Journal of the Academy of Marketing Science (2022) 50:1299–1323

https://doi.org/10.1007/s11747-022-00845-y

ORIGINAL EMPIRICAL RESEARCH

Digital technologies: tensions in privacy and data

Sara Quach 1 & Park Thaichon 1 & Kelly D. Martin 2 & Scott Weaven 1 & Robert W. Palmatier 3

Received: 31 December 2020 / Accepted: 25 January 2022 / Published online: 5 March 2022
# The Author(s) 2022

Abstract
Driven by data proliferation, digital technologies have transformed the marketing landscape. In parallel, significant privacy
concerns have shaken consumer–firm relationships, prompting changes in both regulatory interventions and people’s own
privacy-protective behaviors. With a comprehensive analysis of digital technologies and data strategy informed by structuration
theory and privacy literature, the authors consider privacy tensions as the product of firm–consumer interactions, facilitated by
digital technologies. This perspective in turn implies distinct consumer, regulatory, and firm responses related to data protection.
By consolidating various perspectives, the authors propose three tenets and seven propositions, supported by interview insights
from senior managers and consumer informants, that create a foundation for understanding the digital technology implications for
firm performance in contexts marked by growing privacy worries and legal ramifications. On the basis of this conceptual
framework, they also propose a data strategy typology across two main strategic functions of digital technologies: data mone-
tization and data sharing. The result is four distinct types of firms, which engage in disparate behaviors in the broader ecosystem
pertaining to privacy issues. This article also provides directions for research, according to a synthesis of findings from both
academic and practical perspectives.

Keywords Digital technology . Data monetization . Data sharing . Privacy . Social media . Big data . Artificial intelligence .
Internet of things . Structuration theory . Privacy regulation

Modern marketing practice requires the use of digital technol- as well as the complexity of the processes involved (OAIC,
ogies, and the customer data they generate, to create value 2020). Stronger regulations at global, national, and state levels
(Quach et al., 2020). Yet such reliance prompts increasing (e.g., Australian Privacy Act, General Data Protection
privacy concerns about firms’ data behaviors and actions Regulation [GDPR], California Privacy Right Act [CPRA])
among both consumers and regulators. Consumers thus take may help consumers, but they are costly for firms to comply
action to protect their data; for example, people who switch with (e.g., up to US$55 billion for CPRA, according to esti-
service providers frequently cite privacy worries as a key rea- mates by the California state attorney general’s office) and
son (Cisco, 2020). However, many consumer respondents to a also establish strict penalties for noncompliance (e.g., 10–20
recent Australian survey (58%) admitted they do not under- million euros or 2%–4% of global firm revenues for specific
stand what firms do with the data they collect, and 49% feel GDPR infringements). Thus, privacy concerns create tensions
unable to protect their data due to a lack of knowledge or time, among consumers, firms, and regulators, and effective privacy

Dhruv Grewal served as Guest Editor for this article.

* Sara Quach Robert W. Palmatier

[email protected] [email protected]

Park Thaichon 1
Department of Marketing, Griffith Business School, Griffith
[email protected] University, Gold Coast campus, Southport, Queensland 4222,
Australia
Kelly D. Martin 2
College of Business, Colorado State University, Fort
[email protected]
Collins, CO 80523-1201, USA
3
Scott Weaven Foster School of Business, University of Washington, Box: 353226,
[email protected] Seattle, WA 98195-3226, USA
1300 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

protection likely requires cooperation among these intercon- directions and actionable insights for academics and practi-
nected groups. tioners. Accordingly, we offer suggestions for research,
Extensive research details consumers’ privacy concerns reflecting the synthesis of the academic and practical perspec-
(for a comprehensive review, see Okazaki et al., 2020) and tives that inform our findings.
regulatory interventions of varying effectiveness (Jia et al., This research contributes to marketing theory by apply-
2021), as well as the consequences for firms’ performance ing a structuration theoretical approach to a marketing data
(e.g., Martin et al., 2017). However, we still lack a systematic, privacy context. Structuration theory (Giddens, 1984) over-
integrative, research-based view of privacy tensions across all comes some limitations of prior systems theories that over-
three involved entities, specifically in relation to digital tech- emphasize the role of either structure or action in social
nologies and the unique customer data they generate (Pomfret processes and interactions; its theoretical insights instead
et al., 2020). That is, existing research effectively outlines reflect their interplay. Therefore, it can help us explain
privacy tensions from consumers’ and firms’ perspectives how data privacy regulatory frameworks impose structure
(Bornschein et al., 2020) but without addressing the complex, on consumer–firm–policymaker interactions, then predict
interrelated positions of firms, consumers, and regulators si- reactive and proactive responses by each key actor. The
multaneously (Martin &; Palmatier, 2020). Research into in- presence (absence) of a regulatory framework provides
ternal privacy mechanisms such as privacy paradoxes rules and norms that can mitigate (exacerbate) privacy
(Kaaniche et al., 2020) or dyadic views of privacy between tensions. In addition to relying on effective regulations
consumers and firms (Rasoulian et al., 2017) or between firms for data protection, consumers exhibit other privacy pro-
and regulators (Johnson et al., 2020) cannot establish a triadic tection behaviors and demands, which then intensify the
view of the privacy tensions created by digital technologies pressure on firms to respond to privacy tensions.
that link all these groups. The findings of this study also help inform marketing
Therefore, to develop new marketing insights into digital practice by delineating firm responses that can offset con-
technologies and privacy, we explicitly consider this firm– sumer privacy risks. For example, in some contexts, firm
consumer–regulatory intersection and work to disentangle responses to consumer privacy risks are stipulated by a
the data strategies and embedded technologies that firms use well-defined regulatory mandate, though even in this case,
to create mutual value for themselves and their customers. they may be subject to multiple, conflicting regulations
With a comprehensive review of digital technologies, we ex- (Lavelle, 2019). In unregulated settings, firms must self-
amine four categories: (1) data capturing; (2) data aggregation, police to meet privacy expectations, despite a lack of in-
processing, and storage; (3) data modeling and programming; sights into how to mitigate the threats and risks of privacy
and (4) data visualization and interaction design. Each catego- failures (e.g., data breaches, data misuse scandals).
ry can enable data monetization and sharing in distinct ways Another option would be to exceed regulatory stipulations
and with unique implications for consumers’ (information, and use privacy as a source of competitive advantage
communication, and individual) privacy outcomes. (Palmatier & Martin, 2019), in which case firms need
Accordingly, we investigate the consumer implications of specialized knowledge of how to infuse privacy proactive-
firms’ digital technology use, with a particular focus on their ly into all their structures and processes. Noting these
privacy responses. As consumers gain knowledge about dig- options, we provide practical advice for how firms can
ital technologies, they may be more likely to adopt a proactive adopt a reactive stance and respond to privacy mandates
strategy and take preemptive, protective measures when on an as-needed basis or else become more proactive by
interacting with firms. Finally, we examine how various reg- exhibiting privacy-by-design, zero-party data collection, or
ulatory interventions enter into these consumer–firm interac- ecosystem innovation, among other approaches.
tions, by exploring both proactive and reactive regulatory en- In the next section, we begin with a description of the
forcement mechanisms. In pursuing these three research ob- consumer privacy tensions that emerge from firms’ digital
jectives, we establish an integrated framework with relevant technology uses in four areas: data capture; data aggrega-
implications for consumers, firms, and regulators. tion, processing, and storage; data modeling and program-
We augment the analyses with case studies (i.e., Apple, ming; and data visualization and interaction design. We
Facebook, and BMW) and interview data, gathered from se- then review these conceptualizations from a structuration
nior managers and consumer informants, which enhance the theory perspective, from which we derive some suggested
external validity of the integrated digital strategy framework. proactive and reactive responses for regulators, firms, and
In particular, we use informants’ insights to understand peo- consumers. Using this discussion as a foundation for our
ple’s growing privacy concerns and the legal ramifications integrative framework, we offer three thematic tenets and
linked to digital technology strategies. Because our findings seven research propositions, which can inform a compre-
extend knowledge by blending the perspectives of firms, con- hensive firm data strategy typology, as well as an extensive
sumers, and regulators, they also provide meaningful research research agenda.
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1301

