E-privacy concerns: a facet theoretical approach

Abstract Although the ubiquitous use of smartphones and social media poses serious risks to the privacy of users, research is sparse regarding how users perceive these risks. We present a study investigating the perception of e-privacy risks, assuming that risk perception depends on context and situation, and employing a facet theory approach to define and analyze privacy risk perceptions. Specifically, we define three facets that characterize situations involving an e-privacy risk: Facet A refers to the type of data disclosed, distinguishing three types: a person’s identity information, information about health, and information about private activities. Facet B refers to the type of actor misusing the information, distinguishing between commercial organizations, public authorities, social networks, and criminal actors. Facet C distinguishes three kinds of harm that might be experienced as a consequence: financial loss, physical harm, and negative psycho-social experiences. Questionnaire items were constructed by creating fictitious but realistic scenarios, each representing a combination of one element from each facet, yielding 36 (3 × 4 × 3) scenarios. For each scenario, respondents rated the likelihood and the negativity of experiencing that scenario. Following the facet theoretical paradigm, item intercorrelations were analyzed via ordinal multidimensional scaling. Results from a representative survey among 500 adult Norwegians yield a distinct partitioning with respect to Facets A and B, called a radex configuration. Facet B (actors) shows an angular partition. Facet C (type of harm) yields a contrast of financial versus psycho-social harm. In sum, we conclude that our three-faceted definition provides a satisfying first approximation to people’s perception of privacy risks on the Internet while remaining open for extensions with additional facets.


