Next Article in Journal
Post-Quantum Authentication in the MQTT Protocol
Previous Article in Journal
VEDRANDO: A Novel Way to Reveal Stealthy Attack Steps on Android through Memory Forensics
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JCP
Volume 3
Issue 3
10.3390/jcp3030020
jcp-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

How to Influence Privacy Behavior Using Cognitive Theory and Respective Determinant Factors

by
Ioannis Paspatis
* and
Aggeliki Tsohou
Department of Informatics, Ionian University, 49100 Corfu, Greece
*
Author to whom correspondence should be addressed.
J. Cybersecur. Priv. 2023, 3(3), 396-415; https://doi.org/10.3390/jcp3030020
Submission received: 6 June 2023 / Revised: 10 July 2023 / Accepted: 13 July 2023 / Published: 17 July 2023
(This article belongs to the Section Privacy)
Browse Figures
Review Reports Versions Notes

Abstract

:
Several studies have shown that the traditional way of learning is not optimal when we aim to improve ICT users’ actual privacy behaviors. In this research, we present a literature review of the theories that are followed in other fields to modify human behavior. Our findings show that cognitive theory and the health belief model present optimistic results. Further, we examined various learning methods, and we concluded that experiential learning is advantageous compared to other methods. In this paper, we aggregate the privacy behavior determinant factors found in the literature and use cognitive theory to synthesize a theoretical framework. The proposed framework can be beneficial to educational policymakers and practitioners in institutions such as public and private schools and universities. Also, our framework provides a fertile ground for more research on experiential privacy learning and privacy behavior enhancement.

1. Introduction

With the evolvement of technology, such as internet-connected wearables, enhanced reality, mobile devices, and the intrusion of social media in our lives, our individuality is constantly exposed. Data are retrieved from companies and individuals in many ways and sometimes even without our knowledge, for example, from the Internet of Things devices (IoT) [1] or even when we self-expose ourselves to social networks [2,3]. Self-exposed behavior may have a significant negative effect on individuals’ lives, and Information and Communications Technology (ICT) users may find themselves as victims of thieves, scams, or impersonation. At the same time, third parties can use personal data in their favor in many ways such as to manipulate voting opinions [4] or manipulate buying behavior through targeted advertising practices [5,6]. Thus, ICT users are vulnerable to privacy breaches, data misuse, and unauthorized access to their personal information.
In the last decade, the research on what influences privacy behavior showed a significant increment. Researchers, software houses, information security providers, and individuals are trying to find ways to enhance ICT users’ privacy behaviors. Various studies have shown that ICT users state that they care about their personal data, but they still disclose a vast amount of personal information when using internet-connected devices [2,3]. Many academics recognize this phenomenon as a “privacy paradox” [7,8,9,10]. Several studies have tried to identify the reasons behind ICT users’ privacy behaviors, identifying psychological, sociological, and behavioral factors for their actions [7,8,9,10]. Many researchers found various factors that influence privacy behavior, and thus, if we alter these factors we may influence ICT users’ privacy behavior actions, such as personal information disclosure, the application of privacy-protective controls, or the configuration of privacy settings.
From the above, we identify a necessity to confront these two issues. First, we need to understand what affects privacy behavior, and second, it will be beneficial to understand how to influence ICT users’ protective privacy behaviors. To address the first issue, we conducted an in-depth literature review on the factors affecting privacy behavior. Our recent research [11] showed that behind ICT users’ privacy behaviors, there are eleven dominant factors, including privacy concerns, trust, awareness, and others (further analyzed in Section 5). This research aims to investigate the underlying factors that influence individuals’ privacy-conscious actions in the digital realm, as well as to explore effective interventions to promote such actions. In addition, we laid the groundwork for extending our research to the utilization of these factors for enabling privacy-protective behaviors and thus address the second issue. Understanding how to promote human behavior change is crucial for several reasons. First, technological advancements alone cannot ensure adequate privacy protection, as the success of privacy measures ultimately depends on the users’ behaviors. Second, a significant number of privacy incidents can be attributed to an individual’s lack of awareness, knowledge, or motivation to consciously adopt privacy actions. By investigating how human behavior can be effectively changed, this study can contribute to the development of strategies and interventions that address these underlying factors and thus lead to improved privacy behavior [12,13,14,15]. To address this research gap, this study explores theoretical frameworks, empirical studies, and interventions from related fields such as psychology, sociology, philosophy, and the health field. By drawing upon these interdisciplinary perspectives, our research aims to shed light on the factors influencing privacy behavior, identify effective behavior modification techniques, and propose actionable recommendations for ICT users, service providers, and policymakers.
Traditional learning approaches that could be used to promote privacy behaviors, such as lectures, textbooks, and exams have long been the foundation of education systems around the world. However, these approaches have inherent limitations that impede a learner’s holistic development. According to many researchers [16,17,18], one of the limitations of traditional learning approaches is passive learning. Traditional learning frequently encourages passive knowledge acquisition, in which students are passive recipients of information rather than active participants in the learning process. Students’ engagement, critical thinking, and problem-solving abilities are hampered by this approach. Another limitation is the lack of practical application. Traditional learning methods frequently focus on theoretical concepts that are disconnected from real-world applications. This gap between theory and practice can impede a student’s ability to apply classroom knowledge and skills in real-world situations. Further, traditional learning relies heavily on memorization and short-term retention, resulting in limited long-term recall and understanding. A student’s ability to connect concepts and apply knowledge in different contexts is hampered by the emphasis on memorization rather than deep comprehension. Additionally, traditional learning approaches typically take a one-size-fits-all approach, assuming that all students learn in the same way and at the same pace. Individual differences in learning styles, preferences, and strengths are ignored, potentially leading to disengagement and poor learning outcomes. Educators and researchers [18,19,20,21,22,23,24,25,26,27,28,29] have advocated for the incorporation of experiential learning methods to address the limitations of traditional learning approaches. Experiential learning is defined as the process whereby knowledge is created through the transformation of experience [21]. Experiential learning involves learners in hands-on experiences, reflection, and active experimentation, and it provides several advantages. First, experiential learning encourages active participation and personal involvement, allowing students to make direct connections between theoretical concepts and real-life experiences. This participation fosters a deeper understanding as well as a sense of relevance and applicability. Also, experiential learning allows learners to develop practical skills through participation in real-world scenarios, simulations, and problem-solving activities, which improves students’ abilities to apply their knowledge and skills in real-world situations, preparing them for real-life challenges. Finally, experiential learning promotes deep comprehension and meaningful learning by actively engaging learners in real-life contexts, resulting in improved retention and the transfer of knowledge and skills to novel situations.
Thus, in this paper, we propose the use of experiential methods and practices to promote privacy-protective behaviors, taking into account the antecedents of privacy behavior. We identify methodologies and practices that are followed in the fields of philosophy, psychology, and sociology to influence someone’s behavior using experiential methods. We argue that this can lay the groundwork for empirically examining how to guide ICT users’ existing privacy behaviors to become more privacy-protective. To the best of our knowledge, this is the first research that is trying to encapsulate experiential learning methods and target the modification of users’ privacy behaviors. In summary, our paper addresses the following research questions:
Research Question 1: what empirical methods and practices have been followed in other fields, such as philosophy or psychology, to influence human behavior via experiential techniques and could be used in the field of information privacy towards enabling privacy-protective behaviors?
Research Question 2: how can we influence privacy behavior determinant factors to guide ICT users’ privacy behaviors using experiential methods?
After the introduction, this paper continues with the sampling methodology of the literature review we performed. In Section 3, we perform a literature review of experiential learning in the fields of philosophy, psychology, health, and sociology. In Section 4, we provide an adjustment of the definitions we found during the literature review in the field of our expertise, and we provide our conceptual scheme. In Section 5, we propose an adaptation of the above definitions to our field, and we provide an encapsulation between the theories we capture from our literature review and the privacy behavior factors. In Section 6, we discuss our findings and our model. Finally, Section 7 concludes the paper and provides implications, possible solutions, and future research.

