach can also be implemented by using the proxy control, includ-
ing the institutional industry proxy control, which includes the establishment of industry self-regula-
tion (such as: third party privacy auditor & privacy protection seal) (Xu et al., 2012), and the institu-
tional regulatory proxy control, for example the formation of law and authority office by the govern-
ment (Xu et al., 2012). Table 3.4 summarizes the privacy assurance approaches to protect the privacy
right.
Table 3.4. Privacy assurance approach (Xu et al., 2012)
Level Privacy assurance approach
Individual Information Provision Refusal
Misrepresentation of infor-mation
Private Action Removal of information
Negative WoM
Public Action Complain directly to the com-pany
Complaining indirectly to third party
Industry self-regulation Third party auditor
Privacy protection seal
Government Government legislation and au-thority
In conclusion, as the privacy is defined both as an interest and a right, the privacy mitigation strategy
should follow these conceptions as well. In the concept of privacy as an interest, the privacy mitigation
strategy can be explored using the privacy calculus theory, in which the utilitarian approaches are
used. On the other hand, in the concept of privacy as a right, the privacy mitigation strategy is exer-
cised using the control over privacy, in which the privacy assurance approaches can be applied. Figure
3.1 draws the summary of the previous studies of privacy concerns.
Page | 54
Mitigation strategy
Privacy concerns
Benefits
Privacy assurance approach
IUIPC
CFIP
Tangible
Intangible
Individual self-protection (ISP)
Industry self-regulation (ISR)
Govt regulatory and legislation (GRL)
Utilitarian approach(Privacy calculus)
Non-utilitarian approach
Figure 3.1. Summary of privacy mitigation strategy
3.4 Hypotheses development From the previous mentioned theories, we understand that privacy is undeniably important for indi-
viduals as well as the companies. The equally distributed justice has to be assured to ensure the sus-
tainability of the business ecosystem as well as the positive sum value. However, people often behave
contradictory; for example, even though individuals perceive that privacy is important and should be
guarded, almost none of them are willing to spend anything to protect it (Grossklags & Acquisti, 2007).
For the organizational perspective, such phenomenon is like “taking a candy from a baby”. A very
minor effort can influence the individuals’ perception toward the value of privacy. Thus, taking only
the utilitarian approach to assure the distributive justice will only portray incomplete picture of privacy
mitigation strategy and may lead to unsustainable business practice. Therefore, in this study we will
try to explore the complete picture of privacy mitigation practice, i.e., from the utilitarian approaches
(wealth distribution justice) as well as the non-utilitarian approaches (procedural justice).
There are various operationalization methods to measure privacy concerns. In this study, we will use
both of privacy concern constructs developed by Smith et al. (1996), i.e., the CFIP, and by Malhotra et
al. (2004), i.e., the IUIPC, to measure the individuals privacy concerns. We use both of these constructs
because, altogether, they are fully fit to the mainstream privacy frameworks, i.e., the OECD Privacy
framework and the APEC Privacy framework. From the previously developed privacy decision making
theory, in which the privacy concerns are representing the cost part of the privacy calculus theory, we
hypothesize that the privacy concerns will have negative effect to the willingness to disclose personal
data.
Page | 55
H1a. In the setting of the Indonesian market, the users’ concerns of information privacy (CFIP) will
negatively correlate to the willingness to disclose personal data.
H1b. In the setting of the Indonesian market, the internet users’ privacy concerns (IUIPC) will nega-
tively correlate to the willingness to disclose personal data.
The justice theory is the main foundation on the secondary exchange of personal data (Culnan & Bies,
2003). It consists of equally distributed wealth (distributed justice) and procedural fairness (Xu et al.,
2009). The higher degree of fairness that the data subjects might perceive will reduce their privacy
concerns (Son & Kim, 2008). Furthermore, to ensure the distributed fairness, the DSPs can offer ben-
efits to the data subjects, which can be broken down to the two types of benefits, i.e., the tangible
benefits and intangible benefits. Deriving from this notion and our previously developed privacy deci-
sion making theory, we argue that both tangible and intangible benefits that DSPs offer will increase
the personal information disclosure as they represent the benefit part of the privacy calculus theory.
H2a. In the setting of the Indonesian market, the intangible benefits will positively correlate to the
willingness to disclose personal data.
H2b. In the setting of Indonesian market, the tangible benefits will positively correlate to the will-
ingness to disclose personal data.
Aside from the distributed justice assurance efforts (utilitarian view of privacy), the DSPs also have to
ensure the procedural justice to overcome the limitations of the privacy calculus theory. The proce-
dural justice is operationalizable by exercising privacy control that consists of individual control and
proxy control (Xu et al., 2012). Moreover, Xu and Teo (2004) argue that the users’ perceived control
over their disclosed personal data has positive influence to mitigate their privacy concerns. The exer-
cise of controls are then conducted by performing the privacy assurance approaches (Xu et al., 2012).
The privacy assurance approaches are broken down into three types of approaches. The individual
approach, which is developed based on IPPR (Son & Kim, 2008), reflects the personal control measures
of the individuals. It gives a “way-out” from the social contract if they feel the exchange does not meet
their perceived procedural justice. Therefore, a higher degree of individuals’ willingness to take this
approach will reduce the degree of personal information disclosure.
For the DSPs perspective, providing proxy control could also reflect the DSPs accountability level of
the privacy assurance approach. They can form an external third party auditor to ensure the suffi-
ciency of organization’s privacy assurance practice. Moreover, the DSPs can also use the privacy pro-
tection seal to communicate whether the company is adopting a sufficient privacy assurance practice
to the data subjects. In addition to the self-industrial standards, the governmental regulation could
also help to reduce the societal uncertainty regarding the use of personal information and its protec-
tion approach (Acquisti, Brandimarte, et al., 2015). We believe users who demand a higher self-indus-
trial standard and the presence of governmental regulation regarding the use of personal data will
also have a high privacy concerns. Therefore, they will also be less willing to disclose their personal
data. Consequently, we propose the third hypotheses as follows:
H3a. The extent to perform individual privacy protection responses regarding the use of personal
data and their protection will negatively correlate to the willingness to disclose personal data.
H3b. The extent of the individuals’ prerequisite about the presence of industrial self-regulation re-
garding the use of personal data and its protection will negatively correlate to the willingness to
disclose personal data.
Page | 56
H3c. The extent of the individuals’ precondition about the presence of governmental regulation re-
garding the use of personal data and its protection will negatively correlate to the willingness to
disclose personal data.
In addition to the previously mentioned relationships, we also want to include several demographic
variables to check the consistency of the results as well as to test the significant moderating effects to
the results. These demographical variables are: gender, age, salary level, education level, previous
privacy experience, and efficacy of using smartphone. The aforementioned demographic variables are
known to have effects to the privacy decision making rationale in prior research, such as: gender (Sun
et al., 2015), age (Awwal, 2012), education level (Phelps et al., 2000), previous experience of the pri-
vacy intrusion (Li & Unger, 2012) and efficacy of using smartphone (Keith et al., 2015). In our study,
we also want to test whether those demographic variables influence the users’ privacy decision mak-
ing rationale.
Based on the abovementioned set of hypotheses, Figure 3.2 is drawn to summarize this research’s
theoretical constructs, i.e.: (1) the negative effects of privacy concerns to the willingness to disclose
personal information, (2) the positive effects of benefits to the willingness to disclose personal infor-
mation, (3) the mixed effects of privacy assurance approaches to the willingness to disclose personal
information, and (4) the moderating effects of demographic and individual factors.
Page | 57
Privacy concerns
Benefits
Privacy assurance approach
IUIPC
CFIP
Tangible
Intangible
Individual self-protection
Industry self-regulation
Govt regulatory and legislation
Willingness to disclose personal
information+
-
-
+
-
Demographic factors
Previous Experience Self efficacy Age Education Sex Salary
-
-
Figure 3.2. Conceptual model of Privacy decision making
3.5 Preparing the implementation of privacy mitigation strategies Based in the previously mentioned privacy mitigation strategies (discussion in paragraph 3.4), the pri-
vacy concerns can be alleviated by performing both utilitarian approaches as well as right assurance
approaches (non-utilitarian approach) (see Figure 3.1). These mitigation strategies represent the strat-
egies demanded (for benefit type strategies, ISR and GRL) and likely performed (for ISP strategy) by
the users. Furthermore, based on these strategies, the company can define the type of investments
that need to be prepared in order to acquire the users’ personal data, which can be broken down as
follows:
1. Tangible benefit. Offering tangible benefits strategy implies that the company should prepare
investments in the form of cash. The cash can be distributed to its users in the form of direct
tangible benefits (such as: sign up bonus (Li et al., 2010; Xu et al., 2009)) or indirect tangible
benefits (such as: discount in monthly fee (Derikx et al., 2016)).
2. Intangible benefits. On the contrary, a company that offers intangible benefits to mitigate the
users’ privacy concerns should prepare investments in the form of technology that can offer
Page | 58
additional values to its customers. The possible additional values that can be offered are: per-
sonalization service (Li & Unger, 2012; Liu et al., 2011; Xu et al., 2011) and accuracy (and effi-
ciency) of the service (Lee & Kwon, 2015).
3. Individual self-protection (ISP). To mitigate the privacy concerns of the users who have a high
likelihood to perform ISP, the company should prepare an excellent customer service depart-
ment, because the users who have high level of ISP tend to make complaints often both di-
rectly to the company or indirectly to other parties via any medias available (email, phone call,
and social media) (Son & Kim, 2008).
4. Industry self-regulation (ISR). On the other hand, the company that wants to target users with
high level of ISR needs to prepare a proven privacy policy and governance and hire 3rd party
auditor to regularly audit its privacy practice, because users in this group regard the privacy
audit and privacy policy is the important thing to mitigate their privacy concerns (Xu, 2007; Xu
et al., 2011; Xu & Teo, 2004; Xu et al., 2009).
5. Government regulation and legislation (GRL). On the contrary, the company that wants to
target users with high level of GRL cannot do anything other than urge the government to
issue adequate personal data protection law (Xu, 2007; Xu et al., 2011; Xu & Teo, 2004; Xu et
al., 2009).
We therefore define the target market based on the users’ perception towards the appropriate pri-
vacy mitigation strategy according to them (i.e., utilitarian type strategy or non-utilitarian type strat-
egy). To simplify the analysis, we divide the perception of mitigation strategy into nine clusters that
are derived according to their perception, whether they want a complete total solution or only partial
solution of each type of strategy. Based on this classification, we develop a nomological approach to
profile each class, as follows:
1. The total solution seeker cluster. The members of this groups perceive all strategy as effective
and important strategy to mitigate their privacy concerns and increase their willingness to
disclose personal information.
2. The strong utilitarian cluster. The members of this group perceive all privacy benefits strategy
and part of the privacy assurance strategy as effective and important strategy to mitigate their
privacy concerns and increase their willingness to disclose personal information.
3. The pure utilitarian cluster. The members of this group only perceive the utilitarian approach,
i.e., providing privacy benefits as the effective and important strategy to mitigate their privacy
concerns and increase their willingness to disclose personal information.
4. The strong privacy right seeker cluster. The privacy concerns of the members of this group
can be mitigated by providing all privacy assurance approach and partial privacy benefits.
5. The combined strategy seeker cluster. The members of this group perceive part of the privacy
benefits item and privacy assurance approach item as the effective and important privacy mit-
igation strategy to mitigate their privacy concerns as well as to increase their willingness to
disclose personal information.
6. The weak utilitarian cluster. The members of this group perceive only part of the utilitarian
strategy as the effective and important strategy to mitigate their privacy concerns and in-
crease their willingness to disclose personal information.
7. The pure privacy right seeker cluster. The members of this group perceive that ensuring the
privacy right is a non-bargain condition to mitigate their privacy concerns and increase their
willingness to disclose personal information.
8. The weak privacy right seeker cluster. The members of this group perceive only part of the
privacy assurance approach as the effective strategy to mitigate their privacy concerns and
increase their willingness to disclose personal information.
Page | 59
9. Indifferent group, in which the members of this group perceive neither providing privacy ben-
efits nor providing privacy assurance approach will effectively mitigate their privacy concerns
and increase their willingness to disclose personal information.
In summary, Table 3.5 portrays the cluster profiling according to the privacy mitigation strategy.
Table 3.5. Cluster profiling
Providing privacy assurance approach
All assurance ap-
proach Part assurance ap-
proach None
Pro
vid
ing
pri
vacy
ben
-ef
its
All benefits Total solution seeker Strong utilitarian Pure utilitarian
Partial benefits Strong privacy right
seeker Combined strategy
seeker Weak utilitarian
None Pure privacy right
seeker Weak privacy right
seeker Indifferent
Legend: Green shading: equally combined type of strategy; Blue shading: utilitarian dominant strategy; Brown
shading: privacy right assurance dominant strategy
We argue that the companies’ need to know whether they want to make an effort to mitigate the
users’ privacy concerns from the utilitarian perspective and/or non-utilitarian perspective those
abovementioned strategies. On the other hand, to perform a focused effort, the performed strategies
are closely related to the target market that the companies want to capture.
3.6 Personal data valuation The growing perception of privacy as a utilitarian good that can be traded for additional value moti-
vates privacy advocates and scholars to study the privacy valuation. This valuation is also important
to quantify the investment needed by the company to acquire the users’ personal data. Nevertheless,
there is no consensus on the absolute value (each type) of privacy (Huberman et al., 2005; Ward,
2001), due to the differences in the contextual factor where the privacy is involved and the method
to value privacy (Acquisti et al., 2009; Acquisti, Taylor, et al., 2015; Roosendaal et al., 2014).
The urgency to quantify the value of privacy is to give better insight for the companies whether they
want to offer incentive directly to the users of to invest in an efficient technology, building an excellent
customer service department, or implementing privacy enhancing technology and privacy govern-
ance. On the other hand, the government can utilize this information to build and regulate the per-
sonal data market for specific type of information, for example: Varian (2009) who proposes a regula-
tion of privacy by using market mechanisms to value privacy for secondary exchange.
There are two main perspectives in quantifying the value of personal data, i.e., market perspective
and individual perspective.
3.6.1 Market perspective The value of personal data from market perspective can be assessed by using various ways. OECD
suggests that valuing personal data from market perspective can be assessed by three ways: (1) cal-
Page | 60
culating the stock price of the company that operates in personal data market, (2) measuring the rev-
enue of such company, and (3) calculating the price of personal data sold in personal data market
(OECD, 2013a).
The stock value of a company is a (fractional) trust that the shareholders attach to a firm’s capacity to
be profitable (Berk & DeMarzo, 2011). It can be used as a proxy to measure the value of a firm. The
stock itself, however, does not directly reflect the value of personal data traded by the company. Ra-
ther, the stock only measures the (anticipated) performance of the firm valued by the shareholders
(Berk & DeMarzo, 2011).
Likewise, measuring revenue of a company that plays in personal data market will not directly reflect
the personal data value. Even though this mechanism provides better proxy to value the company,
the revenue of the company may be the result of its ability to strategically win the personal data mar-
ket and does not quantify the each personal data record owned by the company (Roosendaal et al.,
2014).
Additionally, measuring personal data from the price of personal data traded in personal data market
will not directly measure the real value of personal data. This is mainly because there are some per-
sonal data that can be used several times without losing its original value (such as name and date of
birth). This type of data is traded not because of its exclusiveness (such as behavioral data), but rather
because of it is being available (Roosendaal et al., 2014).
3.6.2 Individual perspective Measuring personal data value from individual perspective means we need to investigate the per-
ceived value of personal data directly from the data subjects. The mechanism to get the “real” per-
ceived value may be varied depends on the context and the type of personal data that need to be
valued.
Hann et al. (2002) promote privacy valuation from the individual mechanism. By using conjoint exper-
iment to 84 US respondents and 184 Singaporean respondents, they quantify the privacy; which they
define as their willingness to pay (WTP) to get the ability to review of error, restriction against im-
proper access, and un-allowed unauthorized secondary use; as USD 7.98 to USD 16.58 for US respond-
ent and USD 10.45 to USD 26.93 for Singaporean respondents (Hann et al., 2002). However, their
research is still unable to quantify each of privacy type.
A more recent study by Danezis et al. (2005) tries to quantify the privacy of location value. By using
the economics of anonymity theory8 (see Acquisti et al. (2003)), they design an auction experimental
design to Cambridge computer science undergraduate students. They discover that £ 10 is the proper
value of location privacy (Danezis et al., 2005). Additionally, Huberman et al. (2005) also perform an
auction experimental model to quantify privacy, specifically to the demographical information that
valued as more than USD 100. Nevertheless, since the auction method does not promote trade-offs
in making evaluation, the data subjects can put as highest value as possible to value their privacy,
which limits the reliability of the valuation result.
Additionally, Krasnova et al. (2009) try to measure the value of privacy in the online social network
context. They present the valuation of privacy in the form of WTP to enjoy certain type online social
network with varied privacy assurance level (Krasnova et al., 2009). Their research concludes that the
8 Economics of anonymity bases the rationale on the incentive that the participants might get when they participate in the provision of the service that gives them additional benefit in the form of more anonymity.
Page | 61
users are ready to pay from 0.67 euro to 0.81 euro for the possibility to control the access of infor-
mation to their social network page.
The most recent survey by Derikx et al. (2016) is conducted to study the privacy buy-off value in the
context of m-insurance. By using a conjoint experiment, their research concludes that the privacy can
be valued differently. The privacy of location and space is valued at 2.27 euro per month, privacy of
behavior and action at 2.98 euro per month, whereas the privacy of data and image is valued differ-
ently according to the actor who use the data, i.e., for internal use: -2.91 euro (negative) and external
use 2.77 euro (Derikx et al., 2016).
In conclusion, valuing privacy from market perspective does not directly reflect the real value of per-
sonal data. Therefore, we argue that personal data will be better valued by using individual’s perspec-
tive as it reflects the real value perceived by the data subjects. Additionally, the aforementioned anal-
yses also conclude that the contextual setting has strong influence to the privacy valuation. This mo-
tivates our study to quantify privacy specific to our context of study.
Moreover, the privacy valuation is also bound to human rationale limitations. For example, Acquisti
et al. (2009) discover the endowment effect9 and order effect10 are in place when they try to measure
the WTA and WTP of privacy. Therefore, we motivate our study to calculate the WTA of privacy (be-
cause the WTA can reveal the real value of privacy perceived by the users) in the specific context of
peer-to-peer ridesharing service.
Based on the two abovementioned analyses, we develop our privacy valuation study by using the Finn
et al. (2013) privacy classification that is applied in the context of P2P ridesharing service. We include
the three privacy type in the study, i.e., privacy of location and space (PLS), privacy of behavior and
action (PBA), and privacy of data and image (PDI) (see paragraph 3.3.1). Additionally, to have a uniform
measurement, we include the monetary money to measure the value of privacy. Since this part of our
study only incorporates the utilitarian aspect of privacy, we base our study to the cost-benefit analysis
only. We present the PLS, PBA, and PDI as the cost part of the analysis, whereas the monetary as the
benefit part of the analysis.
3.7 Conclusion The aforementioned analyses discus the privacy definition, privacy categorization, privacy decision
making theory, and what the company can do to prepare the mitigations action. Paragraph 3.1 discuss
the definition of privacy, particularly to answer the SQ2a. (How is privacy defined?). Privacy can be
defined both as a right (as part of the fundamental of human right) and interest that individuals like
to have to segregate their personal sphere and public sphere. From the literature reviews, we can
conclude that traditionally, individuals interpret privacy as their fundamental right. However, due to
the emergence of the technology, in which creates the separation between personal and public space
becomes as thin as rake, individuals start to treat privacy as tradable interest.
Furthermore, scholars also argue that define the privacy multiple dimensions (such as (Clarke, 2006)
and (Finn et al., 2013)). We follow Finn et al. (2013) privacy categorization in this research due to its
fitness to the recent technology development. Finn et al. (2013) categorize privacy to seven types of
privacy, i.e., privacy of the person, privacy of behavior and action, privacy of communication, privacy
of data and image, privacy of thought and feeling, privacy of location and space, and privacy of asso-
ciation (including group privacy).
9 Endowment effect: people tent to put higher value to what they already own compared to what they do not. 10 The order effect: the order of presenting choices influences the behavior of the respondents in making choice.
Page | 62
Taking into account the context of the study, in which we will use Ojek online and its opportunity to
offer personalization service to the users, we use only three privacy types are relevant to the context
of peer-to-peer transportation service, which are:
1. Privacy of behavior and action. The right and interest of individuals to protect the intimate
issues such as: religion, sexual preference and habit, political views, and the ability to act or
behave in public, semi-public, and personal space without being monitored and/controlled by
others. This privacy type is used related to the users’ behavioral analysis in using the Ojek
online service.
2. Privacy of data and image. The right and interest of individuals to the assurance that “the
individuals’ data is not automatically available to other individuals and organizations and that
people can exercise a substantial degree of control over that data and its use” (Finn et al.,
2013, p. 8). This privacy type is used in relation to the personal data transfer between compa-
nies in the Ojek online ecosystem.
3. Privacy of location and space. The right and interest of individuals to move and travel without
being identified, monitored, and/or tracked, and to have separation between different spaces,
such as: in the office, in the moving car, or in the home. This privacy type is used related to
the disclosure of pickup and drop-off location when using the basic Ojek online service.
Particularly, the aforementioned Finn et al. (2013) privacy categorization and the relevant privacy type
in the context of the study answer the SQ2b. (How can the concept of privacy be categorized and what
types of privacy are related to the context of peer-to-peer ridesharing service?)
To answer the SQ2c (How is the privacy decision making theory is elaborated?), we need to understand
the users’ rationale in disclosing personal information. The privacy decision making theory is elabo-
rated in paragraph 3.3. The basic theory is built based on the cost benefit analysis theory, which named
as privacy calculus theory. In this theory, the data subjects are only willing to disclose their personal
data as long as the utilitarian benefits they may get outweigh the costs they have to disclose.
In this theory the cost part of the calculus is represented by the privacy concerns, which is measured
by two types of constructs, i.e., concerns for internet privacy (CFIP) (Smith et al., 1996) and internet
users’ individual privacy concerns (IUIPC) (Malhotra et al., 2004). The constructs altogether are able
to represent the mainstream privacy frameworks, such as OECD Privacy framework and APEC Privacy
framework. On the other hand, the benefits part of the privacy calculus theory is represented by the
privacy benefits. Prior privacy calculus studies has elaborated two types of benefits, which are: the
tangible benefits (such as: Xu et al. (2009) and Derikx (2014)) and intangible benefits (such as: Xu et
al. (2011) and Chellappa and Sin (2005)).
However, letting the utilitarian approach alone to elaborate the privacy decision making will be prob-
lematic. The privacy calculus theory has received several critics, mainly due to this theory bases the
analysis on the cost-benefit analysis approach, such as: (1) the assumption of all users are utilitarian
actors who have perfect foresight, especially to the risks and harms of disclosing personal information,
is ill-advised (Acquisti & Grossklags, 2005); (2) disability of the theory to calculate a complex product
or service which intertwines the privacy concerns and the (immaterial) benefits (Rohunen et al., 2014);
and (3) failure to incorporate the psychological factors of the users in making calculation of costs and
benefits (Acquisti et al., 2009). We propose the extension of privacy calculus theory by incorporating
the privacy assurance approaches in the privacy decision making theory.
We therefore develop our privacy decision making framework by combining the utilitarian view of
privacy as well as the right view of privacy. To incorporate the right view of privacy, we develop our
Page | 63
model by involving privacy right assurance approach in the users’ privacy disclosure rationale as a
complement to the privacy calculus theory. The privacy assurance approach is developed by exercising
the control mechanism of privacy, in which the control mechanism can be divided into two parts, i.e.,
active approach and passive approach (Xu et al., 2012). The active control approach can be done by
performing individual self-protection (Son & Kim, 2008), whereas the passive control is applied by
using industry self-regulation and government regulation and legislation (Xu et al., 2012).
Various mitigation strategies are studied in the prior studies. Those mitigation strategies consist of:
(1) offering both tangible and intangible benefits to the data subjects, and (2) ensure the data subjects
are empowered by using the privacy assurance approach. We then develop the hypothesized relation-
ships of the aforementioned privacy mitigation strategies to the willingness to disclose personal data,
which are detailed in Table 3.6.
Table 3.6. Table of hypotheses
Hypotheses
H1 H1a. In the setting of the Indonesian market, the users’ concerns of information privacy (CFIP) will negatively correlate to the willingness to disclose personal data. H1b. In the setting of the Indonesian market, the internet users’ privacy concerns (IUIPC) will negatively correlate to the willingness to disclose personal data.
H2 H2a. In the setting of the Indonesian market, the intangible benefits will positively correlate to the willingness to disclose personal data.
H2b. In the setting of Indonesian market, the tangible benefits will positively correlate to the willingness to disclose personal data.
H3 H3a. The extent to perform individual privacy protection responses regarding the use of per-sonal data and their protection will negatively correlate to the willingness to disclose per-sonal data. H3b. The extent of the individuals’ prerequisite about the presence of industrial self-regula-tion regarding the use of personal data and its protection will negatively correlate to the willingness to disclose personal data. H3c. The extent of the individuals’ precondition about the presence of governmental regu-lation regarding the use of personal data and its protection will negatively correlate to the willingness to disclose personal data.
To prepare the action to mitigate the users’ privacy concerns, the company can prepare specific action
in respect to the specific mitigation strategy. Since the strategy consists of the utilitarian approach and
non-utilitarian approach, the company’s action can be broken down into: (1) preparing an investment
in the form of cash to pursue tangible benefit utilitarian strategy, (2) prepares a technology to follow
intangible benefit utilitarian strategy, (3) preparing an excellent customer focus department to pre-
pares the privacy assurance approach from users who have high likelihood to perform ISP, (4) prepar-
ing a proven privacy policy and governance to pursue industry self-regulation approach, and (5) urging
the government to issue an adequate personal data protection law.
Furthermore, since the use of privacy as utilitarian goods to get additional value from the company,
the urgency to quantify privacy is emerged. The privacy valuation is useful to give better insight for
the companies whether they want to offer incentive form directly to the users of to invest in an effi-
cient technology, building an excellent customer service department, or implementing privacy en-
hancing technology and privacy governance.
Page | 64
The privacy valuation can be conducted by using both market perspective and individuals’ perspective.
In contrast to the market perspective which is unable to quantify the real personal data value per-
ceived by the users, the individuals’ perspective valuation performs better to quantify the real value
of privacy perceived by the users as this method gathers data directly from the data subjects. Never-
theless, the individuals’ perspective valuation is still bound to contextual factors and humans’
bounded rationality, such as: endowment effect and order effect.
Page | 65
4 Survey design
In this chapter, we explain the research methodology, including sampling and respondents acquisition
strategy and the survey instruments development that will be presented in the survey questionnaire.
The data as the result of the instruments responses are then analyzed by using quantitative analysis
(statistical tools). Referring to the research introduction, we will develop a questionnaire with two
parts of survey, followed by three types of statistical analysis. Therefore, the explanation into two
parts will be divided into two parts, which are:
Firstly, the explorative and confirmative assessment. In this part, we explain the survey questionnaire
development and data preparation to test the hypotheses related to the privacy benefits and privacy
assurance approaches to increase the users’ willingness to disclose personal information. Moreover,
as the constructs used are measured by many instruments, we will also perform factor analyses to
summarize these instruments so that each construct can be represented by a single summarization
value. Particularly, this test will answer the SQ3: To what extent are the privacy decision making con-
structs influencing the users’ willingness to disclose their personal information? Furthermore, based
on those responses, we also segment the users based on the most effective mitigation strategy(ies)
according to them. This segmentation aims to answer SQ4: How can the users be segmented based on
the privacy concern mitigation effort?
Secondly, the experimental assessment. In this part, we explain the conjoint questionnaire develop-
ment and data preparation to measure the buy-off value of the privacy types related to the use of
personalization in the peer-to-peer (P2P) transportation service. Conjoint assessment is used because
the services in our study are constructed with a complex set of attribute, in which we will not be able
to measure the effect of each isolated attribute in a realistic way. Thus, we want to create a “market-
like” environment to incorporate the consumers’ trade-off evaluation related to the set of attributes
in the services. Specifically, this experimental assessment will answer the question: To what extent do
the users rank the value of each personal information relative to the other type of personal information
and how much is the buy-off value for each of their personal information? (SQ5).
This chapter is organized as follows. Firstly, the sampling strategy will be elaborated in the paragraph
4.1. Furthermore, the survey questionnaire and instruments development and the preparation for the
respected statistical analysis (the multiple regression and cluster analysis) will be explained in the par-
agraph 4.2. Next, the choice sets questionnaire with the following conjoint analysis experiment prep-
aration will be discussed in the paragraph 4.3.
Page | 66
4.1 Sampling strategy and data collection method The main aim of this research is to explore the privacy concerns and the privacy mitigation strategies
that are implemented in the context of Indonesian P2P ridesharing. Jakarta was chosen as the target
of study because the P2P ridesharing concept is already well known by Jakarta population. Further-
more, as the researcher is coming from Jakarta, he would be able to understand the contextual and
cultural factors better.
In particular, we target the population of the people who are familiar to the concept of Ojek online
aged 14-55+ years old, including the current users of Ojek online and the people who never use the
Ojek online but still understand how the Ojek online service works. As of December 2015, the current
users of Ojek online has reached 95% of Jakarta population (based on the number of app download)
(GooglePlay, 2015). This number, however, might be biased by some people who have two or more
mobile phones installed with Ojek online app. Nevertheless, the high level of download number indi-
cates that the majority of Jakarta people have used the Ojek online service. Yet, we do not understand
the composition and the population statistics of these users. Thus, we use the general Jakarta popu-
lation as the proxy of our target population.
The information about Jakarta’s demography is gathered from the most recent available Jakarta report
developed by the Central Bureau of Statistic (BPS) year 2014 (Jakarta, 2015a). Since one of the re-
search questions aims to make a segmentation of users, the representativeness of the sample taken
from the entire population of Jakarta will be important. Therefore, we conduct a stratified sampling
strategy to ensure the representativeness of the sample as well as to improve the generalizability of
the research findings. We use the age level as our strata. We stratify the age into 10 years of range
and then assign the datum according to this level. After the stratification is conducted, we perform a
random sampling strategy to recruit the respondents for each sample.
The main challenge in the sampling phase is to define the number of sample as just right. On the one
hand, we understand that the higher number of sample will help us to get the sufficient statistical
power as too narrow a sample will have high risks of non-normality and become insensitive (Hair et
al., 2013). On the other hand, an oversized sample will work against us as the analysis becomes overly
sensitive (Hair et al., 2013). We assign one sample for each 50000 people in each age-range. However,
we exclude the age-range 0-14 years old from the research as we understand that the people (chil-
dren) in this age are not legally allowed to enter a binding agreement with a company (in this case to
use the Ojek online service) (Indonesia, 2014). In total, we expect to have about 157 respondents to
completely fill in the questionnaires. Table 4.1 summarizes the stratified sampling result. In this table,
“P” explains the population and “S” explains the sample.
Table 4.1. Stratified Sampling of Jakarta Population
Age Sex
Total (P) Total (S) Male (P) Male (S) Female (P) Female (S)
15-24 789931 16 850774 18 1640705 34
25-34 1067468 22 1037192 21 2104660 43
35-44 860631 18 813708 17 1674339 35
45-55 581401 12 572751 12 1154152 24
55+ 494868 10 516736 11 1011604 21
TOTAL 3794299 78 3791161 79 7585460 157
Page | 67
The two aforementioned assessments require different approaches and techniques. The samples and
the respondents, however, will be the same. Therefore, the data collection activity for both question-
naires will be conducted at the same time. To collect the data, we handed out the invitations to fill in
the questionnaire at:
1. Two universities: University of Indonesia (public university) (28 March 2016) and Atma Jaya
University (private university) (29 March 2016), to target respondents with age range 15 – 24
years old.