Introduction
The ubiquitous use of the internet and of social media services has enabled individuals, companies, and public authorities to generate, store, process, and distribute personal data to an extent previously unknown.Such massive handling of personal data has made concerns about violations and abuse of private data a major research area (Acquisti, Brandimarte, and Loewenstein 2015) and a central topic for empirical studies in diverse domains and from different disciplinary perspectives (Bhatia and Breaux 2018;Dinev and Hart 2006;Gana and Koce 2016;Saetra 2020;Shahidi et al. 2022;Shariff, Green, and Jettinghoff 2021;Smith, Milberg, and Burke 1996).
Privacy has a long cultural history (Aries, Duby, and Veyne 1987;Westin 1967), and the concept of privacy in its modern sense has been studied by scholars from various backgrounds and applied to a diverse range of social life areas (Burgoon 1982;Nissenbaum 2010;Saetra 2020;Solove 2008;Stone et al. 1983;Zuboff 2015).A common premise of these different conceptions is that privacy is something to be protected.Threats to privacy may encompass physical privacy (e.g.overcrowded prisons), social privacy (e.g.traditional families), and information privacy.Information privacy can be defined as one's ability to control others' access to any piece of information about oneself, from one's address to one's sexual preferences (Bélanger and Crossler 2011).We specifically focus on information privacy as related to information available on the internet, primarily information distributed via the use of social media (SNS: Social Network Sites) such as Facebook, WhatsApp, and the like, but also via public administration websites, medical management sites, e-commerce platforms, and many others.We use the term e-privacy or ePrivacy (European Commission 2017), referring to privacy issues involving any digital data and communication system, particularly internet platforms and SNS as described above.
E-privacy can be thwarted and violated in many ways, ranging from abuse within social media to unauthorized usage for commercial purposes, to criminal cases such as identity theft and hacker attacks.Furthermore, in the digital economy, personal data have monetary value, and some argue that one should consider data a form of payment when using digital services (Elvy 2017).Many users may not be aware of this function of personal data, or if they are, they may not fully understand the complexity of data use and be unable to grasp the implications of trading private data for some kind of benefit (Nissenbaum 2019).Saetra (2020) argues that privacy is an aggregate public good and cannot be addressed individualistically.Nissenbaum (2011Nissenbaum ( , 2019) ) emphasizes that what counts as private data and what may or may not be made publicly available strongly depends on the context of data exchange.Depending on the context, different rules and norms apply when dealing with confidential information.For example, in a health context, people commonly trust their doctor and are willing to provide personal data, whereas in a business context, very different norms govern the transmission of information.We will draw on this contextual approach when defining relevant facets of situations involving threats to privacy.We are interested in which factors influence people's concern about privacy issues, especially concerns about the potential misuse of private information.
It seems obvious that people should be concerned about privacy issues and interested in keeping relevant information private and confidential while being fully informed and in full control of who may access their personal data.A so called privacy paradox has been observed in several studies, showing a gap between expressed concerns and actual behavior.In other words, when asked, people express a substantial degree of concern about and willingness to protect their data, but they mostly do not behave in a way that effectively protects their privacy (Acquisti, Brandimarte, and Loewenstein 2015;Ayres-Pereira et al. 2022; Brandimarte Acquisti, and Loewenstein 2013;Kokolakis 2017;Spiekermann, Grossklags, and Berendt 2001).It has been argued that the paradox disappears when the relation between attitudes and behavior is analyzed within an appropriate framework such as the theory of planned behavior (Dienlin and Trepte 2015), and when intention and behavior are matched with respect to specificity.A specific situation implies information about aspects such as type of confidential data, type of possible misuse, etc.Thus, people might be concerned about privacy in some situations but oblivious about privacy in others, depending on the context (Nissenbaum 2010(Nissenbaum , 2019)).
One reason for this inconclusive research evidence might be the lack of an appropriate theoretical definition of e-privacy that is sufficiently detailed to derive concrete situations and application contexts.Most attempts to define e-privacy derive from Westin's (1967) definition, which emphasizes the right of individuals "… to determine for themselves when, how, and to what extent information about them is communicated to others".This general definition, with its focus on individual control, might be too vague to be applied to the multitude of online contexts (Nissenbaum 2010(Nissenbaum , 2019; see also Solove 2008).Nissenbaum (2010Nissenbaum ( , 2019) ) in particular argues that online privacy is not fundamentally different from traditional privacy; the crucial distinction is not between the online and non-online domain but between different contexts, such as health/medicine, or friends/relatives, each with its own special rules and norms that regulate what should be kept private and confidential and what can be disclosed without concern.
This theoretical deficiency is also reflected in existing instruments measuring e-privacy.E-privacy concerns have been assessed predominantly via self-report scales (Bhatia and Breaux 2018;Buchanan et al. 2007).A problem in the literature is that, despite the construct's relevance, a common unifying framework for measuring it does not seem to have emerged yet.The scales that have been developed vary in terms of scope and dimensions.While some scales assess privacy concerns on a very general level (Hong and Thong 2013;Malhotra, Kim, and Agarwal 2004;Mwesiumo et al. 2021;Smith, Milberg, and Burke 1996;Stewart and Segars 2002), others focus on perceptions specific to particular devices or technical applications such as apps (Buck, Burster, and Eymann 2018).The number of dimensions also varies by study.For instance, whereas some scales identified dimensions such as concerns about data collections, errors, unauthorized access, and secondary use (Smith, Milberg, and Burke 1996;Stewart and Segars 2002), others focus on control factors and awareness of privacy practices (Malhotra, Kim, and Agarwal 2004).A recent review compared survey methods used to measure e-privacy concerns in experimental studies that examine causal relationships between e-privacy concerns and data disclosure decisions (Matre, Englund, and Ayres-Pereira 2021).The authors found that most of the studies analyzed used adapted versions of published scales, with wide variations in the number of items and content.Considering the multifaceted and context-dependent nature of the concept, it is relevant to develop measurement instruments whose items cover the multiple facets that potentially influence risk perceptions.In other words, surveys attempting to measure privacy concerns should address the different aspects and components about which people may be concerned and specify the specific context of application (Nissenbaum 2011).According to the review of Matre, Englund, and Ayres-Pereira (2021), although most of the analyzed items measuring privacy concerns inquired about the actions of some agent upon the users' data, less than half of them specified who the agent was.Those items that specified the agent referred to companies in general (social network sites, websites, and e-commerce) or individuals (referred to as "people", "others" or "somebody").Besides, only about a quarter of the items described which type of data was processed, and it was usually worded as abstract "personal information" or "personal data".Also, the items rarely specified the type of personal negative consequences that could arise from data disclosure.
A noteworthy advancement in the field is the work of Bhatia and Breaux (2018), who studied people's willingness to share private information as a function of several contextual factors such as data purpose, data type, likelihood of privacy violations, and presumed benefit of sharing private data.Specifically, Bhatia and Breaux (2018) constructed vignettes describing a situation in which a person might share private information on the internet by systematically combining different levels of the contextual factors.It was thus possible to identify under which conditions people are more willing to share information and when people are more likely to avoid sharing their private data.
Given the lack of an appropriately detailed theoretical definition of e-privacy and the resultant variability in e-privacy measurement instruments, our study aims to explore e-privacy risk perceptions.We assume that risk perception in the context of e-privacy depends on situational factors; we employ a facet theory approach (Guttman and Greenbaum 1998) to define and analyze these perceptions.In contrast to studies like Bhatia and Breaux (2018) that rely on regression models to predict privacy-related behavior, our primary goal is to determine the semantic structure of content facets by systematically varying the composition of relevant situations according to the facet elements (Shye 2014(Shye , 2015)).
Along these lines, we propose that e-privacy concerns refer to, or are respectively triggered by, specific situations and specific contexts.Rather than constituting a generic disposition of individuals to be more or less concerned about privacy in a broad sense or expressing a dispositional risk attitude towards privacy abuse, we assume that e-privacy concerns depend on the specific situational context involving four interconnected entities (Figure 1).We conceive of an e-privacy situation for concern as a connected structure in which some person using the internet makes data available (voluntarily or involuntarily), which can be obtained by some actor, who may subsequently cause some kind of harm to this person using the data in question.For example, a person using social media provides information about health issues to his or her online friends, which is used by a pharmacy company to sell ineffectual medication to that person, causing financial loss and possibly physical harm.Thus, the degree of concern a person experiences may depend on the genuine connection between personal data, particular actor(s), and subsequent harm.