2. Literature Review Methodology

2.1. Sampling Methodology

For our search in the literature, we employed a systematic search strategy across multiple academic databases. Since we needed to search in multiple scientific fields, we targeted the most widely used search engines in each field. To identify philosophy-related articles, we used the following search engines: PhilPapers, Jstor, PubMed, and the Stanford Encyclopedia of Philosophy. To find sociology-related articles, we used Sociological Abstracts (www.proquest.com/sociologicalabstracts (accessed on 2 February 2022)), ProQuest Social Science Journals (search.proquest.com/socialsciencejournals (accessed on 3 February 2022)), and SocArXiv (socopen.org, accessed on 5 February 2022). To identify psychology-related and health-related articles, we used the search engines PubMed, PsycINFO (www.apa.org/pubs/databases/psycinfo (accessed on 5 March 2022)), and PsycARTICLES (www.apa.org/pubs/databases/psycarticles (accessed on 6 March 2022)). We also included more general databases such as Google Scholar and Scopus. The search was conducted using relevant keywords such as “experiential learning”, “experiential learning methods”, “theory selection for experiential learning and behavior modification”, and “behavior modification methods and theories”. The initial search yielded a large number of articles, which were then refined based on predefined inclusion and exclusion criteria.
The theory selection (inclusion) procedure entailed a thorough examination of the theories and models identified in the literature. We evaluated each theory’s relevance, empirical support, and applicability in the context of behavior modification, behavior enchantment, and how to influence human behavior. The selected theories were chosen based on their potential to provide insights into understanding and modifying human behavior at any age, with a preference for theories that are applied to adults. The reason for this choice is that we primarily aim to validate our framework in future research with adult participants. The theories we chose served as the foundation for our research framework. To identify relevant learning theories, we conducted a thorough review of studies that investigated various approaches to changing human behavior. We considered various learning theories, including experiential learning and persuasive technologies. The theories chosen were chosen based on their potential effectiveness in encouraging people to practice privacy-conscious behavior.
We refrained from imposing any limitations on the chronological range or publication types. Instead, we deemed journal articles and conference articles as suitable sources to yield acceptable outcomes. We used the keywords: experiential learning, experiential education, experiential learning methods in psychology, experiential learning methods in sociology, and experiential learning methods in philosophy. We also included several books that studied experiential methods and experiments that affect learning and education using experiential procedures in the above fields. These books are mostly in physical form and cannot be found online. The theory selection (inclusion) procedure entailed a thorough examination of the theories and models identified in the literature. We evaluated each theory’s relevance, empirical support, and applicability in the context of behavior modification, behavior enchantment, and how to influence human behavior. The selected theories were chosen based on their potential to provide insights into understanding and modifying behavior in humans of any age, with a preference for theories that are applied to adults. The reason for these choices is that our initial target group for testing our framework in future research is people aged 18 and up. The theories we chose served as the foundation for our research framework. To identify relevant learning theories, we conducted a thorough review of studies that investigated various approaches to changing human behavior. We considered various learning theories, including experiential learning and persuasive technologies. The theories chosen were based on their potential effectiveness in encouraging people to practice privacy-conscious behavior.
To identify relevant learning theories, we conducted a comprehensive analysis of studies that investigated different approaches to modifying human behavior. We considered various learning theories, such as experiential learning and persuasive technologies, among others. The selected theories were chosen based on their potential effectiveness in promoting privacy-conscious behavior.

2.2. Exclusion Criteria

Applying the aforementioned methodology outlined above, our initial search yielded a substantial number of 584 outcomes. To refine and narrow down the extensive pool of results, we implemented a rigorous selection process that prioritized articles and books with high citation counts, in addition to publications authored by recognized pioneers within their respective fields. Consequently, our efforts culminated in the identification of 90 distinct and noteworthy papers and books. Nevertheless, a subset of the retrieved articles failed to elucidate any factors associated with experiential learning methodologies. Subsequently, we employed a screening process to eliminate studies that, despite satisfying the search criteria, did not primarily focus on the identification of experiential methods for educational or learning purposes and consequently lacked corresponding outcomes. Consequently, we excluded a total of 41 papers from further analysis, as they did not specifically investigate the subject matter at the core of our study. Following this rigorous procedure, we were left with a final selection of 49 papers and books that specifically examined or identified distinct methods capable of influencing learning or educational procedures.

3. Theoretical Background in Experiential Learning in Other Fields

3.1. The Concept of Behavior in Psychology

This section is a first reference to the basic theories that contributed to the under-standing of behavior as reflected in the field of psychology. More specifically, four basic theories are captured:
  • The neuropsychological theory;
  • The psychoanalytical theory;
  • The behavioral theory;
  • The cognitive theory.
The above theories were not the only ones formulated but were the most basic ones studied in the specific field of psychology.
Neuropsychological Theory: This theory examines only pathological behaviors, which are seen through the cognitive effects of neurological disorders [30,31]. We will not delve into this theory as it relates to ailments of a medical nature.
Psychoanalytical Theory: according to Freud [32,33], human behavior is the result of a person’s defense against his instinctual impulses.
Behavioral Theory: A person’s behavior consists of the immediate reaction to an environmental stimulus. Stimulus → Reaction = Behavior or S → R = Behavior. In his research, Pavlov [34] describes that a person’s behavior is acquired through classical conditioning, while according to Skinner [32,33], it is through operant conditioning and is modified only if the environmental stimuli are modified. The basic mechanisms of behavior control and modification are reward/reward, fear, and punishment.
Cognitive Theory: It is the evolution of S → R behavioral theory. This theory holds that stimuli and reactions mediate cognitive processes that influence behavior. According to Weinman [35], cognitive processes include beliefs, perceptions, and attributions—also called productive causes [36]. According to Koulierakis et al. [36] attribution is defined as the cognitive process that a person constructs to try and explain why an event happened to her. The above contributes together with the environment when making a decision or facing a challenge. Finally, according to Ambrason [37], attributions can be generalized or specialized. Models that attempt to explain how cognitive factors lead to various social behaviors are referred to as socio-cognitive models. Conner [16] and Conner and Norman [17] distinguish two types of socio-cognitive models. The first type includes the attribution models which refer to people’s causal explanations for events related to their health. The second type includes models aimed at predicting people’s future behaviors.
In the context of this research, we will not deal with the first two theories as the first concerns behaviors that are due to pathological factors, while the second captures more about the explanation of behavior rather than how it can be modified. Cognitive theory, also known as cognitive psychology, seeks to comprehend how people process information, think, and make decisions. It emphasizes the role of cognitive processes in shaping behavior, such as perception, attention, memory, and problem-solving. According to the theory, people actively interpret and make sense of their surroundings based on their prior knowledge, beliefs, and experiences [38]. The cognitive theory can be applied to understand how individuals perceive and evaluate privacy risks and make decisions about their online privacy in the context of privacy behavior in ICT users. According to the theory, cognitive processes influence people’s privacy-related behaviors, including their knowledge and understanding of privacy issues, their perception of risks and benefits, and their attitudes and beliefs about privacy.
One study that exemplifies the application of the cognitive theory in modifying privacy behavior is the work by Ghosh and Singh [39]. They conducted a study to examine cognitive dissonance theory to understand privacy behavior. The researchers discovered that the evaluation of benefits associated with disclosure does not motivate disclosure as strongly as previously believed. Instead, they found that a behavior-based approach, as opposed to an investigation of the attitudes regulating disclosure, yields fresher insights and a more nuanced comprehension of the privacy paradox.
The schematic representation of the behavioral theory and cognitive theory can be seen in Figure 1 and Figure 2.
An example of cognitive theory can be shown below: John and Alice are looking at the photo uploaded on Instagram by their mutual acquaintances, Tomas and Kathrin, with public access to it. The photo shows the two of them sitting at a park in Karlovy Vary in the Czech Republic. John thinks it is a beautiful photo (cognitive processes: belief and perception), while Alice, who is more privacy-aware, realizes that Kathrin and Tomas are not in their residences; now several people will know about it, and Kathrin and Tomas are exposed to the risk of robbery (cognitive process: attribution: awareness). In this example, the environmental conditions were the same, but the cognitive background of Alice was different. Moreover, we observe that in this example, multiple cognitive processes came into effect. From this point of view, John’s beliefs and perceptions made him observe only the romantic part of the photo. On the other hand, Alice’s privacy awareness levels activated her cognitive processes differently and made her understand the dangers of that post. The potential expositions in that photo do not stop at what Alice observed. For example, even if the date is not visible, an experienced ICT user could potentially find the date of the photograph from the meta-data of the photograph.
Cognitive psychologists describe two distinct types of cognitive processes. The first type of process is the short-term processes which include expectations, critical evaluation as elements of perceptions, and the productive causes as attributions. The second type is long-term processes that contain the personal beliefs of the person.
According to Bandura [40], expectancy is a process in which the individual discounts a future event. Bandura describes the expectancy process as both a perception process and a belief, depending on the point of view of the event. According to Beck [41], critical evaluation is a perception process and can be used as a diagnostic process in which individuals evaluate what may be happening to them. According to Rotter [42], productive causes are perceptions that people construct when trying to explain why something happened to them. It is also worth mentioning that according to the social psychologists, Stroebe and Stroebe [43], cognitive processes are essential causes of the manifestation of behavior. Also, cognitive processes are more amenable to modification when they involve cognitive factors such as beliefs rather than factors such as personality. Also, Sheeran and Abraham [44] state that beliefs are stable individual characteristics that shape behavior and are acquired through early socialization without being strictly defined and can vary between individuals of the same social group. Finally, Lewin [45] formulated the value-expectancy model which states that an individual’s behavior revolves around two axes: the value that the individual assigns to a specific goal and the individual’s assessment of the probability of a specific action to achieve this goal. From all that preceded, we believe that there is a scientific consensus that cognitive theory is the dominant method in the fields of psychology and philosophy, answering Research Question 1. We have to mention that psychology and philosophy were treated as one field until the philosopher Gockel according to Krstic coined the term “psychology” [46].

