•  
  •  
 

International Journal of Information Systems and Project Management

Abstract

Consumers’ privacy rights have been enshrined in law, long before information systems and the Internet was brought to life. In 2018, stricter regulations relating to information privacy came into force, named the General Data Protection Regulation (GDPR). Using elements of Roger’s diffusion of innovations theory, we investigated the research question: How has five years of the GDPR influenced consumer’s knowledge, attitude, and practice of their enhanced rights? We draw on empirical data collected in Norway through four online survey questionnaires over five years (N=1293). Quantitative (descriptive statistics) and qualitative analyses (manual cluster text mining) were performed to obtain a state-of-the-art mapping of insights on consumers and their information privacy. Our findings show that the respondents’ answers remained similar over the years, and that the GDPR has not had a significant influence on the consumer. The respondents demonstrated a high degree of knowledge regarding both the regulation and technology, such as cookies. Their attitude was sceptical, as they valued their enhanced rights but questioned the feasibility. Regarding their practice, our findings reveal diversity. Some respondents took careful actions to protect their privacy, while most did not. The present paper should be interesting to both the industry (practitioners) and academia (researchers).

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.