Firms’ digital technology use and consumer competence, though others are huge firms that recognize
privacy tensions their own data insights are more valuable than any data they
might purchase from outside sources (e.g., Coca-Cola,
Digital technologies allow firms to access vast amounts of adidas, McDonald’s). Data patrons (e.g. Apple, Paypal) of-
data, which they might leverage to increase their profitability ten possess moderate to high levels of digital technology and
(i.e., data monetization) or improve the performance of their invest in sharing data across networks of partners, such as
broader business networks (i.e., data sharing). Specifically, suppliers and distributors, to improve the overall functioning
data monetization means the firm exploits data for their direct of the ecosystem. Even if they share data extensively, they
or indirect economic benefits. These practices might include also impose strict limits on how those data can be used and if
applying data analytics–based insights to develop new prod- (whether) they may be monetized. On the other hand, data
ucts and services for the customers whom the data represent informants’ business models rely on extensive data moneti-
(i.e., data wrapping). For example, Coca-Cola collects data to zation and include data brokers, app developers, and content
improve customer service and performance, such as develop- creators (e.g., Comscore, Weather Bug, OnAudience). With
ment of a Cherry Sprite flavor, based on data collected from vast digital technologies, they generally engage in little shar-
self-service vending machines and social monitoring ing but monetize data through extended data wrapping (e.g.,
empowered by AI-driven image recognition technology. game development services) or sales of information or ana-
Data monetization also involves harnessing insights to create lytics (e.g., data brokering services). Data experts (e.g.
value-added features for other clients (i.e., extended data Facebook, Google) engage in high levels of both data sharing
wrapping). Facebook, for example, makes money by provid- and data monetization. Due to their significant digital tech-
ing data analytics features to advertisers based on user data on nology resources, they own a lot of data and also control most
its social network platform. Finally, a direct approach to data of the data flows in the digital ecosystem. They predominant-
monetization is for firms simply to sell their data to other firms ly perform extended data wrapping to attract new customers.
(Najjar & Kettinger, 2013). Comscore is a digital analytics That is, data experts offer their customers’ data to other cli-
organization that provides marketing data and information to ents, such as advertisers, that use the insights to reach their
advertisers, media and marketing agencies, publishers, and own target customers.
other firms, selling these data to more than 3200 clients in Data sharing and monetization practices generally involve
75 countries. a diverse portfolio of digital technologies, each of which can
Data sharing instead refers to resource exchanges in which create benefits but also trigger privacy tensions, as we describe
firms provide data they have gathered to various network part- next and summarize in Table 1.
ners (e.g., suppliers, distributors, horizontal partners with
complementary offerings), to facilitate collaboration in the Privacy tensions
broader ecosystem (Sydow & Windeler, 1998). For instance,
Coca-Cola shares information with third parties such as Digital technologies offer data monetization and sharing ben-
hosting firms, IT service providers, or consultants that support efits to firms but have concomitant costs for consumers, espe-
its service provision. Coca-Cola’s EU website (https://www. cially with respect to privacy. Westin (1967) defines privacy
coca-cola.eu/privacy-notice/) lists 18 third parties with which as a person’s right “to decide what information about himself
it shares data. PayPal, by contrast, lists 600 such parties. Other should be communicated to others and under what condition”
tech firms such as Apple work with complex networks of (p. 10), whereas Altman (1975) regards it as “the selective
suppliers and application developers that constantly control of access to the self” through social interactions and
exchange information to develop better products and personal space (p. 24). Adopting these definitional premises of
services. In 2018, a New York Times investigation revealed autonomy, access, and control, we conceive of three types of
that Facebook shared data with more than 150 companies. consumer privacy: information, communication, and individ-
Such data-based collaborations improve the performance of ual (see also Hung & Wong, 2009). The simultaneous consid-
its entire digital ecosystem. Thus, data monetization increases eration of all three types offers an expansion of extant market-
firm profitability more directly, whereas data sharing im- ing studies of privacy that tend to focus solely on information
proves profitability via network performance. privacy (Bornschein et al., 2020). In detail, information
Levels of data sharing and data monetization vary across privacy refers to a consumer’s right to control the access to,
firms (see Web Appendix 1). For example, data harvesters use, and dissemination of her or his personal data (Westin,
are mostly firms in non-technical industries that engage in 1967). Thus people may decide for themselves when, how,
very limited data sharing and data monetization. Few har- and to what extent their information will be known by others.
vesters engage in data wrapping, which would demand sig- Communication privacy protects personal messages or inter-
nificant investments in digital technologies. Many of them actions from eavesdropping, scanning, or interception. People
are small firms with low to moderate levels of digital generally prefer to keep their interpersonal communications
1302 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

Table 1 Digital technology tensions and consumer privacy risks

Data Strategy (Firm) Privacy Risks (Consumers)

Data sharing Data monetization Information privacy Individual privacy Communication privacy
allowing firm partners or extent to which the firm uses consumers’ right to control right of a person to be left protections for communications
outside entities to access or data for its own economic the access to, use, and alone without disruption against interception and
use a firm’s data benefit dissemination of their data eavesdropping

Data capturing technologies: Main sources of consumer information

Social media(gathering demographics, psychological, geographic, and behavioral data) (de Oliveira Santini et al., 2020; Kamboj et al., 2018)
• Social media rely on • Marketing and • Being unable to control the • Organizations might be • Risk of exposing
user-generated content, operational flow of information. able to reach consumers information of close ties;
and consumers voluntari- performance: tailored • Third parties’ access to through location firms might intercept and
ly share substantial per- content based on profile information and disclosures, such as exploit the exchange
sonal information and customer profiling to user-generated content tagging a venue in their between two connected
other useful insights develop relationships; from well-developed ap- posts on social media. contacts.
through these technology targeted advertising to plication programming
platforms. Data collected maximize conversions. interfaces.
from social media might • Potential for data
be shared with partners, wrapping/extended
such as members of the wrapping: data can be
business network, for bet- used to develop
ter market insights and analytics-based features
data-based innovation. and experiences that in-
spire customer actions,
such as for the benefit of
advertisers or app devel-
opers.
• Data might be sold to third
parties, such as
advertisers.
Geospatial technology(using technologies such as geographic information systems, geofencing, and GPS to collect location data) (Sun et al., 2015;
Zubcsek et al., 2017)
• Data and location insights • Marketing and • Confidentiality of • Organizations are able to
might be shared with operational accumulated location pinpoint the exact
partners, such as members performance: data, disclosing both locations of users and
of the business network, location-based marketing; travel history and reach them.
for better market insights customer profiling and real-time position of an • Signaling surveillance.
and data-based innova- personalization; optimiza- individual.
tion. tion of distribution net-
work and maximize retail
performance.
• Potential for data
wrapping/extended
wrapping: location
analytics such as
navigation, directories,
and traffic updates.
• Data might be sold to third
parties such as advertisers.
Biometrics(collecting physiological and behavioral data that allow for precise recognition capabilities) (Ioannou et al., 2020; McStay,2020)
• Data might be shared with • Marketing and • Lack of control over the • Biometric data are
partners, such as members operational use of highly sensitive vulnerable to hacking and
of the business network, performance: customer and immutable coveted by
for better market insights profiling; data can be used information, which can cybercriminals, which
and data-based innova- to develop authentication reveal a person’s identity. increases the potential for
tion. systems (e.g. FaceID) and • Objectification of emotions identity theft, stalking,
streamline business and manipulation. and disruption to personal
processes (e.g. facial lives.
recognition based
boarding solutions).
• Potential for data
wrapping/extended
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1303

Table 1 (continued)

Data Strategy (Firm) Privacy Risks (Consumers)

Data sharing Data monetization Information privacy Individual privacy Communication privacy
allowing firm partners or extent to which the firm uses consumers’ right to control right of a person to be left protections for communications
outside entities to access data for its own economic the access to, use, and alone without disruption against interception
or use a firm’s data benefit dissemination of their and eavesdropping
data

wrapping: biometric data

can be used to develop
analytical features that
optimize user experiences
such as medical alerts.
• Biometrics data might be
sold to third parties that
use them for various
purposes, such as product
development.
Web tracking(collecting digital footprints with online tracking technologies such as cookies, flash cookies, and web beacons) (Sabillon et al., 2016;
Zarouali et al., 2017)
• Data might be shared with • Marketing and • An extensive profile of • Individuals can be
partners, such as members operational customers can be built by followed by using their
of the business network, performance: customer tracking their visits to digital footprints.
for better market insights profiling, market multiple websites, which
and data-based innova- segmentation, defies anonymity.
tion. personalization and • Information might be
retargeting. shared with third parties.
• Potential for data • These technologies are
wrapping/extended often hidden and hard to
wrapping: data can be detect or delete.
used to develop analytical
insights for advertising
services offered to
advertisers.
• Information may be readily
sold, so external firms can
exploit deep knowledge
of consumer browsing
behavior.
Data aggregation, processing, and storage technologies: Combining data from multiple sources and developing actionable analytics
Internet of Things(connected devices that exchange significant amounts of data in machine-to-machine communications) (Kobusińska et al., 2018;
Palmatier & Martin, 2019)
• Access to real time data • Marketing and • Sensitive information may • Firms or third parties might • IoT-enabled devices and
through connected operational be collected and shared in reach customers using systems can capture and
devices. performance: real-time among different IoT-enabled devices and transmit communications
relationship development IoT-enabled systems and systems without being between users, such as
with customers; real-time devices. noticed, such as with when integrated micro-
insights for customer pro- • Lack of control over data CCTV cameras that track phones capture conversa-
filing and behavior pre- access and exchange, people using facial recog- tions.
diction; customer engage- especially in nition technology. • The IoT devices seize data
ment; augmented experi- machine-to-machine in- from not just users but
ences with cross-device teractions. also proximal others.
features; increased firm • Smart devices are very
efficiency, vulnerable to
responsiveness, and cyberattacks.
proactivity.
• Potential for data
wrapping/extended
wrapping: cross-device
data analytics-based fea-
tures can be developed.
• Data might be sold to third
parties
1304 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

Table 1 (continued)

Data Strategy (Firm) Privacy Risks (Consumers)

Data sharing Data monetization Information privacy Individual privacy Communication privacy
allowing firm partners or extent to which the firm uses consumers’ right to control right of a person to be left protections for communications
outside entities to access data for its own economic the access to, use, and alone without disruption against interception
or use a firm’s data benefit dissemination of their and eavesdropping
data