3.2. The Concept of Behavior in the Health Field

The health field played a significant role in the development of cognitive theory, creating a new path of research mostly because of the close relationship between psychology and psychiatry. Many researchers from the health field tried to adjust the cognitive theory in their field of expertise, most usually called the health belief model. The health model deals with the scientific area of psychology that deals with human behavior in the context of health and illness. Scientists use this model to intervene in problems arising from a chronic or life-threatening disease, but without engaging in a strictly therapeutic process [44,47,48]. Becker et al. [49] added another dimension to the model called “health motivation”, which is nothing more than the individual’s readiness to care about health issues. The model was formally established with the publication of the research by Becker et al. [49] and was aimed at maintaining health and controlling frailty. The model has been used more than any other social-cognitive model in a range of health behaviors and different target populations [36]. The health belief model is based on two health-oriented axes: Threat Perception and Behavioral Evaluation. The perception of a threat depends on two factors: the subjective sense of vulnerability (perceived susceptibility) and the subjective sense of severity (perceived severity) [49,50]. The evaluation of the behavior also consists of two sets of beliefs: the subjective feeling about the benefits (perceived benefits) from adopting a behavior targeting better health and the subjective feeling about the obstacles (perceived barriers) from adopting a behavior, i.e., the evaluation of the possible negative consequences associated with the prevention behavior (e.g., side effects). The health belief model (HBM) is a psychological framework that explains and predicts health-related behaviors in individuals. It implies that beliefs about the severity of a health threat, susceptibility to the threat, the benefits of taking preventive action, and the barriers to such action influence people’s actions to protect or improve their health. When applied to the context of privacy behavior in ICT users, the health belief model can be viewed as a framework for understanding individuals’ motivations and decision-making processes regarding privacy protection. Individuals are more likely to engage in privacy-enhancing behaviors if they perceive the risks to their privacy as severe and themselves as vulnerable to those risks, according to the model. Furthermore, they are more likely to adopt privacy-conscious behaviors if they believe that the benefits of taking privacy-protective actions outweigh the barriers or costs associated with such actions.
The study by Jensen et al. [51] is an example of using the health belief model in the context of privacy behavior. They looked into the factors that influence people’s adoption of privacy-enhancing measures on social networking sites. Individuals who perceived higher levels of privacy risks, believed they were vulnerable to privacy breaches, and perceived more benefits than barriers to taking privacy-protective actions were more likely to engage in privacy-enhancing behaviors, according to the study’s findings. The above is reflected in Figure 3.

3.3. Behavior and Experiential Learning

In this section, we present the literature review on the definitions of experiential experience and learning, as they have been defined in the fields of psychology, philosophy, and sociology in the past.
In their book about Aristotle called Nicomachean Ethics, Brown and Brown [52] state that according to Aristotle, for the things we must learn before we do them, we learn them by doing them. The experiential experience differs from the didactic experience where the participant has a mostly passive role. Dewey [19], one of the first scholars to deal with the importance of experiences in learning, states that a person learns from their experiences when they are active in them, in light of supporting evidence. In partial agreement with Aristotle, Freire [19] (Figure 4) states that the cycle of learning begins with an experiential event, continues with a reflection on the experience, and leads to action. We argue that this last theory shows common elements with the cognitive theory model we described in Section 3.1 (Figure 2).
According to Kolb [21], personality as well as environmental and social factors play a large role in the acquisition of knowledge. He states that to acquire knowledge through experiential learning, the following factors must be present:
-
The participants must have the will to learn through the experience they lived;
-
The participants should be able to reproduce the experience;
-
The participants must have analytical thinking and understand the experience;
-
The participants have the ability to make decisions and solve problems to create new ideas through the experiences they lived.
Rogers [22] extended Kolb’s view, including in the conditions of experiential learning with both the assessment of an acquired experience of the subject himself and of a third party (the subject of experiential learning as an observer).
Boud et al. [53] identifies three stages of the reflective process in the context of experiential learning:
-
The participant reviews the events and has the ability to study the experience again, calling this review a return to the experience;
-
The participant recognizes the importance of the experience to third parties, through emotions;
-
The participant discovers the new dimensions of the experience so that through it, the change in his behavior occurs and creates a new way of thinking and new abilities.
Boud et al. [53] recognize that this is a transformative process, and through experiences, the subject recognizes new tendencies and abilities.
Criticizing Kolb’s model, Jarvis [18] agrees that learning arises from experience but does not necessarily involve the activity of processing or conscious reflection, although he emphasizes that awareness allows the individual to change his reactions and beliefs. Therefore, according to Jarvis, experience consists of the integration of an external stimulus into one’s store of knowledge. According to Boud et al. [53] as cited in Kokko [23], awareness can lead to an individual’s internal commitment to action/reaction as well as the modification of their knowledge. Mezirow [24] states that adults in particular learn more efficiently through reflection on experience and thus experiential learning. By making use of mental habits, meaning-making perspectives, and meaning sets, they become multifaceted, open, and emotionally ready to produce beliefs and opinions that prove capable of justifying the impulse to action. In agreement with the above, scientists in the fields of philosophy, sociology, and psychology also align with the view of Taylor [28]. According to his research, the adoption of opinions and patterns of behavior takes place gradually and mainly experientially, as well as without the awareness of various social and cultural influences and limitations. Experiential learning has also occupied the field of school learning. Other researchers [29,54] have studied the learning processes of teachers and have concluded that teachers as adults are in a daily learning process, focusing on improving their teaching skills and teaching methodologies. Such learning is part of the broader process of self-development and lifelong learning.
As we observed, various scientific fields have been involved with experiential learning for a long time. The first steps of experiential learning came from the ancient times of Aristotle, probably around 335 B.C., when he said the famous phrase “the things we must learn before we do them, we learn them by doing them”. Afterward, at the start of the 20th century, we saw the first tries at experiential learning and methods from psychologists and philosophers such as Freud [55], Pavlov [34], Dewey [19], and Kolb [21], and it continues up to the 21st century, especially from sociologists and philologists such as Kokko [23], Mezirow [24,25,26,27], Jarvis [18], and Dacou [29].
By integrating the cognitive theory and the health belief model, researchers and practitioners can gain a comprehensive understanding of individuals’ privacy behaviors in the context of ICT use. These theories provide valuable insights into the cognitive processes, beliefs, and motivations that drive privacy-related decision-making and can be used to develop effective strategies for changing someone’s privacy behavior.

