The Nature of Risk and the Privacy Calculus


Case studies

The main work in this project would consist of case studies with respondents selected from a stratified group of UK users representing different social profiles (age of adult, gender, social class, location) to gain insight into the multiplicity of online interactions and the potential points of exposure to risk.  Respondents will be recruited by promotions to community groups representing different profiles.  A quota system will be used to select individuals representing a wide range of online service users in the UK.

The case studies will be based on observation of online interactions and commentary on online transactions logged over a fixed period (a one-weekperiod is suggested).  During the early stages of the research project different monitoring techniques will be tested including widely-available, commercial monitoring software such as ActivTrak, SpyAgent or WebWatcher.  Alternatives such as use of cookies and browser histories will also be explored.  Because of the potential sensitivity of this approach respondents will be briefed so that they are able to give informed consent.  Transaction log data will be anonymised and will be kept securely.  Respondents will have the opportunity to review the transaction logs with the researcher and will be free to withdraw from the study at any time.  If they withdraw any data gathered from them will be destroyed securely and will not be included in the study.

The transaction logs will be examined to identify points at which personal data is disclosed or exchanged and the nature of the interactions where personal data is disclosed.  Users will be invited to comment on the individual analyses so that the context is clear.  As this is an intensive activity and a novel approach, the study will involve approximately 20 respondents from around the UK.

The outcome will be a detailed analysis of the types of risk that users are exposed to when they disclose personal data online.

Literature analysis

A preliminary literature review will identify key areas for further investigation.  Throughout the project the literature will be actively monitored and analysed.  There is an established literature on privacy calculus and related issues such as the privacy paradox[1].  The literature analysis will extend the scope of the literature review to include domains such as engineering, insurance industry and the health and safety sector.  They all deal with risk and attempt to quantify risk in terms beyond those of personal perception.

Interviews with subject experts

A selection of experts in different sectors will be interviewed with attributions (were consent is given).  This is intended to throw light on the way in which other sectors conceptualise and measure risk.  This will feed into the development of a typology of online privacy risks.

Risk ontology

One of the original outcomes envisaged by this research was a typology of risk.  During the research and literature investigation it has become clear that a simple typology or taxonomy would not be sufficient to capture the complexity of relationships between risks concepts.  An ontology of risk is therefore being developed to allow greater flexibility in the definition of relationships and to adopt approaches used in the semantic web.  Synaptica’s Graphite system is being used to develop the ontology and the NodeXL system is used to generate graphical outputs.  The ontology will eventually be tested against data extracted from online sources.


Towards the end of the project a one-day seminar will be organised with respondents from SNS providers, regulators, academics and researchers in the field.  This will be an opportunity to test initial findings and to begin dissemination.  It will also help to establish an agenda for future research and to cement links with other interested parties for further collaboration.  It is anticipated that 15-20 people would attend the seminar.

The seminar will include presentation of preliminary results, invited contributions to set the agenda and structured workshops to finalise the typology of personal risk and to prioritise those risks in terms of probability and impact.

[1] The privacy paradox occurs when, despite reservations about disclosure, users release sensitive personal data in order to gain access to online services

Comments are closed.

Find us

City, University of London

Northampton Square

London EC1V 0HB

United Kingdom

Back to top

City, University of London is an independent member institution of the University of London. Established by Royal Charter in 1836, the University of London consists of 18 independent member institutions with outstanding global reputations and several prestigious central academic bodies and activities.

Skip to toolbar