Big data(large volumes of high velocity, complex, variable data) (Kopalle & Lehmann, 2021; Park et al., 2018)
• Insights and analytics • Marketing and • Identifiable information • Risk of stolen identity, • Private communications
might be shared with operational and highly sensitive violation of personal might be captured from
partners, such as members performance: customer personal attributes such as spaces, and loss of different data points using
of a business network. profiling; personalization sexual orientation, age, intellectual property. data mining tools.
and prediction of and political views may • Being subject to
customer demand and be collected. sophisticated
accurate targeting; • Algorithmic profiling and manipulation using
optimization of business aggregation leads to a predictive analytics.
operations and supply comprehensive picture of • Potential discrimination
chain management. an individual. from customer profiling,
• Potential for data • Unauthorized access and which increases
wrapping/extended lack of control over the individual vulnerability.
wrapping: accumulation accumulated information.
of data can be used to
develop data
analytics-based features
for a product/service.
• Insights and analytics
might be sold to third
parties.
Cloud(storage and analytics) (Alsmadi & Prybutok, 2018; Yun et al., 2019)
• Access to data, • Marketing and • High risk of unauthorized • Firms or third parties might • Private communications in
applications, and services operational access due to be able to track customers cloud storage might be
by multiple users in real performance: virtualization and remote using real-time data stored intercepted.
time; data storage at optimization of business processing and storage, in cloud services.
reduced technology costs. performance and supply especially during the
chain management transmission of data
through on-demand ser- across different platforms.
vices and handling big • Data leakage often results
data; data storage at re- in significant data losses.
duced technology costs. • Risk of information
• Potential for data exposure to external
wrapping/extended groups such as fourth
wrapping: cloud parties.
computing provides • Cloud service providers are
massive storage and often private firms,
computing capabilities to raising questions about
customize user data access, control,
experiences with data. availability, and backup.
• Data and analytics might be
sold to third parties.
Data modeling and programming technologies: Automation of tasks and services
Artificial intelligence/machine learning(intelligence exhibited by machines or software capable of performing human tasks) (Davenport et al., 2020;
Kwok & Koh, 2020)
• Enabling automated • Marketing and • It has become very easy • Information may be used to • Advanced AI agents can
sharing of real-time data. operational and inexpensive to produced fake content interact with users and
performance: identify, profile, and (e.g., deep fakes) to make sense of the
personalized manipulate consumers manipulate customers or conversations between
recommendations and without their consent. reach them instantly. them.
content; more effective, • Enormous amounts of data
efficient and transparent are required to train AI,
programmatic often unnoticed by
advertising; cost customers.
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1305

Table 1 (continued)

Data Strategy (Firm) Privacy Risks (Consumers)

Data sharing Data monetization Information privacy Individual privacy Communication privacy
allowing firm partners or extent to which the firm uses consumers’ right to control right of a person to be left protections for communications
outside entities to access data for its own economic the access to, use, and alone without disruption against interception
or use a firm’s data benefit dissemination of their and eavesdropping
data

reduction in media • AI has the ability to predict

production using sensitive data based on
deepfakes; predictive seemingly harmless
models of customer pieces of information.
behavior; retargeting
strategies; improved
operational efficiency due
to automation.
• Potential for data
wrapping/extended
wrapping: AI-powered
systems can produce data
analytics-based features
that can act and adapt au-
tomatically.
• Insights and analytics
might be sold to third
parties.
Service robots(embodied AI blending engineering and computer science) (Mende et al., 2019; Xiao & Kumar, 2019)
• Enabling automated • Marketing and • Robots’ autonomy means • Potential intrusion into •Robots equipped with
sharing of real-time data, operational humans have less control physical and emotional computer vision and
some of which might be performance: customer over their data. space due to physical and machine learning see and
from physical interac- assistance and service; • Third parties’ management personal contact with sense the environment;
tions. improving customer and usage of personal robots. can analyze human
experience; increasing information may change characteristics e.g. age,
organizational efficiency after multiple iterations of gender, emotions; and can
and effectiveness due to data. make sense of humans’
the automation of tasks conversations.
and services.
• Potential for data
wrapping/extended
wrapping: AI-powered
systems embedded in ro-
bots can produce data
analytics-based features
that can act and adapt au-
tomatically to real-time,
physical environments.
• Data and analytics might be
sold to third parties.
Data visualization and interaction design technologies: Interaction with multidimensional data
Mixed, augmented, and virtual realities(convergence of physical and digital environments through computer-generated simulations involving synthetic
worlds)(Hilken et al., 2017; Nijholt,2021)
• Access to data through • Marketing and • Sensitive, real-time infor- • Physical space might be • Personal communications
connected realities; operational mation and private com- captured, such as by can be captured by
visualizations and data performance: munication can be cap- spatial mapping of devices such as cameras
storytelling can be shared omnipresence and tured by input devices. information when people and microphones.
quickly and seamlessly seamless experience; • Both output and input engage in mixed or
across groups of users. development of intimate devices can communicate augmented reality,
and meaningful wirelessly, resulting in a including bystanders. For
relationships with lack of control over the example, social AR in
customers; innovative collected information. public spaces likely
platforms for social media captures passers-bys’
marketing; increased firm facial and behavioral data,
efficiency, without them noticing.
1306 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

Table 1 (continued)

Data Strategy (Firm) Privacy Risks (Consumers)

Data sharing Data monetization Information privacy Individual privacy Communication privacy
allowing firm partners or extent to which the firm uses consumers’ right to control right of a person to be left protections for communications
outside entities to access or data for its own economic the access to, use, and alone without disruption against interception and
use a firm’s data benefit dissemination of their data eavesdropping

responsiveness, and • Output data might be

proactivity through exposed to other parties
immersive analytics. and manipulated to
• Potential for data deceive users, such as in
wrapping/extended clickjacking practices.
wrapping: data
analytics-based features
can be depicted for easy
access and immersive ex-
periences.
• Insights and analytics
might be sold to third
parties.

confidential and safe from third-party surveillance, which is characterized by consumer-marketer interactions and is cen-
would not be possible if conversations with friends were re- tral to firms’ data monetization and sharing strategies (Poels,
corded by social media and messaging apps or their in-person 2019). Digital technologies such as blockchain, digital fabri-
discussions were captured by smart devices equipped with cation (e.g., 3D printing), 5G, and quantum computing are
integrated microphones. Finally, individual privacy is being beyond the scope of this study, because they mainly support
left alone without disruption (Westin, 1967). Threats to indi- operations and digital infrastructure functions.
vidual privacy involve personal space intrusions, emotional
manipulation, and physical interference, including spam Data capture privacy tensions
emails and retargeting practices. Such violations are on the
rise, due to the presence of IoT and smart home devices Data capture technologies, including various sources and
installed in consumers’ personal, physical spaces. In turn, methods of data extraction, fuel data sharing and data mone-
firms’ data strategies, enabled by digital technologies, have tization practices. In this respect, instead of technologies that
implications for each type of consumer privacy. collect transactional data such as point-of-sale systems, we
Extensive research details consumers’ privacy concerns focus on social media, geospatial, biometrics, and web
(e.g., Okazaki et al., 2020), as well as some of the conse- tracking technologies. To facilitate data sharing, the data gath-
quences for firm performance or regulatory interventions. ered via these technologies can be shared readily with busi-
However, we still lack a systematic understanding of how ness partners and networks, such as between manufacturers
privacy issues arise from firms’ data strategies and their uses and suppliers or across subsidiaries (e.g., WhatsApp shares
of various digital technologies to support such strategies. To phone numbers, device specifications, and usage data with
articulate the critical tensions between firms’ technology uses other Facebook [recently rebranded to Meta] companies).
for data sharing and data monetization purposes, and con- The data collected from social media, geospatial, biometrics,
sumers’ privacy risks, we combine the three forms of privacy and web tracking technologies can also be monetized in var-
with the data sharing and data monetization strategies related ious ways. With user-generated social media content, location
to four digital technology classifications: (1) data capturing; insights from geospatial technologies, biometric data, and web
(2) data aggregation, processing, and storage; (3) data model- tracking technologies such as cookies, firms can improve mar-
ing and programming; and (4) data visualization and interac- keting and business performance by developing market seg-
tion design (Table 1). It would be impossible to discuss all mentation and (re)targeting strategies, by crafting personal-
technologies; rather, we attend specifically to six broad groups ized content, products, and experiences, and by building and
of emerging technologies: SMAC (social media, mobile, an- strengthening customer relationships (de Oliveira Santini
alytics, cloud), digital surveillance, robotics, AI, IoT, and et al., 2020). They also can conduct data wrapping, for exam-
mixed (virtual, augmented) realities (VR, AR). Each of these ple, through customization and optimization practices such as
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1307