2. Bus stops and terminal: Ragunan Terminal (rural hub) (4 April 2016), Halte Karet (urban hub)
(5 April 2016), and Halte Harmoni (urban hub) (7 April 2016), to target respondents with age
range 25 – 44 years old.
3. Train Stations: Sudirman station (urban hub) (30 March 2016) and Tanah Abang station (rural
hub) (31 March 2016), to target respondents with age range 25 – 44 years old.
4. Mall and shopping center: Pejaten Village (rural mall) (26 March 2016) and ITC Kuningan (ur-
ban shopping center) (27 March 2016), to target respondents with age range 45+ years old.
We chose those sites to ensure both the urban and rural populations would get the invitation to give
their responses.
To increase the response rate, we used an invitation in the form of mini poster advertisement which
stated that the respondents would have a chance to get IDR 200K MAP voucher (a claimable voucher
that can be redeemed in various department stores, restaurants, and fashion stores), by browsing to
the mentioned URL (QR Code) in the poster. We handed the invitation out to the every second (even)
persons who were getting into the main entrance of the survey location. When respondents tried to
claim the voucher, they would be redirected to the survey webpage to complete the questionnaire
before filling in their contact to claim the voucher. We checked the survey dashboard daily to monitor
the quota sample of the age segment. Once we had reached the quota for age range, we stopped the
data collection in the site respected to that age range.
After two weeks of data collection, we found out that there was under-representativeness to the peo-
ple aged 45+. The likely possible reasons for this condition might be: (1) people of these age ranges
might not be interested to the utilitarian incentive to fill in the questionnaire; (2) people of these age
ranges might not be fully familiar with the concept of Ojek online. Therefore, we decided to use per-
sonal face-to-face approach to address these people in the above mentioned selected locations. After
several personal approaches and informal conversations with the senior respondents, we concluded
that the second reason was more valid to explain the under representativeness of these age ranges.
Most of the senior respondents argued that even though they often used the Ojek online service, they
rarely used their own smartphone (and their own account) to order the service. Instead, they asked
their children or younger relatives to order the service for them. However, after another week exten-
sion of data collection (until 16 April 2016), the under representativeness of sample in this age range
was still found. This would become one of our limitations in this study.
4.2 Explorative and predictive assessment There are two explorative analyses performed in this study. Firstly, we used multiple regression to
analyze the extent that the consumers have in respect to mitigate their privacy concerns. The multiple
regression has two main functions, i.e., explorative ability and predictive ability (Hair et al., 2013). The
explorative ability provides explanation of the model (the sign, magnitude, and significance) whereas
the predictive ability provides prediction to which extent the independent variable(s) can predict the
change in dependent variable.
Page | 68
As the privacy decision making constructs will be built by many instruments, we will also perform
factor analysis to eliminate the non-representative instruments as well as to summarize the repre-
sentative instruments into a single summarized value. This summarized value is also known as the
factor score that sufficiently represents the original set of the initial instruments (Hair et al., 2013).
Each summarized value is formed by the factor loadings of the instruments that build the construct.
Secondly, we would also conduct cluster to search and build a group based on the individual’s natural
characteristics. The main objective of cluster analysis is maximizing the homogeneity of individuals
within groups while, at the same time, maximizing heterogeneity of individuals between the groups
(Hair et al., 2013). However, this analysis is often criticized because of several reasons, e.g.: (1) it only
provides descriptive atheoretical analysis, (2) this analysis will always forms clusters even though there
is no actual structure in the data, and (3) it is hardly generalizable as the analysis is only based on the
gathered samples (Hair et al., 2013). Therefore, the high degree of sample representativeness is im-
portant for this analysis.
In this paragraph, we explain our approach in building our survey instruments (sub-paragraph 4.2.1).
Furthermore, the initial data analysis, including the data cleansing and testing the preliminary assump-
tions for the explorative test, are explored in the paragraph 4.2.2.
4.2.1 Survey questionnaire and instruments development A survey for the explorative assessment was developed based on the hypotheses that have been
formed in section 3.5. (see Table 3.6).
To test the hypotheses, quantitative analyses were conducted in the study. Hence, operationalization
of variables was needed to put them into instrument questions. The following subsections will explain
the operationalization of variables and instrument development to measure those variables.
We then translated those instruments and presented them in Bahasa to make them understandable
for the local respondents. To measure the respondents’ attitude to each instrument, the instruments
were presented in seven point likert scales. The detailed presentation of the questionnaire is pre-
sented in Appendix 4.1. Survey Questionnaire.
The following sub-paragraphs will explain the method used to derive the questionnaire instruments.
4.2.1.1 Privacy concerns The instruments to measure the privacy concerns were developed based on both CFIP and IUIPC con-
structs. These constructs together were completely fit to the mainstream privacy frameworks, i.e., the
OECD privacy framework and the APEC privacy framework, which were explained in paragraph 3.4.1.2.
We used measurement instruments from previous research, i.e.: Smith et al. (1996), Stewart and
Segars (2002), and Malhotra et al. (2004), in our study. The overview of the constructs definition for
privacy concerns is explained in Table 4.2.
Table 4.2. Privacy concerns construct definition
No Construct Definition Source
1 Collection The concerns that the data subject are experiencing when the company collects and stores their personally identifiable data.
(Malhotra et al., 2004; Smith et al., 1996; Stewart & Segars, 2002)
Page | 69
No Construct Definition Source
2 Improper access
The concerns of data subjects have that their data become au-tomatically available to others.
(Smith et al., 1996; Stewart & Segars, 2002)
3 Unau-thorized second-ary use
The concerns related to the use of personal data other than specified in the initial collection purpose.
(Smith et al., 1996; Stewart & Segars, 2002)
4 Error The concerns related to the error that might happen to the sub-mitted personal data
(Smith et al., 1996; Stewart & Segars, 2002)
5 Control The concerns that the data subjects have related to the choice among responses that can produce different outcome.
(Spiekermann, 2005)
6 Aware-ness
The concerns about the data subjects’ awareness to the organi-zational information privacy policy and practice.
(Malhotra et al., 2004)
Based on these definitions, we developed the operationalization instruments to measure the effect of
each construct. Table 4.3 presents the operationalization of the abovementioned constructs.
Table 4.3. Privacy concerns operationalization
No Con-struct
Instruments Source
1 Control The online company has to provide access for the users to con-trol over decisions about how their information is collected, used, and shared
(Malhotra et al., 2004)
2 Control Consumer control of personal data is the most important thing in privacy
3 Control I believe that my privacy is invaded when control is lost or un-willingly reduced as a result of a marketing transaction
4 Aware-ness
Companies seeking information online should disclose the way the data are collected, processed, and used.
5 Aware-ness
A good consumer online privacy policy should be clear and un-derstandable.
6 Aware-ness
It is very important to me that I am aware and knowledgeable about how my personal data will be used.
7 Collec-tion
It usually bothers me when online companies ask me for per-sonal data.
(Malhotra et al., 2004; Smith et al., 1996; Stewart & Segars, 2002)
8 Collec-tion
When online companies ask me for personal data, I think twice before providing it.
9 Collec-tion
It bothers me to give personal data to online companies
10 Collec-tion
I’m concerned that online companies are collecting too much personal data about me
11 Im-proper Access
Online companies should devote more time and effort to pre-venting unauthorized access to personal data.
(Smith et al., 1996)
Page | 70
No Con-struct
Instruments Source
12 Im-proper Access
Computer databases that contain personal data should be pro-tected from unauthorized access—no matter how much it costs.
13 Im-proper Access
Online companies should take more steps to make sure that un-authorized people cannot access personal data on their comput-ers.
14 Unau-thorized Second-ary Use
Online companies should not use personal data for any purpose unless it has been authorized by the individuals who provided the information.
15 Unau-thorized Second-ary Use
When people give personal data to an online company for some reason, the online company should never use the information for any other reason
16 Unau-thorized Second-ary Use
Online companies should never sell the personal data in their databases to other companies.
(Smith et al., 1996)
17 Unau-thorized Second-ary Use
Online companies should never share personal data with other companies unless it has been authorized by the individuals who provided the information.
18 Error All the personal data in computer databases should be double-checked for accuracy—no matter how much this costs
19 Error Online companies should do their outmost steps to ensure that the personal data in their files is accurate.
20 Error Online companies should have solid procedures to correct errors in personal data.
Initially, we used all those aforementioned instruments in our questionnaire. However, after pretest-
ing the questionnaire, we concluded that the respondents might experience fatigue after filling in the
questionnaire. The pretest among 11 persons, aged between 19 to 51 years old, showed that people
needed 20 minutes (in average, SD=2.5) to fill in the questionnaire. Specifically, they were experienc-
ing boredom after filling in the privacy concern section. Therefore, we decided to reduce the privacy
concern instruments. We use only the highest correlated instruments from Malhotra et al. (2004),
Smith et al. (1996), and Stewart and Segars (2002) for each construct in our study. Furthermore, we
also put the contextual factor, i.e., the Ojek online to the instruments by using the “Ojek online com-
pany” as a replacement to the “online company”. The final instruments used are presented in Table
4.4.
Table 4.4. Final instruments used to measure privacy concerns.
No Con-struct
Instrument Source
1 Control The Ojek online company has to provide access for the users to control over decisions about how their information is collected, used, and shared
(Malhotra et al., 2004)
Page | 71
No Con-struct
Instrument Source
2 Aware-ness
It is very important to me that I am aware and knowledgeable about how my personal data will be used.
3 Collec-tion
I’m concerned that Ojek online companies are collecting too much personal data about me
(Malhotra et al., 2004; Smith et al., 1996; Stewart & Segars, 2002)
4 Im-proper Access
Ojek online companies should devote more time and effort to preventing unauthorized access to personal data.
(Smith et al., 1996)
5 Unau-thorized Second-ary Use
Ojek online companies should never share personal data with other companies unless it has been authorized by the individuals who provided the information.
6 Error Ojek online companies should take more steps to make sure that the personal data in their files is accurate.
4.2.1.2 Privacy benefits In contrast to the construct of the privacy concern, we newly developed the instruments for the pri-
vacy benefits. The privacy benefits construct was developed based on previous studies (see paragraph
3.4), i.e., the tangible benefits and intangible benefits. We used direct monetary benefits and indirect
monetary benefits as the operationalization of the tangible benefits. Furthermore, we also used the
personalization and the usefulness as the operationalization of intangible benefits. However, since the
context of the study (i.e., the Ojek online) is quite new, we modified the instruments accordingly.
Table 4.5 explains the overview of operationalization and the instruments of the privacy benefits.
Table 4.5. Privacy benefits operationalization
No Con-struct
Operationali-zation
Instruments Source
Tangible Direct mone-tary Benefit
I like it when the company gives me direct compensation (such as: sign up credit or shopping voucher)
Li et al. (2010)
Indirect mone-tary Benefit
I perceive monthly transportation discount as important to me
Xu et al. (2009)
Intangi-ble
Personalization It is important for me if the company is able to offer me a high quality of discount recom-mendation that suits me perfectly
Li and Unger (2012)
Usefulness Usefulness of application is one of the im-portant factors for me to use the application
Li and Unger (2012)
4.2.1.3 Privacy assurance approaches Likewise, the operationalization of privacy assurance approach was developed based on the previous
studies (Son and Kim (2008) & Xu et al. (2012)). However, we modified the instruments according to
the contextual factor in the object of study. Table 4.6 explains the overview of the operationalization
and the instruments.
Page | 72
Table 4.6. Privacy assurance approaches instruments
No Construct Operationali-zation
Instruments
1 Individual Self-Pro-tection
Refusal to dis-close
I will never give out my personal data Son and Kim (2008) & Xu et al. (2012). 2 Anonymous
user The anonymity is important when I inter-act with the Ojek online company
3 Removal I will remove my personal data from the Ojek online company if my data is not properly handled by the company
4 Negative WoM I will speak to my friends/relatives about my bad experience with the Ojek online company mishandling my personal data when my personal data is not properly treated
5 Complain di-rectly to com-panies
I will call or write the Ojek online com-pany to complain about the way it uses my personal data when it is not properly treated
6 Complaint indi-rectly to a 3rd party
I will call or write the public authority to complain about the way an Ojek online company uses my personal data when it is not properly treated
7 Industry self-regula-tion
3rd party audi-tor
It is important that the Ojek online com-pany has been audited by a 3rd party se-curity auditor
Xu et al. (2012)
8 Protection seal It is important if the Ojek online company shows a protection seal (such as: TRUSTe) in the application
9 Govern-ment regu-lation
National It is important if the government regu-lates the privacy assurance practice for the companies
4.2.1.4 Willingness to disclose personal information We measured the willingness to disclose personal information as our dependent variable. However,
since the context of this research was quite new in the domain of privacy studies, we newly developed
all the instruments. We argued that the data subjects can share their personal data both directly and
indirectly. The direct disclosure is occurred when the data subjects disclose their personal data directly
to the company by filling in their personal data using any media provided by the company, whereas
the indirect disclosure is occurred when the data subjects use other forms of personal data; such as:
data in social media, GPS, or data stored in a personal data vault; to be disclosed to the company.
Table 4.7 presents the overview of the operationalization of the variable willingness to disclose per-
sonal data.
Table 4.7. Willingness to disclose personal data instruments
No Construct Operationaliza-tion
Instruments
1 Willingness to disclose
Direct disclosure
I always use my complete personal information when I sign up to personalized advertisement
Page | 73
No Construct Operationaliza-tion
Instruments
2 I will be truthfully provide my name, date of birth, home address, personal email address, and personal phone number to the online company
3 I will honestly fill in my interests list when the Ojek online company asks for my interests
4 Indirect disclosure If available, I would like to use a “sign in with social me-dia” button when I sign up to use an application
5 When available, I always turn my mobile phone GPS on when I order services from the Ojek online ordering ap-plication
4.2.1.5 Demographic variables In addition to the hypothesized variables, we also proposed demographic variables in the analysis of
the relationships between privacy calculus constructs, including: age, gender, salary, education level,
efficacy in using smart phone, and previous privacy intrusion experience. These variables are derived
from the previous privacy concerns and mitigations studies (i.e.: Sun et al. (2015), Awwal (2012),
Phelps et al. (2000), (Li & Unger, 2012), and (Keith et al., 2015)).
In addition to the straight forward demographic question (such as: age, gender, education, and salary),
we develop additional instruments to measure the rest demographic variables. The first variable is the
previous privacy experience. We operationalize this variable by using a question “How often you re-
ceive unwanted advertisement email and/or phone call even though you never sign up to this adver-
tisement?”. The second variable is the self-efficacy level. We use the number of year experience in
using a smart phone as the proxy to the users’ smartphone efficacy level based on prior research by
Li and Unger (2012). The instrument question is formed as follows: “How long have you used a smart
phone? (A smart phone is a phone with Android, iOS, Blackberry, or Windows operating system)”.
After we developed the instruments to measure the constructs/variables, we assigned the coding to
those variables. Table 4.8 summarizes the coding mechanism of variables.
Table 4.8. Variables and coding summary
No Construct Sub construct Coding
1 Dependent Variable Willingness to disclose = wtd
Direct disclosure wtd1
2 wtd2
3 wtd3
4 Indirect disclosure wtd4
5 wtd5
Independent Variables
6 Privacy concerns 1 = IUIPC Control Picon
7 Awareness Piaw
8 Collection Picol
9 Privacy Concerns 2 = CFIP Improper access pcima
10 Unauthorized sec-ondary use
pcusu
11 Error Pcerr
Page | 74
No Construct Sub construct Coding
12 Tangible benefits = tang_pben Direct monetary ben-efit
btmb1
13 Indirect monetary benefit
btmb2
14 Intangible benefits = intang_pben Personalization bipe
15 Usefulness bius
16 Individual self-protection = isp Refusal to disclose aisp1
17 Anonymous user aisp2
18 Removal aisp3
19 Negative WoM aisp4
20 Complain directly to companies
aisp5
21 Complaint indirectly to a 3rd party
aisp6
22 Industrial self-regulation = isr 3rd party auditor aisr1
23 Protection seal aisr2
24 Government regulation = grl Grl
Demographic Variables
25 Previous experience privacy intrusion dpre
26 Self-efficacy dsel
27 Age dage
28 Education level aedu
29 Salary dsal
30 Gender dsex
4.2.2 Data cleansing and preparation After three weeks of data collection, we managed to get 301 filled in questionnaires. However, we
found out that there were 36 incomplete cases. After examining the incomplete cases one-by-one, we
concluded that the missing cases might be resulted from fatigue of the respondents in filling in the
questionnaire. Furthermore, as the questionnaire could not be submitted unless all responses had
been filled, all incomplete questionnaire responses resulted from drop out from the questionnaire
(not from data error). Therefore, we continued the analysis using the listwise method (only using the
complete data) to clean the data due to the comprehensiveness of the analysis. Finally, we only used
265 valid and complete cases (11.9% dropout ratio).
In general, we have an imbalance in the sample representativeness. Firstly, we have over representa-
tiveness of the sample especially in the age ranges 15-24 and 25-34. In contrast, we get under repre-
sentativeness of sample in the age ranges 45+. The logical explanation to this is: the younger age
ranges might appreciate utilitarian incentive more than the older age range, which is also aligned with
several findings from marketing research (for example: Saleh et al. (2013), Roy Dholakia and Uusitalo
(2002)). Secondly, we also get over representativeness of female respondents in this study. This also
might be caused by the fact that women enjoy utilitarian incentives more than their male counterpart
(Saleh et al., 2013; Sun et al., 2015). Table 4.9 summarizes the comparison of demographics between
Page | 75
the population and the sample. Additionally, Figure 4.1 shows the overview of the respondents’ de-
mography.
Table 4.9. Respondents’ comparison to the population
Age
Sex
Male (% Population)
Male re-spondents
Male (% re-spondents)
Female (% population)
Female re-spondents
Female (% respond-
ents)
15-24 10% 54 20% 11% 63 24%
25-34 14% 29 11% 13% 57 22%
35-44 11% 17 6% 11% 23 9%
45-55 8% 7 3% 8% 7 3%
55+ 6% 4 2% 7% 4 2%
TOTAL 50% 111 42% 50% 154 58%
Figure 4.1. Respondents’ demography dispersion
The next data cleansing phase was detecting the outliers. However, since we designed the question-
naire response with likert scale (the only possible answers were 1-7, except the age and the self-effi-
cacy), the number of outliers in the cases would be minimal. Furthermore, after we explored both
variable age and self-efficacy, we did not find any outliers in the cases.
Page | 76
4.2.2.1 Descriptive statistic of the demographic variables After we looked into the age/gender distribution of the respondents, we explore the descriptive sta-
tistic of the moderating variables. Firstly, the education level. The majority of the respondents are
people who have access to a higher education system (e.g., university and academy), which is por-
trayed by the high percentage of respondents who have graduated from senior high school (80.3%).
This number, however, overly-represents the higher education level population in the statistic of Ja-
karta (i.e., 51.9%) (Jakarta, 2015a). This might be resulted from the choice of the respondent invitation
places, which are located in the area where most higher education people socialize themselves.
Secondly, the monthly income level. On average, the salary of the respondents is in the middle income
level, i.e., IDR 5 mio – IDR 10 mio (≈ €350 - €700) per month, in which 55.3% respondents are in this
level and only 7.1% respondents are within the high level of income (> IDR 20mio ≈ €1350 per month).
This finding is also aligned with the high Gini coefficient index of Jakarta, which is 0.436 that means
6.4% of population owns 50% of the total income in the city (Jakarta, 2015a).
Thirdly, the efficacy in using a smartphone which is measured by the experience in using a
smartphone. The average of respondents’ experience in using smart phone is 5.71 years. This number,
however, does not directly reflect the efficacy level of using a smart phone. Most of the users now use
smart phones because of either the hedonistic purpose or the unavailability of basic feature phones
in the market (Chun et al., 2012). Therefore, although they use a smart phone, it does not mean that
they understand all the smart features of a smart phone. Thus, they may only use the basic feature of
a smart phone on a daily basis. Nevertheless, the number of years using a smart phone is still positively
correlated to the smart phone efficacy (Li & Unger, 2012).
Lastly, we also explored the consumers’ previous privacy intrusion experience. Our research concludes
that the majority of the respondents are people who often become the victim of privacy invasion
(mean = 3.9, out of 5 with neutral value = 3). The statistic shows that 71.7% of respondents have
negative experiences with privacy intrusion, such as: they often receive unknown emails or phone calls
from marketing agencies. The detailed demographic variables statistic information is shown in Appen-
dix 4.2. Respondents’ demography.
4.2.2.2 Data Screening Testing the assumptions of multivariate analysis were needed before we performed the explorative
analysis. Firstly, the normality test. Normality test was required because if the deviation from the nor-
mal distribution is sufficiently large, then all statistical test will be invalid (Hair et al., 2013). We con-
ducted the normality test to the residuals in the multiple regression analysis. To do that, we plotted
the standardized residual of each statistical test and see the symmetry of this residual. The plots for
the residuals show there are no outliers (no value below -3 and above +3), which indicate that the
standardized errors are quite normal.
Secondly, the homoscedasticity test. Testing homoscedasticity was needed to test the homogeneity
of the error (residuals) across the range of the independent variables (IV). It also showed the equality
of errors variance across all values of the predicted value of the DV The homoscedasticity was im-
portant because it reflects the models’ ability to predict a DV is consistent across range of that DV
(Hair et al., 2013). Put it in simpler words, if a model is able to predict both low values of DV and high
value of DV in a consistent accuracy, then this model satisfies the homoscedasticity assumption. We
tested the homoscedasticity by using both P-P plots of standardized residual and scatter plots of the
standardized residual vs. predicted value of DV. The homoscedasticity test of the cases showed that
minor heteroscedasticity was present. Even though the heteroscedasticity would not bias the anal-
yses, we might expect the increase of the standard error in the analyses. However, any violation to
Page | 77
this assumption would not be problematic to the estimation results. The detail test results are shown
in Appendix 4.3 Normality and homoscedasticity test.
The next data screening test was the linearity test. This test was required to explore whether the
relationships between IVs and DV meet the “linear” properties before we performed the multiple re-
gression linear analysis. We used statistical tests for linearity to find the un-linearity of variables. Then
we performed scatter plot analysis to add both linear and quadratic trend lines to visually detect the
linearity of the variables, especially to the variables that did not meet the linearity assumption. If the
differences of the explained variance between linear line and quadratic line did not differ significantly,
we could then consider the distribution as linear. We found out there are two variables that did not
satisfy the linearity test. However, after we performed scatter plot analysis, we found out that there
was no significant difference in the explained variance between linear plot line and the quadratic plot
line. Thus, we considered all the variables met the linearity assumption. Appendix 4.4 Linearity test
shows the linearity test.
The final assumption test was the absence of correlated error. As the data collected were not time
series data, we could assume that the correlated error would be absent.
4.2.2.3 Data preparation for multiple regression analysis Recalling the discussion in paragraph 4.2.1, we used several variables to measure each construct to
avoid measurement errors that might be caused by bias(es) in the instruments. To perform the multi-
ple regression analysis, a single number estimate that could represent the variables under the con-
struct was needed. Therefore, we performed factor analysis to summarize the data and to select which
variable(s) that could build up the construct but still represent the multiple aspects of construct in a
single scale (Hair et al., 2013). Furthermore, we also used factor analysis to compute the factor score
of each construct based on the contributing loading factor of each variables to the respective con-
struct.
Since we already had hypothesized the variable structures, we performed the factor analysis only to
the group of variables under each construct. For example, we only performed factor analysis to wtd1,
wtd2, wtd3, wtd4, and wtd5 to measure the factor score of wtd and so on. We used 0.6 measured of
sampling adequacy (MSA) as the degree of intercorrelation among variables (Hair et al., 2013). This
MSA requirement resulted two IPPR variables were taken out from the analysis (aisp1 and aisp2) as
both variables failed to meet the MSA adequacy requirement. As the final result, Table 4.10 summa-
rizes the overview of the factor analysis results with the corresponding factor loadings, whereas the
detailed results of the factor analysis is explained in Appendix 4.5 Factor Analysis.
Table 4.10. Factor analysis results and the corresponding variables
Construct Corresponding variables Corresponding factor loadings
Willingness to disclose = FAC_WTD wtd1 Direct disclosure .791
wtd2 .791
wtd3 .733
wtd4 Indirect disclosure .612
wtd5 .670
Privacy concerns = FAC_IUIPC Picon Control .748
Piaw Awareness .830
Picol Collection .731
Privacy concerns = FAC_CFIP pcima Improper access .716
Page | 78
Construct Corresponding variables Corresponding factor loadings
pcusu Unauthorized secondary use
.854
Pcerr Error .570
Tangible benefits = FAC_TANG_BEN
btmb1 Direct monetary benefit .921
btmb2 Indirect monetary benefit .921
Intangible benefits = FAC_IN-TANG_BEN
bipe Personalization .838
bius Usefulness .838
Individual self-protection = FAC_IPPR
aisp3 Removal .612
aisp4 Negative WoM .721
aisp5 Complain directly to com-panies
.849
aisp6 Complaint indirectly to a 3rd party
.792
Industrial self-regulation = FAC_ISR aisr1 3rd party auditor .892
aisr2 Protection seal .892
Government regulation = FAC_AGRL
agrn
Demographic Variables
Previous experience privacy intru-sion
dpre
Self-efficacy dsel
Age dage
Education level aedu
Salary dsal
Gender dsex
In addition to the factor analysis to perform summarization of variables, we also incorporate the de-
mographic variables in the analysis. For each demographic variable, we spilt the cases into two groups
of cases as follows. For gender variable, we split the cases into male group and female group, whereas
for the salary variable, we split the cases into two groups, i.e., low salary (IDR 5 mio – IDR 10 mio per
month) and high salary (> IDR 10 mio per month). Additionally, we also include cases of people who
reject to disclose their salary information to the analysis.
Furthermore, we also incorporate the previous privacy intrusion experience as the moderating varia-
ble. We group the respondents who score lower than 3 (from never to rarely experiencing privacy
intrusion) to the positive experience group, whereas people who score higher than 4 (often to very
often experiencing privacy intrusion) will be included in the negative experience group.
We also split the cases based on respondents’ education level. Respondents who have high school as
their highest education level will be grouped into low education group, whereas people who have
access to higher education level (e.g., university and academy) will be grouped into high education
group. In the age division, we grouped people who aged lower than 35 years old to the young group,
whereas the rest are grouped to the old group. To split the self-efficacy variable, we divide the re-
spondents’ smartphone use experience into two equal ranges by using the median value as the group
separator. We put people who have lower than 5 years’ experience in using smart phone as the low
self-efficacy group, whereas the rest are grouped to the high self-efficacy group. Table 4.11 displays
the composition of cases in each group.
Page | 79
Table 4.11. Number of cases in each segregation based on demographic variables
All
Gender Salary Privacy experi-
ence Education Age Self-efficacy
Male Fe-
male Low High
Reject to dis-close
Posi-tive
Nega-tive
Low High Young Old Low High
265 111 154 166 60 39 75 190 52 213 212 53 146 119
4.2.2.4 Data preparation for cluster analysis The main assumption to conduct a cluster analysis was the absence of multicollinearity (Hair et al.,
2013). We tested the multicollinearity by looking at the correlation matrix between variables. We
found out that no variables are significantly correlated with more than 0.6 correlation value (see Ap-
pendix 4.6. Correlation matrix). This result indicates that our variables are free from multicollinearity
risks.
Before we conducted the segmentation to the cases, we recomputed the value responses of the pri-
vacy mitigation strategy variables, i.e., tangible benefits, intangible benefits, individual self-protection,
industry self-regulation, and government regulation and legislation. We assigned -1 value to any re-
sponse valued from 1.00 to 3.00, 0 value to any response valued 3.001 to 4.99, and +1 value to any
response valued 5.00 to 7.00. By using this re-computation, we could interpret that recomputed mit-
igation strategy variable as follows: a recomputed variable with negative value means the mitigation
strategy is less preferred by the respondents, thus performing this strategy will ineffectively increase
their willingness to disclose personal data. Likewise, a recomputed variable with positive value means
that the mitigation strategy is more preferred by the respondents and performing this strategy will
effectively increase their willingness to disclose personal data, whereas 0 value means that the re-
spondents indifferently valued the mitigation strategy.
However, we should note that we perform cluster analysis based on instruments presented in the
multiple regression analysis, in which all privacy mitigation statements are presented in positive state-
ments. Therefore, we could expect that the respondents may choose all those mitigation strategies as
important because there are no trade-offs involved in the choice mechanism. To incorporate trade-
offs in the users’ choice mechanism, we present additional questionnaire in the form of conjoint anal-
ysis that will be elaborated in next paragraph (4.3).
4.3 Conjoint assessment of the privacy buy-off value The second part of the analysis is to measure the buy-off value and the part-worth utility of each
privacy dimension related to the others by using the conjoint analysis. The conjoint analysis is a re-
search method used in the evaluation of complex products or services while maintaining realistic con-
texts of the respondents (Hair et al., 2013). It is developed based on the premise that consumers eval-
uate the utility value of products and services by combining the amount and the combination of at-
tributes in those products and services (Hair et al., 2013). A more detailed about of conjoint analysis
is further explained in Appendix 4.7. A more detailed explanation about Conjoint Analysis.
In this research, we use the stated choice CBC method. The reason is twofold: (1) we want to analyze
a hypothetical product or service which can be satisfied by the stated choice CBC, and (2) we want to
avoid the risk of multicollinearity as well as minimize the amount of noise that might happen in the
revealed choice model.
The main assumption in the stated choice CBC is the respondents are rational actors who intend to
choose a profile from a choice set in which their utility value is maximized. In a stated choice CBC, each
profile will have a different composition of attribute and attribute level which then will be evaluated
Page | 80
and chosen by the respondents. By choosing the profiles, the respondents assign the part-worth utility
value of each attributes level. Then, the utility value can be derived based on the sum of the part-
worth utility of each attribute.
We use the multinomial logit (MNL) model to design the choice model as well as estimate the utility
function of the model. This model is the most commonly used model to design and analyze the dis-
crete choice model due to its ability to simplify the model estimation in a quick way and availability in
the most statistical software package (Louviere et al., 2000; Louviere; et al., 2003; MacDonald et al.,
2012). By using this model, the assumption of independence of irrelevant alternative, which assumes
that the respondents’ choice for a specific profile is independent from the presence or absent of other
alternatives, are implied (Louviere et al., 2000). This assumption, however, has both strength and
weakness. The strength of the assumption is that the model is able to provide convenient choice
model which allows introduction and/or elimination of alternative without re-estimation to the whole
model, whereas the weakness is that the model might be able to bias the estimation as the involved
attributes may be correlated one another (Louviere et al., 2000).
In the following subsections, we explain the design methodology of the stated choice CBC in our re-
search.
4.3.1 Contextual setting: personalization service in peer-to-peer ridesharing ser-
vice The contextual setting of this research is developed based on the knowledge we get from the Chapter
2, particularly 2.4. In this research we present the personalization as a new unbranded hypothetical
service offered by a hypothetical P2P ridesharing provider in Indonesia (called GOPEK) to our respond-
ents. This personalization service would be able to give push recommendations to the consumers re-
lated to the promotion of goods and services. By using this personalization service, the consumers
would be able to save their monthly transportation costs due to the efficiency that the application
provides in using the transportation service. However, this service would require the users to disclose
their personal information, specifically: their traveling patterns and buying patterns.