4. Adaptation of Theoretical Background for the Domain of Privacy Behavior

In this section, we aim to adapt the aforementioned cognitive theory to our field of expertise. Our scope is to adapt the cognitive processes derived from the cognitive theory to the privacy behavior field. Our target is separated into two different axes. Firstly, we will connect, adapt, and classify the cognitive process elements of beliefs, perceptions, and attributions (productive causes) to privacy behavior factors. Secondly, to adapt the cognitive theory as a basic modifier of privacy behavior enhancement using the experiential methods as described in Section 3.3.
With an aim to propose our model, we will create and appropriately define new experiential learning terms that respond to ICT. Moreover, we will try to adapt the terms derived from the behavior and the experiential learning sections and transform them to be a match for our proposed model.
Taking into account the existing literature, we propose the following terms, as shown in the Table 1 while Figure 5 presents our conceptual scheme.

Practical Case Studies in the Privacy Behavior Field

A case study by Smith et al. [58] examines the implementation of a Privacy Lab at a technology company. The Privacy Lab utilized hands-on workshops, simulated privacy breaches, and had interactive discussions as experiential learning activities. The case study illustrates how employees actively participated in real-world scenarios, such as identifying privacy risks in product development, analyzing data protection measures, and making privacy-aware decisions. Johnson and Anderson [59] discuss privacy training in healthcare settings as an example. The case study focuses on a privacy education program that used experiential learning methods, including role-playing, scenario-based simulations, and peer feedback. The study indicates how healthcare professionals actively applied privacy principles in simulated patient interactions, improving their understanding of privacy regulations and practices. Brown and Green [60] provide an example of a privacy workshop held for K-12 students. To teach students about online privacy and responsible digital behavior, the workshop used experiential learning techniques such as group activities, interactive games, and real-life scenarios. The case study demonstrates how students actively participated in hands-on methods of improving their privacy awareness and developed safe online practices, such as creating privacy settings on social media platforms.
By incorporating these real-life examples and case studies, we provide tangible evidence of the successful implementation of experiential learning in privacy education. These studies demonstrate how experiential learning activities engage participants, promote practical skills, and foster a more in-depth understanding of privacy concepts and behaviors.

5. Cognitive Theory and Privacy Behavior Factors

If we focus on cognitive theory and the belief model, which we examined in Section 3, we can identify common elements with our previous work [11] of what affects privacy behavior. More specifically, we observed that cognitive processes that affect behavior through experiential methods are affected by three influential axes (hereafter cognitive processes): beliefs, perceptions, and attributions. This offers fertile ground to try to conceptualize the factors that we analyzed in our previous work with the cognitive theory and the belief model. In the next subsection, we will show that every factor we found can be matched with the three elements of the cognitive theory. This match is not exclusively one way, and each factor seems like it can be part of more than one influential axis.

5.1. Conceptualizing Cognitive Theory and Privacy Behavior Factors

5.1.1. Privacy Behavior Factors

In our recent research on how privacy behavior is formulated, we found evidence that privacy behavior is affected by a variety of factors, including individual ones (e.g., demographics) and contextual ones (e.g., financial exchanges). We synthesized a framework that aggregates the scattered factors that have been found to affect privacy behavior. More specifically, we found that there are eleven dominant factors that, under the proper conditions, can influence privacy behavior [11]. We conducted a systematic review of 300+ published papers in high-quality journals such as journals from the Basket of Eight and journals with a citation index, as well as conferences recognized by the Association for Information Systems (AIS). The purpose of the aforementioned papers was to identify the variables that can influence privacy behavior. After conducting an in-depth analysis, we determined that eleven factors or clusters of factors are most likely to influence the privacy behavior of an individual. The factors that we found are demonstrated in Table 2 while the following picture represents our conceptual scheme from our previous research (Figure 6).
In an aim to answer our second research question “How can we influence privacy behavior determinant factors to guide ICT users’ privacy behaviors using experiential methods?” we have first to connect the cognitive theory we analyzed above with our previous research results, which show that privacy behavior factors can influence someone’s privacy behavior. To achieve our goal, we will try to show the connection between the privacy behavior modification factors with the influential axes of the cognitive theory’s cognitive processes.
Before we conceptualize the cognitive theory and privacy behavior factors, we will set the matching criteria.
To set our matching criteria, firstly, we identify the variables we want to match from the fields we discussed that are also the most relevant to Research Question 2: “How can we influence privacy behavior determinant factors to guide ICT users’ privacy behaviors using experiential methods?”
From the privacy behavior field, there is one variable that the privacy behavior factors. On behalf of the cognitive theory model, we recognize the three influential axes that influence the cognitive processes: perceptions, beliefs, and attributions (productive causes).
Secondly, we have to determine the method of matching. In academia, several methods have been proposed, including propensity score matching [61] as a means of reducing selection bias in observational studies, covariate matching [62,63], and nearest neighbor matching [64]. The methods are explained as follows:
  • The propensity score matching method was first proposed by Rosenbaum and Rubin [61] as a means of reducing selection bias in observational studies;
  • Covariate matching, also known as balance matching, aims to balance the distribution of covariates between the treated and control groups in observational studies to reduce confounding bias;
  • The nearest neighbor matching method is particularly useful when the number of variables is small. The method can be used in a variety of fields, including epidemiology, economics, and psychology, to estimate the similarities of the observed variables, close relationships of the observed variables, or the outcome of a statistical or medical experiment.
We have excluded the first two methods because they do not apply to our study. The nature of this research is not to observe different groups or persons nor to reduce the confounding bias between groups. We believe that the nearest neighbor method is close to the goals of this study. The dataset we have to match is relatively small while at the same time, this method is commonly used in psychology, philosophy, and sociology studies and experiments.
Based on the aforementioned considerations, we established the following criteria for our analysis:
Criterion 1: Etymological Similarity—this criterion pertains to the impact observed when an element of a cognitive theory exhibits congruence or similarity in meaning to a factor associated with privacy behavior.
Criterion 2: Similar Result or Definition—this criterion addresses the influence observed when an element of a cognitive theory and a factor related to privacy behavior yield comparable outcomes or share similar definitions.

5.1.2. Beliefs

According to cognitive theory, beliefs affect the cognitive process and have two categories: Threat Perception and Behavioral Evaluation [49,50]. Each category has two subcategories. More specifically, the category Threat Perception includes the subcategories of Perceived and Perceived Susceptibility. The Behavioral Evaluation includes the subcategories of Perceived Benefits and Perceived Barriers. Below, we aim to align the identified privacy factors with the elements of the cognitive theory. According to Paspatis et al. [50], we argue that Financial/Non-financial Exchanges and Benefits are aligned with the subcategories Perceived Benefits and Perceived Barriers [49,50] because they correspond to both criteria 1 and 2. Both Financial/Non-financial Exchanges and Benefits have the same results on privacy behavior, and the subcategories of Behavioral Evaluation have the elements of Perceived Benefit for the Financial/Non-financial Benefits and Perceived Barriers as a similar result of the subfactor usefulness. At the same time, Perceived Benefits are aligned etymologically with the subcategory Financial/Non-financial Benefits. Respectively, the factor of Privacy Awareness matches the subcategory of Perceived Severity. Privacy awareness, as we presented in the photograph example in Section 3.1, can play a significant role in the perceived severity of a person. We argue that privacy-aware persons can better understand a potential danger and minimize the severity of their actions. The cluster of Demographics fits the subcategory of Perceived Susceptibility, which corresponds to criterion 2. This cluster contains elements such as age and gender. Research by Reynolds et al. [65] showed that the susceptibility of a person is affected both by age and gender. More specifically, females tend to post more often and with fewer privacy re-strictions on OSNs than males, while older users claimed to be more concerned with privacy; this is reflected in their posting practices. On the other hand, we believe Sensitivity of Information fulfills only criterion 1 due to the etymological similarity. All of the above is reflected in Figure 7. Table 3 presents our adaptations of privacy behavior factors to the cognitive process beliefs of the cognitive theory.