facial recognition and medical alerts (e.g., Apple watch). Both data sharing and monetization practices in this do-
Firms also can apply extended data wrapping or sell data to main can result in significant privacy tensions. Data collected
other entities. Facebook, as noted, sells in-depth insights and from IoT devices such as CCTV cameras that track people
analytics based on its users’ personal data (Appel et al., 2020), using facial recognition technology and wearable devices that
and Twitter sells third-party subscriptions to its API that allow gather real-time information about users’ medical conditions
other firms to explore users’ behaviors. or physical activity are very sensitive and highly personal. A
These practices threaten information privacy because con- comprehensive personal picture created through data aggrega-
sumers lose control over who has access to their personal tion and algorithmic profiling using big data analytics in-
information and communicative exchanges (e.g., tweet, re- creases information privacy concerns, because it can reveal
view on a public Facebook page). Geospatial data enable identifiable attributes such as sexual orientation, religious
firms to identify customers’ positions; by monitoring con- and political views, and personality (Kshetri, 2014).
sumers’ digital footprints, companies also can follow them Moreover, when their behavior can be predicted more accu-
across different platforms, raising concerns about individual rately, consumers become more susceptible to marketing ef-
privacy. Soft biometric data, about moods or emotions, raise forts. For example, gambling companies might pinpoint ad-
security and ethical concerns, because they reflect personal dicts and entice them with free bets (Cox, 2017). Less pur-
feelings that can be manipulated for commercial purposes, posefully, cloud services rely on virtual storage, but such re-
which would represent individual privacy violations. Each mote processing can compromize system security (Alsmadi &
user’s information might also include details about other Prybutok, 2018), especially at the transition moment, when
users, due to the networked nature of social media. If a user firms shift internal applications and data to the cloud, which
tags a friend on a public Facebook post, their conversations risks information exposure to fourth parties, including uneth-
get exposed, which violates both friends’ communication ical actors that seek to steal consumers’ personal data (Yun
privacy if firms review and exploit these exchanges. et al., 2019). The sheer volume of information, historical and
real-time, that links connected consumers, especially those
Data aggregation, processing, and storing privacy proximal to one another through IoT devices, heightens secu-
tensions rity risks involving stolen identities, personal violations, and
intellectual property losses (Kshetri, 2014). These practices
Firms often combine data sets from multiple novel sources, together threaten communication privacy and individual
which allows them to effectively share and monetize such privacy because they are intrusive, invisible, and extraordi-
data. Key technologies in data aggregation, processing, and narily difficult to control.
storing technologies are IoT, big data, and cloud computing,
with capacities to process and manage massive amounts of
information (Kobusińska et al., 2018). The convergence of Data modeling and programming privacy tensions
IoT, big data, and cloud computing is central to data sharing
as it enables firms to share applications and analytics with Automation enabled by data modeling and programming
multiple parties in real-time and at reduced technology costs. technologies plays a key role in data sharing and data mon-
Data can be shared via IOT-enabled devices in machine-to- etization. Considering our focus on privacy tensions, we
machine communications. Insights and analytics based on big discuss AI/machine learning and service robots as relevant
data can be exchanged with partners, whereas cloud technol- amalgamations of engineering and computer science that
ogies offer a cost-effective information storage cyber- produce intelligent automation, capable of learning and ad-
infrastructure that is broadly available across time and space aptation (Xiao & Kumar, 2019). These technologies facili-
and accessible by multiple users simultaneously (Alsmadi & tate data sharing as AI generally enables automated sharing
Prybutok, 2018). Data aggregation, processing, and storing of real-time data, and embodied AIs such as robots can ex-
technologies empower data monetization practices by estab- change information in physical interactions. Moreover, AI-
lishing novel insights about customers from IoT-enabled de- based systems enable data monetization by improving mar-
vices and big data, facilitated by cloud technologies, which keting and operational performance (e.g., personalized rec-
can inform consumer profiling, behavior prediction, and ommendations, smart content, programmatic media buys,
targeting efforts. In turn, these efforts can optimize marketing chatbots, and predictive modeling) (Davenport et al.,
and business performance, supply chain management, and 2020). Modern robots, such as humanoid, programmable
(extended) data wrapping (i.e., development of analytical Pepper (Musa, 2020), can understand verbal instructions,
functions). Accordingly, these technologies have been widely interpret human emotions, and exhibit social intelligence
adopted by many businesses, such as Netflix (Izrailevsky to improve customer experiences and optimize perfor-
et al., 2016) and Woolworths (Crozier, 2019), to improve their mance. AI and service robots also enable data wrapping/
performance and profitability. extended wrapping by automating tasks and services; in
1308 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

addition, their data analytics–based features can adapt auto- transferred to other applications for display or rendering too,
matically to the real-time, physical environment. such that their personal information is exposed to an unknown
However, optimizing machine learning requires enormous system that might access and manipulate the data without
amounts of data, collected from consumer interactions, often users’ consent. “Clickjacking” tricks people into clicking on
without their knowledge. In general, AI might extract sensi- sensitive features by using transparent or deceptive interfaces,
tive information such as people’s political opinions, sexual which then allows the illegitimate actor to extract their data
orientation, and medical conditions from less sensitive infor- (Roesner et al., 2014). Finally, an extensive range of sensitive
mation (Davenport et al., 2020), then manipulate users sensors can capture rich information, as when visual data pro-
through predictive analytics or create deception such as deep duce spatial mapping information also validate spatial ele-
fakes (Kietzmann et al., 2020), which threaten information ments, such as exteriors or physical articles. Such exposures
privacy. Robots equipped with computer vision and machine of physical space threaten individual privacy.
learning both see and sense the environment, implying greater
penetration into consumers’ private, physical, and emotional
spaces and threats to individual and communication privacy. A structuration approach to digital
technology–privacy tensions
Data visualization and interaction design privacy
tensions Data monetizing and data sharing, achieved through firms’
use of digital technologies, can exacerbate technology–
Finally, data sharing and monetization activities rely on data privacy tensions among consumers, regulators, and firms.
visualization and interaction design technologies, as each Underpinned by structuration theory, we advance a frame-
enables connected realities known as the “metaverse,” pre- work for understanding their unique approaches to managing
dicted to become an important part of digitial future (Kim, such tensions in Table 2.
2021). Data can be visualized through display technologies, As noted previously, structuration theory highlights the
such as mixed, augmented (AR), and virtual (VR) realities, interaction of structure and action (agency) rather than remain-
which deliver realistic virtual experiences involving syn- ing limited, as some previous social theories had been, to the
thetic worlds in which users become immersed through in- exclusive role of just structure or action (Giddens, 1984). It
teractions and sensory stimulation (Roesner et al., 2014). In thus advances a structural duality account, involving the mu-
terms of data sharing, these technologies allow immersive tual interdependence and recursivity of actions and structures.
data presentations and experiences, especially data story- Structures, which represent both the context and the outcomes
telling, that can be shared virtually, visually, and seamlessly of social practices (Luo, 2006), include rules, laws, social
among different groups of users (customers). In addition, norms, roles, and resources (e.g., digital technology), such that
these technologies enable firms to monetize data because they might constrain or enable (group and individual) agents’
they enhance customer interactive experiences (Hilken behavior (Jones & Karsten, 2008). Structuration theory also
et al., 2017); they allow marketers to build increasingly predicts the production and reproduction of a social system
intimate customer relationships, as in the examples of through interactions by actors bound by the structure. These
Sephora’s virtual product try-on or Facebook’s social VR actors rely on rules and resources to define meaningful action
platform Horizon (Appel et al., 2020), thereby improving (reactive approach) and also might extend or transform rules
marketing and operational performance. Both VR and AR and resources (proactive approach) through their actions
technologies offer great potential for data wrapping/ (Sydow & Windeler, 1998). Firms and consumers inherently
extended wrapping by realistically depicting analytics- belong to social systems that establish structures, such as reg-
based features. ulatory frameworks or strongly held social norms about pri-
Privacy tensions created are similar to those created by the vacy. Privacy tensions also stem from social practices that
IoT. Notably, alternate realities require sophisticated input evoke responses from consumers and firms. Therefore, even
from cameras, GPS, and microphones to enable the simulta- as consumers and firms are influenced by regulatory frame-
neous functioning of various applications (Roesner et al., works and privacy norms, their actions inform and shape those
2014). Blending mixed reality also requires sensitive informa- regulatory frameworks and norms. This iterative, dynamic
tion, such as personal communications, images captured by interplay establishes the rules that govern subsequent interac-
cameras, and movements captured by sensors, posing a risk to tions, forming and refining policies and constraints (Park
information and communication privacy. Some of the latest et al., 2018).
privacy concerns involve bystanders in social AR in public For analytical purposes, Giddens (1984) characterizes
spaces, because the data of passers-by, such as their faces or structure according to three dimensions: signification (mean-
behaviors, can be captured by AR devices without their real- ing), legitimation (norms), and domination (power). Then in-
ization (Nijholt, 2021). The processed data then could be teractions consist of three corresponding characteristic forms:
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1309