The GOPEK’s personalization engine would capture and store those personal data and perform data
mining to them to analyze and predict the users’ preferences and interests. Furthermore, the infor-
mation would be cross-matched with the users’ demographical data in order to give recommendations
(for example: people with the same profile and interest as you also buy from store X). Moreover, the
preferences and interests’ data could also be sold to third parties who might be interested to upsell
or cross-sell their product and service offerings.
The use-case example of this personalization service that was presented in the questionnaire is pre-
sented in Textbox 4.1:
Page | 81
4.3.2 Personal data disclosure definition and attribute selection From the above mentioned hypothetical service, we defined the types of personal data included to
offer the personalization service are:
1. The privacy of location and space, which is defined as “the right to move about in public or
semi-public space without being identified, tracked, or monitored” (Finn et al., 2013, p. 9).
This privacy type can be operationalized by using the users’ traveling pattern. Both pick up and
drop off points. Furthermore, the users can also name the saved location with a certain name,
such as: office or home, to simplify the ordering process. As such, the users will also disclose the
“space” of this location. Since this is the mandatory information (even if the user does not use the
personalization service), this type of privacy is set as the default setting of the design.
2. The privacy of behavior and action, which is defined as “the ability to behave in public, semi-
public or one’s private space without having actions monitored or controlled by others” (Finn
et al., 2013, p. 8).
This type of privacy dimension is perfectly operationalized by the disclosure of the consumers’
buying pattern, such as: what time the consumer buys certain goods, what kind of meal he/she
ordered last night, what time he/she usually orders a dinner, and any other activity that can be
related to the behavior of the individuals. In the conjoint design, we give the respondent an op-
portunity to choose whether they are willing to disclose this information or not since it is not a
default setting of the service.
3. The privacy of data and image. This privacy explains the users “concerns about making sure
that individuals’ data is not automatically available to other individuals and organizations and
that people can exercise a substantial degree of control over that data and its use” (Finn et al.,
2013, p. 8).
This privacy type is operationalized by the willingness of users receiving advertisement from other
companies through the company’s application. If the consumers chose to enable this option, they
Textbox 4.1. Ojek online personalization use-case
Abu (male, single) is a loyal customer of GOPEK that offers not only basic transportation services
(point-to-point pick up and drop off – named as GoNumpang), but also several additional services,
such as: a groceries shopping service (GoBelanja) and restaurant home-delivery service (GoMakan).
Initially, he uses only GoNumpang in daily basis from home to the office, and return. Occasionally,
he also uses several other services offered by the company.
Just recently, the company is offering a personalization service that gives information about what
certain restaurant (his favorite one) that gives promotion that is located on his daily route. Further-
more, the company can also predict when the time he will run out of grocery items, and inform him
that a groceries shop located in his route also sells this item with promotion. By using this person-
alization service, he has the opportunity to save his transportation cost by buying this product at
the same time he uses the basic transportation service.
In addition to that, he is also presented with several recommendations of products or services that
he has never used. The recommendation is presented in the form: “people who have the same
profile as you also buy food Y from restaurant B”. The recommendation is comparably fit with his
interest and the restaurant located nearby to his location.
Page | 82
indirectly allow the company to transfer their personal data to other companies. In our design,
the users are able to choose whether they are willing to make their personal information available
to other companies or not.
In summary, Table 4.12 summarizes the privacy types, operationalization attributes, and their levels.
Table 4.12. Privacy type operationalization attributes
No Privacy type Attribute Level
Privacy harm
No privacy harm
1 Privacy of location and space Traveling pattern disclosure Yes (de-fault)
2 Privacy of behavior and action Buying pattern disclosure Yes No
3 Privacy of data and image Receiving advertising from other company
Yes No
Furthermore, since we also wanted to measure the buy-off value of these personal data, the monetary
attribute was introduced in the analysis in the form of expected monthly transportation cost saving.
By using this attribute, we can compare those personal data to the money scale to measure the part-
worth of each personal data.
The value of expected monetary benefit was derived from the average daily transportation cost using
existing Ojek online service providers. The existing Ojek online service providers charges IDR 20.000
(in average) for a single trip (gojakgojek.com, 2016b). Therefore, we could suggest that the monthly
average transportation cost is IDR 880.000. We presented the expected monthly transportation saving
in four levels, i.e.: IDR 0,00 (0%), IDR 88.000,00 (10%), IDR 176.000,00 (20%), and IDR 264.000,00
(30%).
The privacy disclosures then were coded with dummy coding while the expected transportation saving
was coded with effect coding. The overview of the attributes, their levels, and level coding is presented
in Table 4.13 and Table 4.14.
Table 4.13. Attribute dummy coding
No Privacy type Attribute Dummy Coding
Privacy harm
No privacy harm
1 Privacy of location and space (PLS)
Traveling pattern disclosure Yes (de-fault)
2 Privacy of behavior and action (PBA)
Buying pattern disclosure 1 0
3 Privacy of data and image (PDI) Receiving advertising from other company
1 0
Table 4.14. Attribute effect coding
No Expected transportation saving (ES) Level Effect Coding s0 s1 s2
1 IDR 270.000 (≈ 30% saving) 1 0 0
2 IDR 180.000 (≈ 20% saving) 0 1 0
Page | 83
No Expected transportation saving (ES) Level Effect Coding s0 s1 s2
3 IDR 90.000 (≈ 10% saving) 0 0 1
4 IDR 0 (0% saving) -1 -1 -1
4.3.3 Choice set design After we defined the attributes used and the levels, we developed an experimental design using the
above mentioned attributes. The full profile of those attributes and attribute levels would produce 16
choices. However, we did not want to present all these choices as it would present information over-
load to the respondents. Consequently, we used fractional profile method to choose which choice that
would represent the full profile as well as eliminate the multicollinearity in the design. The Ngene
software was employed to discover this design.
Ngene is software to generate experimental design in state-choice experiments (Choice-Metrics,
2012). We can specify the number of options (alts), number of rows in the design (rows), the algorithm
to construct the design (orth), and the utility function of each option (model). Figure 4.2 describes
the syntax to produce this design in Ngene software.
Figure 4.2. Ngene syntax
We used orthogonal design to eliminate multicollinearity in the design. Firstly, we referred to the basic
plan ruling to decide the number of choices in our (fractional) design, in this regard, we refer to the
Louviere et al. (2000). From this document, we concluded that we need 8 choices to ensure the rep-
resentativeness and orthogonality of the design. Hence, we used Ngene to look for the profiles that
fitted to the design.
As we only wanted to measure the part-worth utility of each attribute, we presented the alternative
1 and alternative 2 by using unlabeled generic attributes. Thus, we were allowed to use sequential
construction for the algorithm to look for the orthogonal design (orth=seq). In this method, Ngene
would look for the choices first, then randomly assigned the choices to the choice set. However, this
approach would imply correlations existed between alternatives, even though the zero correlation
was achieved within alternative. However, this would not be a problem since the alternatives are un-
labeled – generic attributes (Choice-Metrics, 2012).
Furthermore, we also needed to define the utility function of the design. The utility function was de-
rived based on the previously mentioned attributes and attribute levels. In addition, the constant b0
Page | 84
(in alt3) was introduced to measure the effect of the default attribute (the privacy of location and
space and the general utility value) in the utility function.
We propose the utility function of using personalized Ojek online service as:
𝑈 = 𝑎𝑠𝑐1 + 𝐵_𝑝𝑑𝑖 ∗ 𝑝𝑑𝑖 + 𝐵_𝑝𝑏𝑎 ∗ 𝑝𝑏𝑎 + 𝐵_𝑒𝑠 ∗ 𝑒𝑠
Equation 4.1. Utility function
Where:
U = Utility value
asc1 = constant which will capture the value of privacy of location and space (pls) and the
general level of the service’s utility value
B_pdi = coefficient for privacy data and image (pdi) value
B_pba = coefficient for privacy behavior and action (pba) value
B_es = coefficient for expected saving (es)
However, we need to modify Equation 4.1 as we have coded the variable es into effect coded variables
(Table 4.14). The modified equation according to the effect coded variable is:
𝑈 = 𝑎𝑠𝑐1 + 𝐵_𝑝𝑑𝑖 ∗ 𝑝𝑑𝑖 + 𝐵_𝑝𝑏𝑎 ∗ 𝑝𝑏𝑎 + 𝐵_𝑒𝑠0 ∗ 𝑒𝑠0 +𝐵_𝑒𝑠1 ∗ 𝑒𝑠1 + 𝐵_𝑒𝑠2 ∗ 𝑒𝑠2
Equation 4.2. Utility function with effect coding for variable es
4.3.4 Questionnaire design and development After we run the simulation, Ngene produced 8 set of choices as the most efficient orthogonal design
for this conjoint experiment. The overview of the choice sets and its respected coding is explained in
Appendix 4.8. Choice sets configuration. Based on those choice sets, we developed the contextual
setting before we typed in those choice sets into the questionnaire. Finally, we merged these choice
sets questions with the previously developed questionnaire (questionnaire to discover the effective
mitigation strategy to increase the willingness to disclose personal information (in paragraph 4.2)).
We presented each choice sets in a two steps of questioning. The first question asked the respondent’s
preference over two alternatives, i.e., alternative 1 (alt1) and alternative 2 (alt2). After the respondent
chose the alternative, we presented the second question, in which we asked whether the respondent
will actually subscribe to the service if the service is available in the market. If the respondent chose
“yes” then we saved the initial choice, however, if the respondent chose “no” we could get the re-
spondent truly preference, i.e., the third alternative (alt3), and saved this choice. By using this method
of questioning, we could avoid the risk of not having any valid response (i.e., if all respondents chose
alternative 3) that might cause us failed to measure the PLS, PDI, and PBA.
4.3.5 Data processing and analysis After we get the survey questionnaire result, we employed Biogeme software to perform the data
analysis for the conjoint analysis. Biogeme (Bierlaire Optimization toolbox for GEv Model Estimation)
is freeware software developed by Michel Bierlaire to perform the estimation of likelihood in discrete
choice models (Bierlaire, 2003). The inputs of the program are: the design specification (based on
Ngene’s design with transformation of the effect coded variable – ES) and the dataset from the ques-
tionnaire.
Page | 85
Based on the Equation 4.2, we create a syntax for Biogeme to run the estimation for the attribute.
Figure 4.3 displays the Biogeme syntax.
Figure 4.3. Biogeme syntax
We will conduct the analysis to the all cases as well as segregated cases based on the moderating
variables and the initial perception of each privacy construct items (i.e., the initial level of willingness
to disclose, privacy concerns, privacy benefits, and the privacy assurance approaches).
An important parameter to measure the validity of the estimate is Rho-square (ρ2) which explains the
goodness-of-fit of the model to the cases. The ρ2 is calculated as:
𝜌2 = 1 −𝐿0
𝐿∗
Where
L0 = the Log likelihood of the initial estimation where all coefficients are estimated at 0
L* = the Log likelihood of the estimated model from the cases
Based on the equation, the higher ρ2 (closer to 1) suggests that the fitness of the estimation to the
cases is higher, and vice versa. The models with ρ2 values between 0.2 and 0.4 are considered as the
indicative of a good model fits (Louviere; et al., 2003). The result of the analysis will be thoroughly
elaborated on in the next chapter (Chapter 5).
Page | 86
This page is intentionally left blank
Page | 87
5 Survey Results, Data Analyses,
and Discussion
As previously mentioned in chapter 1, this chapter discusses the survey result, data analyses, and the
findings of the research, including the test results of the hypotheses formulated in chapter 3, the clas-
sification of users based on the appropriate privacy mitigation strategy, the analysis of the relative
importance of each privacy type based on its part-worth utilities, and the willingness to accept (or the
buy-off value) of privacy.
The first section of this chapter (paragraph 5.1) briefly explores the descriptive analysis of the survey
result. The analysis includes the initial statistics for willingness to disclose, privacy concerns, ac-
ceptance of privacy benefits, and the extent to perform privacy assurance approaches.
Next, the second section (paragraph 5.2) elaborates the hypotheses testing results of the multiple
regression analysis. The generic multiple regression of the complete cases is performed to give the
complete picture of the privacy mitigation strategy that can be applied in the population as a whole.
Furthermore, the demographic variables are also included in the more detailed analyses to test the
consistency of the results across the population as well as to test whether the control variables influ-
ence the analyses results. The analyses in this section yields the answer to the SQ3 (To what extent
are the privacy decision making constructs influencing the users’ willingness to disclose their personal
information?).
The third section of this chapter (paragraph 5.3) analyzes the classification of users by using the cluster
analysis to perform segmentation to the users according to their preferred privacy mitigation strategy.
The main aim of the segmentation is to help the company to prepare and apply an appropriate privacy
mitigation strategy to the specific target market, such as: the specific (niche) market and the type of
investment specific to the chosen target to acquire personal data from the people in this cluster. Ad-
ditionally, the prediction of the market size of each target market is also calculated based on the com-
position of each cluster. Similarly, we also include the demographic variables to test whether they will
influence the formed segmentation of users. The conclusion in this section provides the answer of the
SQ 4 (How can the users be segmented based on the privacy concern mitigation efforts?).
Finally, the last section (paragraph 5.4) elaborates the experimental assessment of the research to
measure the part-worth utilities as well as the buy-off value of privacy by using the conjoint analysis.
Also, we include the demographic variables to the analysis to test whether these variables influence
the buy-off value of privacy. Additionally, we also include the initial perception of the willingness to
disclose personal information, the privacy concerns as well as the privacy mitigation strategies (privacy
benefits and privacy assurance approaches) as the moderating variables to make deeper analyses. The
aforementioned analyses produce the answer to the SQ5 (To what extent do the users rank the value
of each personal information relative to the other type of personal information and how much is the
buy-off value for each of their personal data?). All those three analyses will be followed by a discussion
to comprehensively elaborate the empirical test result (paragraph 5.5).
Page | 88
5.1 Descriptive Statistics
5.1.1 Willingness to disclose (WTD) In general, a quite high level of willingness to disclose personal information is shown in the population.
This finding is portrayed by the descriptive statistic result that shows 4.44 as the mean value of the
willingness to disclose (we set 4.00 as neutral value -either agree or disagree- of disclosing personal
information). Furthermore, the statistic also shows negative skew in the result which explains that the
population is more concentrated in the higher level value.
In addition to the overall analysis of the willingness to disclose personal information, we also elaborate
per item attribute of the willingness to disclose, by breaking down the construct into two sub-con-
structs, i.e., direct and indirect disclosure (see Table 5.1). The indirect disclosure presents the higher
mean value than the direct disclosure, in which the disclosure via GPS when ordering Ojek online ser-
vice – wtd5 (When available, I always turn my mobile phone GPS on when I order services from Ojek
online ordering application) has the highest mean value and the providing interest list – wtd3 (I will
honestly fill in my interests list when the online company ask for my interest) to the company has the
lowest value. By this result, the statistic suggests the company to use an indirect approach when col-
lecting its customers’ personal information. Table 5.1 displays the summary of the descriptive statistic
of the WTD.
Table 5.1. Willingness to disclose descriptive statistic
WTD Statistics 95% Confidence Interval
of the Difference
Mean Std. Devia-tion
Skew-ness
Kurtosis Lower Upper
Average WTD 4.44 1.21 -.33 -.38 4.30 4.59
Average direct disclosure 4.30 1.38 -.35 -.59 4.13 4.46
Average indirect disclosure 4.66 1.43 -.41 -.55 4.49 4.84
Complete personal infor-mation
4.29 1.72 -.37 -1.02 4.09 4.50
Honest personal information 4.65 1.61 -.66 -.71 4.45 4.84
Honest interest list 3.94 1.67 -.09 -1.25 3.74 4.15
Sign-in with social media 4.09 1.93 -.08 -1.45 3.85 4.32
GPS use 5.24 1.49 -1.28 .89 5.06 5.42
Likert scale 1 – 7 is used in the operationalization of variable with 4 as the neutral value.
5.1.2 Privacy concerns The first view of the privacy concern statistic shows that the population has a high level of privacy
concerns, which is shown by 6.2 (out of 7) as the mean value of privacy concerns. Furthermore, this
high concerns have become a consensus in the population as shown in the small Standard deviation
(SD) value. The result also suggests that the population is concentrated in a higher level value of pri-
vacy concerns as shown by a negative skewness as well as the positive kurtosis in the descriptive sta-
tistic.
Furthermore, a more detailed analysis shows that the unauthorized secondary use of personal infor-
mation (Ojek online companies should never share personal data with other companies unless it has
been authorized by the individuals who provided the information) has been the highest customers’
privacy concern. The low value of SD also concludes that a big portion of population agrees that the
disclosed personal data must only be used for the specified purpose of collection without any second-
ary unauthorized use. Additionally, the statistic also shows that the consumers have least concern to
the collection of data collected by the company (I’m concerned that online companies are collecting
Page | 89
too much personal data about me). Table 5.2 displays the descriptive statistic for privacy concerns
variable.
Table 5.2. Privacy concerns descriptive statistic
Privacy concerns Statistics 95% Confidence Interval of
the Difference
Mean Std. Devia-tion
Skewness Kurtosis Lower Upper
Average privacy con-cerns
6.21 0.58 -1.08 2.95 6.14 6.28
Control 6.12 0.95 -1.73 4.43 6.01 6.24
Awareness 6.33 0.85 -2.41 9.65 6.23 6.43
Collection 5.60 1.32 -1.21 1.25 5.44 5.76
Improper access 6.43 0.68 -1.52 4.32 6.35 6.52
Unauthorized sec-ondary use
6.68 0.63 -3.95 27.50 6.60 6.76
Error 6.08 1.13 -1.76 3.55 5.94 6.22
Likert scale 1 – 7 is used in the operationalization of variable with 4 as the neutral value.
5.1.3 Privacy benefits Similar to the privacy concerns result, the perception of privacy benefits is also very high. The mean
value of the privacy benefits shows 6.14 which also becomes a consensus in the population with a
small value of SD. Furthermore, the result also shows a negative skewness and positive kurtosis value.
This result suggests that the population is concentrated in a higher level extent of receiving privacy
benefits in order to disclose the personal information.
Breaking down the type of benefits, we find that people value the tangible benefit more than the
intangible benefit, although the difference is very minimal. We also found that providing indirect ben-
efit as the most attractive privacy benefit (I perceive monthly transportation discount is very interest-
ing for me) and offering personalization (It is important for me if the company is able to offer me a
high quality of recommendation that suits me perfectly) as the least attractive benefit chosen by the
respondents. Nevertheless, the personalization still produces a significantly higher value from neutral
value. Table 5.3 summarizes the descriptive statistic of privacy benefits.
Table 5.3. Descriptive statistic of privacy benefits
Privacy benefits Statistics 95% Confidence Inter-val of the Difference
Mean Std. Devi-ation
Skewness Kurtosis Lower Upper
Average privacy benefits 6.14 0.69 -1.24 2.64 6.06 6.22
Average Tangible benefits 6.18 0.81 -1.48 3.56 6.09 6.28
Average Intangible benefits 6.10 0.75 -1.08 1.93 6.01 6.19
Direct monetary benefit 6.14 0.95 -1.72 4.10 6.03 6.25
Indirect monetary benefit 6.23 0.80 -1.49 3.91 6.13 6.32
Personalization 5.98 1.13 -1.95 4.67 5.85 6.12
Usefulness 6.21 0.64 -0.92 3.06 6.13 6.29
Likert scale 1 – 7 is used in the operationalization of variable with 4 as the neutral value.
5.1.4 Privacy assurance approaches
5.1.4.1 Individual self-protection (ISP) The individual self-protection is the active action part of consumers to ensure their privacy right. The
average value of 5.9 as the Individual self-protection suggests that, in general, the respondents are
Page | 90
more likely to perform defensive actions to react to any privacy invasion activity. Yet, the SD is quite
high which shows that the level of likelihood reaction may vary. In a more detailed analysis, the highest
likelihood of performing self-protection is the removal of data (the highest mean = 6.29), whereas the
least likelihood reaction is the refusal to disclose personal information (mean = 3.9). This result sug-
gests that the respondents are not willing to collaborate with the company completely if they feel the
company mistreated their data. On the contrary, the respondents do not have a tendency to decline
if the company asks them to give their personal information. The detailed descriptive of ISP is drawn
in Table 5.4.
Table 5.4. Descriptive statistic of Individual self-protection
Individual self-protection Statistics 95% Confidence Interval of
the Difference
Mean Std. Devia-tion
Skewness Kurtosis Lower Upper
Average ISP 5.93 0.84 -.69 .28 5.82 6.03
Refusal 3.92 1.57 .01 -1.11 3.73 4.11
Anonymity 4.49 1.46 -.27 -.84 4.31 4.67
Removal 6.29 0.86 -1.78 4.32 6.19 6.40
Negative WOM 5.94 1.18 -1.50 2.61 5.79 6.08
Direct complain 5.91 1.10 -1.28 1.70 5.77 6.04
Indirect complain 5.57 1.31 -1.01 .65 5.41 5.73
Likert scale 1 – 7 is used in the operationalization of variable with 4 as the neutral value.
5.1.4.2 Industry self-regulation (ISR) On average, the mean value of ISR 6.12 suggests that the consumers’ demand to the presence of
industry self-regulation is quite high. Furthermore, the self-regulation is divided into two approaches,
i.e., the regular privacy audit by a 3rd party auditor and the presence of a privacy seal logo in the
company’s branding (such as: in the mobile application and the website). The descriptive statistic
shows that both approaches have a high mean value (6.09 and 6.16 respectively) that suggest that
both approaches are equally appreciated by the consumers when implemented. Table 5.5 displays the
detail statistic of ISR.
Table 5.5. Descriptive statistic of Industry self-regulation
Industry self-regulation Statistics 95% Confidence Interval of
the Difference
Mean Std. Devia-tion
Skewness Kurtosis Lower Upper
Average ISR 6.12 0.82 -1.33 2.64 6.03 6.22
3rd party auditor 6.09 0.95 -1.50 3.04 5.97 6.20
Protection seal 6.16 0.87 -1.45 2.96 6.06 6.27
Likert scale 1 – 7 is used in the operationalization of variable with 4 as the neutral value.
5.1.4.3 Government regulatory and legislation (GRL) In addition to the industry self-regulation, the consumers are able to perform the passive action by
using the government legislation and regulation to regulate the company’s privacy and personal data
practice. The analysis of descriptive statistic shows the mean value of 6.50 and low SD which conclude
that the consumers’ demand for government regulation to regulate the company’s privacy practice
Page | 91
and personal data use is high and has been a consensus. Table 5.6 displays the detail statistic of GRL,
in which Likert scale 1 – 7 is used in the operationalization of variable with 4 as the neutral value.
Table 5.6. Descriptive statistic of Government regulation and legislation
Government regulation and legislation Statistics 95% Confidence
Interval of the Dif-ference
Mean Std. Devia-tion
Skewness Kurtosis Lower Upper
Govt regulation and legislation
6.50 0.69 -1.79 5.05 6.41 6.58
5.2 Multiple Regression Analysis In order to answer SQ.3, i.e., To what extent are the privacy decision making constructs influencing the
users’ willingness to disclose their personal information?, we test the hypotheses formed in chapter 3
by using multiple regression analysis. The initial correlation test is conducted prior to the multiple
regression analyses in order to investigate the potential variables that influence the willingness to
disclose personal data. The cross-correlation test shows that only privacy benefits (both tangible and
intangible benefit) have a direct significant correlation with willingness to disclose, in which the tangi-
ble benefit holds the highest correlation. However, we need to investigate further the partial correla-
tion once these variables are included to the analysis to get the complete estimation. Therefore, the
stepwise method is chosen as the estimation procedure in our multiple regression analyses. Table 5.7
displays the detailed correlation test among variables.
Table 5.7. Correlation test of variables
WTD IUIPC CFIP TANG_BEN
INTANG_ BEN
ISP ISR GRL
WTD Pearson Correla-tion
1 -0.04 0.005 .342** .248** 0.086 -0.023 -0.056
Sig. (2-tailed)
0.517 0.931 0 0 0.163 0.706 0.365
IUIPC Pearson Correla-tion
-0.04 1 .402** 0.086 .179** .320** .338** .316**
Sig. (2-tailed)
0.517 0 0.165 0.003 0 0 0
CFIP Pearson Correla-tion
0.005 .402** 1 .184** .170** .444** .381** .502**
Sig. (2-tailed)
0.931 0 0.003 0.005 0 0 0
*. Correlation is significant at the 0.05 level (2-tailed). **. Correlation is significant at the 0.01 level (2-tailed).
Paragraph 5.2.1 explains the generic multiple regression analysis applied to the whole cases. Next,
paragraph 5.2.2 explains the analyses to the segregated cases based on contextual variables to inves-
tigate the consistency of the analysis results. Finally, the conclusion of the multiple regression analyses
are formed in paragraph 5.2.3.
5.2.1 Generic multiple regression analysis We set a 90% significance threshold for the variables to be included to the regression model. We
define the general linear relationship model of our regression analysis as follows:
Page | 92
𝑊𝑇𝐷 = 𝐵0 + 𝐵1 ∗ 𝐼𝑈𝐼𝑃𝐶 + 𝐵2 ∗ 𝐶𝐹𝐼𝑃 + 𝐵3 ∗ 𝑇𝐴𝑁𝐺𝐵𝐸𝑁 + 𝐵4 ∗ 𝐼𝑁𝑇𝐴𝑁𝐺𝐵𝐸𝑁 + 𝐵5 ∗ 𝐼𝑆𝑃 + 𝐵6∗ 𝐼𝑆𝑅 + 𝐵7 ∗ 𝐴𝐺𝑅𝐿
Where:
WTD = willingness to disclose personal data
IUIPC = internet users’ information privacy concerns (Malhotra et al., 2004)
CFIP = concern for information privacy (Smith et al., 1996)
TANGBEN = privacy tangible benefit
INTANGBEN = privacy intangible benefit
ISP = individual self-protection (Xu et al., 2012) (based on IPPR by Son and Kim (2008))
ISR = industry self-regulation (Xu et al., 2012)
AGRL = government regulation and legislation (Xu et al., 2012)
The regression analysis aims to estimate the coefficients of the model, i.e., B0 through B7.
In general, the test result shows only tangible benefit and the governmental regulation and legisla-
tion have direct significant correlation to the willingness to disclose. The tangible benefit has direct
positive significant relationship with the willingness to disclose, whereas the governmental regulation
and legislation has direct negative significant with the willingness to disclose. The Beta of tangible
benefit scores higher than the Beta of governmental regulatory and legislation (see Table 5.8), which
means that the tangible benefit has higher predictive power than the extent of governmental regula-
tory and legislation demand. Any increase/decrease of one SD of the tangible benefit will increase/de-
crease 0.357 SD of the willingness to disclose personal information, while keeping the other predictors
constant. On the other hand, every increase/decrease of one SD of the extent governmental regula-
tory and legislation demand will decrease/increase the willingness to disclose personal information by
0.105 SD, ceteris paribus. Table 5.8 displays the output of the multiple regression result.
Table 5.8. Multiple regression analysis output
Variables Beta t Sig
Constant NA 0 1
Tangible benefit 0.357 6.125 0
Government Regulatory and Legislation
-0.105 -1.8 0.073
Model summary
Number of cases 265
Adjusted R square 0.121
F value 19.223 significant at .000
Looking at the model summary, the adjusted R2 value is quite low. Nevertheless, the F value is higher
than the acceptable F value (in which the statistic shows 19.223 as the F value of the model whereas
the F-distribution table with df=7 and 200 df at 0.05 significant level yields value 2.06), thus we can
conclude that the model is a not a result of a chance occurrence (Hair et al., 2013). This result builds
the generic model of our multiple regression analysis.
A noteworthy finding is found in the relationship between privacy assurance approaches variables
(i.e., Individual self-protection, industry self-regulation, and government regulation and legislation)
and the privacy concerns variables (i.e., IUIPC and CFIP). We identified strong correlations between
Page | 93
IUIPC and privacy assurance approaches and between CFIP and privacy assurance approaches in the
correlation table (see Table 5.7). We then conduct multiple regression analyses with IUIPC and CFIP
as the dependent variables and ISP, ISR, and GLR as the independent variables.
The multiple regression analyses results show that IUIPC is significantly explained (direct, positive re-
lationships) by the whole privacy assurance approach construct, even though the test fails to meet the
normality test assumption as the P-P plot of the residual deviates from the normal plot line. Never-
theless, a theoretical investigation and explanation are needed to investigate this relationship further.
On the other hand, the CFIP is significantly explained (direct, positive relationships) only by the ISP
and GRL. This finding partially shares the result with the research by Xu et al. (2012), in which they
investigate the relationship between privacy assurance approach constructs and the context specific
CFIP with the mediating effect of perceived control. Likewise, this test fails to meet the normality test
as the residuals significantly deviates from the normal line plot. The summary of the multiple regres-
sion outputs is displayed in Table 5.9, whereas the detail results of both multiple regression analyses
are detailed in Appendix 5.1 Multiple regression analysis of IUIPC and CFIP.
Table 5.9. IUIPC and CFIP multiple regression outputs
Dependent Variables
IUIPC CFIP
Independent Variables Beta t Sig Beta t Sig
Individual self-protection .170 2.579 .010 .283 5.044 .000
Industry self-regulation .184 2.693 .008 NA NA NA
Government Regulatory and Legislation
.155 2.329 .021 .383 6.817 .000
Model summary
Number of cases 265 265
Adjusted R square 0.156 0.313
F value 17.285 significant at .000 61.026 significant at .000
5.2.2 Consistency test based on demographic variables After we perform multiple regression to all of the cases, we perform multiple regression analyses to
each of groups segregated by the previously defined demographic variables (see paragraph 4.2.1.5).
In the gender grouping, we discover that the IUIPC, both privacy benefits (tangible and intangible),
and the industrial self-regulation have significant direct relationship to the willingness to disclose per-
sonal information in the male group. The highest Beta is owned by the tangible benefit, followed by
the intangible benefit. Moreover, the male population sees the IUIPC as significant predictor to the
willingness to disclose personal information. On the other hand, this population sees providing indus-
try self-regulation as the significant measures to increase the willingness to disclose personal infor-
mation. This result suggests, for the male group, that utilitarian approaches are more interesting than
the presence of privacy assurance measures by the company. Furthermore, a moderate adjusted R
square score suggests that this model is a good fitting model.
On their female counterpart, the willingness to disclose personal information is only influenced by
providing tangible benefit. The tangible benefit scores Beta 0.212 with 0.05 confidence level. Yet, the
model only explains very small variance.
The abovementioned two analyses suggest that gender is influencing the human rationale in disclosing
personal information, particularly in the perception of privacy concerns, intangible benefits, and pri-
vacy assurance approach. The detail of the multiple regression output is displayed in Table 5.10.
Page | 94
Table 5.10. Multiple regression output based on gender segregation
Male Female
Independent Variables Beta t Sig Beta t Sig
Privacy Concerns (IUIPC) -.174 -1.940 .055 - - -
Privacy Concerns (CFIP) - - - - - -
Tangible Benefits .335 3.499 .001 .212 2.679 .008
Intangible Benefits .318 3.188 .002 - - -
Individual self-protection - - - - - -
Industry self-regulation -.216 -2.423 .017 - - -
Government Regulatory and Legislation
- - - - - -
Model summary
Number of cases 111 154
Adjusted R square .308 0.039
F value 13.234 significant at .000 7.176 significant at .000
In the grouping based on salary, we discover that both low salary and high salary groups share a same
direct significant predictor to the willingness to disclose personal information, i.e., the tangible benefit.
