We often assume that technology users are concerned about their privacy and will readily take steps to protect it. But while there is clear evidence that users harbor serious privacy concerns, it is increasingly unclear whether users actually accept offers to improve their privacy. This study brings to light two strategies—a self-reliant privacy stance and a deferred privacy stance—that many users take to cope with their increasing loss of control over privacy. We argue that the two privacy stances help users envision positive future outcomes regarding their privacy but can paradoxically cause users to hesitate in accepting new privacy offerings from technology firms. We conduct a natural quasi- experiment studying how iPhone users under some mixture of the two privacy stances respond to a major privacy offering from Apple, in the form of an iOS update to that helps users control the tracking behavior of mobile apps like Facebook. We find that users taking a deferred privacy stance are less likely to accept the privacy offering than users with less staunch privacy stances. This hesitance on part of technology users is an underexamined challenge to privacy measures. By modeling privacy stances, information systems researchers can gain a more nuanced understanding of how people deal with the complex mix of threats to their privacy and the offers to manage their privacy. And by understanding privacy stances, firms might better calibrate their messaging to users holding out from technology offerings that genuinely seek to address privacy or security threats.

Abstract Only