A faceted definition of e-privacy concerns
Based on pertinent work (Acquisti, Brandimarte, and Loewenstein 2015;Bhatia and Breaux 2018;Dogruel and Joeckel 2019;Gstrein and Beaulieu 2022;Milne et al. 2017;Nissenbaum 2019;Schomakers et al. 2019), and derived from the situation model outlined above (Figure 1), we propose a faceted definition of e-privacy situations for concern with three facets: Type of data, type of actor, and type of harmful consequences.With this definition and the subsequent analyses, we follow a facet-theoretical approach as originally developed by Guttman (1954); for further advances and applications, see Borg and Shye (1995), Canter (1985), Guttman and Greenbaum (1998), Hackett (2021), Levy (2014), Shye (2015), or Solomon (2022).Facet theory provides a methodological framework that allows us to establish theoretical constructs that can be reliably based on empirical regularities.The theoretical framework is formulated as a so called mapping sentence (Figure 2), which defines the essential semantic-logical structure of the construct under study (the 'facets') and serves as a blueprint for constructing samples of specific items for empirical measurement.
Quantitative assessments of items constructed as systematic combinations of facet elements are correlated and subjected to ordinal Multidimensional Scaling (Borg and Groenen 2005).Regional patterns are then identified in the obtained multidimensional geometric space that correspond to the faceted definition (Cohen, 2014), Levy (2014), andShye (2015) describe typical patterns such as simplex, circumplex, and radex.If such a correspondence between the faceted definition of a construct and empirical patterns of items derived from the mapping sentence can be determined, the construct is regarded as representing a meaningful empirical regularity; in other words, it is maintained that facets are semantic distinctions that capture relevant empirical regularities.Examples come from intelligence research (Guttman and Levy, 1991), cultural studies (Ginges and Cairns 2000), quality of life research (Borg 1978), and environmental psychology (Böhm et al. 2019;Böhm et al. 2020); for a synopsis, see Shye (2015).
We suggest a faceted definition of e-privacy situations for concern comprising three facets: type of data, type of actor, and type of harm; consisting of three, four, and three elements, respectively.
Facet A refers to the Type of Data involved in the scenario.This facet consists of three elements: identifiers, health data, and data about one's private life.For example, identifiers can include credit card numbers or IP addresses, health data may encompass medical histories or data from body sensors, and private life data could involve sexual preferences or family problems communicated via social media networks.
We define data type as the kind of data in question; we refer to data that a person considers to be private and over which they demand control in terms of who may access these data and how the data may be used.As Nissenbaum (2011Nissenbaum ( , 2019) ) argues, what people consider private and are willing to share is to a great extent context-dependent.For example, in the context of a medical consultation, people may agree to giving information about health issues to their doctor and implicitly assume confidentiality.Similarly, if a person voluntarily shares family photos publicly on Instagram, the pictures are no longer private, and the person does not see them as strictly private data that can be misused by others.However, it is still possible that a third party accesses these photos illegitimately and thus creates a situation of concern.In our study, we focus on situations for concern and explicitly consider situations of data misuse.Similar to our study, Bhatia and Breaux (2018) included data type as a factor.They used data type to predict willingness to share and found significant effects in two studies.Data type was implemented as a mixed collection of specific information items, such as credit card number, home address, password, etc.; however, these items were not classified into superordinate categories as we did.In a related comprehensive study, Schomakers et al. (2019) report findings about people's sensitivity to 40 different data types.They found high sensitivities for identifying information and medical data and medium sensitivity for private information, such as sexual preferences or political affiliation.Notably, each and every of the 40 data types can be clearly mapped to one of our three elements of Facet A.
Facet B refers to the Type of Actor responsible for privacy violations.We distinguish four elements: a commercial actor (e.g. an online company), a public or governmental authority (e.g. a labor office), a member of one's social network (e.g.friends on Facebook), or a criminal (e.g. a hacker).This categorization is supported by a study by Dogruel and Joeckel (2019), who analyzed privacy risk perceptions and found four major domains perceived as risky and prone to privacy violations: governmental, criminal, commercial, and social.Nissenbaum (2019) also recognizes relevant actors, such as the recipient of confidential information, as core elements of the context that demarcate the norms and expectations of information transmission.
Facet C refers to the Type of Harm caused by privacy abuse.We distinguish three kinds of harm: financial loss (e.g.unauthorized purchases), physical harm (e.g.taking harmful medication), or psycho-social harm (e.g.social harassment causing psychological distress due to the disclosure of sexual or political preferences).There is limited research on the impact of negative consequences on privacy concerns.In one of the rare studies, Milne et al. (2017) investigated consumers' risk perceptions of personal data sharing and identified four risk categories: physical, psychological, monetary, and social.These correspond to our Facet C elements, only that we combined psychological and social into one facet element, 'psycho-social' harm.Privacy harm is also one of the factors used by Bhatia and Breaux (2018) to predict willingness to share information; examples of harms used in their scenarios were surveillance, induced disclosure, or appropriation.Although analogous to our harm categories, Bhatia and Breaux (2018) focus on unintended consequences of sharing private information (e.g.surveillance or disclosure), whereas we focus on subjectively experienced personal losses or detriments (e.g.harassment as a result of disclosure).