In the low salary group, the tangible benefit has Beta 0.336, whereas in their high salary counterpart
it has Beta 0.357. Both model, however, have low adjusted R square value (i.e., 10.7% and 11.2% re-
spectively). These findings suggest that salary does not influence the users’ privacy decision making
rationale.
An interesting finding is found in the group of people who reject to disclose their salary information,
in which we could also assume that these people have a slightly higher privacy concerns level. The
intangible benefit and governmental regulation and legislation appear to have direct significant rela-
tionship to the willingness to disclose personal information with similar predictive magnitude (Beta =
0.394 and -0.351 respectively). The model of this group also has higher explained variance level than
the former two groups (13.7%). However, we cannot conclude whether the initial privacy concerns
level becomes the antecedent of the outcome difference in this group, as the privacy concerns mean
values (both IUIPC and CFIP) do not differ significantly with the privacy concerns level in both low
salary and high salary group. Table 5.11 summarizes the regression analysis based on salary segrega-
tion.
Table 5.11. Multiple regression output based on salary segregation
Low salary High salary Reject to disclose salary
Independent Variables Beta t Sig Beta t Sig Beta t Sig
Privacy Concerns (IUIPC) - - - - - - - - -
Privacy Concerns (CFIP) - - - - - - - - -
Tangible Benefits .336 4.569 .000 .357 2.908 .005 - - -
Intangible Benefits - - - - - - .394 2.453 .019
Individual self-protection - - - - - - - - -
Industry self-regulation - - - - - - - - -
Government Regulatory and Legislation
- - - - - - -.351 -2.182 .036
Model summary
Number of cases 166 60 39
Adjusted R square 0.107 0.112 0.137
F value 20.873 significant at .000 8.457 significant at .005 4.016 significant at .027
Page | 95
In the analysis to groups based on previous privacy experience, an astonishing finding is found in the
positive experience group (people who never or seldom experience privacy intrusion), in which the
tangible benefit and the individual self-protection show direct significant relationships to the willing-
ness to disclose personal information. The tangible benefit scores Beta 0.375, whereas the individual
self-protection, surprisingly, scores Beta 0.182 (positive sign), which scores a reversed sign from the
hypothesized relationship. This model explains 18.6% variance. This finding suggests that people who
have positive privacy experience are willingly to disclose personal information in the “alert” mode,
which means that they will directly perform self-protection actions whenever the company fails to
treat their personal information correctly.
On the contrary, the analysis in the negative experience group shows that the willingness to disclose
is predicted by two predictors, i.e., the CFIP and tangible benefit. The CFIP scores Beta -0.131 whereas
the tangible benefit scores Beta 0.334. This numbers suggests that the utilitarian benefits outweigh
the privacy concerns to increase the willingness to disclose personal information. The model, however,
only explains 9.6% variance. From the two aforementioned analyses, we can conclude that the previ-
ous privacy experience influences the user privacy disclosure rationale. The detailed multiple regres-
sion output is drawn in Table 5.12.
Table 5.12. Multiple regression output based on privacy experience segregation
Positive experience Negative experience
Independent Variables Beta t Sig Beta t Sig
Privacy Concerns (IUIPC) - - - -.131 -1.828 .069
Privacy Concerns (CFIP) - - - - - -
Tangible Benefits .375 3.459 .001 .334 4.660 .000
Intangible Benefits - - - - - -
Individual self-protection .182 1.681 .097 - - -
Industry self-regulation - - - - - -
Government Regulatory and Legislation
- - - - - -
Model summary
Number of cases 75 190
Adjusted R square 0.186 0.096
F value 9.475 significant at .000 11.057 significant at .000
In the grouping based on education level, we discover that tangible benefit and industry self-regulation
have been the significant predictors for the willingness to disclose personal information in low educa-
tion group. The tangible benefit scores Beta = 0.365 whereas the industry self-regulation scores Beta
-0.283. This model explains 16.1% variance. On their older group counterpart, both tangible and in-
tangible benefit are the significant predictors to increase the willingness to disclose personal infor-
mation. The tangible benefit appears to have higher influence rather than the intangible benefit (Beta
0.272 and 0.136 respectively). This model explains 12.7% variance. Based on these findings, we may
suggest that education level influences the users’ rationale in disclosing personal information, partic-
ularly in the perception of intangible benefits and industry self-regulation. Table 5.13 summarizes the
multiple regression output.
Page | 96
Table 5.13. Multiple regression output based on education level segregation
Low education High education
Independent Variables Beta t Sig Beta t Sig
Privacy Concerns (IUIPC) - - - - - -
Privacy Concerns (CFIP) - - - - - -
Tangible Benefits .365 2.832 .007 .272 3.450 .001
Intangible Benefits - - - .136 1.720 .087
Individual self-protection - - - - - -
Industry self-regulation -.283 -2.196 .033 - - -
Government Regulatory and Legislation
- - - - - -
Model summary
Number of cases 52 213
Adjusted R square 0.161 0.127
F value 5.885 significant at .000 16.393 significant at .000
The next grouping is based on age. In the young group, both types of benefits and industry self-regu-
lation appear to have direct significant relationship to the willingness to disclose personal information.
The tangible benefit has the highest predictive magnitude with Beta = 0.284, followed by the intangi-
ble benefit with Beta = 0.165 and the industry self-regulation with Beta = -0.166. This model explains
14.4% variance. In their old group counterpart, the tangible benefit appears as the only significant
predictor that influences the willingness to disclose personal information with Beta = 0.336. This
model, however, only explains 9.6% variance in the population. These findings suggest that the age
level of the respondents influences their rationale in disclosing personal information, specifically in
the perception of intangible benefits and industry self-regulation. Table 5.14 summarizes the multiple
regression output.
Table 5.14. Multiple regression output based on age level segregation
Young Old
Independent Variables Beta T Sig Beta t Sig
Privacy Concerns (IUIPC) - - - - - -
Privacy Concerns (CFIP) - - - - - -
Tangible Benefits .284 3.614 .000 .336 2.548 .014
Intangible Benefits .165 2.089 .038 - - -
Individual self-protection - - - - - -
Industry self-regulation -.166 -2.518 .013 - - -
Government Regulatory and Legislation
- - - - - -
Model summary
Number of cases 212 53
Adjusted R square 0.144 0.096
F value 12.854 significant at .000 6.494 significant at .014
The last demographic variable is the self-efficacy, which has been grouped into low and high self-effi-
cacy. In the low self-efficacy group, the tangible benefit appears as the only direct significant predictor
for the willingness to disclose personal information. The test shows Beta 0.339 as the prediction mag-
nitude. Nonetheless, the model has a low explained variance level. In the high self-efficacy group, the
model concludes that IUIPC and tangible benefit appear to have direct significant relationship to the
Page | 97
willingness to disclose personal information. IUIPC has Beta -0.176 whereas tangible benefit has Beta
0.353. This finding suggests that the self-efficacy level influences the human rationale in disclosing
personal information, particularly the privacy concerns. Table 5.15 summarizes the multiple regres-
sion analysis output of the data based on self-efficacy level.
Table 5.15. Multiple regression output based on self-efficacy level segregation
Low self-efficacy High self-efficacy
Independent Variables Beta t Sig Beta t Sig
Privacy Concerns (IUIPC) - - - -.176 -2.062 .041
Privacy Concerns (CFIP) - - - - - -
Tangible Benefits .339 4.329 .000 .353 4.126 .000
Intangible Benefits - - - - - -
Individual self-protection - - - - - -
Industry self-regulation - - - - - -
Government Regulatory and Legislation
- - - - - -
Model summary
Number of cases 146 119
Adjusted R square 0.109 0.138
F value 18.742 significant at .000 10.411 significant at .000
Table 5.16 summarizes the multiple regression analyses test result as well as the explained variance
of the models.
Page | 98
Table 5.16. Multiple regression analyses summary
Independent Variables Generic
Gender Salary Previous Experience of
privacy intrusion Education Age Self-efficacy
Male Female Low High Reject to disclose
Positive Negative Low High Young Old Low High
Privacy Concerns (IUIPC) NA -0.174* NA NA NA NA NA NA NA NA NA NA NA -0.176**
Privacy Concerns (CFIP) NA NA NA NA NA NA NA -0.131* NA NA NA NA NA NA
Tangible benefit 0.357**** 0.335*** 0.212** 0.336**** 0.357** NA 0.375*** 0.334**** 0.365** 0.272*** 0.284**** 0.336** 0.339**** 0.353****
Intangible benefit NA 0.318** NA NA NA 0.394** NA NA NA 0.136* 0.165** NA NA NA
Individual Self-protection NA NA NA NA NA NA 0.182* NA NA NA NA NA NA NA
Industry Self-regulation NA -0.216** NA NA NA NA NA NA -0.283** NA -0.166** NA NA NA
Government Regulatory and Legislation
-0.105* NA NA NA NA -0.351** NA NA NA NA NA NA NA NA
Model Summary
Number of cases 265 111 154 166 60 39 75 190 52 213 212 53 146 119
Adjusted R square 0.121 .308 0.039 0.107 0.112 0.137 0.186 0.096 0.161 0.127 0.144 0.096 0.109 0.138
F value 19.223**** 13.234**** 7.176**** 20.873**** 8.457* 4.016* 9.475**** 11.057**** 5.885**** 16.393**** 12.854**** 6.494* 18.742**** 10.411****
Significant level: **** = 0.0001; *** = 0.001; ** = 0.5; and * = 0.1 Dependent variable: Willingness to disclose
Page | 99
5.2.3 Conclusion From the previous multiple regression analyses, we can conclude that the tangible benefit has been
the major predictor to significantly influence the willingness to disclose personal information, by ap-
pearing consistently in the generic model and (almost) all group divisions. The only one group which
does not have the tangible benefit as predictor is the reject to disclose salary information group. Yet,
this group still regards the intangible benefit as the influential predictor to increase the willingness to
disclose personal information.
On the other hand, the items of the privacy assurance, i.e., individual self-protection, industry self-
regulation, and governmental regulatory and legislation, are pointed up significantly in only 6 groups
from the total 14 groups model available. The privacy assurance items are shown in the generic model,
male group, reject to disclose salary information group, positive privacy experience group, low educa-
tion group, and the young population. This also suggests that seeing privacy as an interest, in which
the consumers regard their privacy as a means to get utilitarian benefits from the company, has be-
come more prevailing than seeing privacy as a right.
Surprisingly, the privacy concerns, in which these items have been the main predictors in most prior
research (such as: Dinev and Hart (2006), Awad and Krishnan (2006), Kehr et al. (2015), Taylor et al.
(2009), Li and Unger (2012), and Liu et al. (2011)), do not show a major contribution to the willingness
to disclose personal information in our empirical results. The privacy concerns items, i.e., IUIPC and
CFIP, only appear in the male group, negative privacy experience group, and the high self-efficacy
group.
An unexpected result is found in the positive privacy experience group. We notice that the willingness
to disclose personal information is positively influenced by the likelihood to perform individual self-
protection, which consists of removal of data, negative WoM, direct complaint to the company, and
indirect complaint to the 3rd party or authority, when their privacy is invaded. This suggests that the
members in the positive privacy experience group is willing to increases the personal data disclosure,
but they also incline to perform individual self-protection in the same time. In other words, this group
will always be in the “alert” mode when disclosing the personal information.
Furthermore, we also found significant difference in the number of predictors after we segmented the
cases into groups. In the segmentation based on male gender, we discover four variables, which con-
sist of IUIPC, tangible benefit, intangible benefit, and industry self-regulation as the significant predic-
tors to influence the willingness to disclose personal information. On the contrary, the female group
has only the tangible benefit as the significant predictor to influence the willingness to disclose per-
sonal information. These findings suggest that, in respect to the privacy disclosure, male population
has more complicated rationale than their female counterpart.
This conclusion is also found in the age segmentation, in which the young group has more complicated
rationale than their older counterpart. This suggestion is supported by the finding that the young
group has three significant predictors to influence the willingness to disclose personal information,
i.e., tangible benefit, intangible benefit, and industry self-regulation. On the other hand, the older
group has much simpler rationale by having only one predictor (i.e., tangible benefit) as the significant
influencer of the willingness to disclose personal information. Moreover, from the analyses of data
segregated based on demographic variables, we can conclude that the only variables influence the
human rationale in disclosing personal information are: gender, previous privacy experience, educa-
tion level, age, and self-efficacy level.
Page | 100
With the aim to test the hypotheses formed in Chapter 3, we recall the formed hypotheses in Table
3.6. From the aforementioned analyses, we can conclude that our hypotheses are partially supported
by our empirical study. The most complete supported hypotheses are found in the male group. De-
spite the privacy concerns level, the tangible benefit has been the major predictor that appears in
almost all analyses (except the reject to disclose salary information group). From the above mentioned
statistical analyses, Table 5.17 draws the conclusion of our hypotheses testing.
Table 5.17. Hypotheses testing summary
Hypothesis Generic
Gender Salary Previous Experi-
ence of privacy in-trusion
Education Age Self-effi-
cacy
Male Female Low High Reject to dis-close
Positive Negative Low High Young Old Low High
H1a
H1b
H2a
H2b
H3a
H3b
H3c
Dependent Variable: Willingness to disclose personal information Green shading: accept the hypothesis; white shading: reject the hypothesis Red shading: the finding shows a significant but reversed direction result from the hypothesis
Page | 101
5.3 Cluster Analysis To answer the SQ.4, i.e., How can the users be segmented based on the privacy concern mitigation
effort?, the general segmentation is performed to all of the cases to identify the possible market seg-
mentation in the population. Recalling the privacy decision making discussion in chapter 3.4, in which
we want to mitigate the users’ privacy concerns using both utilitarian approach and non-utilitarian
approach (see Figure 3.1), we include all privacy mitigation strategies as the group properties of the
cluster, which are:
1. Privacy benefits strategy, which consists of providing tangible benefits and intangible bene-
fits, and
2. Privacy assurance approach strategy, which consist of the likelihood of users to perform indi-
vidual self-protection (ISP) (which is also known as Individual privacy protection responses –
IPPR), demand for industry self-regulation (ISR), and demand for governmental regulation
and legislation (GRL). This strategy aims to ensure the users’ privacy right.
Due to the atheoriecal property of cluster analysis in deciding the number of cluster formed, we per-
form an iterative method to set the number of cluster in our analysis. Firstly, we set 9 clusters (see
paragraph 3.5 for the cluster nomological structure) as the initial possible cluster as we understand
that forming more than 9 clusters will be hard to profile. When the analysis forms a cluster with less
than 2 members OR less than 1% size, we regard that finding as the indication of an overestimated
number of clusters formed in the analysis. Then, we reduce the possible cluster by one, and so on,
until we have no formed cluster that has less than 2 members OR 1% size.
The next paragraph (paragraph 5.3.1) explains the generic cluster analysis that is applied to the whole
cases to segment the population. Furthermore, the clusterization based on the demographic variables
segregation are elaborated on in the paragraph 5.3.2. Finally, the conclusion of the cluster analysis is
formed in the last paragraph (paragraph 5.3.3).
5.3.1 Generic cluster analysis The first clusterization is performed to the whole cases to make segmentation to the population. We
find 4 significant clusters in the segmentation. The first cluster is profiled as Pure utilitarian as the
people in this segment regard only utilitarian type of strategies (both tangible and intangible) to be
able to mitigate their privacy concerns. The second cluster is profiled as Total solution seeker because
this cluster regards all mitigation strategies are important to mitigate the privacy concerns. The third
cluster is profiled as Strong utilitarian. This cluster regards all utilitarian privacy mitigation strategies
are important, whereas only partial privacy assurance approaches are regarded as important, i.e., the
industry self-regulation and government regulation and legislation, as equally important means to
mitigate the privacy concerns. Finally, the fourth cluster is profiled as Total solution seeker because
the people in this cluster perceive all type of privacy mitigation strategies are important. Figure 5.1
displays the graphical properties of each cluster.
Page | 102
Figure 5.1. Final cluster properties
From the graphical depiction of cluster properties, we understand that the second and the fourth
cluster has the same profile, albeit they have different importance magnitude on each strategy. To
calculate the potential market segment, we combine the second and fourth cluster into a single Total
utilitarian cluster, and we therefore have three final clusters in total, which will be analyzed as follows:
Firstly, the pure utilitarian group forms the smallest potential market share with 1.1% size. This may
suggest if a company provides only utilitarian type of strategy only (both tangible and intangible ben-
efits), it may only capture 1.1% of total population.
Secondly, the strong utilitarian group accounts for 10.2% potential market share. This finding suggests
that a company that performs a type of privacy assurance strategy in addition to utilitarian strategies
will have the opportunity to capture (at least) 10.2% market share in the market. Finally, the total
solution seeker, which has been the largest cluster formed in the analysis. This cluster forms 88.7%
potential market share in the population. This finding suggests that the company that wants to target
the largest fish should prepare all type of strategies prior to the users’ personal data acquisition. Figure
5.2 summarizes the potential market share composition in a pie chart.
Page | 103
Figure 5.2. Groups’ potential market share
5.3.2 Cluster analysis to the segregated data based on demographic variables After we conducted the general cluster analysis to all of the cases and produced the generic clusters,
we performed the cluster analyses specific to the segregated data based on the demographic varia-
bles. The clusterization results of the segregated data are useful to help a company that wants to
target a specific demographic market to prepare an appropriate privacy mitigation strategy to this
market. For example: a company that markets male specific products and personalization services to
male population can make use of the clusterization result of male population in order to help the
company to prepare an appropriate privacy mitigation strategy; or a company that markets innovative
products and services that offers privacy enhancing technology as value differentiator (targeted to
high privacy concerned population) can use the clusterization result of the population with a negative
privacy experience.
We use the same grouping method as we did on the multiple regression analyses to group the cases
into segregated groups. Next, we perform the cluster analysis, cluster profiling, and cluster composi-
tion analysis to each formed group. Table 5.18 summaries the clusterization based on control variables
segregations results, while the detail profile of each cluster is elaborated in Appendix 5.2 Cluster
properties of data segregated based on demographic variables.
Pure utilitarian, 1.1%
Total solution seeker, 88.7%
Strong utilitarian, 10.2%
Generic cluster analysis result
Page | 104
Table 5.18. Potential market size
Cluster name Ge-
neric model
Gender Salary Previous Experi-
ence of privacy in-trusion
Education Age Self-efficacy
Average Size
ranking Male Female Low High
Reject to dis-close
Positive Negative Low High Young Old Low High
Total solution seeker
88.7% 90.1% 100% 90.4% 98.3% 94.9% 88.0% 95.3% 98.1% 92.5% 98.6% 92.5% 100% 96.6% 94.6% 1st
Strong utilitar-ian
10.2% 6.3% 1.8% 4.7% 6.1% 7.5% 3.4% 5.7% 3rd
Pure utilitarian 1.1% 1.7% 1.4% 1.4% 1.4% 6th
Strong privacy right seeker
1.8% 7.8% 12.0% 9.4% 7.8% 2nd
Combined strategy seeker
1.9% 1.9% 5th
Weak utilitar-ian
NA NA
Pure privacy right seeker
1.8% 5.1% 3.5% 4th
Weak privacy right seeker
NA NA
Indifferent group
NA NA
Statistic summary
Number of cases
265 111 154 166 60 39 75 190 52 213 212 53 146 119
Legend: Green shading: equally combined type strategy; Blue shading: utilitarian dominant strategy; Brown shading: privacy right assurance dominant strategy
Page | 105
5.3.3 Conclusion The specific question aimed to be answered in this section is SQ.4, i.e., How can the users be segmented
based on the privacy concern mitigation efforts? The previously analyzed cluster profiling matrix suggest
us to form 9 clusters, which are named and defined as portrayed in Table 3.5. However, there are only 6
significant clusters formed from the analyses, which are:
1. Total solution seeker,
2. Strong utilitarian,
3. Pure utilitarian,
4. Strong privacy right seeker,
5. Combined strategy seeker, and
6. Pure privacy right seeker.
Our findings, which is summarized in Table 5.18, conclude that the total solution seeker appears as the
most dominant cluster in population. This cluster always holds the biggest potential market share, not
only in generic clusterization, but also in every segregated cases (based on the demographic variables).
This finding suggests that the data acquirer company must be ready to prepare the all mitigation strategies
if it wants to get the biggest market share in the market (regardless which segment it wants to target).
However, we must note that this finding is logical as the presentation of question may induce the respond-
ents to choose all the strategy as the appropriate strategy due to the absence of trade-offs when making
any choice. From this limitation, we performed the conjoint analysis to incorporate trade-offs and present
a better outcome as the complement to the clusters formed.
Also, the finding suggests that the majority of the population demands their privacy to be assured as well
as to be “bought” (both directly using tangible benefit or indirectly using intangible benefit) before they
share their personal information to the data acquirer company. It also concludes that the majority of the
people still perceive their privacy as a right in accompaniment to their privacy perception as an interest.
Furthermore, the average size of the privacy right assurance dominant strategy is formed bigger than the
utilitarian dominant strategy. This suggests that more people are willing their privacy to be “assured” only
rather than to be “bought” only.
Noteworthy results are found in the finding, in which no weak utilitarian cluster and weak privacy right
seeker cluster are formed. This finding concludes that no one wants only partial type of strategy only
(partial utilitarian type strategy without any right assurance strategy, or partial right assurance strategy
without any utilitarian type strategy) to applied to mitigate the privacy concerns. Furthermore, the finding
also concludes that no indifferent group is formed, which suggests that everyone in the population wants
their privacy concerns are mitigated before disclosing his/her personal information.
5.4 Conjoint Analysis After we have the answer of how to increase personal data disclosure and to which group a certain miti-
gation strategy is applied from the prior analyses, we now want to answer the how much question, par-
ticularly related to the tangible type of mitigation strategy. By employing Biogeme (Bierlaire, 2003), we
estimate the coefficients of each variable/attribute involved in the conjoint analysis. This estimation result
is formed as Betas which then are multiplied by their respective variable and summed up to calculate the
total utility value. Additionally, the general level utility is also calculated by capturing the constant/inter-
cept in the estimates. However, as we have set the PLS disclosure in the default value (see section 4.3.2
Page | 106
Personal data disclosure definition and attribute selection), the constant/intercept value will also describe
the part-worth utility value of PLS.
Recalling the discussion in chapter 4.3.3 Choice set design, we propose the effect coded utility function of
using personalized Ojek online service as:
𝑈 = 𝑎𝑠𝑐1 + 𝐵_𝑝𝑑𝑖 ∗ 𝑝𝑑𝑖 + 𝐵_𝑝𝑏𝑎 ∗ 𝑝𝑏𝑎 + 𝐵_𝑒𝑠0 ∗ 𝑒𝑠0 + 𝐵_𝑒𝑠1 ∗ 𝑒𝑠1 + 𝐵_𝑒𝑠2 ∗ 𝑒𝑠2
Equation 5.3. Utility function with effect coding for variable es
After we run the estimation and produce all estimated coefficients, we translate back the effect coded
estimation to its initial (original) utility function, which is defined as:
𝑈 = 𝑎𝑠𝑐1 + 𝐵_𝑝𝑑𝑖 ∗ 𝑝𝑑𝑖 + 𝐵_𝑝𝑏𝑎 ∗ 𝑝𝑏𝑎 + 𝐵_𝑒𝑠 ∗ 𝑒𝑠
Equation 5.4. Utility function
Where:
U = Utility value
asc1 = constant which will capture the value of privacy of location and space (PLS) and the general
level of the service’s utility value
B_pdi = coefficient for privacy data and image (PDI) value
B_pba = coefficient for privacy behavior and action (PBA) value
B_es = coefficient for expected saving (es)
The following paragraphs explore the estimated coefficients as the output of the Biogeme software. The
generic estimated coefficients are elaborated in paragraph 5.4.1. Furthermore, we also estimate the co-
efficients according to the segregation of cases based on the control variables, which are elaborated in
the paragraph 5.4.2. Moreover, we also want to test the consistency of the coefficients to the segregated
cases based on initial perception of the willingness to disclose personal data as well as their perception to
each privacy mitigation constructs which will be explained in paragraph 5.4.3. Finally, the conclusion of
the analysis is formed in the paragraph 5.4.4.
5.4.1 Generic estimated coefficient In the generic model, we analyze all data without doing any segregation to the cases. The estimated MNL
model produces ρ2 square = 0.209, which indicates the model is a good fit model. All the estimated coef-
ficients show significance at the level of 95%. Table 5.19 summarizes the generic model estimation result.
Page | 107
Table 5.19. Estimated coefficients for generic model
Attribute Estimated coef-
ficients
B_es0 0.795
B_es1 0.97
B_es2 -0.508
B_pba -1.62
B_pdi -0.345
asc1 0.943
observation 2120
ρ square 0.209
Before we conduct the analysis to the estimates, we recode the above-mentioned estimated coefficients
to the original utility function (Equation 5.4. Utility function).
As we have set the disclosure of PLS as the default value (see Table 4.12. Privacy type operationalization
attributes), the general level of utility of the service will be intertwined with the part-worth utility value
of PLS. Thus, we cannot clearly segregate the part-worth value of PLS and the initial general level of Ojek
online service utility. Figure 5.3 depicts the estimated coefficients as the result of the recoded estimation.
Figure 5.3. Graphical presentation of the estimated coefficients
Page | 108
After we estimate the coefficients, we calculate the importance level of each attribute compared to an-
other. We use their range value of the part-worth utility and compare them to the overall utility value of
the service. Table 5.20 summarizes the recoding variables, estimates, importance level and the im-
portance ranking of the conjoint analysis.
Table 5.20. Recoded coefficients and the calculation of the importance
Attribute Estimated coeffi-
cients Range of part-
worth value Importance
Importance ranking
B_pba -1.62 1.62 32% 2nd
B_pdi -0.345 0.345 7% 4th
asc1 0.943 0.943 18% 3rd
Exp
ect
ed
sav
ing
(ID
R/m
on
th)
0 -1.257 2.227 43% 1st
90 -0.508
180 0.97
270 0.795
From the above mentioned coefficients and the graphical presentation, we understand that the part-
worth utility value of expected saving is saturated at IDR 180. Therefore, we use 180 value as the maxi-
mum range of providing monetary saving. (Later in the analyses, we also found that this finding is con-
sistent to the whole analyses on segregated cases based on both control variables and the initial percep-
tion of privacy mitigation strategies – supported by ANOVA test to the part-worth utilities of the 180 and
270 value that shows no significant difference between them).
After we calculate the part-worth importance of each attributes, we conclude that the expected monetary
saving has been the most important predictor deciding the utility value of the Ojek online personalization
service. Among the privacy attributes, we also found that PBA is the most important privacy type to pre-
dict the utility value of using a personalized Ojek online service. With its negative value, PBA appears as
the significant predictor to measure the utility value in providing a personalization service to the Ojek
online users. Furthermore, the positive sign is found in the asc1 value, which captures the general level of
the service’s utility value and the part-worth utility of PLS. This finding suggests that disclosing a location
information only still gives a positive overall utility value of using the service (ceteris paribus).
Additionally, from those coefficients, we want to calculate the buy-off value of each privacy type. To do
that, we calculate the Rupiah money per utility value of the ES variable, by dividing the range of WTA (IDR
180 – IDR 0) with the range part-worth utility value of the expected saving for the respected rupiah money
(0.97 – (-1.257)), which equals to IDR 80.83/utility value. By using this conversion, we can calculate the
buy-off value of each type of privacy.
From the calculation, we understand that the most “expensive” privacy type is the PBA, which equals to
IDR 131K (≈ 5 times average Ojek online trip). The PDI scores IDR 28K which equals to 1-time average Ojek
online trip. As the PLS part-worth utility and the general level utility of the service is entangled, we cannot
calculate the buy-off value of PLS. Nevertheless, we found a negative buy-off value of PLS and general
level utility of the service which concludes that by offering the basic ridesharing service (pickup and drop
Page | 109
off only), the company can acquire the users’ PLS information without performing any other additional
measures. Table 5.21 summarizes the buy-off value of each privacy type.
Table 5.21. Buy-off value of each privacy type
Item Buy-off Value (IDR)
Rupiah per utility
value
80.826
PBA 130.938
PDI 27.885
PLS + general level
utility (GLU)
-76.219
The above mentioned result suggests that the data acquirer company should prepare IDR 130.938 (≈
€9.03) per month to “buy” the users’ behavioral information and IDR 27.885 (≈ €1.92) per month to “per-
suade” the users to allow the company to use their personal data as secondary uses.
5.4.2 Estimation to the segregation data based on demographic variables In addition to the estimates to the overall population, we also conduct segregations based on our previ-
ously defined demographic variables. This segregation is useful to measure the consistency as well as
understand the perception of the specific population related to their privacy ranking and its buy-off value.
In certain group segregations, we found the model could not determine the coefficient of the PDI due to
insignificance in the estimation results. These groups are: high salary group and old group. We then ex-
clude this attribute from the further calculation in those groups. Likewise, after we estimate all the coef-
ficients, we calculate the buy off value of each privacy type. Table 5.22 and Table 5.23 summarize the
estimation results and the buy-off value calculation from the cases that are segregated based on control
variables.
Page | 110
Table 5.22. Coefficient estimation based on demographic variables segregations
Beta11
Gender Salary Previous experience Education Age Self-efficacy
Male Female Low High Reject to dis-close
Positive Negative Low High Young Old Low High
B_pba -1.48 -1.75 -1.61 -1.51 -1.89 -1.18 -1.8 -1.77 -1.59 -1.64 -1.56 -1.54 -1.71
B_pdi -0.51 -0.207* -0.369 NA -0.618 -0.521 -0.276 -0.39* -0.336 -0.405 NA -0.441 -0.24
asc1 0.861 1.01 1.1 0.555 0.947 0.742 1.03 0.951 0.943 1.04 0.556 1.24 0.617
Exp
ect
ed
savi
ng
0 -0.983 -1.473 -1.38 -0.988 -1.242 -1.045 -1.339 -1.522 -1.198 -1.281 -1.176 -1.45 -1.05
90 -0.385 -0.621 -0.506 -0.456 -0.598 -0.656 -0.455 -0.568 -0.494 -0.508 -0.494 -0.429 -0.623
180 0.785 1.12 1.07 0.684 1.02 0.83 1.03 1.09 0.944 1.03 0.724 1.01 0.932
270 0.583 0.974 0.816 0.76 0.82 0.871 0.764 1 0.748 0.759 0.946 0.869 0.741
Estimation data
observation 888 1232 1328 480 312 600 1520 416 1704 1696 424 1168 952
ρ square 0.169 0.248 0.23 0.163 0.239 0.182 0.224 0.247 0.201 0.22 0.186 0.237 0.198
Table 5.23. Buy-off value of privacy based on control variables segregations
Buy-off value (IDR .000)
Gender Salary Previous experience Education Age Self-efficacy
Male Female Low High Reject to disclose
Positive Negative Low High Young Old Low High
PBA 151 121 118 163 150 113 137 122 134 128 148 113 155
PDI 52 14 27 NA 49 50 21 27 28 32 NA 32 22
PLS + GLU -88 -70 -81 -60 -75 -71 -78 -66 -79 -81 -53 -91 -56
11 * indicates significant at 0.1; NA indicates the estimate is not significant at 0.1
Page | 111
5.4.3 Estimation to segregated data based on initial perception of WTD, privacy
concerns, and the privacy mitigation construct In addition to the analyses of demographic variables’ influence to the conjoint analysis results, we also
wanted to investigate whether the initial perceptions of the willingness to disclose level and the privacy
concerns level are influencing the importance perception of the users’ privacy type as well as its buy-off
value. Additionally, we also want to investigate whether the users’ perception towards certain privacy
mitigation strategy influence their perception of privacy rankings and its buy-off value.