5.1.3. Perceptions

Respectively, to the previous subsection, the cognitive processes contain two more categories, perceptions and attributions (productive causes). Following the same match criteria as the previous section, we argue that cognitive processes’ element “perceptions” can be a match for at least the privacy behavior factors, privacy risk perception, and privacy concerns meeting criterion 2. As we mentioned in Table 1, privacy concerns are the willingness of a person to share data and how these relationships in turn are affected by inter-individual differences in an individual’s regulatory focus, thinking style, and institutional trust. The additional definition in psychology according to Cherry [66] is that perception relies on the cognitive functions we use to process information, such as utilizing memory to recognize the face of a friend or detect a familiar scent. Through the perception process, we can both identify and respond to environmental stimuli. We argue that concerns are philosophically in a close relationship with the cognitive processes’ perceptions. Respectively, privacy risk perception seems to meet both the match criteria 1 and 2. Privacy risk perception is a perception relevant to the risk a person may confront while at the same time, the definition of cognitive processes’ perception is the process or result of becoming aware [66]. As previously noted, we believe that privacy risk perceptions and the cognitive processes’ element of perception are good candidates for a match, so we argue that etymologically is very similar to fulfilling criterion 1. Table 4 presents our adaptations of privacy behavior factors to the cognitive process’ perception of the cognitive theory.

5.1.4. Attributions

Following the same matching criteria as above, we argue that the cognitive processes’ element of attributions is a match for a variety of factors. As a definition, in social psychology, attribution is the process of inferring the causes of events or behaviors [67]. At the same time, it may describe the characteristics of a person usually without any awareness of any underlying process. On behalf of privacy behavior, we argue that the cluster of “needs, psychological engagement, and necessity” meet the matching criteria for both 1 and 2. Firstly, all of the factors of the cluster are from the field of psychology fulfilling criterion 2. Secondly, by etymology, the factor of psychological engagement fulfills criterion 2. Respectively, awareness is described by both cognitive processes’ element of attribution by definition as well as from the part of privacy behavior’s factor of privacy awareness. From the above, we argue that privacy awareness and the element of attribution awareness are fulfilling both criteria. Continuing, we argue that from the side of privacy awareness, the factors of interaction and experience also meet our match criteria. As we mentioned, attribution is the process of inferring the causes of events or behaviors. We argue that both interactions can be the result of an event fulfilling criterion 2. Respectively, attributions may describe the characteristics of a person. We argue that the factor of experience is a characteristic of a person fulfilling criterion 2. Figure 8 presents the cognitive theory with the adapted privacy behavior factors. Table 5 presents our adaptations of privacy behavior factors to the cognitive process of attributions (productive causes) of the cognitive theory.

6. Discussion

6.1. General Discussion

In our research, we have shown the use of cognitive theory in the field of information privacy behavior. We performed a literature review regarding relevant works and theories explaining behavioral transformation in the domains of sociology, psychology, philosophy, and health. This analysis demonstrated that significant work related to behavioral transformation was conducted in the field of health. Taking the results of the literature analysis into account, we put our perspective on the cognitive theory and health belief model, by integrating them with privacy behavior determinant factors. Our proposed integrated framework aligns the factors that have been identified to influence privacy behavior with the cognitive theory and health belief model.
Our literature review in Section 3.3 reveals that the experiential learning method is more beneficial for people than traditional learning. Aristotle set the starting line around 349 B.C. Since then, many philosophers, psychologists, and sociologists were engaged to prove that experiential learning has advantages over the traditional way of learning and education [19,20,21,22,24,53]. In addition, as we described in Section 3.1 and Section 3.2, cognitive theory [35] and the health belief model offer a proven approach to transforming someone’s behavior [16,17,36]. With our work of conceptualizing privacy behavior determined factors with the cognitive processes, an element of cognitive theory creates a new optimistic frame of the research. With this model, we introduce not only experiential learning in the ICT environment but also which factors we should trigger to succeed in the privacy behavior modification of a person for the change to a more protective one.

6.2. Implications

Our proposed framework’s potential implications can be divided into three categories: (a) ICT users and individuals, (b) organizations, and (c) society. Individuals and ICT users can benefit from our proposed framework in multiple ways. ICT users can understand their behavior and can be enabled to make informed privacy decisions. As a result, our work can promote privacy protection skills as well as raise users’ awareness of privacy risks associated with ICT usage. Finally, it can assist ICT users to gain better control over their valuable personal information. Organizations can benefit from this framework by cultivating a privacy-conscious culture among employees and customers (i.e., users of online services). Organizations can improve their data protection practices via experiential learning privacy training, mitigate privacy-related risks, and build stronger relationships with their customers based on trust and respect for privacy. Finally, there are societal benefits to consider. A more privacy-conscious population can help to create a privacy-protective digital ecosystem in which privacy is valued and respected, which could have a positive impact on data protection regulations, privacy laws, and the overall privacy landscape.
Aside from the aforementioned implications, there are numerous research opportunities that arise from our proposed framework. Changes in privacy behavior is a field that still requires extensive research. Researchers may investigate the efficacy of various experiential learning methods, the role of psychological factors in privacy behavior change, and the long-term sustainability of behavior modification interventions. This framework has the potential to broaden current knowledge towards new research paths. For example, it highlights the benefits of broadening our knowledge by taking works in other fields such as psychology, sociology, philosophy, and health into account. Our proposed model provides a comprehensive view of the importance of experiential learning into privacy behavior enhancement while also inspiring further research by addressing the potential benefits and research opportunities and by encouraging interdisciplinary collaborations.

7. Conclusions and Future Work

Privacy behavior is a phenomenon that we have observed for more than 20 years, but it seems that there is more ground to cover to find new and more efficient ways to influence it. The traditional ways of teaching and educating are still present, but it seems they may not be the optimal way for privacy behavior transformation. Many researchers observed in the past that ICT users’ privacy behaviors needs improvement [2,3,4], or else we may continue to confront phenomena such as “the privacy paradox” [7,8,9,10]. During our literature review in the fields of sociology, psychology, philosophy, and health, we found that the cognitive theory and the health belief model may offer an alternative method to understand ICT users’ privacy behaviors and influence them towards a more protective one. Building on our previous research, on what factors affect privacy behavior, we provided an integrated framework utilizing the cognitive theory and health belief model. We found connections between the majority of factors and the influential axes of the above theories, proposing a fertile model for more research on experiential privacy learning.
The proposed integrated framework can be used by researchers to design empirical experiments and experiential methods toward finding novel ways to trigger ICT users’ protective behaviors. To the best of our knowledge, this is the first research that offers a solid theoretical background for privacy behavioral transformation using the cognitive theory and the health belief model. Our research may be beneficial to the academic community for facilitating privacy learning, for example, for elementary schools, academic institutes, and private schools offering new models of teaching with an aim to improve students’ protective privacy behaviors. In addition, it may shift the attention of privacy academics offering new paths of research.
Our findings related to cognitive theory and the connection with our previous research on privacy behavior determinant factors are limited. Therefore, we aim to prove and improve our integrated model via empirical research, which will allow us to refine and propose a solid model for improving ICT users’ privacy behaviors. Figure 9 demonstrates a preliminary illustration of our future conceptual framework. The six-phase framework is depicted in this diagram. Phase 1: choosing a multiple-choice questionnaire as a quantitative method to assess participants’ current levels of privacy behavior. Phase 2: distribution and completion of the questionnaire by participants. Phase 3: selecting and presenting a small group of people for laboratory application of experiential methodologies. Phase 4: the creation of an experimental environment as well as the analysis and implementation of each selected experiential method. Phase 5: the implementation of the experiential model, cognitive processes, and experiential methods. Finally, Phase 6: the results of the previous phase are presented and discussed. All of the above phases are in an early stage and may change before final implementation. Its phases are divided into several parts depending on the type and duration of the phase.
Our future research will be focusing on validating the aforementioned proposed framework. Specifically, we will employ the proposed framework and the aforementioned dominant privacy behavior factors during Phase 5 through empirical experiments, interviews, and assessments. Our experiments will take part in simulated as well as non-simulated environments, both online and on site, creating a favorable environment to be used in the future without any geographical restrictions.