Item construction and response scale
The mapping sentence defines three content facets: data, actor, and harm.The person facet defines the person experiencing the situation as an individual randomly selected from some population, and the range facet defines the common meaning under which corresponding situations are evaluated.The combination (the Cartesian product) of the three content facets yields 3 (data) × 4 (actor) × 3 (harm) = 36 types of situations.For example, a situation in which a criminal (actor) uses an identifier (data), which causes psychological distress (harm) for the person.Such a combination is called a structuple (Shye 1998) and can be viewed as an abstract depiction of a situation for concern.A particular instance of a structuple is then a description of a concrete scenario with the facet elements specified.Theoretically, the number of conceivable instances for a structuple is unlimited, and each specific set of items is just a sample from the universe of possible items.For each of the 36 structuples derived from the mapping sentence, one concrete scenario was constructed (see Appendix), yielding 36 items representing 36 specific scenarios of e-privacy violations.
Participants rated each item on two eleven-point scales: a likelihood scale ("How likely do you think it is that this happens to you?") ranging from 0 (not likely at all) to 10 (very likely), and a negativity scale ("How negative would it be if this happened to you?") ranging from 0 (not at all negative) to 10 (very negative); we presume a priori that such a situation cannot be experienced as positive.

Sample and data collection
A representative sample of 502 participants, drawn from a Norwegian panel, responded to all 36 items (in randomized order), as well as a few additional demographic questions.Of the participants, 51.2% were female, 48.8% were male, and the mean age was 48 years.
Data collection was carried out by the commercial research company YouGov and was based on their Norwegian online panel.

Analysis
First, we report results concerning differences between the mean ratings for the elements of each facet, pointing out differences and indicating those elements that cause the most concern.Since we have no pre-specified hypotheses, these findings are mainly descriptive.
Second, we focus on our main research question and report the results from various multidimensional scaling analyses based on item correlations; we examine the configurations of items highlighting the kind of regional patterns that could (or could not) be identified with respect to the faceted definition.
We restrict our analyses to the negativity ratings because the likelihood ratings were all quite low and yielded no structural regularities.Obviously, the majority of participants considered all scenarios as rather unlikely.Also, likelihood judgments have been proven to be notoriously difficult in the literature (Morewedge and Kahneman 2010;Reyna 2004), and attempts to construct psychologically sound likelihood measurements are preliminary at best (Bhatia and Breaux 2018).

Mean differences
Table 1 shows the means of each facet element for all three facets.The overall mean of negativity ratings across all 36 items is M = 6.53 (SD = 3.31).For Facet A, a situation involving an identifier as data type is rated as most negative; for Facet B, a situation involving a criminal as an actor is rated as the most negative; and for Facet C, physical harm is rated as the most negative type of harm.Descriptively, the differences appear rather small.A repeated measurement analysis of variance with the three facets as independent variables yields significant main effects as well as significant interactions (Table 2).Pairwise post-hoc comparisons show that only Health

Structural analyses
As mentioned earlier, we do not use the likelihood ratings.All structural analyses are thus based on the negativity ratings only.The likelihood scale turned out to have very low mean values, small variances, and uninterpretable covariances; the vast majority of respondents judged the scenarios as very unlikely.
As a measure of similarity, we used the product-moment correlation coefficient.using a non-metric coefficient such as Guttman's monotonicity coefficient  (Guttman 1986) yields virtually identical results.