To do that, we re-classified the cases by calculating the standardized privacy mitigation strategy variables,
then grouped the cases that scores lower than 0 (zero) to the relatively low perception group and higher
than 0 to relatively high perception group. By this ruling, we can have (almost) equal number cases for
each estimation.
After we re-classify the cases, we run the program to estimate the coefficients in each class. Next, we
calculate the buy-off value of each privacy. Table 5.24 and Table 5.25 summarizes the estimation results
and the buy-off value of privacy calculations.
Page | 112
Table 5.24. Coefficient estimations based on privacy constructs segregations
Beta Privacy concern Perception to benefits Willingness to disclose
Individual self-pro-tection
Industry self-regula-tion
Government regulation
Low High Low High Low High Low High Low High Low High
B_pba -1.74 -1.5 -1.66 -1.6 -1.49 -1.76 -1.7 -1.55 -1.65 -1.6 -1.7 -1.57
B_pdi -0.379 -0.316 -0.324 -0.372 -0.302 -0.39 -0.388 -0.317 -0.366 -0.327 -0.3 -0.381
asc1 1.05 0.833 1.01 0.891 0.902 0.989 1.02 0.883 1.07 0.807 1.07 0.858
Exp
ect
ed
savi
ng
0 -1.344 -1.173 -1.461 -1.077 -1.152 -1.364 -1.42 -1.132 -1.475 -0.991 -1.51 -1.085
90 -0.465 -0.557 -0.576 -0.446 -0.411 -0.612 -0.446 -0.555 -0.565 -0.439 -0.452 -0.552
180 0.936 1.01 0.987 0.961 0.893 1.05 1.05 0.907 1.04 0.884 1.03 0.932
270 0.873 0.72 1.05 0.562 0.67 0.926 0.816 0.78 1 0.546 0.932 0.705
Estimation data
observation 1096 1024 1056 1064 1024 1096 944 1176 1216 904 896 1224
ρ square 0.223 0.197 0.238 0.187 0.181 0.238 0.227 0.196 0.243 0.174 0.236 0.194
Table 5.25. Buy-off value of privacy based on privacy constructs segregations
Buy-off value (IDR .000)
Privacy concern Perception to benefits Willingness to disclose Individual self-protec-
tion Industry self-regula-
tion Government regula-
tion
Low High Low High Low High Low High Low High Low High
PBA 137 124 122 141 131 131 124 137 118 154 120 140
PDI 30 26 24 33 27 29 28 28 26 31 21 34
PLS + GLU -83 -69 -74 -79 -79 -74 -74 -78 -77 -77 -76 -77
Page | 113
5.4.4 Conclusion This section has analyzed how the users rank their privacy and how much they are willing to accept to give
out this privacy. From the abovementioned analyses, we can conclude that the potential saving generated
by the personalization service has been the most significant predictor to measure the total utility value of
the service. This finding suggests that the utility value of personalization service is mainly generated by
the utilitarian aspect of the service and not the personal data involved in generating this service.
Focusing on the personal data involved in offering the service, we analyze each type of privacy. Firstly, the
privacy of behavioral and action, i.e., “the ability to behave in public, semi-public or one’s private space
without having actions monitored or controlled by others” (Finn et al., 2013, p. 8), which is operationalized
by submitting the users’ buying behavior to the company. The users value PBA as the most valuable pri-
vacy with 32% predictive power to measure the total utility value of the personalization service. Further-
more, the PBA part-worth utility value is higher than the highest possible part-worth utility value of the
expected saving. This finding is consistent not only in the generic estimation, but also in all over segrega-
tion analysis. To acquire users’ behavioral data, the data acquirer company should prepare (on average)
IDR 133K (≈ €9.2) per month.
The next valuable privacy type is the PDI, i.e., the “concerns about making sure that individuals’ data is
not automatically available to other individuals and organizations and that people can exercise a substan-
tial degree of control over that data and its use” (Finn et al., 2013, p. 8), which is operationalized by the
willingness of receiving advertisement from other companies. The finding suggests that PDI can be ac-
quired by (on average) IDR 29K (≈ €2) per month. Lastly, the privacy of location and space, i.e., “the right
to move about in public or semi-public space without being identified, tracked, or monitored” (Finn et al.,
2013, p. 9). As we have set the disclosure of PLS as the default value of using the transportation service,
the value of PLS cannot be derived individually without incorporating the general level utility of the ser-
vice. Thus, we can only compare the PLS with the general perception with the basic utility service (i.e.,
pickup and drop off points). Our findings conclude that the PLS can be acquired by the use of the basic
transportation service only, without offering any additional effort. This might be caused by the needs of
users to enjoy the ride service as accurate as possible (related to the pickup and drop off location).
From the findings in the control variable cases segregation, we discover that there is no outlier found in
the findings. The findings suggest that the privacy buy-off values are quite consistent among the grouping
results. Therefore, we may conclude that the demographic properties of users do not influence the privacy
valuation. The graphical representation of this analysis is portrayed in Figure 5.4.
Page | 114
Figure 5.4. Graphical presentation of privacy buy-off value to the segregated data based on control variables
Looking into estimation results in the segregated cases based on initial perception of WTD, privacy con-
cerns, and the privacy mitigation construct, we could not find any outlier in the findings. The findings
suggest that the privacy buy-off values are consistent across the segregations based on the privacy miti-
gation strategy constructs. Therefore, we can also conclude that the items in the privacy mitigation strat-
egy constructs do not influence the WTA of the privacy. The graphical representation of this analysis is
portrayed in Figure 5.5.
Figure 5.5. Graphical presentation of privacy buy-off value to the segregated data based on privacy mitigation strategies
However, it should be noted that the operationalization of each privacy type is using a very specific con-
text in the P2P transportation service (i.e., pick up and destination point for PLS, buying behavior for PBA,
Page | 115
and receiving advertisement from other company for PDI), thus the ranking of the privacy and its buy-off
value might be dissimilar if applied to other type of context.
5.5 Discussion From the above mentioned analyses, we found a contradictory behavior of users in disclosing their per-
sonal information. Even though the level of privacy concerns is high, the respondents do not mind to
disclose their personal information, regardless the presence of the security measures and privacy practice
performed by the company. This finding shares the same finding in prior research by Rohunen et al. (2014)
in the context of disclosing users’ driving behavior for the European open data initiative to Finnish popu-
lation. This argumentation is also strengthened by the exclusion of two ISP items from the analysis due to
their failure to meet the statistical sufficiency requirement (i.e., the refusal to disclose and anonymity
which do not pass the MSA threshold – see paragraph 4.2.2.3). By these exclusions, we can suggest that
even though people have high privacy concerns level, they still bluntly disclose their personal data to the
company that wants to acquire these data without even masking their personal data. Therefore, the pri-
vacy concerns do not significantly influence the willingness to disclose personal information.
Combining the multiple regression analysis results with the descriptive statistics, we can conclude that
giving intangible benefit partly contributes to the willingness to disclose personal information. Further-
more, the usefulness of the application is a more preferred intangible benefit than the personalization,
which in fact is the least preferred benefits chosen by the customers. Yet, the personalization is still per-
ceived as an important benefit of disclosing their personal data (suggested by the 5.96 mean value).
Surprising results are found in our study. Compared to the privacy empirical studies in developed coun-
tries, the predictors of the willingness to disclose of personal information in the emerging country is a lot
different. In the developed countries, the privacy concerns were the major predictor to the willingness to
disclose personal information (for example: Dinev and Hart (2006), Awad and Krishnan (2006), Kehr et al.
(2015), Taylor et al. (2009), Li and Unger (2012), and Liu et al. (2011)); whereas our findings suggest that
even though the privacy concerns level is high in general, they do not become the major predictor for the
willingness to disclose personal information. In other words, the high level of privacy concerns indiffer-
ently influences the users to disclose their personal information to the data acquirer company.
Additionally, our research also concludes that people with high self-efficacy level do not have high level
of willingness to disclose personal data. In fact, their willingness to disclose is lower, albeit insignificant,
than their low self-efficacy counterpart. This conclusion is contradictive with Keith et al. (2015), in which
they find the self-efficacy level positively correlates to the willingness to disclose personal data with the
mediating effect of perceived risk. The most probable explanation on this finding is the users who have
higher level of efficacy are more aware about the risks and harms of disclosing personal information than
their lower efficacy counterpart.
Moreover, the users’ previous privacy experience also does not influence the users’ willingness to disclose
information. In fact, only the salary variable has a significant effect on the willingness to disclose personal
information. People who have a higher level of income are less likely to disclose their personal infor-
mation. This result is supported by the ANOVA table in Appendix 5.3 Mean difference of the WTD vs.
demographic Variables. However, we should note that the context of the study is a P2P ridesharing ser-
vice, in which high salaried people seldom become the loyal user of this service. Furthermore, this finding
might be biased as we limit the population to the people who are aware of the P2P ridesharing concept.
Page | 116
In general, we may suggest that the insignificance result of privacy concerns and privacy experience to
predict the users’ willingness to disclose personal information might be caused by technophilia and eu-
phoria of users to try an innovative services offered by the company. We base this suggestion on Schor
and Fitzmaurice (2015), in which they present that technophilia and euphoria is one of the users’ motive
to collaborate in the ridesharing service. Additionally, we may also suggest that the users’ perception of
privacy concerns is already influenced by the power of persuasion and marketing. After the service was
introduced in the market in 2014, the mainstream communication medias often advertise the Ojek online
service in their prime spots (for example: liputan6.com (2016) and cnnindonesia.com (2015). This may
also elevate the users’ perception to the usefulness of the service which makes the users ignore their
initial privacy concerns. We base this suggestion to the research by Acquisti et al. (2009) and Acquisti,
Brandimarte, et al. (2015) which suggest that the privacy can be malleable by using persuasion of social
guidance (which can be influenced by the communication media marketing and word of mouth).
A noteworthy finding is found in the relationship between privacy assurance approaches variables (i.e.,
Individual self-protection, industry self-regulation, and government regulation and legislation) and the
privacy concerns variables, i.e., Internet users’ individual privacy concerns (IUIPC) and concerns for infor-
mation privacy (CFIP). We identify strong correlations between IUIPC and privacy assurance approaches
and between CFIP and privacy assurance approaches in the cross correlation table. We then conduct mul-
tiple regression analyses with IUIPC and CFIP as the dependent variables and ISP, ISR, and GLR as the
independent variables. However, the test results indicate only IUIPC is significantly explained (direct, pos-
itive relationships) by the whole privacy assurance approach construct. Nevertheless, a theoretical inves-
tigation and explanation are needed to investigate this relationship further
Looking into both multiple regression results and the cluster analysis results, we understand that even
though the average size of the privacy right assurance dominant strategy is formed bigger than the utili-
tarian dominant strategy, the dominant influential strategy to increase the users’ willingness to disclose
personal data is the utilitarian type strategy. It may suggest us that assuring the privacy right (by using
privacy assurance approaches) is not used to increase the users’ personal data disclosure, but it should be
the “default mode strategy” offered by the company.
The abovementioned suggestion is also strengthened by the finding in the multiple regression analyses,
in which we found only some privacy mitigation strategies that significantly influence the users’ willing-
ness to disclose personal information, but yet, the dominant cluster formed in the cluster analysis is the
total solution seeker. By this findings, we conclude that: in general, the population want their privacy is
assured as the prerequisite condition before the company acquires their personal data (regardless what
strategy is used to mitigate the users’ privacy concerns).
However, we must note that the presentation of instrument questions to perform the cluster analysis is
tendentious to make the respondents to choose all appropriate strategy without any expense (no trade-
offs are presented when making choice). Therefore, we perform the conjoint analysis as the complement
to the previously elaborated cluster analysis, particularly to present the trade-offs to the respondents.
Turning now to the elaboration of the conjoint analysis results, we concluded that privacy of behavior and
action (PBA) is the most precious privacy type between PBA, privacy of data and image (PDI), and privacy
of location and space (PLS) according to the population. From the descriptive statistic data and the con-
joint analysis result, however, we discovered that even though the unauthorized secondary use of per-
sonal information holds the highest privacy concerns value, a very minimal amount of money (IDR 29K ≈
Page | 117
€2) is required to buy the PDI. Furthermore, this conclusion is consistent across the segregation based on
control variables as well as the initial perception of WTD, privacy concerns, and the privacy mitigation
construct. This contradictory behavior might also be related to the technophilia (Schor & Fitzmaurice,
2015) and the malleability of privacy concerns (Acquisti, Brandimarte, et al., 2015; Acquisti et al., 2009).
To recap the discussion, we create Table 5.26 to summarize the abovementioned analyses. This table
combines the results of the hypotheses testing, the dominant cluster formed in the cluster analysis, and
the privacy buy-off values calculated from the conjoint analysis. Additionally, we also incorporate the total
utility values of personalization (generated by calculating the part-worth utility of PBA, PLS + GLU, and the
maximum part-worth expected saving), to capture the users’ perception to the personalization service in
P2P ridesharing.
Page | 118
Table 5.26. Research strategic summary12
Items Generic model (100%)
Gender Salary Previous Experience of
privacy intrusion Education Age Self-efficacy
Male (42%)
Female (58%)
Low (62.6%)
High (22.6%)
Reject to disclose (14.7%)
Positive (28%)
Negative (72%)
Low (20%)
High (80%)
Young (80%)
Old (20%) Low (88%)
High (12%)
Biggest cluster and size
Total so-lution seeker 86.8%
Total so-lution seeker 81.1%
Total so-lution seeker 94.2%
Total so-lution seeker 90.4%
Total so-lution seeker 95.0%
Total so-lution seeker 87.2%
Total so-lution seeker 96.0%
Total solu-tion seeker 88.4%
Total so-lution seeker 90.4%
Total so-lution seeker 85.0%
Total so-lution seeker 92.0%
Total so-lution seeker 84.9%
Total so-lution seeker 88.4%
Total so-lution seeker 81.3%
Influential variable(s) to increase WTD
Tangible benefit GRL
IUIPC Tangible benefit Intangible benefit ISR
Tangible benefit
Tangible benefit
Tangible benefit
Intangible benefit GRL
Tangible benefit ISP
CFIP Tangible benefit
Tangible benefit ISR
Tangible benefit Intangible benefit
Tangible benefit Intangible benefit ISR
Tangible benefit
Tangible benefit
IUIPC Tangible benefit
Privacy buy-off value
PBA 131 151 121 118 163 150 113 137 122 134 128 148 113 155
PDI 28 52 14 27 NA 49 50 21 27 28 32 NA 32 22
Total utility value of using P2P personalization service without reselling the data (using only PBA, PLS + GLU, and 180K monetary saving)
Utility value
0.293 0.166 0.38 0.56 -0.271 0.077 0.392 0.26 0.271 0.297 0.43 -0.28 0.71 -0.161
12 WTD = willingness to disclose personal information; IUIPC = internet user’s information privacy concerns (Malhotra et al., 2004); CFIP = concerns for information privacy (Smith et al., 1996); ISP = individual self-protection (or IPPR (Son & Kim, 2008)); ISR = industry self-regulation (Xu et al., 2012); GRL = government regulation and legislation (Xu et al., 2012).
Page | 119
From this table, we may suggest that the personalization service should not be offered to the high
salary group, the seniors group, or the high self-efficacy group, as the sum utility value of personaliza-
tion service in these groups shows a negative value. Moreover, we also found that the privacy buy-off
value of these groups is higher than their other counterparts. Thus, we may conclude that the people
on these groups value their privacy more than their other counterparts.
Also, the Table 5.26 also shows that the most-welcome groups to enjoy the personalization service
are the low salary group and the young group, in which the salary is strongly correlated to the age.
Both of these groups value personalization services with the highest level of utility value among the
others. As the personalization service requires the users’ behavioral data as its “raw material”, the
company should acquire these data before offering the personalization service. From the table, we
understand that both groups have the total solution seeker as the dominant cluster with more than
90% potential market share, thus it suggests the company to prepare a utilitarian strategy as well as
a privacy assurance strategy prior to the users’ data acquisition. However, to significantly increase the
groups’ willingness to disclose personal data, the company should prepare (at least) a tangible form
of benefit as a complement to the personalization service.
Moreover, the table shows the buy-off value of privacy (or the users’ WTA) in the form of the tangible
benefit. For the young users as example, with benefits valued as IDR 128K (≈ €8.82) per month, the
young users will willingly disclose their behavioral data to the company. Based on the descriptive sta-
tistic result, the most enjoyed benefit type is providing monthly discounts in using transportation ser-
vice. However, it does not close the possibility to offer the benefit in the form of bonus balance of
using P2P ridesharing service as well as a claimable voucher that can be redeemed at the partner
company in the P2P ridesharing ecosystem as these type of benefits is perceived positively by the
users. Additionally, if the company is also willing to resell the young users’ personal data, it only needs
to prepare an additional tangible form of benefit by IDR 32K (≈ €2.1) per month.
Furthermore, the table also serves additional purpose for a company who wants to offer a personali-
zation service that targets a specific type of customer. For example, if a company wants to offer per-
sonalization targeted at the high-school population (low educated population), it should prepare a
tangible form of benefit (with IDR 122K ≈ €8.4 value) as the complement to the personalization to
increase their willingness to disclose behavioral data. While, to further increase the users’ willingness
to disclose personal data, the company should also put a privacy seal in its mobile application.
Additionally, the abovementioned privacy valuation can be used to quantify the investment that need
to be prepared by multiplying these values to the market share targeted by the company. For example,
if a P2P ridesharing company in Indonesia wants to target 50% market share of Jakarta’s young popu-
lation (± 1.500.000 people) (Jakarta, 2015a), the company needs to prepare investment ± IDR 180
billion (≈ € 12.8 million) per month to acquire the users’ behavioral data. This number can be the
indication of how much the required investment in order to buy the raw material data to offer per-
sonalization to the young users.
Page | 120
This page is intentionally left blank
Page | 121
6 Concluding chapter
The final chapter of this thesis presents the results of our study. The first paragraph (6.1) provides the
conclusion of the research, which is written based on the summarization of the conclusion in the pre-
vious chapters. Also, this conclusion serves as the answer of our main research question. Next, para-
graph 6.2 elaborates the implications of this study to the previously built theory of privacy decision
making. Furthermore, the societal implications as well as managerial recommendation derived from
our findings are also provided in this paragraph. Next, paragraph 6.3 explains the limitations of our
study, which resulted from our choice of research strategy, statistical method preference, and popu-
lation and sample targeting. Finally, the recommendations for future research as well as possible im-
provements of our research are provided in paragraph 6.4.
6.1 Conclusion Information and communication technology (ICT) development has made previously unthinkable in-
novations become possible. Especially for the internet as a general purpose technology, it lowers the
barrier to entry of internet based business. Take a look at the P2P ridesharing service, which bases its
operations on the internet and the ubiquity of smartphones. The number of P2P ridesharing (digital)
platforms has been spreading exponentially lately as a proof that internet has lowered the barrier to
entry for such business opportunity. On the other hand, it will also make the competition become
tighter. Hence, this tense competition urges the platform owners to innovate further so it can sustain
and grow its business in the market. One of the opportunities to do that is by offering personalization,
which heavily uses personal data as the “raw material”.
With the development of tracking devices, social media, and positioning systems, ICT makes users’
personal data captures become easier. Thus, the use of personal data has also been increasing by this
data capture easiness, which indeed will increase the privacy concerns of the users and resist users
from giving out their personal data. On the one hand, the company needs to have the users’ personal
data as the raw material to offer additional value. On the other hand, the users have the right to reject
any personal data disclosure performed by the company. Nevertheless, the recent ICT development
has also opened another view of privacy as tradable interest which can be bought by the company by
giving additional benefits.
From this rationale, this research is conducted with the objective to make recommendations to the
peer-to-peer ridesharing platform provider in the effort of mitigating the privacy disclosure issue, by
investigating the general model of privacy mitigation strategy, segmenting the users, and matching
the mitigation strategy to each segment with respect to the view of privacy as a right as well as an
interest.
To support the objective, we develop the following main research question:
RQ: In the view of privacy as both right and interest, what strategy fits to certain segments of
users in the effort of mitigating the users’ privacy concern in the context of Indonesian peer-to-
peer ridesharing service?
Page | 122
The aforementioned objective is explored under the context of the P2P ridesharing service in the In-
donesian market. Therefore, to provide a clear understanding of the context, the elaboration of P2P
ridesharing service and its ecosystem and implementation in the emerging markets are provided.
Furthermore, to provide a solid answer to the main research question, we structure the RQ into sev-
eral sub-questions, in which the answers of these sub-question will build up the answer of the main
research question.
SQ1. What is the peer-to-peer ridesharing service and how is the elaboration of the concept and
its application in the Indonesian emerging market?
Chapter 2 has elaborated the P2P ridesharing concept as the derivative form of collaborative con-
sumption concept implemented in the personal transportation field. Initially, the motive of collabo-
rating in the system was the utopian motivation, such as: to create a greener environment and benev-
olent to help the others. However, in the recent days, the motivations of collaborating in the system
have shifted toward more utilitarian and hedonistic motives.
The Indonesian P2P ridesharing concept has emerged exponentially by the help of ubiquity of
smartphone and development of internet access, which make the concept becomes widely available.
ICT development has elevated the innovative potential of a ridesharing concept. By using a digital
platform, the ridesharing ecosystem can enjoy the loosely coupled potential so it can extend the eco-
system without the need to modify the overall ecosystem. However, as the ecosystem becomes more
complex, the users’ personal data involved in the ecosystem will be threatened, and it will elevate the
privacy concerns of the users. Therefore, before the company starts acquiring and exploiting the users’
personal data, it needs to prepare appropriate privacy assurance measures as well as additional value
benefit to the users in return to their disclosed personal data.
To further explore the privacy and types of personal data involved in the ridesharing as well as the
users’ privacy decision making rationale, we formed the following SQ2 as follows:
SQ2: What is privacy, what are the constructs that build up the privacy decision making theory,
and how can the company prepare the implementation of privacy mitigation strategy?
Chapter 3 elaborates the definition of privacy, the privacy decision making theory as well as the con-
structs that build this theory. We conclude that privacy can be defined both as a right and as an inter-
est. Seeing privacy as a right means that the data subjects still see the privacy assurance is the right
they need to have, whereas seeing privacy as an interest means that data subjects start to see privacy
as a tradable interest that can be used as a means to get certain benefits. The mainstream privacy
decision making theory bases the rationale in the cost and benefit analysis. The cost part of the ra-
tionale is represented by the privacy concerns and the associated privacy risks that need to be given
up by the data subjects, whereas the benefit part is represented by (additional) benefit that they may
get from their disclosed personal data.
The cost and benefit analysis presumes that the cost and the benefit are free from uncertainty. How-
ever, this condition never be the case in the real products/services available in the market. The real
market always introduces incomplete information, bounded rationality, and deviation from rational
strategy in the process of cost and benefit evaluation (Acquisti & Grossklags, 2005; Waldo et al., 2007).
Furthermore, the context dependencies and malleability of perception of privacy further complicate
the individuals’ decision making process (Acquisti, Brandimarte, et al., 2015). All these conditions may
limit the individuals’ from getting the maximum utility they may have.
Page | 123
Based on the aforementioned analyses, we argue that putting the utilitarian approach only to mitigate
the privacy concerns is problematic. Therefore, we develop our privacy decision making framework
by combining the utilitarian approach and non-utilitarian approach as the base rationale in order to
disclose personal data. We include the privacy assurance approaches as the non-utilitarian approach,
including: (1) individual self-protection which is developed from individual privacy protection re-
sponses (Son & Kim, 2008), (2) industry self-regulation, and (3) government regulation and action (Xu
et al., 2012).
In regard to the privacy decision making rationale, we hypothesized that the users’ willingness to dis-
close personal data will be influenced by (1) the users’ privacy concerns, in which we elaborate this
construct into two sub-constructs, i.e., the Internet users’ individual privacy concerns (IUIPC) and con-
cerns for internet privacy (CFIP); (2) the privacy benefits offered by the company, in which we detail
the construct into two type of benefits, i.e., tangible and intangible benefit; (3) the privacy assurance
approach that accentuate the privacy control, in which we detailed the measures into individual self-
protection as the active control part and industry self-regulation and government regulation and leg-
islation as the passive control part.
Furthermore, with regard to the abovementioned mitigation strategies, the company can prepare
their actions which can be broken down as follows: Firstly, by offering tangible benefits the company
needs to prepare cash to “buy” the users’ personal data. This cash can be distributed directly as: sign
up bonus (Li et al., 2010; Xu et al., 2009), or indirectly as: discount in monthly fee (Derikx et al., 2016).
Secondly, by offering intangible benefits, the company should prepare an investment in technology to
offer a more efficient and useful service to its customer, in order to acquire their personal data. This
technology is developed in order to offer additional value that can be in a form of: personalization
service (Li & Unger, 2012; Liu et al., 2011; Xu et al., 2011) and service accuracy (Lee & Kwon, 2015).
Thirdly, to ensure the individual users control (ISP), the company should prepare an excellent customer
service department, since the users with high ISP level incline to make complaints often both directly
or indirectly via any medias available (email, phone call, and social media) (Son & Kim, 2008). Fourthly,
to implement ISR, the company needs to prepare a proven privacy policy and governance and hire 3rd
party auditor to audit and standardize the organization’s privacy practice (Xu, 2007; Xu et al., 2011;
Xu & Teo, 2004; Xu et al., 2009). Finally, the company should also urge the government to issue an
adequate personal data protection law (Xu, 2007; Xu et al., 2011; Xu & Teo, 2004; Xu et al., 2009).
Nevertheless, the privacy valuation is also important to quantify and measure the investment needed
or should to be prepared in order to perform the aforementioned strategies.
Additionally, we explored the multi-dimensional aspects of privacy. We argue that, in respect to the
recent technology developments, the multi-dimensionality of privacy is well fitted to Finn et al. (2013)
privacy categorization. In summary, Finn et al. (2013) privacy categorization consists of: Privacy of
the person, Privacy of behavior and action, Privacy of communication, Privacy of data and image,
Privacy of thought and feeling, Privacy of location and space, and Privacy of association (including
group privacy).
Based on the aforementioned context of study, we identify that there are three types of privacy that
are closely associated with the P2P ridesharing service. Firstly, the privacy of behavior and action
(PBA) which is related to the effort to provide personalization to the customers. Secondly, the privacy
of location and space (PLS) which is needed to the service fulfilment, i.e., the user has to disclose the
pickup and drop-off location when using the service. And finally, the privacy of data and image (PDI)
which is related to the providing 3rd party advertisement to the customers.
Page | 124
After we have a complete understanding of the context of study as well as the theoretical framework
that build up the thesis, we test the aforementioned privacy decision making theory in the context of
P2P ridesharing service by using empirical data gathered from 265 Jakarta population by using a survey
questionnaire. By conducting the hypotheses testing, we aim to answer the following sub-question:
SQ3. To what extent are the privacy decision making constructs influencing the users’ willingness
to disclose their personal information?
Chapter 5.2 has concluded that the tangible form of benefit, such as: sign up credit or shopping
voucher (direct type) or monthly transportation discount (indirect type) has been the dominant con-
struct in predicting and influencing the users’ willingness to disclose personal data. Furthermore, the
privacy concern constructs, which have a strong influence on the willingness to disclose personal data
in prior studies; such as: Dinev and Hart (2006), Awad and Krishnan (2006), Kehr et al. (2015), Taylor
et al. (2009), Li and Unger (2012), and Liu et al. (2011); do not significantly influence the willingness to
disclose personal data in our case. Moreover, only one construct of privacy assurance measures (i.e.,
the government regulation and legislation) significantly influences the willingness to disclose personal
data. Even though the findings vary to different segregated of data, the tangible benefits still become
the dominant predictor to increase the willingness to disclose personal data.
Despite we now have the knowledge to increase the willingness to disclose personal data, we need to
make a classification of users based on the appropriate privacy mitigation strategy, which will explain
the “default-prerequisite” condition preferred by the customer as well as the “catalyst” to increase
the personal data disclosure. Furthermore, this classification can also be used to predict the market
size of specific target markets as well as the focused privacy mitigation strategy prepared by the com-
pany to acquire the users’ personal data. For those reasons, the following SQ4 is formed.
SQ 4: How can the users be segmented based on the privacy concern mitigation efforts?
Chapter 5.3 elaborates the findings of the cluster analysis to answer the question SQ4. We conclude
that the majority of the population is formed by the total solution seeker cluster, which means they
want their privacy is assured as well as traded with both tangible and intangible benefits. The total
solution seeker group has dominantly captured the biggest potential market size in the market which
occupies more than 80% of market in the general segmentation as well as segregated data segmenta-
tion. Additionally, our findings conclude that no one wants only partial type of strategy only (partial
utilitarian type strategy without any right assurance strategy, or partial right assurance strategy with-
out any utilitarian type strategy) to applied to mitigate the privacy concerns. Furthermore, our findings
also suggest that everyone in the population wants their privacy concerns are mitigated before dis-
closing his/her personal information.
From the answers to aforementioned analyses, we have the knowledge of what strategy can be ap-
plied to increase the personal data disclosure and to which group this strategy is applied. However,
we still lack of knowledge of the magnitude of the strategies, especially of the strategies that are re-
lated to tangible type of benefit. To have this knowledge, we developed an experimental study to
measure the willingness to accept (WTA) of users in return for the personal data disclosure. Specifi-
cally, we develop the SQ5 as follows:
SQ 5: To what extent do the users rank the value of each personal information relative to the
other type of personal information and how much is the buy-off value for each of their personal
information?
Page | 125
In Chapter 5.4 we conclude that privacy of behavior and action has been the most valued privacy type
in the context of P2P ridesharing service, with the WTA value of (on average) IDR 133K (≈ €9.2) per
month. Furthermore, a different valuation is found in the other type of privacy. Privacy of data and
image, which is operationalized by accepting advertisements from 3rd party company, is valued (on
average) IDR 29K (≈ €2) per month. And finally, the privacy of location and space, in which we set this
privacy as the default disclosure in using the service, can be acquired by usefulness of the service only,
without performing any mitigation strategy. These findings also conclude that the multi-dimensional-
ity of privacy is conclusive, as the users valued different types of privacy differently.
From the elaboration of the context and the recent development of technology, in the chapter 2.2,
and compounded by the ridesharing business ecosystem in the chapter 2.4, we understand how the
competition in the ridesharing looks like and how the ridesharing company can innovate further to
sustain its market share and grow their profit by means of offering value added services on the basis
of personal data analytics, we can conclude that it is very likely that the users’ privacy concerns are
elevated. In the perspective of the ridesharing company, however, the question still remains. What
should P2P ridesharing companies which uses personal data analytics based innovation do to acquire
their users’ data? And how much is the investment needed to acquire those personal data? We argue
that these companies should employ a focused mitigation strategy in the process of acquiring their
users’ personal data. Thus, to answer the main research question and the research objective, we pro-
vide the following Table 6.27 is yielded from the answers of SQ3, SQ4, and SQ5.