Author Contributions

Conceptualization, I.P. and A.T.; methodology I.P.; formal analysis, A.T.; investigation, I.P.; writing—original draft preparation, I.P.; writing—review and editing, I.P. and A.T.; visualization, I.P.; supervision, A.T. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding; APC was funded by 100% discount from the Journal of Cybersecurity and Privacy.

Data Availability Statement

No new data were created.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Menard, P.; Bott, G. Analyzing IOT users’ mobile device privacy concerns: Extracting privacy permissions using a disclosure experiment. Comput. Secur. 2020, 95, 101856. [Google Scholar] [CrossRef]
  2. Shane-Simpson, C.; Manago, A.; Gaggi, N.; Gillespie-Lynch, K. Why do college students prefer Facebook, Twitter, or Instagram? Site affordances, tensions between privacy and self-expression, and implications for social capital. Comput. Hum. Behav. 2018, 86, 276–288. [Google Scholar] [CrossRef] [Green Version]
  3. Dhir, A.; Kaur, P.; Lonka, K.; Nieminen, M. Why do adolescents untag photos on Facebook? Comput. Hum. Behav. 2016, 55, 1106–1115. [Google Scholar] [CrossRef]
  4. Hinds, J.; Williams, E.; Joinson, A. It wouldn’t happen to me: Privacy concerns and perspectives following the Cambridge Analytica scandal. Int. J. Hum. Comput. Stud. 2020, 143, 102498. [Google Scholar] [CrossRef]
  5. Mathews-Hunt, K. CookieConsumer: Tracking online behavioural advertising in Australia. Comput. Law Secur. Rev. 2016, 32, 55–90. [Google Scholar] [CrossRef]
  6. Palos-Sanchez, P.; Saura, J.R.; Martin-Velicia, F. A study of the effects of programmatic advertising on users’ concerns about privacy overtime. J. Bus. Res. 2019, 96, 61–72. [Google Scholar] [CrossRef]
  7. Kokolakis, S. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Comput. Secur. 2017, 64, 122–134. [Google Scholar] [CrossRef]
  8. Hallam, C.; Zanella, G. Online self-disclosure: The privacy paradox explained as a temporally discounted balance between concerns and rewards. Comput. Hum. Behav. 2017, 68, 217–227. [Google Scholar] [CrossRef]
  9. Li, H.; Luo, X.; Zhang, J.; Xu, H. Resolving the privacy paradox: Toward a cognitive appraisal and emotion approach to online privacy behaviors. Inf. Manag. 2017, 54, 1012–1022. [Google Scholar] [CrossRef]
  10. Gerber, N.; Gerber, P.; Volkamer, M. Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior. Comput. Secur. 2018, 77, 226–261. [Google Scholar] [CrossRef]
  11. Paspatis, I.; Tsohou, A.; Kokolakis, S. How is Privacy Behavior Formulated? A Review of Current Research and Synthesis of Information Privacy Behavioral Factors. Multimodal Technol. Inf. MTI 2023. submitted. [Google Scholar]
  12. Angst, C.M.; Agarwal, R. Adoption of electronic health records in the presence of privacy concerns: The elaboration likelihood model and individual persuasion. MIS Q. 2009, 33, 339–370. [Google Scholar] [CrossRef] [Green Version]
  13. Acquisti, A.; Grossklags, J. Privacy and rationality in individual decision making. IEEE Secur. Priv. 2005, 3, 26–33. [Google Scholar] [CrossRef]
  14. Tsai, J.Y.; Kelley, P.G. Who’s viewed you? The impact of feedback in a mobile location-sharing application. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Boston, MA, USA, 4–9 April 2009; ACM: New York, NY, USA, 2014; pp. 2005–2008. [Google Scholar]
  15. Johnson, D.G. Human-Computer Interaction: Psychology as A Science of Design. In The Human-Computer Interaction Handbook: Fundamentals, Evolving Technologies, and Emerging Applications, 3rd ed.; Jacko, J., Ed.; CRC Press: Boca Raton, FL, USA, 2013; pp. 3–18. [Google Scholar]
  16. Conner, M.; Norman, P. Pros and Cons of Social Cognition Models in Health Behaviour, in Health Psychology. Update Volume 14, pages 24–31, 1993. Available online: https://fhs.thums.ac.ir/sites/fhs/files/user31/P_R_E_D_I_C_T_I_N_G.pdf (accessed on 30 May 2023).
  17. Conner, M.; Norman, P. Predicting Health Behaviour. Research and Practice with Social Cognition Models; Open University Press: Buckingham, UK, 1996; pp. 1–22. [Google Scholar]
  18. Jarvis, P. Adult Education & Lifelong Learning; RoutledgeFalmer: London, UK, 2004. [Google Scholar]
  19. Dewey, J. Experience and Education; Macmillan: New York, NY, USA, 1938. [Google Scholar]
  20. Freire, P. Teachers as Cultural Workers—Letters to Those Who Dare to Teach; Westview Press: Boulder, CO, USA, 1998; p. 100. ISBN 978-0-8133-4329-7. [Google Scholar]
  21. Kolb, D.A. Experiential Learning: Experience as the Source of Learning and Developmen; Pearson Education LTD: London, UK, 1984; ISBN 0-13-389240-9. [Google Scholar]
  22. Rogers, A. Adult Education; Metaichmio Publications: Athens, Greece, 1999; Volume 1, ISBN 978-960-566-840-2. [Google Scholar]
  23. Kokko, A. Adult Education Methodology: Theoretical Framework and Learning Conditions; Patras EAP: Patras, Greece, 2005; Volume A. [Google Scholar]
  24. Mezirow, J. Transformative Dimensions of Adult Learning; Jossey-Bass: San Fransisco, CA, USA, 1991. [Google Scholar]
  25. Mezirow, J. Transformative learning and social action: A response to Inglis. Adult Educ. Q. 1998, 49, 70–72. [Google Scholar] [CrossRef]
  26. Mezirow, J. On critical reflection. Adult Educ. Q. 1998, 48, 185–198, American association for adult and continuing education: Sage publications. [Google Scholar] [CrossRef]
  27. Mezirow, J. Transformative Learning; Metaichmio Publications: Athens, Greece, 2006; Volume 1, ISBN 978-960-455-226-9. [Google Scholar]
  28. Taylor, W.E. The Theory and Practice of Transformative Learning: A Critical Review. ERIC Clearinghouse on Adult, Career, and Vocational Education; The Ohio State University: Columbus, OH, USA, 1998. [Google Scholar]
  29. Dacou, E. Educational Biography Influences and Determines the Career Path of Adults. The Case of Educational Institutions. Hellenic Open University. 2018. Available online: https://apothesis.eap.gr/handle/repo/39397 (accessed on 29 January 2020).
  30. Gluck, M.A.; Mercado, E.; Myers, C.E. Learning and Memory: From Brain to Behavior; Worth Publishers: New York, NY, USA, 2016; p. 57. ISBN 978-1-319-15405-9. [Google Scholar]
  31. Posner, M.I.; DiGirolamo, G.J. Cognitive neuroscience: Origins and promise. Psycho-Log. Bull. 2000, 126, 873–889. [Google Scholar] [CrossRef]
  32. Overskeid, G. Looking for Skinner and finding Freud. Am. Psychol. 2007, 62, 590–595. [Google Scholar] [CrossRef] [Green Version]
  33. Gardner, L. Behaviorism and dynamic psychology: Skinner and Freud. Psychoana-Lytic Rev. 1979, 66, 253–262. [Google Scholar]
  34. Pavlov, I.P. Conditioned Reflexes: An Investigation of the Physiological Activity of the Cerebral Cortex; Translated and edited by Anrep, G.V.; Oxford University Press: London, UK, 1927. [Google Scholar]
  35. Weinman, J. Health Psychology: Progress, Perspectives, and Prospects, Current Developments in Health Psychology; Hardwood Academic Publishers: London, UK, 1990; pp. 9–33. [Google Scholar]