Table 2 Privacy responses among consumers, regulators, and firms

Reactive Proactive

Consumer Information • Falsification: provide fake information in public posts

• Restraint: minimize user-generated content, such as social
data or when asked by online service providers media posts and comments
protection • Avoidance: refuse to provide information • Encrypted communications: email encryption or
behavior • Self-censorship: delete or edit past posts; contact the
anonymous re-mailers; passwords for sensitive
company to remove personal details; remove tags or documents/data
unfriending • Non-digital alternatives: face-to-face, traditional media
Permission • Withdrawal: remove cookies from browsers and • Screening: check server security (i.e., https); check the
computers; adopt ad blockers; delete apps when privacy policy
asked for information • Restriction: turn off location-based access; change cookie
• Fortification of identification: change passwords settings
after data breaches • Identity masking: private browsing; virtual private
• Communication termination: opt-out from mailing networks (VPNs); The Onion Router
lists and from other communications • Security consolidation: use privacy-enhancing technolo-
gies such as pop-up window blockers, firewalls, and other
internet security programs
Data privacy Privacy policy • Availability and visibility of the privacy policy • Specification and promotion of consumer rights in
regulation relation to data privacy
Managerial • Penalty for non-compliance • Obtain consumers’ consent for the collection, use, and
practices, • Disclosure of data breaches to customers and dissemination of personal information
enforceme- regulators • Provide consumers access to their own data and right to opt
nt out, request to remove their data, or stop sharing it with
third parties
• Privacy impact assessment and data protection
governance
Firm Privacy • Local approach: aim to meet specific, local privacy • Universal approach: tackle global privacy framework in a
responses approach regulations and laws coordinated manner, and in anticipation of the changes in
the overall regulatory framework, often targeting the most
restrictive legal requirements
Privacy • Privacy as a feature: privacy is only a value-added • Privacy by design: privacy is embedded in all business
process component of a product/service processes, products, and services from the beginning to the
• Improve data security by investing in cyber security final stage; security and privacy are default options for
technologies such as two-factor authentication, consumers
encryption, and tokens. • Data collection: zero party data
• Automated and standardized procedures to facilitate • Data discovery, categorization, and flow mapping:
the removal, transfer, or recovery of data, categorizing types of data to ensure that firms only collect
especially upon customers’ request. data that they actually need
• Ecosystem innovation: involving third parties in data
governance policy for more accountable business practices

communication, (exercise of) power, and (application of) wider networks (Vargo & Lusch, 2016). A firm ecosystem
sanctions. Separate modalities connect structure and action. comprises a web of strategic networks, in which actors are
In practice, these elements often are interconnected and func- connected and exchange resources to cocreate value, within
tion simultaneously (Giddens, 1984). Considering the novelty the constraints of relevant institutions or institutional arrange-
of this structuration theory application to privacy topics, as ments (regulatory authorities, frameworks) (Roggeveen et al.,
well as the complexity of our proposed model, which involves 2012). Firms operate within ecosystems and continuously in-
interplays of institutions (regulators), groups (firms), and in- teract with other entities such as supply chain partners.
dividuals (consumers), we focus here on the duality of struc- Because data constitute a type of currency in the digital econ-
ture and social practices in an effort to clarify privacy tensions omy, they represent important elements in any firm’s value
among firms, consumers, and regulators, rather than test the chain and the broader marketing ecosystem. By integrating
original analytical dimensions of structuration theory. structuration theory with the SDL, we can derive a framework
When considering digital technologies and privacy ten- of relationships among actors (regulators, consumers, firms)
sions, the structure–actor relationship also might be described and relevant structures or institutions (Vargo & Lusch, 2016).
according to the service-dominant logic (SDL), which indi- This blended perspective implies that the actors exist and in-
cates that actors do not function in isolation but are part of teract within a system of relationships (Giddens, 1984;
1310 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

Roggeveen et al., 2012). Accordingly, we can explain the more proactive. Reactive conditions imply minimal changes
regulatory framework associated with privacy (i.e., structure) and less impact on existing firm structures and performance;
and predict both reactive and proactive responses by con- proactive conditions require more expansive changes. In rela-
sumers and firms (i.e., actors). As we noted previously, the tion to a firm’s privacy policy, for example, a reactive require-
presence (or absence) of a regulatory framework implies rules ment might stipulate its availability and visibility on the firm’s
or norms that in turn affect privacy tensions. In addition to website. For example, CPRA requires a privacy policy hyper-
relying on effective data protection though, consumers engage link on the firm’s home page that is noticeable and clearly
in further protective behaviors and demand data protection, identifiable (e.g., larger font, different design than surround-
forcing firms to respond to the privacy tensions. ing text). A proactive version might require firms to disclose
consumers’ rights and information access, use, and storage
Data privacy regulation rules as important elements of their privacy policy. Through
either enforcement mechanism, the regulatory goal is that con-
According to structuration theory, structures such as regu- sumers learn easily about data security, data control, and gov-
latory frameworks (i.e., rules) can both constrain and enable ernance measures enacted by the firm.
consumer and firm actions in the digital landscape, exacer- In terms of managerial practices, a reactive approach would
bating or offsetting privacy tensions. Privacy regulatory mandate notice of data breaches. Most data protection laws
frameworks or policies seek to provide fairness, trust, and also set penalties for noncompliance; under GDPR, firms
accountability in consumer–firm data exchanges. Similar to convicted of privacy violations face fines of up to 20 million
other consumer-focused public policies, major privacy euros or 4% of their global revenue. A proactive version might
frameworks attempt to improve overall societal well-being require firms to obtain consumer consent for information col-
and protect people’s rights, in balance with countervailing lection and usage. For example, websites often use a pop-up
societal goals such as firm profitability and economic pros- window that details the different types of cookies used for
perity (Davis et al., 2021; Kopalle & Lehmann, 2021). tracking and parties with which data may be shared.
Digital technologies have evolved significantly, smoothing Consumers may review this information, then opt-out or re-
processes that allow firms to monetize and share customer quest that the firm delete their information or stop sharing it
data while simultaneously adding complexity to consumer- with third parties. Both GDPR and CPRA enforce these con-
side privacy prevention. Therefore, it is critical for regula- sumer protections. Other regulations address firm profiling
tors to address privacy tensions that arise from digital tech- practices, facilitated by AI, to prevent harmful consumer
nology use. alienation or exclusion practices. However, such laws differ
The three broad classes of privacy risks created by firms’ in notable ways. For example, under the GDPR, firms must
data monetization and sharing strategies are addressed to vary- conduct a regular privacy impact assessment, which is not
ing degrees by global data protection laws such as the GDPR, required by CPRA.
Australian Privacy Act, and CPRA, each of which attempts to
limit the collection, use, storage, and transmission of personal
information. Although data privacy regulations differ from Consumer privacy protection behavior
country to country, the GDPR has become a global standard
(Rustad & Koenig, 2019). New privacy laws tend to reflect its Structuration theory suggests that as consumers grow more
foundations (Bennett, 2018), and the global nature of business aware of various privacy tensions during interactions with
implies that many international firms must comply with its firms, their sense of worry or fear might evoke protective
rules. Most U.S. state-based and global data protection frame- actions (Walker, 2016). The level of fear or worry depends
works share three common principles as their foundation on the nature of the rules and resources available in their
(Helberger et al., 2020), which also align with structuration relationships with firms. Assessments of relationship struc-
theory themes. First, consumers are both content receivers and tures likely refer to the severity of the privacy risks, their
data producers, making consent and ownership critical. perceived likelihood, and felt vulnerability or agency to cope
Second, transparency is paramount to balance power discrep- with privacy risks (Lwin et al., 2007). For example, if con-
ancies between consumers and firms. Third, data move sumers realize greater privacy risks due to the nature of the
throughout marketing ecosystems and across multiple parties, data being collected or increased breach likelihood in a firm
making access and control of data streams and consumer ed- relationship, they become more likely to engage in privacy
ucation about data collection, uses, and potential conse- protective behaviors, manifested as future responses to the
quences critical. structures and resources available within that relationship.
Data protection laws also tend to involve two main enforce- Some privacy-protecting strategies increase consumers’
ment methods, related to firms’ privacy policies and manage- control over personal information (e.g., decrease disclosures,
rial practices, which might be categorized as more reactive or minimize their digital footprint) or establish requirements for
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1311

explicit permission for uses of their personal data (information apps that ask for access to their location, rejecting or removing
access and use) (Walker, 2016). Thus, we again can identify cookies from their computers, and blocking advertisements
reactive and proactive protection strategies. With a proactive (Yap et al., 2012). A fortification of identification effort might
strategy, consumers preemptively address privacy threats; include changing passwords after data breaches or threats.
with a reactive strategy, they act as explicitly advised by a They also can minimize risk by communication termination,
firm or in response to an immediate threat. Therefore, we or opting out of firm communications to avoid intrusion and
propose a two-dimensional categorization of consumer priva- prevent third-party information access.
cy protection behavior that spans reactive/proactive and infor-
mation control/permission control dimensions and produces Proactive permission strategy Among consumers who are
four groups (see Table 2): (1) reactive information strategy, more aware of privacy tensions and knowledgeable about dig-
(2) proactive information strategy, (3) reactive permission ital privacy technologies, we note more sophisticated efforts to
strategy, and (4) proactive permission strategy. protect personal information (Martin et al., 2017). With
screening, they monitor their own digital activities by verify-
Reactive information strategy By correcting their digital foot- ing firms’ privacy policies and securing transactions (e.g.,
print, in response to privacy tensions, consumers can manage using https protocols). Restriction involves limiting informa-
immediate privacy threats. For example, they might self- tion access by adjusting privacy settings, such as turning off
censor or filter content after it has been published, by deleting location-based access or changing cookie settings. Identity
content from blog entries or Facebook posts, “untagging” masking is another popular strategy to prevent tracking, using
themselves in photos or posts, “unfriending” contacts, or re- a security feature that stops a browser from storing cookies
questing that a firm or social media platform remove their and the search history. Even more sophisticated tools include
information. Consumers also might avoid disclosure by inten- virtual private networks and The Onion Router, which work
tionally refusing to provide certain elements of information in through encryption and create networks of virtual tunnels,
response to initial requests (Martin & Murphy, 2017) or else designed to anonymize internet communications (Kaaniche
falsify the information they do provide, such as using a fake et al., 2020). Finally, if they adopt security consolidation,
name, address, date of birth, and profile picture. This strategy consumers install privacy-enhancing technologies, such as
reduces their digital footprint by removing or altering content blockers and firewalls for third-party trackers, along with in-
that previously has been available. ternet security programs (Zarouali et al., 2020). These strate-
gies offer strong protection but also require substantial tech-
Proactive information strategy Rather than managing content nological savvy that is unlikely to be possessed by all
that already has been published, a proactive information strat- consumers.
egy uses restraint as a protective mechanism that defines con-
sumers’ ongoing practices of withholding information (Lwin
et al., 2007). Consumers reduce the amount of personal con- Firm privacy responses
tent shared, minimize digital interactions, and limit activities
such as online check-ins, which can reveal personal informa- According to structuration theory, augmented by the SDL,
tion. They also might use encrypted communications such as firms as actors operate in broader systems that affect their
Pretty Good Privacy software, S/MIME standards (Kaaniche behaviors (Vargo & Lusch, 2016). Firms are influenced by
et al., 2020), or anonymous re-mailers to reduce data avail- structure (e.g., regulations) and by their relationships with
ability. Some people seek non-digital alternatives for their other actors (e.g., consumers) (Park et al., 2018). In response
communications, information search, and purchases (Martin to regulatory and consumer actions, firms might comply with
& Palmatier, 2020). Since this strategy restricts information privacy rules (reactive response) or go beyond them to engage
prior to sharing, it limits content and sociability. It also gen- in privacy innovation (proactive response), which potentially
erally involves more effort, complexity, and inconvenience shapes new structures (Luo, 2006).
for consumers than a reactive information strategy, because
it demands continuous monitoring of the digital footprint. Reactive response (privacy compliance) Structuration theory
(e.g., Luo, 2006; Park et al., 2018) suggests the presence of
Reactive permission strategy In a reactive permission strategy, some structurally embedded constraints on actors. Due to in-
consumers limit access to their personal information when creased scrutiny of data practices, firms are expected to com-
service providers ask for it or respond to an instant threat such ply with what is sometimes a patchwork of local, national, and
as a data breach that makes the risk salient. Consumers gen- international privacy regulations. A reactive response corre-
erally might agree to provide access to their information, but sponds to the minimum expectation for a company, namely, to
with a reactive strategy, they engage in a withdrawal tactic to follow existing, immediate structures in the regulatory frame-
remove themselves from risky situations, such as deleting work. With this local approach to privacy regulation, firms
1312 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