Item-level MDS analysis
A distance matrix was constructed based on the correlations between all 36 items.The correlation r ij between two items i and j was converted to a dissimilarity d ij according to d r ij ij = − 1 .The complete dissimilarity matrix was submitted to ordinal multidimensional scaling (Borg and Groenen 2005;Mair, Groenen, and De Leeuw 2022), and a two-dimensional configuration was used for interpretation.Goodness-of-fit is acceptable (Stress-1 = 0.203), and a permutation test (Mair, Borg, and Rusch 2016) yields a median stress value of S = 0.327.A one-sided test with  = .01yields a critical value of 0.308, indicating that the observed stress value is significantly smaller than would be expected for random data.
With 36 items, regional patterns for facet elements are difficult to detect in a two-dimensional plane.For this reason, and for the sake of parsimony, we do not show the configuration based on all 36 items.To obtain a more succinct and less noisy result, we perform a series of MDS analyses on aggregated structuples with a focus on two facets at a time, averaging across the remaining third facet; this yields three analyses showing the partial structure of Facets A and B, of B and C, and of A and C, respectively.

Facets A and B: type of data and actors
Structuples resulting from the combination of Facet A and Facet B, aggregated across Facet C, denote the combination of the Type of Data facet and the Actor facet, resulting in 3 × 4 = 12 variables.Note that these structuples do not represent concrete situations but correspond to abstract situation types, constructed by averaging across the three elements of Facet C (Type of Harm).Computation of the dissimilarity matrix was done as described above; an ordinal MDS yields a two-dimensional configuration with Stress = 0.122 (significantly smaller than the critical value of 0.142,  = .01,according to a permutation test).Figure 3 shows the configuration with a superimposed radex pattern.With respect to Facet A, the configuration can be partitioned into three circular layers: Identifier data (A1) located in a central region, health data (A2) located in an intermediate region, and private life data (A3) located in the periphery.Facets corresponding to this kind of circular regionality are called radial facets (Shye 2015).
A different pattern emerges with respect to Facet B. Its elements can be separated by straight lines, forming wedge-like regions originating from a common origin.From left to right, we find commercial actors (B1), social network actors (B3), criminal actors (B4), and authorities (B2).Facets forming this kind of circularly ordered sectors are called angular facets; superimposing a radial and an angular facet yields a radex configuration (Guttman 1954).With respect to Facet B, there is one deviating structuple A1B4 (identifier-criminal) located in the lower right.
Identifier data (A1) are located in the center, indicating high similarity among all A1 structuples.Health (A2) and private life (A3) data are less homogenous and more differentiated depending on Facet B (the type of actor involved).In particular, we may conjecture that health and private life, though separable, constitute a common region, with health forming a special sub-concept of private life.For Facet B (actors), the configuration implies that the actors are ordered: from commercial to social to criminal to authorities.We will consider possible explanations in the discussion section.To corroborate these empirical regularities, Figure 4 depicts, for each facet, the convex hull for each of its facet elements; for Facet A, the convex hulls show a nested structure typical for a radial facet, and for Facet B, the convex hulls are practically non-overlapping, confirming the angular pattern.
To summarize, we propose that the conceptual structure, as defined by Facets A (Type of Data) and B (Actors), could be sufficiently substantiated by regional patterns corresponding to facet elements in a regular fashion (Shye 1998(Shye , 2014(Shye , 2015)).It should be noted that identifying regional patterns is different from a dimensional interpretation; regional patterns are invariant to rotations and translations of the coordinate system, and we thus do not attribute any intrinsic meaning to the two dimensions; they are used merely as auxiliary axes to embed the configuration of structuples in Figures 3 and 4.

Facets A and C: type of data and type of harm
Aggregating across Facet B (Actors) generates nine structuples combining Facet A (Type of Data) and Facet C (Type of Harm).An ordinal MDS analysis on the dissimilarity matrix yields a two-dimensional configuration with Stress = 0.074, which falls within the 99% interval [0.023, 0.203] of stress values compatible with a random distribution (permutation test).This means that the stress value is not significantly lower than what would be expected for a random configuration.Yet, it is important to note that the number of structuples in this configuration is relatively low, so low stress values are to be expected even for random configurations.
We provide a regional separation in Figure 5, as well as the convex hulls of facet elements in Figure 6.Facet C, Type of Harm, can be clearly separated into radial regions, with C3 (psycho-social harm) as an inner region, C1 (financial harm) forming a small intermediate region, and C2 (physical harm) in the outer area.With respect to Facet A, Type of Data, a separation is only possible by opposing A1 (identifier) from a common region containing A2 (health) and A3 (private life) structuples; this confirms the pattern observed in the analysis of the AB structuples that health data and private life data are closely connected.The convex hull representations in Figure 6 validate this partitioning.While the configuration is based on only nine points, we see the result as supportive of the conceptual validity of Facet C, and partly of Facet A.

