國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
14
may help to manage one’s social privacy. On the other hand, institutional privacy referred to how companies like Facebook Inc. and its partners and advertisers alike might use users’
personal data for benefits.
2.3 Theoretical framework: Communications Privacy Management (CPM) Theory Communications Privacy Management (CPM) Theory proposed by Sandra Peteronio (2002) served as a framework to see how individuals or collectives managed their privacy in different situations. More importantly, its goal was “to offer a theoretical perspective that [suggested] a way to understand the tension between revealing and concealing private information” (Petronio, 2007, p. 218). Given the paradoxical nature of a social networking site like Facebook, CPM was a suitable theoretical framework that could be used to look into users’ privacy management.
To begin with, Petronio (2002, p. 6) defined privacy as right-based “the feeling that one [had]
the right to own private information, either personally or collectively.” In other words, privacy was right-based. In addition, in order to achieve communication goals, people had to disclose certain private information in the process. The situation was even more so in an online environment such as online networking sites. Basically, there are five principles for CPM. Firstly, individuals or collectives believed they had the ownership to their private information. Secondly, due to their ownership to the private information, they had the right to control it. In order to strike a balance between revealing and concealing information, the individuals or collectives would set up zones to decide the permissible information flow.
CPM thus used the notion of “boundaries” as a metaphor to show the process of utilizing rules and managing one’s privacy. Thirdly, they used privacy rules to decide whether they would open the boundary to reveal information, or close the boundary to conceal information.
This was known as the process of boundary development. Fourthly, when individuals or collectives decided to reveal information, the ones they shared the information with were
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
15
Five primary principles
Ownership
Control
Boundary development Boundary coordination Boundary turbulence
Boundary management presumed as co-owners of that information. These co-owners would therefore follow the preexisting rules or negotiate a set of new rules, known as boundary coordination. Lastly, there was a chance that individuals and collectives would encounter boundary turbulence, characterized as a violation to the rules or disruption to the boundary coordination (Petronio, 2007, p.219). The five principles of CPM are illustrated as the following. (Figure 2.1)
Figure 2.1 Communications Privacy Management by Petronio (2002, 2007)
In order to understand how Facebook users in Taiwan managed their privacy on the social networking site, this thesis focused on the three latter principles of CPM: boundary development, boundary coordination and boundary turbulence. Altogether, these three tenets composed the boundary management process. For boundary development, there were some decision criteria that could have an impact on how individuals establish their rules. For instance, gender difference (Stutzman & Kramer-Duffield, 2010), age difference (Madden, 2012), cultural norms (Hsu, 2004), and the risk-benefit ratio for revealing and concealing private information (Krasnova et al., 2009; McKnight et al., 2011) would account for how individuals developed their boundaries to manage privacy.
Previous studies have found that gender was indeed a factor that would influence how the individuals set their rules for privacy. To be more specific, females tended to disclose less
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
16
personal information when compared to males (Stutzman & Kramer-Duffield, 2010;
Stutzman et al., 2011; Madden, 2012), female and younger users were also more likely to remove friends on Facebook (Madden, 2012). As for cultural norms, Hsu (2004) found out that Taiwanese and Chinese users tended to be more worried about improper data sharing and usage, whereas participants from the Netherlands and the U.S. were less concerned.
For the risk-benefit ratio, the privacy calculus model was used by various researchers to determine the trade-off between costs and benefits for people in regard to whether or not to disclose personal information. In the privacy calculus model, it assumed that people could have strong beliefs regarding the costs and benefits in information disclosure at the same time (Dinev & Hart, 2006). Krasnova et al. (2009) depicted that both perceived concerns and perceived benefits had significant influences on users’ decision regarding personal information disclosure, in which perceived likelihood of damage had a stronger impact on perceived concern than perceived damage itself. Meanwhile, Christofides et al. (2009) also suggested that privacy concerns and personal information disclosure may not be negatively correlated since disclosure and control of private information on Facebook may not be as directly related to cost and benefits. Instead, it could be a whole different process, and could be related to the individual’s personality. In addition, McKnight et al. (2011) proposed a more elaborated privacy calculus model which included “costs” like privacy concern and information sensitivity, and “benefits” like perceived usefulness and enjoyment to see how it affected users’ disclosure on personal information. Interestingly, the end results revealed that perceived usefulness and enjoyment did not positively influence information disclosure, while privacy concern did negatively influence information disclosure. In brief, the results of this study suggested that sometimes the reasons for personal information disclosure were not solely because of the fact that perceived benefits outweighed perceived privacy concerns.