only aim to meet specific, local privacy rules. This type of engaging in data discovery, categorization, and flow mapping,
response is common among small, local businesses, but it also innovative firms might minimize their information collection
might be adopted by big corporations, to take advantage of and only collect what they actually need. Privacy might be
variances in legal systems across specific markets. integrated into customer-facing applications too, such as au-
Furthermore, this approach is in line with a privacy process tomatic timed logouts, notifications for unrecognized access,
that emphasizes privacy as a feature. That is, privacy consti- and setting security and privacy as default options. Finally,
tutes added value, generally included as an afterthought in privacy innovation encompasses accountable business prac-
product and service development efforts. The main goal un- tices that require firms to involve their partners in data gover-
derlying this approach is to stay within legal boundaries and nance to ensure end-to-end security, such as by auditing third
general expectations related to privacy. For example, by parties that manage data on a firm’s behalf (Merrick & Ryan,
strengthening their cybersecurity, companies can address con- 2019). Pursuing privacy innovation can address the proactive
sumers’ reactive information strategies by minimizing nega- privacy responses of even highly skeptical consumers and
tive events such as data breaches that threaten to trigger con- instill trust, by creating a safe ecosystem, so it should mini-
sumers’ falsification, avoidance, withdrawal, or communica- mize restraint and restriction behavior. In this sense, privacy
tion termination actions. In addition, these firms likely focus innovation offers an effective way to address both proactive
on technologies that enable them to adhere to regulations. consumer responses and regulations. However, it also tends to
When the GDPR came into force and required firms to ensure be costly and requires both long-term commitments and ex-
consumers’ right to be forgotten, they faced technological tensive transformations of the business structure and practices.
challenges and thus committed to developing automated and In summary, structuration theory purports that a privacy-
standardized procedures for the removal, transfer, or recovery related structure must include regulations that require firms to
of data, upon consumers’ request, which also might dissuade provide notice and gain consent from consumers to collect,
consumers from adopting self-censorship behaviors. parse, and store their data. They greatly enhance consumer-
initiated strategies to address technology–privacy tensions.
Proactive response (privacy innovation) In a volatile business Consumers’ behaviors also depend on their resources, such
environment marked by constantly changing structural param- as knowledge and self-efficacy (Walker, 2016). In general,
eters, structuration theory suggests that firms can influence reactive strategies require less expertise, and proactive ones
structural forces. For example, Xerox, Cisco, Nokia, and demand greater technological savvy. Yet firms remain bound
Motorola persistently and efficaciously convinced the by the structure and can employ either a reactive response that
Chinese government to update and require all firms to con- treats privacy as a compliance issue or a proactive response
form with a new set of industry technical standards, thereby that views it as a core business value. These trade-offs and
changing industry norms as a key structural parameter (Luo, tensions characterize regulatory–consumer–firm interactions,
2006). Privacy innovations are new or enhanced firm privacy and we rely on them to propose an integrated framework to
management practices designed to benefit consumers, appease inform theory, practice, and policy.
the government, or otherwise appeal to relevant stakeholders.
They arise when firms actively integrate compliance as a busi-
ness pillar and attempt to address privacy regulations collec- Integrated framework of the structuration
tively, through a universal approach to privacy. Instead of of privacy
dealing with each law and policy separately, firms identify
key compliance issues across regulatory frameworks and The preceding review offers key insights and implications for
adopt a streamlined, uniform strategic plan that can guide all firms, consumers, and regulators. Informed by structuration
aspects of their behavior, as well as current and future theory, and augmented by elements of SDL, we draw from
standards. these insights to develop an integrated framework (Fig. 1), in
Furthermore, privacy innovation encompasses a privacy by which privacy and its preservation emerges from interactions
design paradigm, which embeds privacy in all business pro- across structures (i.e., digital technologies as resources and
cesses, products, and services, from their initial development data privacy regulations as rules) and actors (i.e., firms’ and
to their final consumption and disposition stages (Bu et al., consumers’ actions). On this basis, we propose a series of
2020). Privacy by design stresses proactive, user-centric, and tenets related to themes of (1) data monetization and firm
user-friendly protection, and it requires substantial invest- performance, (2) data sharing and firm performance, and (3)
ments and changes. For example, data collection strategies firms’ data privacy actions. We also introduce associated
would aim to gather zero-party data, which refer to con- propositions. This synthesis of extant literature reveals practi-
sumers’ voluntary provision of their information, are cal insights to clarify the future of digital technologies in con-
completely consent-based, and can be collected from polls, texts marked by changing consumer behaviors and regulatory
quizzes, or website widgets (Martin & Palmatier, 2020). By parameters. Depth interviews and case studies (Table 3)
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1313

Table 3 Integrated data strategy framework and case studies

Company and Sources Tenets and themes Data Strategy Effect on Firm Performance

Facebook Tenets 1 and 2 Facebook extensively monetizes user data Data monetization fuels Facebook’s
Patterson (2020); FTC Data monetization; Data sharing; through extended data wrapping, such that profitability. In 2018, the value of
(2019); Lapowsky Privacy regulation; Privacy it provides data analytics-based features to Facebook users’ personal information was
(2019); Shapiro (2019); risks; Customer privacy its clients (e.g., advertisers), for example, equal to $35.2 billion, or 63% of
Weisbaum (2018); Wong protection behavior; Firm targeted advertising based on users’ Facebook’s revenues. However, Facebook
(2018) performance activity, and measuring the ad effective- has come under scrutiny due to its data
ness by tracking users’ digital footprints. practices. After the Cambridge Analytica
Facebook shares substantial data with scandal, Facebook was fined US$5 billion
partners such as app developers; it had by the Federal Trade Commission, and
allowed third-party apps to access data on £500,000 by the UK’s Information
Facebook users’ friends for years, which Commissioner’s Office for their role in the
led to an infamous scandal in which scandal. The event sparked heated debates
Cambridge Analytica acquired data on about consumers’ privacy rights,
millions of customers to build comprehen- prompting policy makers to increase the
sive personality profiles without their stringency of data regulations. The privacy
knowledge in 2018. scandal resulted in a decrease in overall
trust in the company, falling daily active
user counts in Europe, and stagnating
growth in the US and Canada.
Apple Tenets 1 and 3 Apple uses digital technologies to gather and Apple performs exceptionally; its revenues
Apple (2021); Leswing Data monetization; Proactive make sense of data for internal soared by 54% to $89.6 billion in the first
(2021); O’Flaherty privacy responses; Privacy risks; monetization purposes, such as optimizing quarter of 2021. While engaging in
(2021) Firm performance marketing and business performance, monetization practices, privacy initiatives
developing prediction analytics to improve have reduced the perceived risks of using
user experiences, and innovating new Apple products and positively influenced
products and services. Apple also engages customer responses. More than two-thirds
in data wrapping, such as through the of Apple customers agree with its privacy
Apple Health App, which tracks users’ policies and 92.6% of Apple users stating
physical activities and biometrics and they would never switch to an Android.
create alerts if health issues arise. Apple The App Tracking Transparency privacy
shares data with partners such as suppliers innovation encourages advertisers to use
and app developers. Apple has adopted Apple’s own Search Ad in the App Store,
privacy-by-design principles and used further strengthening the impact of data
enormous digital resources to develop pri- monetization on firm performance. This
vacy innovations, such as Intelligent data privacy innovation thus is changing
Tracking Prevention in Safari, Privacy industry norms, shaping new customer
Labels on the App Store, and App privacy behaviors, and reinforcing existing
Tracking Transparency. data regulations.
BMW Tenets 2 and 3 BMW has engaged extensively in data Data sharing enhances the effectiveness of the
BMW (2021); Nica (2020); Data sharing; network sharing and but imposed strict limits on business network, which improves
Wilkie, 2020 effectiveness; firm performance; how those data can be used for BMW’s performance. It can proactively
data privacy regulation; monetization. To detect and rectify product monitor product functions, increase value
proactive privacy responses defects, it is essential for its partners and chain efficiency, and enhance customer
suppliers to obtain data assigned to a experiences. Data sharing enables BMW
specific vehicle, on a case-by-case basis. and its suppliers, to pinpoint production
BMW has adopted innovative privacy bottlenecks or parts shortages, which can
approaches, including pseudonymization boost in-network effectiveness and the
to encode personal information, that es- performance of all firms involved. The new
tablishes smooth procedures while pre- cloud technology is designed with privacy
venting other parties from tracking cus- and security in mind, allowing European
tomers. In 2020 BMW and automotive car manufacturers to maintain control over
manufacturers and suppliers, dealer asso- their own data. This initiative helps them
ciations and equipment suppliers joined a formulate effective responses to potential
data-sharing alliance to build a cloud-based scenarios, such as the coronavirus lock-
data exchange platform. down that imposed serious pressures on the
supply chain.
1314 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