Facets B and C: type of actor and type of harm
We proceed with Facets B (Type of Actor) and C (Type of Harm) in an equivalent way: The dissimilarity matrix of 4 × 3 = 12 structuples, after averaging across Facet A, was input to an ordinal MDS analysis, yielding a Stress = 0.136 for the two-dimensional solution.This stress value is significantly lower, according to a permutation test, than the critical lower value of 0.151 ( = .01),rejecting the null hypothesis of a random pattern.
For Facet B (actors), we find a clear separation for B1 (commercial), opposed to B3 (social network); in-between, the B2 (authorities) and B4 (criminal) elements are not separable (Figure 7).For Facet C (Type of Harm), the facet elements can be partitioned into a tripartite pattern, with C1 (financial harm) in an intermediate position, and C3 (psycho-social harm) and C2 (physical harm) located adjacently to the left and right, respectively.
The convex hull representation (Figure 8) highlights this regional pattern, being reminiscent of a circumplex going from physical to financial to psycho-social harm, possibly indicating an ordering from severely harmful to less harmful.
Table 3 provides a summary of the main results.Overall, we find supporting evidence for all facets, albeit with some restrictions.Concerning Facet A (Type of Data), it turns out that health and private life are not consistently separable as well-defined regions.Regarding Facet B (Type of Actor), results suggest that commercial and social network actors constitute distinct concepts, but authorities and criminal actors partly overlap and intersect with the other facet elements.

