CARNEGIE MELLON (US) — When people get more privacy controls online, they share more sensitive information with larger, and possibly riskier, audiences, a new study shows.
“We found there was a paradox of control. People who felt more in control of their information took more privacy risks more often,” says Alessandro Acquisti, associate professor of information technology and public policy at Carnegie Mellon University.
“They felt more empowered and more in control of their personal information. But once the information is online, users can’t control what people do with it.”
The study investigated how people respond when given control over their personal information, allowing them to choose how much to reveal about themselves.
Published in Social Psychological and Personality Science, the findings have important public policy implications. Some privacy experts have called for providing users with more controls as a way to protect their information, but this research suggests that such policies could backfire.
“Our research shows that such self-regulation may still leave users vulnerable to privacy risks,” says co-author Laura Brandimarte.
As part of the research, three studies were conducted with a total of 600 participants across several populations. Two studies examined the impact of increasing or decreasing control over the release of information, while the third study manipulated control over access (but not usage) of information.
All three studies showed that increasing perceived control over release or access of personal information can cause people to experience an illusory sense of security, and as a result, release more information.
“The conventional wisdom is that control over personal information implies protection,” says co-author George Loewenstein, professor of psychology and economics. “Our results provide evidence that control over personal information may be a necessary but not sufficient condition for privacy protection, and can even produce perverse effects.”
Source: Carnegie Mellon University