Fig. 1 Integrated framework of privacy structuration

provide additional, conceptual scaffolding to proposed tenets represent consumer insights that firms can use to tailor solu-
and propositions, in support of our framework. tions to meet consumers’ preferences and also make better
To verify our propositions relative to firms’ and con- business decisions (Bleier et al., 2020). As the head of product
sumers’ experiences with digital technologies and data ex- marketing in an electronics firm noted: “By using data we can
changes, we conducted in-depth interviews with ten senior offer the right product, right value at the right touchpoint to the
managers in various industries, with 4 to 31 years of experi- end-user [using the] right approach.” An informant who per-
ence in their respective areas. We also interviewed five con- forms customer analytics in the banking and finance sector
sumer informants from 27 to 41 years of age who are heavy also provided an example of data wrapping practices, such
users of digital technologies (see Web Appendix 2 for that the organization packaged its products with data insights
informant profiles). We identified participants from our con- as value-added features:
tacts in a research cluster. Interviews were conducted either
face-to-face or via a video conference platform, and they were [Some of the data] that we capture [from individual cus-
recorded and transcribed. The interview protocol includes 18 tomers] can be used to provide insights to our B2B
questions related to digital technologies, data collection and customers…. With what we have today we could pro-
use, and privacy issues (see Web Appendix 3). vide insights into their business based on their data to
help them grow their business.
Tenet 1: Data monetization and firm performance
Similarly, external monetization, such as selling data to clients
We propose that digital technologies function as resources that for marketing and targeting purposes, offers significant eco-
enable firms’ data monetization and data sharing strategies. nomic benefits for sellers. These three approaches are not
Using digital technologies such as big data, IoT, and AI in mutually exclusive; firms can use more than one to generate
the ways previously described, firms can convert data and revenue. Such data monetization practices increase the profit-
analytics into value for their customers and increase their prof- ability of a firm and thereby enhance its performance.
itability (Najjar & Kettinger, 2013). For example, a recent Privacy tensions can stem from consumer–firm interactions
estimate of the value of Facebook users’ personal information through digital technologies (Park et al., 2018). Drawing from
is $35.2 billion, or 63% of Facebook’s revenues (Shapiro, the notion in structuration theory that structure can both shape
2019). As a shared general consensus, the interviewed senior and be shaped by social practices, we note that the inherent
managers agreed that data analytics boost firms’ performance. privacy tensions of data monetizing practices provoke con-
Internal data monetization practices can enhance firm perfor- sumer and regulatory privacy responses, which have direct
mance, because the data collected from digital platforms implications for firm performance. Data monetization thus
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1315

may lead to privacy tensions and open firms to legal chal- Tenet 2: Data sharing and firm performance
lenges, especially as data privacy regulations grow stronger.
After the Cambridge Analytica scandal, heated debates about From the integration of structuration theory and the SDL, we
consumers’ privacy rights arose, and policymakers sought to determine that digital technologies enable data sharing among
increase the stringency of data regulations, such that actors within a business network, so multiple parties can ac-
Facebook’s CEO was called to testify before Congress and cess the data, anytime and from anywhere, which increases
the company was fined US$5 billion by the U.S. Federal efficiency, in line with the prediction that value is co-created
Trade Commission for deceiving users about their ability to by multiple actors in an ecosystem (Vargo & Lusch, 2016).
control the privacy of their personal information (Lapowsky, Data sharing also strengthens relationships among supply
2019). In addition, trust in Facebook plunged by 66% chain partners and fuels network effectiveness, which refers
(Weisbaum, 2018) and customers, including influential fig- to the “viability and acceptability of inter-organizational prac-
ures such as Elon Musk, joined the #DeleteFacebook move- tices and outcomes” (Sydow & Windeler, 1998, p. 273).
ment in response. As this example shows, monetizing data Firms might collectively improve their performance by
may spark consumers’ privacy protection behaviors, which complementing their data with others’ information, thus gen-
can jeopardize firms’ relationships with them. Even requests erating second-party data (Schneider et al., 2017).
for data or perceptions that firms profit from consumer data Manufacturers gather market analytics from distributors for
can trigger reactive and proactive privacy protection behav- new product design, demand forecasts, and the development
iors, such as information falsification or outright refusal of marketing strategies. Take the automobile industry as an
(Table 2). One consumer informant recalled an experience that example. Data sharing enables carmakers, including BMW
felt like “an invasion, like I visited a website once because we and its suppliers, to pinpoint production bottlenecks or parts
got a new kitchen and now I get ads constantly for kitchen shortages, then formulate effective responses to potential sup-
stuff. And it’s like, I might need that, but I don’t want you to ply chain problems and boost the performance of all firms
know that I need it, but I want to find it myself.” A senior involved (BMW, 2021). A chief financial officer of a
manager, head of digital marketing for an apparel firm, echoed manufacturing firm affirms the value of data sharing:
this sentiment by acknowledging that “society is a lot more Definitely, you know, for us as a supplier when we receive
worried about data.” The inherent privacy tensions of data our clients’ market data, that’s entirely valuable for us. [Data
monetization can increase regulatory scrutiny, damage sharing] is a critical part of making sure that we do the best job
customer–firm relationships, and spark consumer privacy pro- that we can.
tection behaviors. We propose the following tenet and Yet similar to data monetization, the multiple-actor, collab-
propositions: orative nature of data sharing can result in privacy tensions.
The more data a firm shares, the more control it must surren-
Tenet 1 (Data Monetization Trade-Off) Enabled by digital tech- der to other parties, creating vast uncertainty. Therefore, data
nologies, data monetiza- sharing may jeopardize consumer information privacy and
tion creates a trade-off trigger both consumer and regulatory responses. These re-
between firm profitabili- sponses may imply performance losses for the focal firm,
ty and privacy tensions especially if requisite security measures are missing
(information, communi- (Schneider et al., 2017). Considering the interactions between
cation, and individual structure and social practices of data sharing, we offer the
privacy). When they following tenet and propositions:
result from consumer–
firm interactions, privacy Tenet 2 (Data Sharing Trade-Off) Enabled by digital technol-
tensions lead to changes ogies, data sharing creates a
in both regulatory and trade-off between network
customer responses. effectiveness and privacy
tensions (information, com-
Proposition 1 Data monetization positively influences firm munication, and individual
performance through profitability. privacy).

Proposition 2 Data monetization negatively influences firm Proposition 3 Data sharing positively influences firm
performance through increased privacy ten- performance through network effectiveness.
sions (information, communication, and indi-
vidual privacy), which trigger consumer data Proposition 4 Data sharing negatively influences firm perfor-
protection behaviors and privacy regulations. mance through increased privacy tensions
1316 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