Page | 126
Table 6.27. Recommendations for company related to privacy concerns mitigation strategy13
Items Generic model (100%)
Gender Salary Previous Experience of
privacy intrusion Education Age Self-efficacy
Male (42%)
Female (58%)
Low (62.6%)
High (22.6%)
Reject to disclose (14.7%)
Positive (28%)
Negative (72%)
Low (20%)
High (80%)
Young (80%)
Old (20%) Low (88%)
High (12%)
Biggest cluster and size
Total so-lution seeker 86.8%
Total so-lution seeker 81.1%
Total so-lution seeker 94.2%
Total so-lution seeker 90.4%
Total so-lution seeker 95.0%
Total so-lution seeker 87.2%
Total so-lution seeker 96.0%
Total solu-tion seeker 88.4%
Total so-lution seeker 90.4%
Total so-lution seeker 85.0%
Total so-lution seeker 92.0%
Total so-lution seeker 84.9%
Total so-lution seeker 88.4%
Total so-lution seeker 81.3%
Influential variable(s) to increase WTD
Tangible benefit GRL
IUIPC Tangible benefit Intangible benefit ISR
Tangible benefit
Tangible benefit
Tangible benefit
Intangible benefit GRL
Tangible benefit ISP
CFIP Tangible benefit
Tangible benefit ISR
Tangible benefit Intangible benefit
Tangible benefit Intangible benefit ISR
Tangible benefit
Tangible benefit
IUIPC Tangible benefit
Privacy buy-off value
PBA 131 151 121 118 163 150 113 137 122 134 128 148 125 217
PDI 28 52 14 27 NA 49 50 21 27 28 32 NA 30 NA
13 WTD = willingness to disclose personal information; IUIPC = internet user’s information privacy concerns (Malhotra et al., 2004); CFIP = concerns for information privacy (Smith et al., 1996); ISP = individual self-protection (or IPPR (Son & Kim, 2008)); ISR = industry self-regulation (Xu et al., 2012); GRL = government regulation and legislation (Xu et al., 2012).
Page | 127
6.2 Contributions The aforementioned results contribute to the prior privacy decision making study as well as provide critics
to the prior research. Furthermore, our empirical finding would also produce societal implications and
managerial (and policy) recommendations in respect to the use of privacy practice and personal data an-
alytics.
6.2.1 Academic contribution
6.2.1.1 Assuring privacy right as the default and prerequisite condition Our study is the first attempt to combine the utilitarian view of privacy and the right assurance view of
privacy in one context of study. From the cluster analysis results, which produce the total solution seeker
as the dominant cluster, we may suggest that even though the privacy starts to be seen as a means to get
utilitarian benefits, scholars should not forget/disregard the fact that privacy is initially seen as a right.
Thus, assuring the privacy right still becomes the mandatory and prerequisite condition before starting to
explore the utilitarian aspect of privacy. Therefore, future scholars who study privacy should also consider
the holistic view of privacy, i.e., from the right aspect as well as from the utilitarian aspect.
6.2.1.2 Multi dimensionality of privacy This study concludes that data subjects put different value for each type of privacy. Therefore, seeing
privacy as a single dimension will be problematic and inappropriate. As the context of our research only
allows us to include three types of privacy, i.e., privacy of behavior and action, privacy of location and
space, and privacy of data and image; further studies using different types of context should be performed
to further investigate the value of the other types of privacy.
6.2.1.3 Contextual settings influence the privacy calculus rationale and the value of privacy Our research concludes that the contextual settings are also influencing the users’ privacy calculus ra-
tionale, which is derived by their cost-benefit perception. This mechanism is operable by the difference of
privacy valuation involved in the specific context of use that is valued by the users. In our study, the privacy
of data and image (PLS) and privacy of behavior and action (PBA) are valued differently, in which the PLS
can be bought by the usefulness of the service only, whereas the PBA needs additional tangible form ben-
efits to be bought. We may suggest that the privacy type (in this case: PLS) that is mandatory needed to
provide a certain service (in this case: ridesharing service), is valued lower than the privacy that is not
directly related to the service fulfillment. Therefore, future research about the privacy calculus and privacy
valuation should also consider the conclusion that contextual setting influence the users’ privacy calculus
rationale and how the users value privacy.
6.2.2 Societal implication and managerial recommendation
6.2.2.1 Privacy right assurance is not an option, rather a mandatory condition From the conclusion derived from cluster analysis and multiple regression analysis, we have found that
the privacy assurance approaches are chosen by most respondents. However, these variables do not sig-
nificantly influence the users’ willingness to disclose personal information. Furthermore, the results from
cluster analysis have also concluded that respondents are incline to choose the right assurance dominant
approaches rather than utilitarian dominant approaches. Those findings suggest that company should per-
form privacy assurance approach as the prerequisite condition prior to personal data acquisition.
6.2.2.2 Not everyone can be a target for personal data analytic based personalization For the companies that are willing to offer personalization series based on personal data analytics, it
should be noted that not all market segments are willing to enjoy personalization or realize the positive
utility value of the personalization service. Thus this company should choose the target market carefully
and prepare the privacy mitigation strategy accordingly. Our strategic summary in Table 5.26 presents
Page | 128
suggestions to this matter, particularly to which market the P2P ridesharing personalization service could
be applied, and by what strategy and by how much money their personal data can be acquired.
6.2.2.3 Data subjects value forms of privacy differently. Our study concluded that users value each privacy type differently. Therefore, the company which wants
to acquire a specific type of privacy should prepare different efforts and “prices”. Based on our summary
in Table 6.27, we can quantify the investment needed to target each group of customer. For example, the
company that wants to use 30% Jakarta female population as the target for personalization should prepare
cash investment = 1.470.000 (number of people) x IDR 121.000 = IDR 177.870.000.000 (± € 11.8m) to
acquire the female populations’ behavioral data. This value of investment might be accurate as female
population regards only the tangible benefits as the efficient means to mitigate their privacy concerns.
However, we should note that this value might differ for each group according to the (projected) size of
the target market and the perceived efficient means to mitigate its privacy concerns.
6.2.2.4 Be aware of the risk of storing and using personal data Even though the tangible benefits type of mitigation strategy is more preferred by the majority of people,
the effort to assure privacy rights should not be left out. This recommendation is implied based on the
high mean value of the intention to share and the negative experience in our finding, which could produce
a quantifiable risk of damaging the company’s brand image. Furthermore, this risk is amplified as the ma-
jority of Indonesian people are active social media users, which is concluded by the high daily amount
average of using social media (almost 3 hours daily use of social media, in which more than 85% of these
users are people aged 13 to 39 years old – which has been the most attractive age range according to our
finding) (Kemp, 2016; Sadowski, 2016).
6.2.2.5 The need of using advanced privacy enhancement technologies As we have concluded in the analysis, assuring privacy rights is the default condition as well as prerequisite
before conducting personal data capture. Therefore, with recent technology developments which can be
used to guard as well as to invade privacy, a data acquirer company should prepare an advanced privacy
enhancing technology. This technology should allow the data subjects to perform (but not limited to) ac-
tivities as follows:
1. Increase control over their data. To date, the only measure provided by the Indonesian companies
is the “unsubscribe” link from the email marketing mailing list. However, as a higher degree of
personal data may be involved, the company should employ a technology that is able to increase
the extent of control for the users over their disclosed data, for every type of personal data. One
example of this tool is the web/mobile app based dashboard setting where users are able to per-
form measurable control directly over their disclosed data, such as: Google’s my activity (myactiv-
ity.google.com), which allows the users to control whether they want to be the subject for tar-
geted marketing activity and administer which data can be used in such activity.
2. Perform substantial degree of anonymity. As we have seen in our finding, not everyone is willing
to be profiled plainly. Therefore, providing certain measures to perform anonymity or giving
pseudo name to such users may be appropriate.
3. Perform fully informed consent. This tool should help the users to be fully informed about the
company’s privacy practice, in the easiest and cheapest possible way before they start using the
service(s).
4. Negotiate the terms and conditions directly, which may involve a reward and other type of
measures.
5. Perform audit to the use of their data.
6. Remove and edit the accuracy of their data.
Page | 129
6.2.2.6 Urge the government of Indonesia to create an adequate privacy protection law Our research has concluded that the majority of the respondents are people who have been experiencing
privacy intrusion in their live. Yet, they still easily disclose personal data to a company that wants to ac-
quire their data. This might be a result of “take-it-or-leave-it” conditions offered to them. As personal data
use has been increasing, the government of Indonesia needs to create an adequate privacy protection
law. The current (draft of) privacy law still explains and regulates the personal data use on a very general
level, without providing the detailed use-case regulation and the audit and control mechanisms to the
company’s privacy practice. Therefore, a more detailed policy needs to be prepared, at least in accordance
to the APEC privacy framework. Furthermore, this issue becomes urgent due to the fact that ASEAN Eco-
nomic Community14 is initiated, thus might involve customers’ personal data transfer across the ASEAN
countries.
The privacy law should regulate the company’s privacy practice, including:
1. Harm prevention to the users’ personal data must be prioritized
2. Promotion of the users’ awareness of the company’s privacy practice, including the type of data
collected in the process, the purpose of the collection, the users of the data, and to whom the
data will be disclosed, should be explained in easiest way possible.
3. Requirement to have a fully informed consent (written or digitally) from the users.
4. Providing access to the users to control their data.
5. Providing choice to the users, even though the users do not want to disclose their personal data,
they should still be able to use the (limited) service. This condition is necessary to minimize the
take-it-or-leave-it situation.
6. The presence of an audit policy and punishment mechanism to the company.
7. Data transfer regulation, within country and between countries (transborder).
6.3 Limitations We understand that our research is far from perfection. This research is bound to a number of limitations
which are caused by: Firstly, the limitation of the literature review. The abundance literature of privacy
constructs forced us to limit the literature reviews by only using literature from 2010 onward and followed
by the snow ball method. Thus some important findings might be (accidentally) left out from the study.
Secondly, the context of study as Ojek online is minimally understandable by the general reader. Moreo-
ver, there is no scientific publication explaining the business model, business ecosystem, and business
operation of this context yet. Thus, we might not have a complete and scientific picture of the contextual
factors of the study. It is suggested to scientifically study the Ojek online concept by using an interview
approach to the actors involved in the ecosystem.
Thirdly, limitation related to the target population selection. We limited our respondents to people who
are familiar with the P2P ridesharing only, this choice may exclude the voice of people who are not familiar
with the concept. Therefore, the generalizability of the research may be limited only to the context of P2P
transportation users only. We may suggest the next study to use a broader selection of population to study
the overall perception of privacy. This might be done by using mobile phone users, for example, as the
target population; as currently Indonesian mobile operators start to build their own e/m-commerce to
also capture the benefit of the ubiquity of smartphones and the internet.
14 ASEAN economic community (AEC) is a major milestone to achieve economic integration within ASEAN countries, which consist of: Brunei Darussalam, Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam.
Page | 130
Fourthly, our sampling method is using stratified sampling based on Jakarta population. This method may
not capture other demographics which have different properties to Jakarta people. Therefore, the gener-
alizability of this research might only be applied to a population which has similar demographic properties
as Jakarta, such as other metropolitan cities in emerging countries.
Fifthly, limitation related to the data collection method. We only differentiated the location based on rural
or urban type of locations, yet, we did not identify the composition of people who might appear in these
locations beforehand. This may result in an overly representation of highly educated people, which may
result in bias in the statistical analysis. Furthermore, the choice of using the voucher form invitation might
be biased and only interactive to the people who have a high utilitarian mindset.
Finally, limitation related to the statistical method, including:
1. We did not run structured equation modeling (SEM) to the cases, especially to assess the relation-
ship between privacy concerns constructs and the privacy assurance approaches construct.
Whereas we understand that by using SEM, we can produce better estimates to draw the com-
plete relationship between constructs.
2. Instead of using latent class analysis (LCA), which bases the estimation to the model based proba-
bilistic (top-down) approach (Magidson & Vermunt, 2002); we chose the cluster analysis (which
bases the estimation to the distance – bottom up – approach) to produce the classification of
users, even though the cluster analysis is criticized as an atheoretical method (Hair et al., 2013).
Furthermore, as we do not have any prior models to estimate the number of formed clusters, we
limited the formed cluster from each analysis by only using the composition of the users and our
own interpretation to the graphical presentation of the cluster properties (to see the significant
different between formed clusters). We believe that conducting LCA will provide better insight
into the users’ classification since it can identify the latent properties of the members in one
group.
3. We use a very specific contextual illustration in our conjoint analyses, which may not be general-
izable to the other type of context. Moreover, the main assumption in the conjoint analysis is the
absence of collinearity between the tested attributes. Yet, we did not test the collinearity diagno-
sis of the attributes; especially in the relationship between PDI vs. PBA, PDI vs. PLS, and PDI vs.
PBA + PLS, which we believe they might be correlated in a certain extent; prior to the conjoint
analysis survey design.
6.4 Future research recommendations Given our limitations of study, we give several recommendations to the future research, which are:
1. Test the relationship of IUIPC, CFIP, and privacy assurance approaches by using SEM approach. By
conducting SEM analysis, we can have better insights into the relationships between IUIPC, CFIP,
and the privacy assurance approaches constructs.
2. Run the LCA to estimate the classification of users. Because LCA is a more powerful tool than
cluster analysis as it could estimate the confirmatory results of the cluster, and include moderating
variables in the analysis (Magidson & Vermunt, 2004).
3. Conduct an experimental assessment by using conjoint analysis which includes the interaction
effects of all attributes in our study.
4. Scientific analysis of the Indonesian P2P ridesharing business ecosystem. Collaborative consump-
tion scholars can start to explore the scientific analysis of the Indonesian P2P ridesharing ecosys-
tem, including but not limited to: the business model of the company, value network analysis,
Value – information – process analysis (VIP analysis), and the state-of-the-art implementation of
Page | 131
the business model in the company. Because these companies rely heavily on the technology in-
frastructure, the STOF framework can be applied to assess the company’s business ecosystem.
Additionally, scholars can also conduct a roadmapping and stress testing analysis to the existing
business model as well as the hypothetical personalization service that can be applied in the near
future.
5. Conduct privacy valuation study to measure other types of privacy. The examples of setting to
value different types of privacy are:
a. Privacy of the person. The suitable context of this privacy might be in the situation at
which people want to apply for a certain type of job which requires a specific informa-
tional background of the candidate.
b. Privacy of communication. This privacy may appear in the situation when national secu-
rity is compromised, but yet, people still want their trails undetected when they go online.
One example of setting to quantify privacy of communication is: a study of the willingness
to pay to use the advanced feature of an Onion routing network (for example: Tor Net-
work (Dingledine et al., 2004)).
c. Privacy of thought and feeling, which may only appear in the psychological therapy situ-
ation in which the “trust” is built among the parties who share the feeling. However, since
all psychologists always work under a vow to not reveal any communication and infor-
mation of the patients, this type of privacy is difficult to be quantified.
d. Privacy of association (including group privacy). This privacy type may only appear in the
condition when people belong to a certain group, thus makes this privacy type is difficult
to be measured.
6. Conduct design science research (see: Peffers et al. (2007)) to prepare the fit implementation of
personalization service in the P2P ridesharing service, including identify the latent values that
need to be preserved by the service.
Page | 132
This page is intentionally left blank
Page | 133
7 Critical reflections
“With great power comes great responsibility” (Lee, 1962)
It has been three years after the World Economic Forum concluded that new internet adopter countries
are less aware of privacy concerns (Dutton et al., 2014). But yet, our study concludes that the condition
has not changed, at least not in Indonesia. People with high privacy concerns level still easily disclose their
personal data to the company, regardless the privacy practice conducted by the company, which suggests
that they are not fully aware of the risks of disclosing their personal data. Nevertheless, Indonesia, as a
country with tremendous growth of internet penetration (Dutta; et al., 2015), still need to prepare an
adequate privacy protection law to be applied in the country.
I am living in the era when big data is newly emerged. Everyone talks about it. Technology market research
reports predict the hype of it. Everyone is so excited about it and embraces it. From the telecom infra-
structure vendors (such as: Cisco, Alcatel, Nokia, Huawei, Juniper, etc.), telecom operators, FMCG indus-
tries, market research companies, to the end users who start to explore the open IoT platforms; basically,
everyone. The vendors build the Internet of Things (IoT) devices, cloud computing infrastructure providers
build the server infrastructure, telecom operators sell the network infrastructure services, software com-
panies develop the tools to process the unstructured data. All of them collaborate to tap the tremendous
potential generated by IoT and the Big data, thus they create a euphoria in the ICT society. But sometimes
they forget about the other side of the coin. They need to be aware of the risks and the harm of this
technology. Therefore, every marketing activity of IoT should present balanced information to the society;
not only sell its benefits, but also present the potential risks and harms produced by IoT. Especially, to the
end users (and society) who are not fully informed about how this technology does work but yet too en-
thusiastic to use the technology.
I must suggest that every technology innovation should be started with a grand vision of a perfect world,
which I would define as: a world where the people are equally wealthy; a world where no conflict and
discrimination of religion and race exist; a world where an infinite term (not only a long-term) of sustain-
ability is achieved. All of these could be achieve when the technology can always ensure all the fundamen-
tal rights of people have, without any opportunity for others to intrude this right.
With this vision, technology innovators should think carefully to decide the ability and capability of their
artifact. Von Schomberg (2013) in his paper argues that:
“For modern innovations, responsibility for the consequences of implementation is primarily re-
lated to the properties and characteristics of the products or the technology and less to the priv-
ileged owners and creators of the technology. … all informed citizens should be able to make (safe
and responsible) use of it” (p. 4)
However, not everyone is responsible enough to operate and use the artifact. Therefore, technology in-
novators should be wise when designing a perfect artifact, in order to avoid and limit the potential of
misuse/abuse of this artifact. He/she needs to be socially sensitive to measure whether the society is ready
to accept his/her invention responsibly. Because when his/her invention reaches the market, the use and
improvement of this invention are decided by the market mechanism (Von Schomberg, 2013).
Page | 134
In every developed country, there will (almost) always be an adequate national innovation system and
regulatory that “incubate” the technological innovation and assess the sustainability potential of technol-
ogy innovation. But in Indonesia, where the people tend to replicate the success technology in the devel-
oped country to be applied there, this may not (if not never) be the case. It has been concluded that the
fragmented innovation policies and the absence of proper innovation system in Indonesia has hampered
the “formal” innovation performance (Vang, 2006). Therefore, most innovative products and services in
Indonesia are resulted from out-of-the-system innovation, either technology push (replica of the success-
ful technology in developed countries) or policy/market pull, which sometimes neglect the fundamental
ethic principles and lack of precautionary measures. Quite often, innovators in Indonesia release an inno-
vative product with arguments: “because we can” or “because there are good demands of it”, and aban-
don the long term effect of their invention.
I must present my research findings to Indonesian government as an empirical base to prepare an ade-
quate personal data protection law, and push the Indonesian government to build a proper national inno-
vation and regulatory system. Because technology cannot merely be seen as a tool, as it can transform the
way we live, the way we move, the way we work; in general, it can transform our society. We cannot stay
seeing technology as a black-box without putting ethical values in it. Therefore, the value sensitive design
(Van den Hoven, 2013) must be implemented in the technology invention, and the stakeholders should be
involved as early as possible and in every aspect of technology innovation, from the proof-of-concept of
the service to the acceptance test of the final artifact; from the dumb devices manufactured by the tech-
nology manufacturer to the technology services offered by the service providers; especially to the tech-
nology innovations that utilizes users’ personal data.
Page | 135
Those who plan do better than those who do not plan even though they rarely stick to their plan.
~ Winston Churchill
With regard to the research process, I have several reflections in my concern. This research project was
initially designed to be finished within 6 months of duration. Here and there adjustments were done dur-
ing the proposal development phase. Until the time I had the kick-off schedule, I realized that all those
plans were based on my plan, without considering the other stakeholders’ plan (my committee). There-
fore, minor deviations had to be made related to the summer break plan. In summary, I had additional a
one-month extension to finish this project.
Additionally, some deviations were also made during the project. The first deviation was because I had to
go back to Indonesia earlier due to unforeseen circumstances. Thus, to made my time efficient, I made
some adjustments in the plan, which was to perform the data collection earlier than it was initially
planned. This adjustment, however, had consequences. I had to finalize my chapter 3 (theoretical frame-
work) and chapter 4 (survey design) 3 weeks earlier. This was the moment when the maximum sleepless
nights in place.
The second deviation was related to the data collection process, mainly because my choice to use a
voucher as incentive to fill in the questionnaire. I did not realize that this choice also influences the re-
spondents’ composition and might possibly bias the analysis. This choice caused me to dedicate one-week
extension to perform face to face data collection, during that time I could not do other things in plan.
With the earlier data collection process, I can enjoy more flexible time in the later phase. Yet, this ample
time did not make me became more productive. I realized that I was experiencing the common novice
project manager’s problems in managing a project, i.e., student syndrome15 and Parkinson’s law16, in
which both problems might possibly cause delays to the project.
I am quite lucky though. Because I have taken a project management course during my study. Thus, I
quickly realized the problem and adjusted my timeline tighter, so I did not have time to procrastinate.
From this experience, I would suggest the program manager of Management of Technology to include
Project management course (at least the basic one) in the core module of MOT curriculum.
Nonetheless, I seeked satisfactory steps only in choosing my statistical analysis method, particularly
related to clusterization and segmentation of users. If I was asked what would I do differently if I had a
chance to re-do the research, I would dedicate more time in studying advance statistical methods before
deciding which method I would use in my analysis.
15 Student syndrome is a behavioral issue in project management, especially in the theory of constraint (TOC). The student syn-drome states that the more time a project has does not improve the quality and the quantity of the project because the project manager tends to leave everything in the last minutes (Blackstone Jr et al., 2009; Rand, 2000) and wastes the time buffer mar-gins (Lechler et al., 2005). 16 Parkinson’s law is also a behavioral issue in the TOC, which means that individuals tend not to finish the tasks ahead, even though they have an opportunity to do so (Blackstone Jr et al., 2009; Lechler et al., 2005).
Page | 136
Successful and unsuccessful people do not vary greatly in their abilities. They vary in their desires to
reach their potential. ~ John Maxwell
This thesis is developed adhered to the strong foundation of the management of technology (MOT) cur-
ricula, particularly the ICT Management specialization, in which the core objective of MOT program is to
prepare the future technology manager as a competent, responsible, and ethical manager that can apply
the knowledge compiled from MOT curricula into meaningful and measurable artifact that will be able to
contribute to the sustainable society development.
The foundational of ethical value that need to be preserved by any (technology) artifact is generated by
studying the social value, whereas the implementation of this value is studied in technology dynamic
course. Additionally, the basic knowledge of digital platform to elaborate the role of technology in the
peer-to-peer (P2P) ridesharing service is synthesized from ICT design and valorization and mobile apps
course. Furthermore, the foundation of knowledge to analyze the business ecosystem of such service as
well as the potential expansion of the ecosystem are produced from e-Business course in ICT specializa-
tion.
Moreover, the pillars of conducting this scientific research are also gathered from the foundational
knowledge in social and scientific value course which then is compounded by scientific method course.
Nevertheless, other fundamental core curricula also build up my foundational logical analysis, such as:
Financial management, High – tech marketing, and economic foundation.
Page | 137
References
Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509-514.
Acquisti, A., Dingledine, R., & Syverson, P. (2003). On the economics of anonymity. Paper presented at the International Conference on Financial Cryptography.
Acquisti, A., & Grossklags, J. (2004). Privacy attitudes and privacy behavior. Economics of information security, 12, 165.
Acquisti, A., & Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security & Privacy(1), 26-33.
Acquisti, A., John, L., & Loewenstein, G. (2009). What is privacy worth. Paper presented at the Workshop on Information Systems and Economics (WISE).
Acquisti, A., Taylor, C. R., & Wagman, L. (2015). The economics of privacy. Available at SSRN 2580411. Adomavicius, G., & Tuzhilin, A. (2005). Personalization technologies: a process-oriented perspective.
Communications of the ACM, 48(10), 83-90. adyen.com. (2015). Over 27% of global online transactions are now on mobile devices. Retrieved 29
November, 2015, from https://www.adyen.com/home/about-adyen/press-releases/mobile-payments-index-april-2015
Ahmed, R., & Ho, S. Y. (2011). Privacy concerns of users for location-based mobile personalization. Paper presented at the CONF-IRM 2011 Proceedings.
Allianz. (2015). Aman Pake Gojek. Retrieved 14 April, 2016, from http://www.allianz.co.id/program-allianz/promo/gojek
Altman, I. (1976). Privacy:" A Conceptual Analysis". Environment and behavior, 8(1), 7. APEC Privacy Framework (2005). Assembly, U. G. (1948). Universal declaration of human rights. UN General Assembly. Awad, N. F., & Krishnan, M. (2006). The personalization privacy paradox: an empirical evaluation of
information transparency and the willingness to be profiled online for personalization. MIS quarterly, 13-28.
Awwal, M. A. (2012). Influence of age and genders on the relationship between computer self-efficacy and information privacy concerns. International Journal of Technology and Human Interaction (IJTHI), 8(1), 14-37.
Bansal, G., & Gefen, D. (2010). The impact of personal dispositions on information sensitivity, privacy concern and trust in disclosing health information online. Decision Support Systems, 49(2), 138-150.
Belk, R. (2014). You are what you can access: Sharing and collaborative consumption online. Journal of Business Research, 67(8), 1595-1600.
Bellotti, V., Ambard, A., Turner, D., Gossmann, C., Demkova, K., & Carroll, J. M. (2015). A muddle of models of motivation for using peer-to-peer economy systems. Paper presented at the Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems.
Berk, J. B., & DeMarzo, P. M. (2011). Corporate Finance: The Core: Pearson. Bert, J., Collie, B., Gerrits, M., & Xu, G. (2016). What’s Ahead for Car Sharing? The New Mobility and Its
Impact on Vehicle Sales: Boston Consulting Group. Bierlaire, M. (2003). BIOGEME: A free package for the estimation of discrete choice models Proceedings
of the 3rd Swiss Transportation Research Conference.
Page | 138
bigcommerce. (2015). What is a cookie and why is it important? Retrieved 28 April, 2016, from https://www.bigcommerce.com/ecommerce-answers/what-cookie-and-why-it-important/
Blackstone Jr, J. H., Cox III, J. F., & Schleier Jr, J. G. (2009). A tutorial on project management from a theory of constraints perspective. International Journal of Production Research, 47(24), 7029-7046.
Böckmann, M. (2013). The Shared Economy: It is time to start caring about sharing; value creating factors in the shared economy. University of Twente, Faculty of Management and Governance.
Bohang, F. K. (2016). Baru 35 Persen, Ini Target "Ojek" Grab di Indonesia. Retrieved 18 April, 2016, from http://tekno.kompas.com/read/2016/03/02/16065887/Baru.35.Persen.Ini.Target.Ojek.Grab.di.Indonesia
Botsman, R. (2013). The Sharing Economy Lacks A Shared Definition. Retrieved 14 January, 2016, from http://www.fastcoexist.com/3022028/the-sharing-economy-lacks-a-shared-definition
Botsman, R. (2015). Defining The Sharing Economy: What Is Collaborative Consumption - And What Isn't? Retrieved 14 January, 2016, from http://www.fastcoexist.com/3046119/defining-the-sharing-economy-what-is-collaborative-consumption-and-what-isnt
Botsman, R., & Rogers, R. (2011). What’s Mine Is Yours: How Collaborative Consumption is Changing the Way We Live: HarperCollins Publishers.
Brownstone, D., Bunch, D. S., & Train, K. (2000). Joint mixed logit models of stated and revealed preferences for alternative-fuel vehicles. Transportation Research Part B: Methodological, 34(5), 315-338.
Cavoukian, A. (2006). Privacy by design: The 7 foundational principles. implementation and mapping of fair information practices. en ligne: https://www. privacyassociation. org/media/presentations/11Summit/RealitiesHO1. pdf.
Cavoukian, A., & Jonas, J. (2012). Privacy by design in the age of big data: Information and Privacy Commissioner of Ontario, Canada.
Chellappa, R. K., & Sin, R. G. (2005). Personalization versus privacy: An empirical examination of the online consumer’s dilemma. Information Technology and Management, 6(2-3), 181-202.
Cheng, D. (2014). Is sharing really caring? A nuanced introduction to the peer economy. Open Society Foundation Future of Work Inquiry. Retrieved June, 3, 2015.
Choice-Metrics. (2012). Ngene 1.1.2 USER MANUAL & REFERENCE GUIDE (Version 1.1.2): Choice-Metrics. Retrieved from http://www.choice-metrics.com/
Christie, S. (2011). Go-Jek Model Can Work Abroad, US Investor Says. Retrieved 14 April, 2016, from http://jakartaglobe.beritasatu.com/archive/go-jek-model-can-work-abroad-us-investor-says/
Chun, H., Lee, H., & Kim, D. (2012). The integrated model of smartphone adoption: Hedonic and utilitarian value perceptions of smartphones among Korean college students. Cyberpsychology, Behavior, and Social Networking, 15(9), 473-479.
Clarke, R. (1997). Introduction and Definitions. Introduction to Dataveillance and Information Privacy, and Definitions of Terms. Retrieved 5 March, 2016, from http://www.rogerclarke.com/DV/Intro.html
Clarke, R. (2006). What's 'Privacy'? Introduction to Dataveillance and Information Privacy, and Definitions of Terms. Retrieved 23 February, 2016, from www.rogerclarke.com/DV/Privacy.html
Clarke, R. (2013). Introduction to Dataveillance and Information Privacy, and Definitions of Terms. Retrieved 23 February, 2016, from http://www.rogerclarke.com/DV/Intro.html
cnnindonesia.com. (2015). Kisruh Subsidi Gojek. Retrieved 16 June, 2016, from http://www.cnnindonesia.com/teknologi/focus/kisruh-subsidi-gojek-2868/all
Cocosila, M., & Archer, N. (2009). An empirical investigation of mobile health adoption in preventive interventions. Bled 2009 Proceedings, 27.
Cosseboom, L. (2015). GrabTaxi’s journey to a billion-dollar startup (INFOGRAPHIC). Retrieved 15 April, 2016, from https://www.techinasia.com/history-unicorn-grabtaxi-infographic
Culnan, M. J., & Armstrong, P. K. (1999). Information privacy concerns, procedural fairness, and impersonal trust: An empirical investigation. Organization science, 10(1), 104-115.
Page | 139
Culnan, M. J., & Bies, R. J. (2003). Consumer privacy: Balancing economic and justice considerations. Journal of social issues, 59(2), 323-342.
Danezis, G., Lewis, S., & Anderson, R. J. (2005). How much is location privacy worth? Paper presented at the WEIS.
Deighton, J., & Johnson, P. A. (2013). The Value of Data: Consequences for Insight, Innovation and Efficiency in the US Economy. Data-Driven Marketing Institute, 14.
Derikx, S., de Reuver, M., & Kroesen, M. (2016). Can privacy concerns for insurance of connected cars be compensated? Electronic markets, 26(1), 73-81.
Derikx, S. A. J. P. S. (2014). M-insurance: Overcoming Privacy Concerns in the Consumer Use of Insurance Services based on Mobile Technologies. (Master Degree), Delft University of Technology, Delft.
Dhar, V., Hsieh, J., & Sundararajan, A. (2011). Comments on'Protecting Consumer Privacy in an Era of Rapid Change: Aproposed Framework for Businesses and Policymakers'. NYU Stern School of Business, Vol.
Dinev, T., & Hart, P. (2004). Internet privacy concerns and their antecedents-measurement validity and a regression model. Behaviour & Information Technology, 23(6), 413-422.
Dinev, T., & Hart, P. (2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17(1), 61-80.
Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation onion router: DTIC Document.