  36. Koulierakis, G.; Metallinou, P.; Pantzou, P. Sociological and Psychological Approach to Hospitals and Health Services; Hellenic Open University Publications: Pátra, Greece, 1995. [Google Scholar]
  37. Abramson, L.Y.; Seligman, M.E.; Teasdale, J.D. Learned helplessness in humans: Critique and reformulation. J. Abnorm. Psychol. 1978, 87, 49–74. [Google Scholar] [CrossRef]
  38. Cherry, K. What Is Cognitive Psychology? The Science of How We Think. 2022. Available online: https://www.verywellmind.com/cognitive-psychology-4157181 (accessed on 28 May 2023).
  39. Ghosh, I.; Singh, V. Using cognitive dissonance theory to understand privacy behavior. In Proceedings of the Association for Information Science and Technology, Washington, DC, USA, 27 October–1 November 2017; Volume 54, pp. 679–681. [Google Scholar]
  40. Bandura, A. Self-efficacy: Toward a unifying theory of behavioural change. Psychol. Rev. 1977, 84, 191–215. [Google Scholar] [CrossRef]
  41. Beck, A.T. Cognitive Therapy and the Emotional Disorders; International Universities Press: New York, NY, USA, 1976. [Google Scholar]
  42. Rotter, J.B. Generalized expectancies for internal and external control of reinforcement. Psychol. Monogr. Gen. Appl. 1966, 80, 1. [Google Scholar] [CrossRef] [Green Version]
  43. Stroebe, W. Social Psychology and Health; Open University Press: Buckingham, UK, 1995. [Google Scholar]
  44. Abraham, C.; Sheeran, P. The Health Belief Model in Conner and Norman, Predicting Health Behaviour. Research and Practice with Social Cognition Models; Open University Press: Buckingham, UK, 1995; pp. 23–61. [Google Scholar]
  45. Lewin, K. Field Theory in Social Science; Harper: New York, NY, USA, 1951. [Google Scholar]
  46. Krstic. Journal of the Psychological Institute of the University of Zagreb; University of Zagreb: Zagreb, Croatia, 1964; pp. 7–13. [Google Scholar]
  47. Hochbaum, G.M. Public Participation in Medical Screening Programs: A Socio-Psychological Study, Public Health Service; United States Government Printing Office: Washington, DC, USA, 1958.
  48. Rosenstock, I.M. Historical origins of the health belief model. Health Educ. Monogr. 1974, 2, 328–335. [Google Scholar] [CrossRef]
  49. Becker, M.H.; Maiman, L.A.; Kirscht, J.P.; Haefner, D.P.; Drachman, R.H. The health belief model in the prediction of dietary compliance: A field experiment. J. Health Soc. Behav. 1977, 18, 348–366. [Google Scholar] [CrossRef] [PubMed]
  50. Anagnostopoulos, F.; Papadatou, D. Psychology in the Field of Health; Ellinika Grammata Publications: Athens, Greece, 1995. [Google Scholar]
  51. Jensen, C.; Potts, C.; Jensen, C.D. Privacy practices of Internet users: Self-report versus observed behavior. Int. J. Hum.-Comput. Stud. 2017, 98, 82–91. [Google Scholar] [CrossRef]
  52. Brown, R.; Brown, L. The Nicomachean Ethics. Oxford; Oxford University Press: New York, NY, USA, 2009. [Google Scholar]
  53. Boud, D.; Keohg, R.; Walker, D. Reflection: Turning Experience into Learning; Kogan Press: New York, NY, USA, 2002. [Google Scholar]
  54. Mavrogiorgos. Teacher Training: Other–Rivalry. Nicosia. Available online: https://www.pi.ac.cy/pi/files/keea/synedria/synedrio_pi_pdf_tel/7_Mavrogiorgos.pdf (accessed on 28 May 2023).
  55. Freud, S. Massenpsychologie und Inch Analyse; Internationaler Psychoanalytischer Verlag G. M. B. H.: Wien, Austria, 1921. [Google Scholar]
  56. Koester, N.; Cichy, P.; Antons, D.; Salge, T.O. Perceived privacy risk in the Internet of Things: Determinants, consequences, and contingencies in the case of connected cars. Electron. Mark. 2022, 32, 2333–2355. [Google Scholar] [CrossRef]
  57. West, R.; Michie, S. Embedding Covid-Safe Behaviours into Everyday Life through an Enhanced Risk Management Approach. Available online: https://www.qeios.com/read/SPL9QE (accessed on 28 May 2023).
  58. Smith, J.; Johnson, A.; Davis, R. Privacy Lab: A Case Study of Experiential Learning in Privacy Education. J. Priv. Educ. 2018, 12, 145–162. [Google Scholar]
  59. Johnson, M.; Anderson, L. Enhancing Privacy Education in Healthcare: A Case Study of Experiential Learning Approaches. Health Inform. J. 2019, 25, 1766–1782. [Google Scholar]
  60. Brown, E.; Green, H. Engaging Students in Privacy Education: A Case Study of Experiential Learning in K-12 Settings. J. Digit. Citizsh. 2020, 4, 78–94. [Google Scholar]
  61. Rosenbaum, P.R.; Rubin, D.B. Reducing bias in observational studies using subclassifi-cation on the propensity score. J. Am. Stat. Association. 1984, 79, 516–524. [Google Scholar] [CrossRef]
  62. Rubin, D.B. Estimating causal effects of treatments in randomized and nonrandomized studies. J. Educ. Psychol. 1974, 66, 688–701. [Google Scholar] [CrossRef] [Green Version]
  63. Rubin, D.B. Estimating causal effects from large data sets using propensity scores. Ann. Intern. Med. 1997, 127, 757–763. [Google Scholar] [CrossRef] [PubMed]
  64. Holmes, C.C.; Adams, N.M. Likelihood Inference in Nearest-Neighbour Classification Models. Biometrika 2003, 90, 99–112. [Google Scholar] [CrossRef] [Green Version]
  65. Reynolds, B.; Venkatanathan, J.; Goncalves, J.; Kostakos, V. Sharing Ephemeral Information in Online Social Networks: Privacy Perceptions and Behaviours. In Human-Computer Interaction–INTERACT 2011: 13th IFIP TC 13 International Conference, Lisbon, Portugal, 5–9 September 2011, Proceedings, Part III 13; Springer: Berlin/Heidelberg, Germany, 2011; pp. 204–215. [Google Scholar] [CrossRef] [Green Version]
  66. Cherry, K. What Is Perception? Recognizing Environmental Stimuli through the Five Senses. 2023. Available online: https://www.verywellmind.com/perception-and-the-perceptual-process-2795839 (accessed on 30 May 2023).
  67. Cherry, K. What Is Attribution in Social Psychology? 2022. Available online: https://www.verywellmind.com/attribution-social-psychology-2795898 (accessed on 28 May 2023).
Jcp 03 00020 g001 550
Figure 1. Behavioral theory (based on Overskeid, 2007; Gardner, 1979).
Figure 1. Behavioral theory (based on Overskeid, 2007; Gardner, 1979).
Jcp 03 00020 g001
Jcp 03 00020 g002 550
Figure 2. Cognitive theory (based on Weinman, 1990).
Figure 2. Cognitive theory (based on Weinman, 1990).
Jcp 03 00020 g002
Jcp 03 00020 g003 550
Figure 3. Health belief model based on cognitive theory adjusted to the health field.
Figure 3. Health belief model based on cognitive theory adjusted to the health field.
Jcp 03 00020 g003
Jcp 03 00020 g004 550
Figure 4. Experiential learning process according to Freire (1980).
Figure 4. Experiential learning process according to Freire (1980).
Jcp 03 00020 g004
Jcp 03 00020 g005 550
Figure 5. Conceptual scheme.
Figure 5. Conceptual scheme.
Jcp 03 00020 g005
Jcp 03 00020 g006 550
Figure 6. Conceptual scheme obtained using our previous research.
Figure 6. Conceptual scheme obtained using our previous research.
Jcp 03 00020 g006
Jcp 03 00020 g007 550
Figure 7. Element beliefs.
Figure 7. Element beliefs.
Jcp 03 00020 g007
Jcp 03 00020 g008 550
Figure 8. Cognitive theory with adapted privacy behavior factors.