Discussion
Psychological research on e-privacy focuses on the following research questions: a) What determines people's perceptions of the risk of abuse of their personal data on the internet?b) What    are the relevant factors of concern about violations of e-privacy?and c) How do people behave when they are concerned about their personal data?Previous research in this field has suffered from a lack of a theoretically coherent and empirically validated definition of e-privacy concern.
Key studies toward such a definition include Nissenbaum (2011Nissenbaum ( , 2019) ) and Bhatia and Breaux (2018).using a facet theory approach, we propose an empirically supported contextual definition of e-privacy situations for concern.That is, we propose a definition of what constitutes an e-privacy situation for concern for internet users and present empirical evidence that provides support for this proposal.The definition is cast in the form of a mapping sentence, a core concept of facet theory.The mapping sentence we propose comprises three facets that we assume represent three major components of a situation for concern: The type of data involved in the situation, the type of actor who is responsible for the violation of e-privacy, and the type of harm caused by the violation.In facet theory, facets represent the essential categorical distinctions of the phenomenon under study.The elements of a facet represent possible realizations of that category; here, the three elements of data type are identifier, health data, and private life information, the four elements of actor type are commercial, authorities, social network, and criminal, and the three elements of harm are financial, physical, and psycho-social harm.
The faceted definition serves as a template to construct scenario vignettes; combining all 3 × 4 × 3 elements yields 36 structuples, that is, possible types of situations.Each scenario constitutes an item and can be viewed as a concrete instance of a structuple.Each item was assessed by participants with respect to its perceived negativity and likelihood.On average, the scenarios were perceived as highly unlikely but very negative.Due to the consistently low likelihood ratings, we exclusively focused on negativity ratings in our analyses.Mean differences of facet elements in negativity are significant, but effect sizes are small.Following standard facet analysis, we focus on structural similarities between scenarios, that is, on item inter-correlations, rather than on mean differences.A series of ordinal multidimensional scaling analyses on the correlations between aggregated structuples yields largely confirming evidence for the proposed faceted definition.For each of the three facets, we find corresponding partitions in the MDS configurations (see Table 3), with very few misplacements and generally low stress values, indicating a good fit of the solutions.
Consistent segmentations can be identified for Facet A (Type of Data); specifically, a radial partition is obtained when analyzing aggregates of Facet A and Facet B (Type of Actor).Identifier data are located in the center, with health data and private data stratified towards the periphery.In combination with Facet B, which shows a clear angular partition, a typical radex structure is obtained.A radial partitioning is also found for Facet C, with financial harm in the central region and physical and psycho-social harm forming more outer segments.We interpret these findings as strong support for the validity of the three-faceted definition of e-privacy situations with respect to people's concern about violations.
However, there are a few misplacements of specific elements that suggest modifications of the definition and, consequently, the mapping sentence.Concerning Facet A, health and private life data are not consistently separated.It seems plausible that people's perception of health data is, in fact, such that they are an intrinsic part of their private life, indistinguishable from other personal information concerning the negativity of misuse.For further research, we suggest a simplification of this facet, involving only two elements: formal identifiers and information about one's private life, including health issues.
A more surprising finding is the non-separability of two elements of Facet B (Type of Actor): authorities and criminals.Possibly, infringements of e-privacy by authorities and criminal actors trigger the same preconceptions of social trust.Norway is generally a country with high social trust, and trust in the government is also generally high (Schmidthuber, Ingrams, and Hilgers 2021;Stein, Buck, and Bjørnå 2021).Criminal activities may thus collide with people's default expectation that fellow human beings are basically trustworthy; public authorities and administrations are considered prominently trustworthy, so even minor irregularities in administrative procedures may strongly disappoint citizens' beliefs.While criminals and authorities may be similar in this respect, we do not propose to fuse public administration and criminals into one element, as they are obviously qualitatively different in other respects, such as legitimacy.A theoretical effort is needed to reformulate the relevant elements that make up the category of actors in the context of e-privacy violations.One possibility is to introduce a further facet, namely, distinguishing between the actors themselves, and adding a facet that specifies the actor's intention.This new facet could distinguish whether the misuse of the data and resulting harm to the person is intended by the actor or not.The facet might consist of two elements, distinguishing wicked and vicious intentions, as they are arguably typical for criminals, from negligence and thoughtlessness, which might arguably be more applicable to public servants or members of one's social network.A related extension would be to include expected benefit as an additional facet (Bhatia and Breaux 2018), as the intended use of personal data typically conveys whether any benefits can be expected for the person.
A major advantage of facet theory is that it naturally lends itself to theoretical modifications and improvements, as well as empirical replications.Based on the current empirical findings, facets can and should be added (or removed), and facet elements reconsidered.Possible candidates include factors such as risk likelihood and data purpose, as studied by Bhatia and Breaux (2018), who found significant effects on willingness to share one's private data depending on the indicated likelihood of privacy misuse and the purpose of collecting private data, for example, to counteract terrorism.However, we want to emphasize that unlike Bhatia and Breaux (2018) or other studies based on regression models to predict privacy-related behavior, we are interested in determining the semantic-logical structure of content facets that constitute situations of concern.That is, our aim is to define and empirically validate the aspects that are psychologically relevant aspects of e-privacy situations.Following Nissenbaum's theory of contextual integrity (Nissenbaum 2010(Nissenbaum , 2019)), we postulate that privacy behavior is largely controlled by contextual factors and rules, and that these factors are systematically structured and rooted in psychological processes of judgement and evaluation.
The facet theory approach, and in particular the mapping sentence, allows for genuine cumulative scientific progress (Guttman and Greenbaum 1998;Hackett 2021;Shye 2015).Generally, replication attempts can take two forms: The Person facet usually refers to a random sample from some population, and it is, in principle, easy to replicate with another random sample or with another prespecified population, using the same items.Another form of replication refers to the items representing the structuples.As outlined above, a structuple, say, A1B1C1 (a commercial actor misuses identifier data and causes financial harm), serves as a template to construct concrete scenarios, where the elements are specified in a way that generates a plausible concrete situation.Thus, each set of scenarios is just a sample from the theoretically infinite universe of structuple instantiations, and a replication using a different and new set of scenarios constitutes a straightforward and rigorous test of the faceted definition.Both lines of replication are fruitful and beneficial for cumulative research.You attend a sex party.a criminal network hacks the list of participants and threatens to publish it.They expose you to extortion, which is psychologically distressing.

Figure 1 .
Figure 1.elements and connections of an e-privacy situation of concern.

Figure 3 .
Figure 3. Two-dimensional configuration of twelve structuples representing facets a and B, aggregated across facet c. stress = 0.122.regional separation lines (radex) superimposed (for structuple descriptions see the mapping sentence in figure 2 and the complete wording of the items in the appendix).

Figure 4 .
Figure 4. (a) facet a elements with convex hulls; (b) facet B elements with convex hulls.

Figure 5 .
Figure 5. Two-dimensional configuration of nine structuples representing facets a and c, aggregated across facet B. stress = 0.073.regional separation lines (radex) superimposed (for structuple descriptions see the mapping sentence in figure 2 and the complete wording of the items in the appendix).

Figure 6 .
Figure 6.(a) facet a elements with convex hulls; (b) facet c elements with convex hulls.

Figure 7 .
Figure 7. Two-dimensional configuration of twelve structuples representing facets B and c, aggregated across facet a. stress = 0.136.regional separation lines superimposed (see the mapping sentence in figure 2, for the complete wording see the appendix).