Dubois, E. A., Schor, J. B., & Carfagna, L. B. (2014). New cultures of connection in a Boston time bank. Sustainable Lifestyles and the Quest for Plenitude: Case Studies of the New Economy, 95-124.
Dutta, S., Dutton, W. H., & Law, G. (2011). The new internet world: A global perspective on freedom of expression, privacy, trust and security online.
Dutta;, S., Geiger;, T., & Lanvin;, B. (2015). The Global Information Technology Report 2015, ICTs for Inclusive Growth. Geneva: World Economic Forum.
Dutton, W. H., Law, G., Bolsover, G., & Dutta, S. (2014). The Internet Trust Bubble: Global Values, Beliefs and Practices.
Europe, C. o. (1950). European Convention for the Protection of Human Rights and Fundamental Freedoms, as amended by Protocols Nos. 11 and 14. Council of Europe.
facebook.com. (2016). Reach all the right people. Facebook for Business. Retrieved 25 February, 2016, from https://www.facebook.com/business/products/ads/ad-targeting/
Fajrina, H. N. (2015). Pengemudi GrabBike Raup Rp 8 Juta per Bulan. Retrieved 15 April, 2016, from http://www.cnnindonesia.com/teknologi/20150812160912-185-71689/pengemudi-grabbike-raup-rp-8-juta-per-bulan/
famuharan. (2015). Mendadak Big Data. Retrieved 28 April, 2016, from http://datascience.or.id/2015/11/14/mendadak-big-data/
fantasticblue. (2016). Daftar Nama Ojek Online Lengkap. Retrieved 28 January, 2016, from http://www.fantasticblue.net/2015/09/daftar-nama-ojek-online-lengkap.html
Feeney, M. (2015). Is Ridesharing Safe? Cato Policy Analysis, 767, 2. Fenton, A. (2013). Making Markets Personal: Exploring Market Construction at the Micro Level in the
Car-sharing and Time Bank Markets. Unpublished paper, Harvard University. Fifer, S., Rose, J., & Greaves, S. (2014). Hypothetical bias in Stated Choice Experiments: Is it a problem?
And if so, how do we deal with it? Transportation research part A: policy and practice, 61, 164-177.
Finn, R. L., Wright, D., & Friedewald, M. (2013). Seven types of privacy European data protection: coming of age (pp. 3-32): Springer.
Gansky, L. (2010). The mesh: Why the future of business is sharing: Penguin. Gigya. (2015). Bridging the Gap between Marketing & IT with Customer Identity & Access Management.
California: Gigya. Gojakgojek.com. (2016a). Inilah tarif GrabBike terbaru 2016 mulai Februari 2016. Retrieved 15 April,
2016, from http://www.gojakgojek.com/2016/02/inilah-tarif-grabbike-terbaru-2016.html
Page | 140
gojakgojek.com. (2016b). Tarif Baru Gojek Mulai 29 December 2015 (Khusus Jabodetabek). Retrieved 14 March, 2016, from http://www.gojakgojek.com/2015/12/tarif-baru-gojek-mulai-29-desember-2015.html
Gojek. (2015a). Frequently Asked Questions. Retrieved 14 April, 2016, from http://www.go-jek.com/faq Gojek. (2015b). How to join Gojek. Retrieved 14 April, 2016, from http://www.go-jek.com/howtojoin Gojek. (2016a). Privacy policy. from www.go-jek.com Gojek. (2016b). Term of Service. from www.go-jek.com Goldberg, I., Wagner, D., & Brewer, E. (1997). Privacy-enhancing technologies for the Internet: DTIC
Document. GooglePlay. (2015). GOJEK. Retrieved 10 December, 2015, from
https://play.google.com/store/apps/details?id=com.gojek.app&hl=en Grab. (2016a). Grab and Lippo Group Announce Strategic Partnership in Indonesia. Retrieved 15 April,
2016, from https://www.grab.com/id/en/grab-dan-lippo-group-umumkan-kemitraan-strategis-di-indonesia/
Grab. (2016b). How it works. Retrieved 15 April, 2016, from https://www.grab.com/id/en/ Grab. (2016c). Kelengkapan Asuransi GrabBike Pengemudi & Penumpang. Retrieved 15 April, 2016,
from https://www.grab.com/id/kelengkapan-asuransi-grabbike-pengemudi-penumpang/ Grab. (2016d). Privacy Policy. Retrieved 15 April, 2016, from https://www.grab.com/id/en/privacy/ Grab. (2016e). Terms of Service. Retrieved 15 April, 2016, from https://www.grab.com/id/en/terms/ Grossklags, J., & Acquisti, A. (2007). When 25 Cents is Too Much: An Experiment on Willingness-To-Sell
and Willingness-To-Protect Personal Information. Paper presented at the WEIS. Gruteser, M., & Grunwald, D. (2003). Anonymous usage of location-based services through spatial and
temporal cloaking. Paper presented at the Proceedings of the 1st international conference on Mobile systems, applications and services.
Gu, J., Xu, Y., Xu, H., & Ling, H. (2015). Interaction Effects of Contextual Cues on Privacy Concerns: The Case of Android Applications. Paper presented at the System Sciences (HICSS), 2015 48th Hawaii International Conference on.
Guo, X., Sun, Y., Yan, Z., & Wang, N. (2012). Privacy-Personalization Paradox in Adoption of Mobile Health Service: The Mediating Role of Trust. Paper presented at the PACIS.
Hair, J. F., Black, W. C., Babin, B. J., & Anderson, R. E. (2013). Multivariate Data Analysis: Pearson New International Edition: Pearson Education Limited.
Hann, I.-H., Hui, K.-L., Lee, S.-Y. T., & Png, I. P. (2007). Overcoming online information privacy concerns: An information-processing theory approach. Journal of management information systems, 24(2), 13-42.
Hann, I.-H., Hui, K.-L., Lee, T. S., & Png, I. P. (2002). The value of online information privacy: Evidence from the usa and singapore. Paper presented at the International Conference on Information Systems.
haxi.no. (2016). Haxi. Retrieved 14 April, 2016, from haxi.no Hermawan, A. D. (2015). "Perang" Go-Jek vs Grab Bike, Siapa Terjungkal? Retrieved 18 April, 2016, from
http://www.kompasiana.com/ariefnulis/perang-go-jek-vs-grab-bike-siapa-terjungkal_55d36120b27a61c70bd7d32b
Hill, J. A., & Wellman, M. P. (2011). Peer-to-Peer Tangible Goods Rental. Paper presented at the Joint Workshop on Trading Agent Design and Analysis (TADA) and Agent-Mediated Electronic Commerce (AMEC).
Huberman, B. A., Adar, E., & Fine, L. R. (2005). Valuating privacy. IEEE Security & Privacy, 3(5), 22-25. Huet, E. (2014). Uber's Newest Tactic: Pay Drivers More Than They Earn. Retrieved 14 April, 2016, from
http://www.forbes.com/sites/ellenhuet/2014/07/02/ubers-newest-tactic-pay-drivers-more-than-they-earn/#760a5b968c57
Hughes, J., Lang, K. R., & Vragov, R. (2008). An analytical framework for evaluating peer-to-peer business models. Electronic Commerce Research and Applications, 7(1), 105-118.
Page | 141
Hutabarat, L. C. (2015). Begini Hitung-hitungan Pendapatan Driver Gojek. Retrieved 14 April, 2016, from http://news.metrotvnews.com/read/2015/06/30/141851/begini-hitung-hitungan-pendapatan-driver-gojek
indonesia-investment. (2015). Q3-2015 Foreign Direct Investment in Indonesia Grows 18.1% in Rupiah Terms. Retrieved 28 January, 2016, from http://www.indonesia-investments.com/news/todays-headlines/q3-2015-foreign-direct-investment-in-indonesia-grows-18.1-in-rupiah-terms/item6068
Perubahan atas Undang Undang Nomor 23 Tahun 2002 tentang Perlindungan Anak § 1 (2014). Irani, Z., Alharbi, I. M., Zyngier, S., & Hodkinson, C. (2013). Privacy by design and customers’ perceived
privacy and security concerns in the success of e-commerce. Journal of Enterprise Information Management, 26(6), 702-718.
Iskandar. (2015). GrabBike, Aplikasi Ojek Online Pesaing GoJek. Retrieved 15 April, 2016, from http://tekno.liputan6.com/read/2236018/grabbike-aplikasi-ojek-online-pesaing-gojek
Jakarta, B. P. D. (2015a). Jakarta dalam angka 2015. In N. Widodo (Ed.), (pp. 80). Jakarta: Biro Pusat Statistik.
Jakarta, N. C. S. (2015b). Speakers: Nadiem Makarim. Whatworks. Retrieved 14 April, 2016, from http://www.newcitiessummit2015.org/speakers/nadiem-makarim/
Jenk, J. (2015). Theory meets practice in the taxi industry: Coase and Uber. Kahneman, D., Knetsch, J. L., & Thaler, R. H. (1991). Anomalies: The endowment effect, loss aversion,
and status quo bias. The journal of economic perspectives, 5(1), 193-206. Kanetkar, V. (2002). Conjoint and Discrete Choice Designs for Pricing Research. University of Guelph,[cit.
2014-02-05]. Dostupné na WWW:< http://wwwbcf. usc. edu/~ tellis/conjoint. pdf. Kehr, F., Kowatsch, T., Wentzel, D., & Fleisch, E. (2015). Blissfully ignorant: the effects of general privacy
concerns, general institutional trust, and affect in the privacy calculus. Information Systems Journal.
Keith, M. J., Babb, J., Lowry, P. B., Furner, C., & Abdullat, A. (2015). The Role of Mobile-Computing Self-Efficacy in Consumer Information Disclosure. Information Systems Journal, Forthcoming.
Keith, M. J., Thompson, S. C., Hale, J., Lowry, P. B., & Greer, C. (2013). Information disclosure on mobile devices: Re-examining privacy calculus with actual user behavior. International journal of human-computer studies, 71(12), 1163-1173.
Kemp, S. (2016). Digital in 2016. In S. Kemp (Ed.), Digital in 2016. Singapore: We are social. Kenney, M., & Zysman, J. (2015). Choosing a future in the platform economy: the implications and
consequences of digital platforms. Paper presented at the Kauffman Foundation New Entrepreneurial Growth Conference. Amelia Island, Florida.
Koesmawardhani, N. W. (2015). Nadiem Makarim, Pendiri Go-Jek yang Sudah Bantu 10 Ribu Sopir Ojek. New Cities Summit 2015. Retrieved 14 April, 2016, from http://news.detik.com/tokoh/2938089/nadiem-makarim-pendiri-go-jek-yang-sudah-bantu-10-ribu-sopir-ojek/1
Krasnova, H., Hildebrand, T., & Guenther, O. (2009). Investigating the value of privacy in online social networks: conjoint analysis. ICIS 2009 Proceedings, 173.
Lacy, P., & Rutqvist, J. (2015). The Sharing Platform Business Model: Sweating Idle Assets Waste to Wealth (pp. 84-98): Springer.
Laurell, C., & Sandström, C. (2016). ANALYSING UBER IN SOCIAL MEDIA—DISRUPTIVE TECHNOLOGY OR INSTITUTIONAL DISRUPTION? International Journal of Innovation Management, 1640013.
Lechler, T. G., Ronen, B., & Stohr, E. A. (2005). Critical chain: a new project management paradigm or old wine in new bottles? Engineering Management Journal, 17(4), 45-58.
Lee, N., & Kwon, O. (2015). A privacy-aware feature selection method for solving the personalization–privacy paradox in mobile wellness healthcare services. Expert Systems with Applications, 42(5), 2764-2771.
Lee, S. (1962). Amazing Fantasy (Vol. 15). New York: Marvel Comics.
Page | 142
Li, H., Sarathy, R., & Xu, H. (2010). Understanding situational online information disclosure as a privacy calculus. Journal of Computer Information Systems, 51(1), 62.
Li, T., & Unger, T. (2012). Willing to pay for quality personalization? Trade-off between quality and privacy. European Journal of Information Systems, 21(6), 621-642.
liputan6.com. (2016). # GOJEK. Retrieved 16, 2016, from http://www.liputan6.com/tag/gojek Liu, Z., Bonazzi, R., Fritscher, B., & Pigneur, Y. (2011). Privacy-friendly business models for location-based
mobile services. Journal of theoretical and applied electronic commerce research, 6(2), 90-107. Liu, Z., Shan, J., Bonazzi, R., & Pigneur, Y. (2014). Privacy as a Tradeoff: Introducing the Notion of Privacy
Calculus for Context-Aware Mobile Applications. Paper presented at the System Sciences (HICSS), 2014 47th Hawaii International Conference on.
Louviere, J. J., Hensher, D. A., & Swait, J. D. (2000). Stated choice methods: analysis and applications: Cambridge University Press.
Louviere;, J. J., Hensher;, D. A., & Swait;, J. D. (2003). Stated Choice Methods Analysis and Applications: Cambridge University Press.
Lyft.com. (2016a). How to Create a Lyft Account. Retrieved 1 June, 2016, from https://help.lyft.com/hc/en-us/articles/214216237-How-to-Create-a-Lyft-Account
Lyft.com. (2016b). How to Request a Ride. Retrieved 1 June, 2016, from https://help.lyft.com/hc/en-us/articles/213584098-How-to-Request-a-Ride
MacDonald, L., Anderson, C. K., & Verma, R. (2012). Using revealed-and stated-preference customer choice models for making pricing decisions in services: An illustration from the hospitality industry. Journal of Revenue and Pricing Management, 11(2), 160-174.
Magidson, J., & Vermunt, J. (2002). Latent class models for clustering: A comparison with K-means. Canadian Journal of Marketing Research, 20(1), 36-43.
Magidson, J., & Vermunt, J. K. (2004). Latent class models. The Sage handbook of quantitative methodology for the social sciences, 175-198.
Malhotra, A., & Van Alstyne, M. (2014). The dark side of the sharing economy… and how to lighten it. Communications of the ACM, 57(11), 24-27.
Malhotra, N. K., Kim, S. S., & Agarwal, J. (2004). Internet users' information privacy concerns (IUIPC): The construct, the scale, and a causal model. Information Systems Research, 15(4), 336-355.
Maulana, A. (2016). Lazada Gandeng Gojek untuk Percepat Pengiriman. Retrieved 18 April, 2016, from http://www.cnnindonesia.com/teknologi/20160412171411-185-123411/lazada-gandeng-gojek-untuk-percepat-pengiriman/
Perlindungan Data Pribadi Dalam Sistem Elektronik (2015). Morosan, C., & DeFranco, A. (2015). Disclosing personal information via hotel apps: A privacy calculus
perspective. International Journal of Hospitality Management, 47, 120-130. Moussa, S., Soui, M., & Abed, M. (2013). User Profile and Multi-criteria Decision Making: Personalization
of Traveller's Information in Public Transportation. Procedia Computer Science, 22, 411-420. Nadler, S. S. N. (2014). The sharing economy: what is it and where is it going? , Massachusetts Institute
of Technology. Nguyen, G. T. (2014). Exploring collaborative consumption business models-case peer-to-peer digital
platforms. Nowak, G. J., & Phelps, J. (1995). Direct marketing and the use of individual-level consumer information:
Determining how and when “privacy” matters. Journal of Direct Marketing, 9(3), 46-60. O'Donoghue, T., & Rabin, M. (1999). Doing it now or later. American Economic Review, 103-124. OECD. (1980). RECOMMENDATION OF THE COUNCIL CONCERNING GUIDELINES GOVERNING THE
PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA. Retrieved 25 February, 2016, from http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
OECD. (2013a). Exploring the Economics of Personal Data: A Survey of Methodologies for Measuring Monetary Value (Vol. 220). Paris: OECD Publishing.
Page | 143
OECD. (2013b). The OECD Privacy Framework. In OECD (Ed.): OECD. OECD. (2013c). The OECD Privacy Framework: Organisation for Economic Co-operation and
Development (OECD). Orange. (2014). The future of digital trust: A European study on the nature of consumer trust and
personal data: Orange. Orme, B. K. (2009). Which Conjoint Method Should I Use? . RESEARCH PAPER SERIES Retrieved 14 March,
2016, from https://www.sawtoothsoftware.com/download/techpap/whichmth.pdf Panji, A. (2015a). Gojek Siapkan Asuransi untuk Pengemudi dan Penumpang. Retrieved 14 April, 2016,
from http://www.cnnindonesia.com/teknologi/20150630221000-185-63445/gojek-siapkan-asuransi-untuk-pengemudi-dan-penumpang/
Panji, A. (2015b). Nadiem Sebut Subsidi Gojek Suatu Saat akan Hilang. Retrieved 14 April, 2016, from http://www.cnnindonesia.com/teknologi/20151113091145-185-91391/nadiem-sebut-subsidi-gojek-suatu-saat-akan-hilang/
Parent, W. A. (1983). Privacy, morality, and the law. Philosophy & Public Affairs, 269-288. Peffers, K., Tuunanen, T., Rothenberger, M. A., & Chatterjee, S. (2007). A design science research
methodology for information systems research. Journal of management information systems, 24(3), 45-77.
Phelps, J., Nowak, G., & Ferrell, E. (2000). Privacy concerns and consumer willingness to provide personal information. Journal of Public Policy & Marketing, 19(1), 27-41.
privacyinternational.org. (2016). What is Privacy. Retrieved 25 February, 2016, from https://www.privacyinternational.org/node/54
Rabin, M. (2013). Incorporating limited rationality into economics. Journal of Economic Literature, 51(2), 528-543.
Rand, G. K. (2000). Critical chain: the theory of constraints applied to project management. International Journal of Project Management, 18(3), 173-177.
Rao, V. R. (2014). Applied conjoint analysis: Springer. Rayle, L., Shaheen, S., Chan, N., Dai, D., & Cervero, R. (2014). App-Based, On-Demand Ride Services:
Comparing Taxi and Ridesourcing Trips and User Characteristics in San Francisco University of California Transportation Center (UCTC): UCTC-FR-2014-08.
Riemer, K., Gal, U., Hamann, J., Gilchriest, B., & Teixeira, M. (2015). Digital Disruptive Intermediaries: Finding new digital opportunities by disrupting existing business models: University of Sydney, Business School and Capgemini.
Roeser, S. (2012). Moral emotions as guide to acceptable risk Handbook of Risk Theory (pp. 819-832): Springer.
Rohunen, A., Markkula, J., Heikkila, M., & Heikkila, J. (2014). Open traffic data for future service innovation: Addressing the privacy challenges of driving data. Journal of theoretical and applied electronic commerce research, 9(3), 71-89.
Roosendaal, A., van Lieshout, M., & van Veenstra, A. F. (2014). Personal data markets: Delft: TNO. Roy Dholakia, R., & Uusitalo, O. (2002). Switching to electronic stores: consumer characteristics and the
perception of shopping benefits. International Journal of Retail & Distribution Management, 30(10), 459-469.
Sadowski, M. (2016). Social Media Statistics for Indonesia. Retrieved 20 June, 2016, from http://socialmemos.com/social-media-statistics-for-indonesia/
Safitri, D. (2016). Introducing uberMOTOR. Retrieved 13 April, 2016, from https://newsroom.uber.com/indonesia/id/introducing-ubermotor/
Saleh, M. A. H., Alothman, B., & Alhoshan, L. (2013). Impact of Gender, Age and Income on Consumers’ Purchasing Responsiveness to Free-Product Samples. Research Journal of International Studies, 83.
Satria, H. D. (2015). Gojek Terapkan Sistem bagi Hasil. Retrieved 14 April, 2016, from http://news.metrotvnews.com/read/2015/02/23/361932/gojek-terapkan-sistem-bagi-hasil
Schor, J. (2014). Debating the sharing economy. Great transition initiative.
Page | 144
Schor, J. B., & Fitzmaurice, C. J. (2015). 26. Collaborating and connecting: the emergence of the sharing economy. Handbook of Research on Sustainable Consumption, 410.
Shah, R. (2015). New investment round could put Uber valuation at $62.5 billion. Retrieved 23 June, 2016, from http://www.cnbc.com/2015/12/03/uber-to-be-valued-at-more-than-62-billion.html
sharethrough.com. (2016). Native advertising insights, Research, Infographics and Resources. Retrieved 23 June, 2016, from http://www.sharethrough.com/nativeadvertising/
Silaban, O. (2015). INVESTOR GO-JEK DAN SEJARAH PARA PENDIRINYA. Retrieved 14 April, 2016, from http://labanapost.com/2015/07/website/investor-go-jek-dan-sejarah-para-pendirinya/
Simon, H. A. (1982). Models of bounded rationality: Empirically grounded economic reason (Vol. 3): MIT press.
Smith, H. J., Milberg, S. J., & Burke, S. J. (1996). Information privacy: measuring individuals' concerns about organizational practices. MIS quarterly, 167-196.
Solove, D. J. (2007). 'I've got nothing to hide'and other misunderstandings of privacy. San Diego law review, 44, 745.
Solove, D. J. (2008). Understanding privacy. Son, J.-Y., & Kim, S. S. (2008). Internet users' information privacy-protective responses: A taxonomy and
a nomological model. MIS quarterly, 503-529. Spiekermann, S. (2005). Perceived control: Scales for privacy in ubiquitous computing. Paper presented at
the 10th International conference on user modeling. Spiekermann, S., Böhme, R., Acquisti, A., & Hui, K.-L. (2015). Personal data markets. Electronic markets,
25(2), 91-93. Statistica.com. (2015a). Global mobile payment transaction volume from 2010 to 2017 (in billion U.S.
dollars). Retrieved 29 November, 2015, from http://www.statista.com/statistics/226530/mobile-payment-transaction-volume-forecast/
statistica.com. (2015b). M-commerce share of total digital commerce spending in the United States from 2nd quarter 2010 to 3rd quarter 2015. Retrieved 29 November, 2015, from http://www.statista.com/statistics/252621/share-of-us-retail-e-commerce-dollars-spent-via-mobile-device/
Stewart, K. A., & Segars, A. H. (2002). An empirical examination of the concern for information privacy instrument. Information Systems Research, 13(1), 36-49.
Stone, E. F., Gueutal, H. G., Gardner, D. G., & McClure, S. (1983). A field experiment comparing information-privacy values, beliefs, and attitudes across several types of organizations. Journal of applied psychology, 68(3), 459.
Sun, Y., Wang, N., Shen, X.-L., & Zhang, J. X. (2015). Location information disclosure in location-based social network services: Privacy calculus, benefit structure, and gender differences. Computers in Human Behavior, 52, 278-292.
Sundararajan, A. (2014). Peer-to-peer businesses and the sharing (collaborative) economy: overview, economic effects and regulatory issues. Written testimony for the hearing titled The Power of Connection: Peer to Peer Businesses, January.
sweetcheerysh.com. (2015). Hasil perkepoan driver Go-Jek. Retrieved 18 April, 2016, from http://sweetcheerysh.com/blog/hasil-perkepoan-driver-go-jek/
Taylor, D. G., Davis, D. F., & Jillapalli, R. (2009). Privacy concern and online personalization: The moderating effects of information control and compensation. Electronic Commerce Research, 9(3), 203-223.
Thierer, A. D., Koopman, C., Hobson, A., & Kuiper, C. (2015). How the Internet, the Sharing Economy, and Reputational Feedback Mechanisms Solve the'Lemons Problem'. SSRN 2610255.
Thierer, A. D., Koopman, C., & Mitchell, M. (2015). The Sharing Economy: Issues Facing Platforms, Participants, and Regulators. Participants, and Regulators (May 26, 2015).
Tiwana, A. (2013). Platform ecosystems: aligning architecture, governance, and strategy: Newnes. tradingeconomics. (2016). Indonesia Foreign Direct Investment 2010-2016. Retrieved 28 January, 2016,
from http://www.tradingeconomics.com/indonesia/foreign-direct-investment
Page | 145
Tsai, J. Y., Egelman, S., Cranor, L., & Acquisti, A. (2011). The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research, 22(2), 254-268.
Uber.com. (2016a). Find a city. Retrieved 1 June, 2016, from https://www.uber.com/cities/ Uber.com. (2016b). Finding the way. Creating possibilities for riders, drivers, and cities. Retrieved 23
June, 2016, from https://www.uber.com/our-story/ Uber.com. (2016c). How does Uber work? Retrieved 1 June, 2016, from
https://help.uber.com/h/738d1ff7-5fe0-4383-b34c-4a2480efd71e Uber.com. (2016d). Understanding surge. Retrieved 1 June, 2016, from
https://help.uber.com/h/19572af0-d494-4885-a1ef-1a0d54d0e68f Van Audenhove, L., Constantelou, A., Poel, M., van Lieshout, M., Kool, L., van Schoonhoven, B., & de
Jonge, M. (2011). Privacy by Design: an alternative to existing practice in safeguarding privacy. info, 13(6), 55-68.
Van de Glind, P. (2013). The consumer potential of Collaborative Consumption: Identifying the motives of Dutch Collaborative Consumers & Measuring the consumer potential of Collaborative Consumption within the municipality of Amsterdam. (Master of Science), Utrecht University, Utrecht, the Netherlands
Van den Hoven, J. (2013). Value sensitive design and responsible innovation. Responsible innovation: Managing the responsible emergence of science and innovation in society, 75-83.
Vang, J. (2006). Asia's innovation systems in transition: Edward Elgar Publishing. Varian, H. R. (2009). Economic aspects of personal privacy Internet policy and economics (pp. 101-109):
Springer. Von Schomberg, R. (2013). A vision of responsible research and innovation. Responsible innovation:
Managing the responsible emergence of science and innovation in society, 51-74. Waldo, J., Lin, H., & Millett, L. I. (2007). Engaging privacy and information technology in a digital age:
National Academies Press Washington, DC, USA. Walravens, N., & Ballon, P. (2009). Towards a new typology for mobile platforms: Validation through
case study analysis. Paper presented at the 1st Europe, Middle East, North Africa Regional ITS Conference (20th European Regional ITS Conference), Manama, Kingdom of Bahrain.
Ward, M. R. (2001). The economics of online retail markets. The International Handbook on Emerging Telecommunications Networks, Edward Elgar Publishers.
Warnier, M., Dechesne, F., & Brazier, F. (2015). Design for the Value of Privacy Privacy. In J. v. d. Hoven;, P. E. Vermaas;, & I. v. d. Poel; (Eds.), Handbook of Ethics, Values, and Technological Design: Sources, Theory, Values and Application Domains (pp. 431-445).
WEF. (2012). Unlocking the Economic Value of Personal Data Balancing Growth and Protection Rethinking Personal Data Project. Brussels: World Economic Forum.
Westin, A. F. (1968). Privacy and freedom. Washington and Lee Law Review, 25(1), 166. Wulansari, R., & Hakim, L. (2015). Data protection in Indonesia: overview. Retrieved 28 January, 2016,
from http://uk.practicallaw.com/4-583-2387 Xu, H. (2007). The effects of self-construal and perceived control on privacy concerns. ICIS 2007
proceedings, 125. Xu, H., Luo, X. R., Carroll, J. M., & Rosson, M. B. (2011). The personalization privacy paradox: An
exploratory study of decision making process for location-aware marketing. Decision Support Systems, 51(1), 42-52.
Xu, H., & Teo, H.-H. (2004). Alleviating consumers' privacy concerns in location-based services: a psychological control perspective. ICIS 2004 Proceedings, 64.
Xu, H., Teo, H.-H., Tan, B. C., & Agarwal, R. (2009). The role of push-pull technology in privacy calculus: the case of location-based services. Journal of management information systems, 26(3), 135-174.
Xu, H., Teo, H.-H., Tan, B. C., & Agarwal, R. (2012). Research note-effects of individual self-protection, industry self-regulation, and government regulation on privacy concerns: a study of location-based services. Information Systems Research, 23(4), 1342-1363.
Page | 146
Yamaguchi, S. (2001). Culture and control orientations. The handbook of culture and psychology, 223-243.
Zipcar.com. (2016). Car sharing from zipcar - what's included. Retrieved 1 June, 2016, from http://www.zipcar.com/how
Page | 147
Appendixes
Appendix 2.1. Digital platform categorization There are numerous platform types with a very strong heterogeneity between them. It creates a difficulty
to explain how (a specific) platform works (Walravens & Ballon, 2009). Noting this argumentation and with
regard to the collaborative consumption context, we argue that the important classification of a platform
can be done from (1) its ability to control the users and the providers (control mechanism), in which we
can measure the monopolistic potential of a platform, and (2) its assets distribution mechanism, in which
we can measure the scalability potential of a platform.
In the control mechanism, Walravens and Ballon (2009) introduce a topology of platforms in their paper.
They argue that there are four type of platforms based on the control over the customers and the asset
providers, i.e., system integrator, enabler, broker, and neutral (Walravens & Ballon, 2009). Firstly, the sys-
tem integrator platforms that have control over the assets providers as well as the customers of those
assets. This type of platform will also provide customer services as the mediator between customers and
the providers. Secondly, the enabler; it is a platform that has control over the assets but not the relation-
ship over the customers. This type of platforms only acts as a foundation architecture of a system and the
marketplace for the partner providers who provide the assets. Thirdly, the broker platforms that have
control over the customers but do not control the assets providers. And lastly, the neutral platforms that
do not have any control over assets providers and customers. This type of platforms acts only as market-
place of services. Table Ap.2.7.1 summarizes Walravens and Ballon (2009) platform categorization.
Table Ap.2.7.1. Platform categorization based on control over users and providers (Walravens & Ballon, 2009)
Control over the customers
Yes No
Co
ntr
ol o
ver
the
asse
t p
ro-
vid
ers
Yes
System integrator: the platform owner controls the assets from the providers to ensure the value crea-tion. It also manages relationship
with its customers.
Enabler: the platform controls the assets of the assets providers, how-
ever, the providers themselves manage their customer relation-
ship.
No
Broker: the platform has control over their loyal customers, however, it
does not have any control over the assets that build the value proposi-
tion.
Neutral: the platform does not have any control over their asset
providers and customers.
In the categorization based on asset distribution, Hill and Wellman (2011) offer a classification of platforms
based on the assets providers or rental mechanism (centralized and decentralized) and the transfer mech-
anism of the assets to the customers (centralized and decentralized). Firstly, the centralized rental and
centralized transfer, in which the platform owner has the assets and dispatches the assets to the customer
centrally. Secondly, the decentralized rental and centralized transfer, in which the assets are decentralized
without being controlled by the platform owner and the transfers of the asset to the customer are directed
Page | 148
by the platform centrally. Normally, if there is a customer that asks for a service, the platform owner will
announce the request to the providers, and if the providers are interested to take the request, they will
place a bid to it. Thirdly, the centralized rental and decentralized transfer, in which the platform owner
has all the assets while the booking and the transfers of the assets are done indirectly via the platform
between the peer customers. The Zipcar (see Textbox 2.1. ZipCar) service is a fit example of this type of
platform. Lastly, the decentralized assets and decentralized transfer or the “peer-to-peer”, in which all the
assets and the transfers of assets are done indirectly via the platform. In this type of platform, the platform
owner only provides the marketplace to perform the transaction. Table Ap.2.7.2 summarizes the platform
classification based on Hill and Wellman (2011).
Table Ap.2.7.2. Platform categorization based on asset distribution (Hill & Wellman, 2011)
Asset rental mechanism
Centralized Decentralized
Ass
et t
ran
sfer
mec
han
ism
Centralized The platform owner owns the as-
sets and distribute the assets centrally to the customers.
The platform relies to the com-munity to provide the assets,
however, it controls the assets distribution to the customers.
Decentralized
The platform owner owns the as-sets. Users who want to use the asset have to book and pick the
asset up in the pick-up spots.