For boundary coordination, it was when an individual or a collective decided who to share the private information with. People used privacy rules to determine whether to open up
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
17
or close their boundaries. Once individuals or collectives chose to reveal their private information, others became co-owners of that private information. In the context of Facebook, boundary coordination on Facebook could be executed via privacy setting control and privacy protection strategies. First of all, privacy setting control offered by the social networking site was only useful to provide users with a base point and a psychological sense of security (Liu et al., 2014). However, since one of the main motivations for users to use social media was to engage in social interactions with others, inevitably users would be disclosing personal and private information with others (Christofides et al., 2009). Therefore, aside from making use of the privacy settings, users were also found to utilize protection strategies such as social
“pruning,” namely deleting and un-tagging undesirable content about themselves, or removing Facebook friends were also frequent actions taken by users in U.S.A. (Madden, 2012).
However, the world was not a perfect place and rules could be broken, therefore there was a possibility of boundary turbulence. Boundary turbulence referred to the dynamic process in managing one’s privacy, in which turbulence was characterized as something that disrupted the coordination of privacy rules or when the privacy boundary was violated. For instance, boundary turbulence referred to the times when an individual had his identity taken over online, or experienced negative social consequences online. Boundary turbulence could then cause the decrease in trust, anger and uncertainty for sharing private information (Petronio, 2002). When there was an occurrence of boundary turbulence, the owners and co-owners of the private information needed to take actions in order to return to the boundary back to its original coordination.
To sum up, CPM encompassed three main tenets to examine the process in the rule-based management system and to look at the process of how privacy boundaries were set, managed and affected (Petronio, 2002). CPM was a theory detailing how people, either individuals or collectives believed they owned their private information. Since individuals
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
18
and collectives had the right to own their private information, they also had the right to control it. This was referred to as control and ownership of one’s privacy. Furthermore, in the boundary coordination process, there were also dialectical tensions, in which people, either individuals or collectives had to decide between how private or how open they wanted the boundaries to be when sharing private, personal information with others (West & Turner, 2007). Nonetheless, with the occurrence of boundary turbulence, or when the preexisting rule was disturbed, the individuals or collectives would try to renegotiate new rules for the boundaries to bring back the original order.
According to Petronio (2002), disclosing personal information did not mean giving up one’s privacy entirely, but only to a certain degree. Moreover, privacy management was not a purely individual process since people needed to coordinate collectively-owned boundaries.
In addition, though Facebook users may not have the absolute control over their privacy, they did have the choice, consent and power of correction to limit disclosure of information. As Tavani (2007) stated, individuals were entitled to privacy when they were “protected from intrusion, interference and information access by others” (p. 10) in regards to activities and storage of information in an online, computer environment.
Unlike the legal and classical views of privacy, from which a person’s right to privacy was defined by absolute and stable boundaries separating the “private” from the “public,”
privacy defined in CPM was a highly dynamic and situational process through which people maintained social distance with other individuals (Rotenberg & Solove, 2003; Liu et al., 2014). Since the introduction of CPM was a framework to understand how individuals managed their privacy, it had also been applied to many different situations. According to Hesse & Rauscher (2013), studies investigating privacy in the disclosure process using CPM had increased throughout the communication discipline and expanded to the online environment as well.
‧
國立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
19