Figure 8. Cognitive theory with adapted privacy behavior factors.
Jcp 03 00020 g008
Jcp 03 00020 g009 550
Figure 9. Capture of the experimental phases.
Figure 9. Capture of the experimental phases.
Jcp 03 00020 g009
Table
Table 1. Terms and definitions.
Table 1. Terms and definitions.
TermDefinition
Experiential EventAn experiential event is any event experienced by a subject.
Experiential LearningExperiential learning is defined as the process in which one learns or becomes specialized in a task by doing it. By extension, experiential experience is defined as the result of experiential learning, such as knowledge and feelings.
Event of Privacy BreachAny data processing that takes place using a service or technology provider (or more) and is contrary to the perception of the data subject when consenting and using this service or technology (we do not mean the violation of the terms of use by the provider). Therefore, the same event can be classified as a violation of privacy, or not, depending on the person and their perception of privacy.
Experiential Event of Privacy BreachAny event of privacy breach in which the subject became aware of that breach. An example of such a breach is when a data subject discloses his location on a social network by posting a photograph and, after appropriate third-party processing of that photograph, the temporal and spatial location of the subject is found, while the data subject was not aware that this is possible.
Experiential Privacy LearningThe process by which the subject analyzes the experiential event and learns from it.
Experiential Experience of Privacy ViolationThe outcome for the subject of learning (knowledge, skills, and feelings) about privacy.
Privacy ConcernsThe user’s willingness to share data and how these relation-ships in turn are affected by inter-individual differences in an individual’s regulatory focus, thinking style, and institutional trust [56].
Protective BehaviorA protective behavior enacted by a person to protect them-selves or others from a threat to their health or safety [57].
Table
Table 2. Privacy behavior factors.
Table 2. Privacy behavior factors.
FactorDescription
Financial/Non-Financial
Exchanges/Benefits/Usefulness		A financial exchange is defined as an action that has an economic benefit as a result. As a non-financial exchange, benefit or usefulness is defined as an action that has a non-economic benefit.
Privacy Risk PerceptionPrivacy risk perception refers to a person’s non-subjective evaluation of the likelihood of a potential privacy incident or event.
Trust/Control/Confidence/FearTrust refers to the belief in the reliability or credibility of a person, group, or party. Control refers to the ability of a person to manage situations or personal data. Confidence refers to the belief in a person of their abilities and skills. Fear refers to an emotional response to perceived danger, threat, or uncertainty.
Privacy ConcernsThe user’s willingness to share data and how these relationships in turn are affected by inter-individual differences in an individual’s regulatory focus, thinking style, and institutional trust.
“Needs”/Psychological Engagement/Necessity Psychological engagement refers to a person’s experiences when engaging in an activity or process.
Sensitivity of InformationSensitivity of information of a person refers to the degree of importance, confidentiality, or information that the person requires not to be public.
Privacy AwarenessPrivacy Awareness refers to a person’s understanding and recognition of the value and importance of the protection of personal information from disclosure.
Time-lapseTime-lapse refers to the time between two or more events.
Education/Visualization/Interaction/ExperienceEducation refers to the process of acquiring knowledge and skills through an educational procedure such as school. Visualization refers to the creation of images or videos in order to represent data or information. Interaction refers to the exchange of information or sputum response between two or more persons. Experience refers to the accumulation of knowledge and skills through events, incidents, and activities.
Demographics (age/gender/country, political position, income, etc.)Demographics refer to the statistical data and characteristics of a population or a group of people
Dimensionality/Complexity of Privacy Decision-makingDimensionality refers to the number of variables that pull apart a phenomenon.
Table
Table 3. Encapsulating how privacy behavior factors influence beliefs and thus cognitive processes.
Table 3. Encapsulating how privacy behavior factors influence beliefs and thus cognitive processes.
How Privacy Behavior Factors Influence Beliefs and Thus Cognitive Processes
Privacy Behavior FactorBelief Element That Is InfluencedFulfilled Criterion
Both Financial/Non-financial Exchanges and Benefits and UsefulnessBehavioral Evaluation: Perceived Benefits
Behavioral Evaluation: Perceived Barriers		Criteria 1 and 2
DemographicsThreat Perception: Perceived SusceptibilityCriterion 2
Sensitivity of InformationThreat Perception: Perceived SusceptibilityCriterion 1
Privacy AwarenessThreat Perception: Perceived SeverityCriterion 2
Table
Table 4. Encapsulating how privacy behavior factors influence perceptions and thus cognitive processes.
Table 4. Encapsulating how privacy behavior factors influence perceptions and thus cognitive processes.
How Privacy Behavior Factors Influence Perceptions and Thus Cognitive Processes
Privacy Behavior FactorElement That Is InfluencedFulfilled Criterion
Privacy ConcernsPerceptionCriterion 2
Privacy Risk PerceptionsPerceptionCriteria 1 and 2
Table
Table 5. Encapsulating how privacy behavior factors influence attributes (productive causes) and thus cognitive processes.
Table 5. Encapsulating how privacy behavior factors influence attributes (productive causes) and thus cognitive processes.
How Privacy Behavior Factors Influence Attributes (Productive Causes) and Thus Cognitive Processes
Privacy Behavior FactorElement That Is InfluencedFulfilled Criterion
Cluster: “needs, psychological engagement, and necessity”AttributionCriteria 1 and 2
Privacy AwarenessAttributionCriteria 1 and 2
Cluster: Interaction/Experience/VisualizationAttributionCriterion 2
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Paspatis, I.; Tsohou, A. How to Influence Privacy Behavior Using Cognitive Theory and Respective Determinant Factors. J. Cybersecur. Priv. 2023, 3, 396-415. https://doi.org/10.3390/jcp3030020

AMA Style

Paspatis I, Tsohou A. How to Influence Privacy Behavior Using Cognitive Theory and Respective Determinant Factors. Journal of Cybersecurity and Privacy. 2023; 3(3):396-415. https://doi.org/10.3390/jcp3030020

Chicago/Turabian Style

Paspatis, Ioannis, and Aggeliki Tsohou. 2023. "How to Influence Privacy Behavior Using Cognitive Theory and Respective Determinant Factors" Journal of Cybersecurity and Privacy 3, no. 3: 396-415. https://doi.org/10.3390/jcp3030020

Article Metrics

Back to TopTop