The platform relies to the com-munity to provide the assets, the users have to negotiate the pick-
up with the asset owner indi-rectly via the platform that is
provided by the platform owner.
Based on those previous mentioned classification, we may conclude that the biggest monopolistic poten-
tial of a platform is owned by the system integrator platform, whereas the least monopolistic potential is
owned by the neutral platform. The company that wants to maximize the platform monopolistic potential
should strategically design its architecture towards maximizing the control to both users and providers.
This can be done by ensuring the sustainability of the value networks between the actors participating in
the platform (Tiwana, 2013). Furthermore, we may also conclude that the platform with the highest scala-
bility level is owned by the peer-to-peer (P2P) type. By using P2P type, the biggest challenge of a platform
owner is deciding the potential users who have the strongest network effect (the penguin dilemma)
(Tiwana, 2013), and performing the “divide and conquer” strategy to acquire these users.
Page | 149
Appendix 4.1. Survey Questionnaire
Page | 150
Appendix 4.2. Respondents’ demography
Page | 151
Page | 152
Appendix 4.3 Normality and homoscedasticity test
Standardized Residual total case
Page | 153
Standardized Residual gender split
Page | 154
Standardized Residual salary split
Page | 155
Standardized Residual previous privacy experience split
Page | 156
Standardized Residual education split
Page | 157
Standardized Residual age split
Page | 158
Standardized Residual self-efficacy split
Page | 159
Appendix 4.4 Linearity test
Page | 160
Appendix 4.5 Factor Analysis
Willingness to disclose = FAC_WTD
KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy. .774
Bartlett's Test of Sphericity
Approx. Chi-Square 329.625
df 10
Sig. .000
Anti-image Matrices
wtd1 wtd2 wtd3 wtd4 wtd5
Anti-image Covariance
wtd1 .585 -.211 -.161 -.144 -.031
wtd2 -.211 .569 -.177 .021 -.169
wtd3 -.161 -.177 .665 -.064 -.035
wtd4 -.144 .021 -.064 .777 -.213
wtd5 -.031 -.169 -.035 -.213 .731
Anti-image Correlation
wtd1 .769a -.367 -.259 -.213 -.048
wtd2 -.367 .745a -.288 .032 -.262
wtd3 -.259 -.288 .811a -.088 -.050
wtd4 -.213 .032 -.088 .771a -.283
wtd5 -.048 -.262 -.050 -.283 .784a
a. Measures of Sampling Adequacy(MSA)
Communalities
Initial Extraction
wtd1 1.000 .625
wtd2 1.000 .626
wtd3 1.000 .538
wtd4 1.000 .375
wtd5 1.000 .449
Extraction Method: Principal
Component Analysis.
Total Variance Explained
Component Initial Eigenvalues Extraction Sums of Squared Loadings
Total % of Variance Cumulative % Total % of Variance Cumulative %
1 2.613 52.262 52.262 2.613 52.262 52.262
2 .840 16.806 69.069
3 .644 12.888 81.957
Page | 161
4 .507 10.138 92.095
5 .395 7.905 100.000
Extraction Method: Principal Component Analysis.
Component Matrixa
Component
1
wtd1 .791
wtd2 .791
wtd3 .733
wtd4 .612
wtd5 .670
Extraction Method:
Principal Component
Analysis.
a. 1 components ex-
tracted.
Page | 162
Component Score
Coefficient Matrix
Component
1
wtd1 .303
wtd2 .303
wtd3 .281
wtd4 .234
wtd5 .257
Extraction Method:
Principal Component
Analysis.
Component Score Co-
variance Matrix
Component 1
1 1.000
Extraction Method: Princi-
pal Component Analysis.
Page | 163
Privacy concerns = FAC_IUIPC & FAC_CFIP
KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy. .677
Bartlett's Test of Sphericity
Approx. Chi-Square 348.748
df 15
Sig. .000
Anti-image Matrices
picon piaw picol pcima pcusu pcerr
Anti-image Covariance
picon .592 -.292 .026 -.095 .052 -.078
piaw -.292 .505 -.214 -.062 -.069 -.030
picol .026 -.214 .806 -.082 .048 .006
pcima -.095 -.062 -.082 .625 -.311 -.005
pcusu .052 -.069 .048 -.311 .683 -.135
pcerr -.078 -.030 .006 -.005 -.135 .912
Anti-image Correlation
picon .663a -.535 .037 -.157 .081 -.106
piaw -.535 .665a -.335 -.110 -.117 -.045
picol .037 -.335 .711a -.116 .065 .008
pcima -.157 -.110 -.116 .703a -.477 -.007
pcusu .081 -.117 .065 -.477 .626a -.171
pcerr -.106 -.045 .008 -.007 -.171 .808a
a. Measures of Sampling Adequacy(MSA)
Communalities
Initial
picon 1.000
piaw 1.000
picol 1.000
pcima 1.000
pcusu 1.000
pcerr 1.000
Extraction Method:
Principal Component
Analysis.
Total Variance Explained
Component Initial Eigenvalues Rotation Sums of Squared Loadings
Page | 164
Total % of Variance Cumulative % Total % of Variance Cumulative %
1 2.510 41.828 41.828 1.910 31.827 31.827
2 1.094 18.232 60.059 1.694 28.232 60.059
3 .882 14.692 74.752
4 .741 12.357 87.108
5 .441 7.353 94.461
6 .332 5.539 100.000
Extraction Method: Principal Component Analysis.
Component Ma-
trixa
a. 2 components
extracted.
Rotated Component Matrixa
Component
1 2
picon .748 .232
Page | 165
piaw .830 .268
picol .731 -.038
pcima .344 .716
pcusu .061 .854
pcerr .058 .570
Extraction Method: Principal
Component Analysis.
Rotation Method: Varimax with
Kaiser Normalization.
a. Rotation converged in 3 itera-
tions.
Component Transformation Matrix
Component 1 2
1 .759 .651
2 -.651 .759
Extraction Method: Principal Compo-
nent Analysis.
Rotation Method: Varimax with Kaiser
Normalization.
Page | 166
Component Score Coefficient
Matrix
Component
1 2
picon .402 -.029
piaw .444 -.025
picol .461 -.213
pcima .030 .410
pcusu -.180 .579
pcerr -.110 .382
Extraction Method: Principal
Component Analysis.
Rotation Method: Varimax with
Kaiser Normalization.
Component Scores.
Component Score Covariance Matrix
Component 1 2
1 1.000 .000
2 .000 1.000
Extraction Method: Principal Compo-
nent Analysis.
Rotation Method: Varimax with Kaiser
Normalization.
Component Scores.
Tangible Benefits = FAC_TANG_BEN
KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy. .500
Bartlett's Test of Sphericity
Approx. Chi-Square 174.224
df 1
Sig. .000
Anti-image Matrices
btmb1 btmb2
Anti-image Covariance btmb1 .515 -.359
btmb2 -.359 .515
Anti-image Correlation btmb1 .500a -.696
btmb2 -.696 .500a
a. Measures of Sampling Adequacy(MSA)
Page | 167
Communalities
Initial Extraction
btmb1 1.000 .848
btmb2 1.000 .848
Extraction Method: Principal Com-
ponent Analysis.
Total Variance Explained
Component Initial Eigenvalues Extraction Sums of Squared Loadings
Total % of Variance Cumulative % Total % of Variance Cumulative %
1 1.696 84.823 84.823 1.696 84.823 84.823
2 .304 15.177 100.000
Extraction Method: Principal Component Analysis.
Component Matrixa
Component
1
btmb1 .921
btmb2 .921
Extraction Method: Prin-
cipal Component Analy-
sis.
a. 1 components ex-
tracted.
Intangible Benefits = FAC_INTANG_BEN
KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy. .500
Bartlett's Test of Sphericity
Approx. Chi-Square 46.554
df 1
Sig. .000
Anti-image Matrices
bipe bius
Anti-image Covariance bipe .837 -.338
bius -.338 .837
Page | 168
Anti-image Correlation bipe .500a -.403
bius -.403 .500a
a. Measures of Sampling Adequacy(MSA)
Communalities
Initial Extraction
bipe 1.000 .702
bius 1.000 .702
Extraction Method: Principal
Component Analysis.
Total Variance Explained
Component Initial Eigenvalues Extraction Sums of Squared Loadings
Total % of Variance Cumulative % Total % of Variance Cumulative %
1 1.403 70.156 70.156 1.403 70.156 70.156
2 .597 29.844 100.000
Extraction Method: Principal Component Analysis.
Component Matrixa
Component
1
bipe .838
bius .838
Extraction Method:
Principal Component
Analysis.
a. 1 components ex-
tracted.
Individual self-protection = FAC_IPPR
A. Initial
KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy. .676
Bartlett's Test of Sphericity
Approx. Chi-Square 325.853
df 15
Sig. .000
Page | 169
Anti-image Matrices
aisp1 aisp2 aisp3 aisp4 aisp5 aisp6
Anti-image Covariance
aisp1 .761 -.332 -.028 .069 .022 -.098
aisp2 -.332 .758 -.133 .034 .035 -.028
aisp3 -.028 -.133 .800 -.080 -.157 -.039
aisp4 .069 .034 -.080 .725 -.181 -.119
aisp5 .022 .035 -.157 -.181 .543 -.267
aisp6 -.098 -.028 -.039 -.119 -.267 .602
Anti-image Correlation
aisp1 .542a -.437 -.036 .093 .034 -.144
aisp2 -.437 .544a -.170 .046 .055 -.041
aisp3 -.036 -.170 .786a -.104 -.238 -.056
aisp4 .093 .046 -.104 .777a -.288 -.180
aisp5 .034 .055 -.238 -.288 .671a -.466
aisp6 -.144 -.041 -.056 -.180 -.466 .702a
a. Measures of Sampling Adequacy(MSA)
Communalities
Initial Extraction
aisp1 1.000 .699
aisp2 1.000 .715
aisp3 1.000 .424
aisp4 1.000 .583
aisp5 1.000 .729
aisp6 1.000 .635
Extraction Method: Principal
Component Analysis.
Total Variance Explained
Component Initial Eigenvalues Extraction Sums of Squared Loadings
Total % of Variance Cumulative % Total % of Variance Cumulative %
1 2.285 38.086 38.086 2.285 38.086 38.086
2 1.499 24.985 63.072 1.499 24.985 63.072
3 .738 12.299 75.371
4 .591 9.845 85.216
5 .510 8.499 93.715
6 .377 6.285 100.000
Page | 170
Extraction Method: Principal Component Analysis.
Component Matrixa
Component
1 2
aisp1 .240 .801
aisp2 .243 .810
aisp3 .637 .133
aisp4 .675 -.356
aisp5 .822 -.231
aisp6 .795 -.055
Extraction Method: Principal
Component Analysis.
a. 2 components extracted.
Page | 171
Component Score Coefficient
Matrix
Component
1 2
aisp1 .105 .534
aisp2 .106 .540
aisp3 .279 .089
aisp4 .295 -.238
aisp5 .360 -.154
aisp6 .348 -.036
Extraction Method: Principal
Component Analysis.
Component Score Covariance Matrix
Component 1 2
1 1.000 .000
2 .000 1.000
Extraction Method: Principal Compo-
nent Analysis.
B. After deletion of variable aisp1 & aisp2
KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy. .729
Bartlett's Test of Sphericity
Approx. Chi-Square 238.251
df 6
Sig. .000
Anti-image Matrices
aisp3 aisp4 aisp5 aisp6
Anti-image Covariance
aisp3 .837 -.066 -.153 -.064
aisp4 -.066 .738 -.192 -.108
aisp5 -.153 -.192 .547 -.270
aisp6 -.064 -.108 -.270 .624
Anti-image Correlation aisp3 .825a -.084 -.226 -.089
Page | 172
aisp4 -.084 .792a -.302 -.159
aisp5 -.226 -.302 .674a -.462
aisp6 -.089 -.159 -.462 .712a
a. Measures of Sampling Adequacy(MSA)
Communalities
Initial Extraction
aisp3 1.000 .375
aisp4 1.000 .520
aisp5 1.000 .721
aisp6 1.000 .627
Extraction Method: Principal
Component Analysis.
Total Variance Explained
Component Initial Eigenvalues Extraction Sums of Squared Loadings
Total % of Variance Cumulative % Total % of Variance Cumulative %
1 2.243 56.081 56.081 2.243 56.081 56.081
2 .761 19.028 75.109
3 .608 15.190 90.299
4 .388 9.701 100.000
Extraction Method: Principal Component Analysis.
Page | 173
Component Matrixa
Component
1
aisp3 .612
aisp4 .721
aisp5 .849
aisp6 .792
Extraction Method:
Principal Component
Analysis.
a. 1 components ex-
tracted.
Component Score
Coefficient Matrix
Component
1
aisp3 .273
aisp4 .321
aisp5 .379
aisp6 .353
Extraction Method:
Principal Component
Analysis.
Rotation Method: Obli-
min with Kaiser Nor-
malization.
Component Score Co-
variance Matrix
Component 1
1 1.000
Page | 174
Extraction Method: Princi-
pal Component Analysis.
Rotation Method: Oblimin
with Kaiser Normalization.
Industry self-regulation = FAC_ISR
KMO and Bartlett's Test
Kaiser-Meyer-Olkin Measure of Sampling Adequacy. .500
Bartlett's Test of Sphericity
Approx. Chi-Square 113.669
df 1
Sig. .000
Anti-image Matrices
aisr1 aisr2
Anti-image Covariance aisr1 .649 -.384
aisr2 -.384 .649
Anti-image Correlation aisr1 .500a -.593
aisr2 -.593 .500a
a. Measures of Sampling Adequacy(MSA)
Communalities
Initial Extraction
aisr1 1.000 .796
aisr2 1.000 .796
Extraction Method: Principal
Component Analysis.
Total Variance Explained
Component Initial Eigenvalues Extraction Sums of Squared Loadings
Total % of Variance Cumulative % Total % of Variance Cumulative %
1 1.593 79.642 79.642 1.593 79.642 79.642
2 .407 20.358 100.000
Page | 175
Extraction Method: Principal Component Analysis.
Component Matrixa
Component
1
aisr1 .892
aisr2 .892
Extraction Method:
Principal Component
Analysis.
a. 1 components ex-
tracted.
Page | 176
Component Score
Coefficient Matrix
Component
1
aisr1 .560
aisr2 .560
Extraction Method:
Principal Component
Analysis.
Component Score Co-
variance Matrix
Component 1
1 1.000
Extraction Method: Princi-
pal Component Analysis.
Page | 177
Appendix 4.6. Correlation matrix
FAC_WTD FAC_IUIPC FAC_CFIP FAC_TANG_BEN FAC_INTANG_BEN FAC_IPPR FAC_ISR FAC_AGRL dpre dsel dage dedu dsal
FAC_WTD
Pearson Correlation 1 -.040 .005 .342** .248** .086 -.023 -.056 .046 -.037 -.052 -.071 -.121
Sig. (2-tailed) .517 .931 .000 .000 .163 .706 .365 .453 .545 .397 .249 .070
N 265 265 265 265 265 265 265 265 265 265 265 265 226
FAC_IUIPC
Pearson Correlation -.040 1 .402** .086 .179** .320** .338** .316** .103 -.050 .004 .010 .016
Sig. (2-tailed) .517 .000 .165 .003 .000 .000 .000 .095 .414 .949 .873 .814
N 265 265 265 265 265 265 265 265 265 265 265 265 226
FAC_CFIP
Pearson Correlation .005 .402** 1 .184** .170** .444** .381** .502** .006 .008 .069 .005 .068
Sig. (2-tailed) .931 .000 .003 .005 .000 .000 .000 .928 .899 .263 .939 .308
N 265 265 265 265 265 265 265 265 265 265 265 265 226
FAC_TANG_BEN
Pearson Correlation .342** .086 .184** 1 .565** .229** .203** .137* .081 -.034 -.053 -.114 -.124
Sig. (2-tailed) .000 .165 .003 .000 .000 .001 .025 .188 .578 .386 .064 .063
N 265 265 265 265 265 265 265 265 265 265 265 265 226
FAC_INTANG_BEN
Pearson Correlation .248** .179** .170** .565** 1 .290** .255** .199** .139* -.029 .123* -.002 .008
Sig. (2-tailed) .000 .003 .005 .000 .000 .000 .001 .024 .634 .046 .977 .906
N 265 265 265 265 265 265 265 265 265 265 265 265 226
FAC_IPPR
Pearson Correlation .086 .320** .444** .229** .290** 1 .463** .418** .001 -.003 .100 -.090 -.024
Sig. (2-tailed) .163 .000 .000 .000 .000 .000 .000 .986 .963 .103 .143 .719
N 265 265 265 265 265 265 265 265 265 265 265 265 226
FAC_ISR
Pearson Correlation -.023 .338** .381** .203** .255** .463** 1 .485** .064 .011 .068 -.050 -.076
Sig. (2-tailed) .706 .000 .000 .001 .000 .000 .000 .302 .864 .267 .417 .255
N 265 265 265 265 265 265 265 265 265 265 265 265 226
FAC_AGRL
Pearson Correlation -.056 .316** .502** .137* .199** .418** .485** 1 .012 .003 .043 .078 -.021
Sig. (2-tailed) .365 .000 .000 .025 .001 .000 .000 .851 .967 .483 .203 .750
N 265 265 265 265 265 265 265 265 265 265 265 265 226
dpre
Pearson Correlation .046 .103 .006 .081 .139* .001 .064 .012 1 .016 .041 -.013 .035
Sig. (2-tailed) .453 .095 .928 .188 .024 .986 .302 .851 .798 .509 .836 .601
N 265 265 265 265 265 265 265 265 265 265 265 265 226
dsel
Pearson Correlation -.037 -.050 .008 -.034 -.029 -.003 .011 .003 .016 1 .172** .219** .282**
Sig. (2-tailed) .545 .414 .899 .578 .634 .963 .864 .967 .798 .005 .000 .000
N 265 265 265 265 265 265 265 265 265 265 265 265 226
dage
Pearson Correlation -.052 .004 .069 -.053 .123* .100 .068 .043 .041 .172** 1 .263** .575**
Sig. (2-tailed) .397 .949 .263 .386 .046 .103 .267 .483 .509 .005 .000 .000
N 265 265 265 265 265 265 265 265 265 265 265 265 226
dedu
Pearson Correlation -.071 .010 .005 -.114 -.002 -.090 -.050 .078 -.013 .219** .263** 1 .254**
Sig. (2-tailed) .249 .873 .939 .064 .977 .143 .417 .203 .836 .000 .000 .000
N 265 265 265 265 265 265 265 265 265 265 265 265 226
dsal
Pearson Correlation -.121 .016 .068 -.124 .008 -.024 -.076 -.021 .035 .282** .575** .254** 1
Sig. (2-tailed) .070 .814 .308 .063 .906 .719 .255 .750 .601 .000 .000 .000
N 226 226 226 226 226 226 226 226 226 226 226 226 226
*. Correlation is significant at the 0.05 level (2-tailed). **. Correlation is significant at the 0.01 level (2-tailed).
Page | 178
Appendix 4.7. A more detailed explanation about Conjoint Analysis The conjoint analysis is an experimental research method used in the evaluation of complex products
or services while, in the same time, maintaining the realistic contexts (Hair et al., 2013). It is developed
based on the assumption that consumers evaluate the value of products and services by combining
the value of the combination of attributes attached in the products and services (Hair et al., 2013). By
using this method, a “market-like” environment is achieved by incorporating the consumers’ trade-off
evaluation related to the set of attributes in the products or services that have varied into sets of
choices (Kanetkar, 2002).
The general postulate of a conjoint analysis method is the utility that the customer get from a product
is derived from the product properties, not the product per se, in which the product is compounded
by a single or combination of those properties (Louviere; et al., 2003). Particularly, the conjoint anal-
ysis aims to understand how the respondents will react to the changes in levels and/or attributes that
embodied in certain product or service, and not in how the utility function is formed (Louviere; et al.,
2003).
The terminologies used in the conjoint analysis are:
1. Utility, which represents the value or the measure of preference over a product and/or ser-
vice.
2. Attributes, which represents the characteristic of the product or service, for example: sweet-
ness and caffeine.
3. Levels, which represents the possible value of each attribute, for example: unsweetened, low
sugar and medium sugar, or decaf and caffeinated.
4. Profile, which represents the object/product/service that consist of selection of attributes and
their level, for example: Coffee A [low sugar, decaf], or coffee B [medium sugar, decaf].
5. Designs, which represents a number of profiles that are presented to and evaluated by the
respondents. It could be full profile, in which all choices based on a full factorial design are
presented, or a fraction of profile, in which only part of the full profile choices will be pre-
sented.
There are three kinds of conjoint methodology, i.e., traditional approach, adaptive approach, and
choice based approach (CBC). In the traditional approach, the respondents are presented with a full
set of profiles and asked to perform the choice. The main drawback of this approach is: if the products
or services have a lot of attributes and/or levels, the respondents will have a lot of profiles to be eval-
uated in the same time because they have to give rating/ranking for each profile. Hence, the respond-
ents might experience an information overload and be unable to evaluate the design in detail (Rao,
2014). The second approach, i.e.: the adaptive approach, has been developed to answer this chal-
lenge. This approach is able to perform the conjoint analysis of product or services with more than 10
attributes. In this approach, the presented set of profiles are varied and adapted based on the re-
spondents’ previous answers. In each section, only one or a few attributes were presented, therefore,
the respondents will not be overwhelmed by a lot of profiles at once (Orme, 2009).
In between those two approaches, the CBC analysis is often used to determine customer preferences.
It performs a unique form to present the profiles in a set of choices (Hair et al., 2013). The respondents
then are asked to choose one profile from this set of profiles, one of which their utility is maximized
(Rao, 2014). This approach has the most realistic approach to what happens in the real market, in
which the consumers do not always evaluate the complete competing products or services before
choosing the selected product or service. For this reason, the CBC analysis is used in this study. How-
ever, this approach also is far more complex in the process of generating the “efficient” designs that
are presented to the respondents. To overcome this complexity, statistical software is often employed
to determine the most efficient design.
Furthermore, there are two types of CBC. The first method is the stated choice CBC. This method is
able to present the choices into experimental condition to estimate the utility value of certain hypo-
thetical conditions (Fifer et al., 2014). Thus, even though the presented choices are not yet available
in the market, we can predict the possible users’ acceptance once the choices are available in the
market. The second method of CBC is the revealed choice CBC. This method aims to “reveal” the users’
utility value of the real and known conditions. In contrast to the stated choice model, in which only
captures what the respondents intend to do, this method is effectively able to produce the actual data
based on the respondents’ actual behavior (Louviere et al., 2000). As choices formed in the revealed
choice CBC are based on the real condition in the market, constructing a complete and exhaustive
revealed choice study sometimes needs a huge number of choice sets due to the attributes involved
in a real product might be varied. Moreover, in the real life condition, the attributes that build up a
product are often correlated, thus it will complicate the analysis and produce significant amount of
noise (Brownstone et al., 2000; Louviere et al., 2000).
Appendix 4.8. Choice sets configuration
Choice situa-tion
alt1.pdi
alt1.pba
alt1.es
alt1.es effect coding alt2.pdi
alt2.pba
alt2.es
alt2.es effect coding
alt1.s.e0
alt1.s.e1
alt1.s.e2
alt2.s.e0
alt2.s.e1
alt2.s.e2
1 0 0 270 1 0 0 1 1 270 1 0 0
2 1 1 270 1 0 0 1 0 180 0 1 0
3 0 1 180 0 1 0 0 1 90 0 0 1
4 1 0 180 0 1 0 1 0 90 0 0 1
5 0 1 90 0 0 1 0 0 270 1 0 0
6 1 0 90 0 0 1 0 0 0 -1 -1 -1
7 0 0 0 -1 -1 -1 1 1 0 -1 -1 -1
8 1 1 0 -1 -1 -1 0 1 180 0 1 0
Page | 180
Appendix 5.1 Multiple regression analysis of IUIPC and CFIP
IUIPC
Model Summaryd
Model R R Square Adjusted R Square Std. Error of the Es-
timate
1 .338a .114 .111 .94289579
2 .385b .148 .142 .92633185
3 .407c .166 .156 .91860837
a. Predictors: (Constant), FAC_ISR
b. Predictors: (Constant), FAC_ISR, FAC_IPPR
c. Predictors: (Constant), FAC_ISR, FAC_IPPR, FAC_AGRL
d. Dependent Variable: FAC_IUIPC
ANOVAa
Model Sum of Squares df Mean Square F Sig.
1
Regression 30.179 1 30.179 33.945 .000b
Residual 233.821 263 .889
Total 264.000 264
2
Regression 39.180 2 19.590 22.830 .000c
Residual 224.820 262 .858
Total 264.000 264
3
Regression 43.757 3 14.586 17.285 .000d
Residual 220.243 261 .844
Total 264.000 264
a. Dependent Variable: FAC_IUIPC
b. Predictors: (Constant), FAC_ISR
c. Predictors: (Constant), FAC_ISR, FAC_IPPR
d. Predictors: (Constant), FAC_ISR, FAC_IPPR, FAC_AGRL
Coefficientsa
Model Unstandardized Coeffi-
cients
Standardized
Coefficients
t Sig. Correlations Collinearity Statistics
B Std. Error Beta Zero-order Partial Part Tolerance VIF
1 (Constant) -1.001E-013 .058
.000 1.000
FAC_ISR .338 .058 .338 5.826 .000 .338 .338 .338 1.000 1.000
2
(Constant) -1.001E-013 .057
.000 1.000
FAC_ISR .242 .064 .242 3.760 .000 .338 .226 .214 .786 1.272
FAC_IPPR .208 .064 .208 3.239 .001 .320 .196 .185 .786 1.272
3
(Constant) -1.005E-013 .056
.000 1.000
FAC_ISR .184 .068 .184 2.693 .008 .338 .164 .152 .683 1.464
FAC_IPPR .170 .066 .170 2.579 .010 .320 .158 .146 .737 1.357
FAC_AGRL .155 .067 .155 2.329 .021 .316 .143 .132 .717 1.395
a. Dependent Variable: FAC_IUIPC
Excluded Variablesa
Model Beta In t Sig. Partial Correla-
tion
Collinearity Statistics
Tolerance VIF Minimum Toler-
ance
1
FAC_IPPR .208b 3.239 .001 .196 .786 1.272 .786
FAC_AGRL .199b 3.040 .003 .185 .765 1.307 .765
2 FAC_AGRL .155c 2.329 .021 .143 .717 1.395 .683
a. Dependent Variable: FAC_IUIPC
b. Predictors in the Model: (Constant), FAC_ISR
c. Predictors in the Model: (Constant), FAC_ISR, FAC_IPPR
Page | 182
CFIP
Model Summaryc
Model R R Square Adjusted R
Square
Std. Error of
the Estimate
Change Statistics
R Square
Change
F Change df1 df2 Sig. F Change
1 .502a .252 .249 .86676837 .252 88.397 1 263 .000
2 .564b .318 .313 .82909950 .066 25.441 1 262 .000
a. Predictors: (Constant), FAC_AGRL
b. Predictors: (Constant), FAC_AGRL, FAC_IPPR
c. Dependent Variable: FAC_CFIP
ANOVAa
Model Sum of Squares df Mean Square F Sig.
1
Regression 66.411 1 66.411 88.397 .000b
Residual 197.589 263 .751
Total 264.000 264
2
Regression 83.900 2 41.950 61.026 .000c
Residual 180.100 262 .687
Total 264.000 264
a. Dependent Variable: FAC_CFIP
b. Predictors: (Constant), FAC_AGRL
c. Predictors: (Constant), FAC_AGRL, FAC_IPPR
Coefficientsa
Model Unstandardized Coeffi-
cients
Standardized
Coefficients
t Sig. Correlations Collinearity Statis-
tics
B Std. Error Beta Zero-or-
der
Partial Part Tolerance VIF
1 (Constant) -1.010E-013 .053
.000 1.000
FAC_AGRL .502 .053 .502 9.402 .000 .502 .502 .502 1.000 1.000
2
(Constant) -1.007E-013 .051
.000 1.000
FAC_AGRL .383 .056 .383 6.817 .000 .502 .388 .348 .825 1.212
FAC_IPPR .283 .056 .283 5.044 .000 .444 .298 .257 .825 1.212
a. Dependent Variable: FAC_CFIP
Excluded Variablesa
Model Beta In t Sig. Partial Correla-
tion
Collinearity Statistics
Tolerance VIF Minimum Toler-
ance
1 FAC_IPPR .283b 5.044 .000 .298 .825 1.212 .825
FAC_ISR .180b 3.001 .003 .182 .765 1.307 .765
2 FAC_ISR .094c 1.529 .127 .094 .683 1.464 .683
a. Dependent Variable: FAC_CFIP
b. Predictors in the Model: (Constant), FAC_AGRL
c. Predictors in the Model: (Constant), FAC_AGRL, FAC_IPPR
Page | 184
Appendix 5.2 Cluster properties of data segregated based on demographic
variables
Page | 186
Appendix 5.3 Mean difference of the WTD vs. demographic Variables
wtd vs. self-efficacy
Report
FAC_WTD
split_sel Mean N Std. Deviation
1.00 .0054460 233 .99091280
2.00 -.0396535 32 1.07972631
Total .0000000 265 1.00000000
ANOVA Table
Sum of Squares df Mean Square F Sig.
FAC_WTD * split_sel
Between Groups (Combined) .057 1 .057 .057 .811
Within Groups 263.943 263 1.004
Total 264.000 264
wtd vs. previous experience
Report
FAC_WTD
split_pre Mean N Std. Deviation
1.00 -.0767909 75 1.02554382
2.00 .0303122 190 .99084270
Total .0000000 265 1.00000000
ANOVA Table
Sum of Squares df Mean Square F Sig.
FAC_WTD * split_pre
Between Groups (Combined) .617 1 .617 .616 .433
Within Groups 263.383 263 1.001
Total 264.000 264
wtd vs. education
Report
FAC_WTD
split_edu Mean N Std. Deviation
1.00 -.0820690 52 .92200533
2.00 .0200356 213 1.01917807
Total .0000000 265 1.00000000
Page | 188
ANOVA Table
Sum of Squares df Mean Square F Sig.
FAC_WTD * split_edu
Between Groups (Combined) .436 1 .436 .435 .510
Within Groups 263.564 263 1.002
Total 264.000 264
wtd vs. salary
Report
FAC_WTD
split_sal Mean N Std. Deviation
1 .1339180 166 .92735477
2 -.1576006 60 1.15912922
Total .0565237 226 .99980966
ANOVA Table
Sum of Squares df Mean Square F Sig.
FAC_WTD * split_sal
Between Groups (Combined) 3.745 1 3.745 3.793 .053
Within Groups 221.169 224 .987
Total 224.914 225
wtd vs. age
Report
FAC_WTD
age_split Mean N Std. Deviation
0 .0174011 212 .98997974
1 -.0696045 53 1.04592981
Total .0000000 265 1.00000000
ANOVA Table
Sum of Squares df Mean Square F Sig.
FAC_WTD * age_split
Between Groups (Combined) .321 1 .321 .320 .572
Within Groups 263.679 263 1.003
Total 264.000 264
wtd vs. dsex
Report
FAC_WTD
dsex Mean N Std. Deviation
0 -.0990818 111 1.05755228
1 .0714161 154 .95349033
Total .0000000 265 1.00000000
ANOVA Table
Sum of Squares df Mean Square F Sig.
FAC_WTD * dsex
Between Groups (Combined) 1.875 1 1.875 1.881 .171
Within Groups 262.125 263 .997
Total 264.000 264
Page | 190
