How Culture Affects Users' Privacy Concerns

The use of mobile cloud computing apps, or simply mobile cloud apps, has grown as we live more of our lives online. As we all keep more and more of our info on our devices, the need to seriously think about data privacy and security becomes more pronounced.

These mobile cloud apps have gained prominence in the past decade, as cloud computing moves data storage and processing from mobile devices to the cloud. However, this system does not come without risks, as research has found that over 43% of the top 100 mobile apps have severe vulnerabilities to potential hackers.

The need for security has become essential in light of these breaches, which can risk anything from home addresses and embarrassing childhood photos to more sensitive, protected personal information. Users often reassess privacy after adopting such apps when cloud breaches happen. This reassessment leads to potential app abandonment. Additionally, cultural differences can impact the users’ perceptions of privacy and institutional responsibility.

In “Does Culture Affect Post-Adoption Privacy Concerns of Mobile Cloud Computing App Users? Insights from the US, the UK, and India” by Rajiv Sabherwal, along with co-investigators Frederic Schlackl (HEC Montreal) and Hamid Reza Nikkhah (University of Nevada, Las Vegas), the researchers explore almost 2,500 individual responses from U.S., U.K. and India users about how culture influences post-adoption privacy concerns with mobile cloud apps and how these effects vary across the individual’s culture.

While most studies focus on how privacy concerns shape the initial adoption of an app, Sabherwal and his coauthors examine how privacy concerns play out after users have adopted the app and how larger cultural differences regarding privacy affect user retention rates after they have been using the app.

The Overlap of Culture and Privacy

When it comes to business leadership and information systems, culture can obviously be managed in many ways. New developments in technology have, however, changed the way firms and users behave. This digital era has called for a shift in our perspectives on agency, with a major move from a primary emphasis on human agency to perspectives accounting for human and technology agency. At the same time, the cultural background of users also plays a key role when it comes to how users interpret messaging from developers, privacy policies, and certifications. Borrowing from Geert Hofstede’s influential work on cultural dimensions, Sabherwal and his coauthors consider four cultural domains in their study:

• Collectivism/Individualism (COL): Societies that score high in collectivism show the group’s interests prevail over those of the individual. Individualistic societies have interests that prevail over the group and tend to live in nuclear families. Collectivist users may rely less on individual cost-benefit analyses than users from cultures that favor individualism.
• Masculinity/ Femininity (MAS): The gender roles of masculinity and femininity play a key component in the expectations of individual behavior. For example, in more masculine societies there is a focus on material success for men and modesty, tenderness, and a focus on a quality of life for women. These societies are often more willing to forgo privacy in favor of perceived benefits like app performance.
• Power Distance (PDI): Countries with high power distance often expect and accept unequal power in their institutions and organizations. A greater power distance often leads to decreased privacy concerns among individuals; in these societies, users simply trust formal authority more.
• Uncertainty Avoidance (UAI): This dimension refers to the extent that members of a culture feel threatened by ambiguous or unknown situations. For example, countries scoring higher in uncertainty avoidance have a greater need for predictability and structure, more written and unwritten rules, and more trust in the government. This dimension moderated privacy concerns in a mixed way: in high UA cultures, the app developers’ assurances had a strong impact, but these same assurances lowered the perceived value users felt.

Given that culture has such a pronounced impact on how users react to developers’ privacy messaging and policies, there is a strong need for techniques that ensure security and preserve user privacy based on those differences.

At the same time, though, services and assurances from developers on platforms are becoming more standardized. Vendors’ offerings gravitate toward a similar line of service modules, and variation between vendors is reduced. What remains important, though, is an understanding of the context in which communities utilize which digital objects.

For example, when WhatsApp updated its privacy policy to allow greater data sharing with its owner, Facebook, in 2021, it was framed as a routine clarification of its policy. The response from users in India was anything but routine, as the announcement swiftly triggered backlash and switching to alternative messaging platforms. The uniform assurances issued by WhatsApp backfired because India is a country with high levels of collectivism and uncertainty avoidance. In these cultures, users value institutional trust and transparency; since WhatsApp did not proactively communicate the implications of the policy change, user trust was undermined. The one-size-fits-all messaging ended up alienating users in the country that uses the app the most!

Firms should, simply put, vary their messaging when targeting users of different cultural experiences, such as users high in individualism (a trait common in North America, Western European, and Anglo-Saxon countries). When issuing messages to users in these cultures, designers and developers should emphasize the value that is provided to users. That said, when communicating to users from cultures high in uncertainty avoidance (which is pronounced in Latin America and the Mediterranean) and who thus react more strongly to risks, it is important to assure them that their data is safe.

Cultural Connections and Differences in Mobile Cloud Apps

Understanding how these different forms of culture and how messages about cloud technology interact becomes all the more important since mobile cloud apps are still progressing and being created. Firms should avoid policies and messages that are generic and do not account for cultural preferences. Different users across the globe necessarily have different privacy considerations based on their own cultural experiences.

Sabherwal argues that designers and developers should be transparent about their privacy practices, as institutional privacy assurances can positively influence users’ perceptions. The designers should also be aware of their targeted demographic in how they design and communicate their institutional privacy assurances. For example, uncertainty avoidance weakens how much perceived risk affects their intent to continue using the app. Messages and assurances to these cultures should thus emphasize risk reduction more so than value creation. 

Being aware of how different cultures react to different messages will allow developers to avoid issuing messages that prompt, rather than prevent, users switching to competitors’ apps. Firms should not only have strong and clear assurances and messages regarding privacy policies and certification, they should also tailor these assurances with the cultural values of their varied user bases in mind.