Figure 8 .
Figure 8.(a) facet B elements with convex hulls; (b) facet c elements with convex hulls.

Table 1 .
Means of negativity ratings of facet elements for each facet.Private Life do not differ significantly (Facet A), whereas all other comparisons yield significant differences (p < .01,Tukey adjustment for multiple comparisons).Effect sizes are very small, with Facet B (Type of Actor) yielding the largest effect (partial eta-squared is .233).
Note. each facet element mean is computed as the average across all other facets.and

Table 2 .
repeated measurement anoVa with negativity rating as dependent variable.

Table 3 .
summary of MDs analyses of aggregated structuples.

). Original text is in Norwegian, English translation added
advertisement company picks up on your political stance in social media and they send you advertisements for merchandise related to your party.You spend a lot of money on merchandise.a3B1c2 Du kjøper produkter fra en nettbutikk for å støtte et politisk parti.uten å vaere klar over det, samtykker du til å bli brukt i reklamer.Dette resulterer i at du blir fysisk trakassert av velgere fra et annet parti.You buy merchandise from an online shop to support a political party.unbeknownst, you agree to being used in ads, resulting in you being physically harassed by opposing voters.a3B1c3 Du velger seksuell orientering i en dating app.Basert på denne informasjonen blir du i appen eksponert for reklame om hurtigtest for hiV.Du blir svaert urolig.You select your sexual orientation in a dating app.Based on this information the app exposes you to advertisements of a rapid test for hiV.This causes you a lot of distress.a3B2c1 sykepengene du mottar fra naV blir trukket tilbake som følge av at saksbehandleren din ser på facebook at du er på ferie utenfor eØs, uten å ha meldt ifra på forhånd.The sickness benefits you receive from the norwegian labour and Welfare administration (naV) gets withdrawn as a result of your case worker seeing on facebook that you are on vacation outside of the eea, without having reported it in advance.a3B2c2 Politiets nettpatrulje overvåker din sosiale medier-aktivitet og du blir mistenkt for narkotikahandel, selv om dette ikke stemmer.under pågripelsen blir du redd og prøver å flykte, men du blir raskt overmannet og skades i sammenstøtet.a police task force tracking social media activity, finds a picture that puts you under suspicion of drug dealing, although this is not actually true.During the arrest you become frightened and try to flee the scene, but you're quickly overpowered and get injured in the process.a3B2c3 Du deler utfordringene du erfarer som aleneforelder i sosiale medier.Barnevernet identifiserer deg og begynner å undersøke om du er egnet til å vaere forelder.Dette stresser deg.You share the struggles that you are experiencing as a single parent on social media.child welfare identifies you and starts investigating if you are fit to be a parent.This stresses you.a3B3c1 På bursdagen din deler en venn en video i sosiale medier der du er full.sjefen din ser videoen og du mister mulige bonuser fordi du har opptrådt uprofesjonelt.På grunn av tap av inntekt opplever du økonomiske utfordringer.When your birthday comes around, a friend posts a video on social media of you being drunk.Your boss sees the video and you lose potential bonuses for appearing unprofessional.Due to the loss of income, you experience financial hardship.a3B3c2 Du endrer sivilstatus på facebook og tagger kjaeresten av samme kjønn.en som er venn med deg på facebook har sterke meninger om homofili og slår deg ned neste gang de møter deg på gata.You change your relationship status on facebook and tag your same-sex partner.one of your facebook friends have strong opinions about homosexuality, and attack/ assault you the next time they see you in public.a3B3c3 familiemedlemmer tagger deg i bilder fra en religiøs begivenhet.Vennene dine unnlater å invitere deg til sosiale sammenkomster og fester på grunn av din religiøse tro.You are tagged in photos from a religious event by your family members.Your friends avoid inviting you to social gatherings and parties because of your religious beliefs.Du deler dine seksuelle preferanser med en venn i en meldingsapp.en kriminell hacker appen og truer med å dele meldingene med mindre du betaler 10 000 kr.Du betaler.You share your sexual preferences with a friend in a message app. a criminal is able to hack the app and threatens to share the messages unless you pay 10 000 kroner.You pay.a3B4c2 Du trykker "skal" på et pride-arrangementet i sosiale medier som alle kan se.en kriminell gruppe peker ut de som er på deltagerlisten og banker dem opp.You click the "attending" button on a Pride-event on social media, available for everyone to see. a criminal group targets people on the attending list and assaults them.a3B4c3 Du har deltatt på en sexfest.et kriminelt nettverk hacker listen over deltakere og truer med å publisere den.De utsetter deg for utpressing, noe som er psykisk belastende. an