(information, communication, and individual You certainly got to comply, ticking that box, but I do
privacy), which trigger consumer data protec- think that if you were going that extra mile and looking
tion behaviors and data privacy regulations. at ways [of] being innovative, then you’re going to be
servicing your customers even better.
Tenet 3: Firm privacy responses
We offer the following tenet and propositions:
The dynamic interplay of structures and actors, again, guides
our theorizing. Privacy tensions that occur from data moneti- Tenet 3 (Firm Privacy Responses) Enabled by digital technolo-
zation and data sharing (i.e., social practices) tend to alert gies, firms develop privacy
policymakers, who often respond by strengthening regulatory responses to address regula-
frameworks. This change in structure (i.e., data regulation), tory and consumer privacy
together with objections from consumers that result in responses.
privacy-protective behaviors, requires firms to develop data
privacy actions to reduce privacy tensions. Firms that aspire Proposition 5 Data privacy regulation can both positively and
to address privacy tensions proactively must devote resources negatively influence firm privacy responses.
and create processes for updating their digital technologies,
which is a particular challenge for small firms: “I think we Proposition 6 Consumer privacy protection behaviors posi-
would like to focus more on innovation. But we’re probably tively influence firm privacy responses.
not that big a company at the moment that we can put a lot of
resources towards it” (head of digital marketing, apparel). Proposition 7 Compared with reactive privacy responses, firm
A common centerpiece of privacy legislative frameworks proactive privacy responses reduce consumer
is an emphasis on consumer consent. Adhering to such prac- privacy protection behavior by mitigating the
tices may reduce the collection and use of data and limit the negative effects of data monetization and data
number of parties with which data can be shared, which can sharing strategies on privacy tensions.
engender diminished firm performance due to the constraints
on personalization, customization, targeting, and prediction
efforts. In addition, privacy laws might restrict firms’ ability Implications for firms with different data
to sell data and analytics and increase legal expenses, causing strategies
a significant disadvantage for businesses that are unable to
collect data on their own. However, the effects of data privacy Our novel framework explains that digital technologies em-
regulation can be mitigated by proactive privacy responses. power firms’ data monetization or data sharing strategies,
Technology innovations might be exploited to circumvent while also creating privacy tensions. Although most firms
regulatory limitations. For example, Airbnb and Uber person- seek vast customer data and employ various means to leverage
alize predictive models without compromising consumer pri- them, not every firm requires the same amount of data or has
vacy by using smart pricing algorithms based on anonymized, the necessary digital technology capabilities (see Web
aggregated, or market-oriented (event- or object-based) data, Appendix 1). The effect of data privacy regulation on data
rather than personally identifiable information (Greene et al., sharing and monetization thus should vary across firms which
2019). Whether they enhance privacy practices or technolog- rely on data to varying levels. The more firms rely on data
ical processes, privacy innovations allow firms to reap critical monetization and data sharing, the more pronounced the ef-
data benefits, meet or exceed legal and regulatory obligations, fects of regulatory changes and consumer data protection be-
accommodate consumer expectations, reduce privacy ten- haviors become. For such companies, data privacy responses
sions, and, ultimately, mitigate the impacts of consumer re- have heightened implications; a proactive response might mit-
sponses and regulation stringency. Even though they involve igate the restrictions. We apply our framework to provide
data monetizing for marketing, operational efficiency, and da- implications to firms with various data strategies as depicted
ta wrapping practices, Apple’s privacy initiatives (e.g., App in Web Appendix 1, in which we assign firms to one of four
Tracking Transparency, Privacy Nutrition Labels) have groups, according to their levels of both data monetization and
boosted customers’ loyalty to the brand even higher, such that data sharing practices.
92.6% of Apple users claim they would never switch to an
Android (O'Flaherty, 2021). The initiatives also alter industry Data harvester
norms and impose greater pressure on competitive firms, such
that Google has announced plans to consider an anti-tracking Data harvesters engage in limited, internal data monetization
feature for Android devices (Statt, 2021). As a chief executive and data sharing practices, leaving them less exposed to con-
officer of a telecommunication service provider explained: sumer privacy behaviors and regulations. Many of them seek
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1317

to “harvest” their own data to create customer value. The head (Bleier et al., 2020). Finally, their privacy innovation tends
of digital marketing of an apparel firm shared: to be low, because few incentives (or punishments) limit their
data exploitation.
We don’t have as much access to that sort of [third-
party] data but yet we do have first-party data, which Data expert
will be those [data] of those people within our leads
database in our customer base. Data experts are active members of the digital technology
ecosystem and work with any third parties, engaging in very
However, if restrictions were imposed on their internal high levels of both data sharing and data monetization. Other
consumer data collection and use, they would have to rely firms rely on data experts for advertising insights and custom-
on third-party data providers or brokers. Therefore, data har- er analytics, so in turn, they have significant power and influ-
vesters likely comply closely with government regulations ence over the nature and amount of data collected. Only a few
and tend to adopt reactive privacy strategies to protect con- firms (e.g., Google, Facebook, Twitter) fit this description,
sumer privacy. and each of them is subject to ongoing regulatory scrutiny.
In general, stronger regulations, competitive maneuvers (i.e.,
Data patron Apple’s iOS 14 privacy updates affecting Facebook, Twitter,
and others), and increasing consumer criticism may threaten
Data patrons’ monetization approaches resemble those of data their business model. Accordingly, data experts may need to
harvesters, such as developing customer intelligence for better adopt more extensive, transparent, and proactive privacy prac-
internal marketing efforts. However, data patrons such as tices to address these challenges.
Apple, Microsoft, and PayPal are more likely to undertake
data wrapping to create customer value, because they have
greater digital technology capabilities. In addition, they are Recommendations for policymakers
cautious about the many partners involved in their business
networks which can create significant risks for sharing prac- Privacy regulations attempt to empower consumers by
tices. Echoing this view, the head of customer analytics of a ensuring their ability to share, capably monitor, and pro-
banking and finance firm stated: tect their personal data. Regulations also provide guard-
rails to constrain firms’ interactions with consumers by
We do have some partnerships that we share [our data mandating responsible data use and fair exchange. On
with], but again it depends on our terms and conditions the basis of our integrative framework and typology of
on what we share and what it is related to, especially if it data strategy, which establish a comprehensive view of
has to do with the customer experience and if it is in the privacy tensions linked to emerging digital technologies,
right interest of our customer. we offer policymakers several recommendations for
drafting, implementing, and monitoring effectively such
These firms are moderately affected by consumer privacy regulations.
behaviors and regulatory frameworks. Innovative patrons can
navigate sophisticated regulatory frameworks and consumer Addressing digital technology evolution
privacy protection behaviors; for example, Apple’s App
Tracking Transparency promotes its image as a responsible Digital technologies evolve rapidly, and privacy regulations
tech firm. must account for that rapid evolution. Although future-
proofing privacy regulations is untenable, regulatory param-
Data informant eters that govern fundamental data exchanges, rather than
specific technological techniques for gathering or processing
Data is the bloodline of data informants’ business models, as data, can protect consumers more broadly, even as technol-
described by the president of a software development firm: ogies change. In addition, such regulations would prevent
“We don’t produce any physical goods. We operate only in firms from applying technologically advanced workarounds
the informational space. That means data is everything.” To to subvert the restrictions. Both the GDPR and CPRA are
maximize profits, some data informants use questionable designed to be technology neutral, governing the data ex-
methods to identify people’s interests in sensitive topics. changed between a customer and a firm rather than the tech-
These firms face substantial scrutiny; some regulators suggest nology through which the data are exchanged. Nevertheless,
they should be listed in public registries and allow consumers emerging digital applications such as deep fakes, the rampant
to request clarifications about data ownership. Their size and spread of misinformation, and the growth of advertising eco-
scope also make these firms prime targets for cyberattacks systems can challenge even the most technologically broad
1318 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

regulatory mechanisms. It is thus imperative that regulatory harvesters, that might harm small businesses or start-ups.
frameworks adequately protect consumer data, regardless of If they cannot acquire large troves of data on their own,
technological advances, with legal and protective parameters these smaller competitors must rely on larger actors to
drafted with a technology-neutral approach that avoids regu- obtain data-based insights.
latory obsolescence and prevents innovative subversion by
firms. Promoting proactive regulatory enforcement
Beyond imposing constraints though, we also recommend
that regulators work closely with firms to learn how the regu- To the extent possible, regulatory frameworks should impose
lations they propose are likely to play out in practice. For proactive enforcement of both privacy policy requirements
example, novel technologies can make the enforcement of and managerial practices, including privacy by design and
various privacy regulatory dimensions more or less effective; privacy by default principles. Monitoring a firm’s data protec-
requiring customer consent is a cornerstone of the GDPR tion behavior can indicate the effectiveness of the regulatory
framework, but its operationalization and enactment in prac- framework, beyond just capturing violation occurrences or
tice has led to increased consumer annoyance with the re- noncompliance. Even with comprehensive data protection
quired pop-ups (Fazzini, 2019). Monitoring efforts also regulations in force, multinational corporations appear to
should go beyond identifying violations or demanding strict, adopt reactive privacy strategies for the most part, while con-
high-level compliance. In summary, even if technology ad- tinuing to engage in behaviors and practices that put them and
vances too quickly to be subject to specific regulation, it their customers at risk for data breaches (Norwegian
strongly influences the implementation and effectiveness of Consumer Council, 2020). By recognizing and rewarding pro-
regulation in practice, such that it can support or hinder active firm responses (data innovation), perhaps in collabora-
intended regulatory purposes, so policymakers need to pursue tion with industry bodies or aspirational firms, regulators also
and maintain an up-to-date, clear understanding of recent tech- could encourage the reproduction of best practices.
nology developments. Finally, transnational cooperation among enforcement au-
thorities is necessary to deal with the many multinational firms
Appreciating variability across firms and online businesses whose operations transcend national
borders. Harmonization efforts proposed by the United
The GDPR may have had the unintended consequence of Nations provide a potentially useful platform; its Personal
empowering the big technology companies (Facebook, Data Protection and Privacy Principles can help member or-
Google) that it originally sought to constrain (Lomas, ganizations navigate the diverse patchwork of regulatory cov-
2020). Large companies with many resources (financial, erage, given their business scope and reach, by developing a
legal, personnel) are better poised to accommodate vast coherent set of widely applicable rules that embody strong,
regulatory changes, including privacy regulatory mandates. proactive standards. Effective enforcement of privacy regula-
In particular, firms that already house vast troves of cus- tion and true protection of consumer privacy can be realized
tomer data easily can reduce their reliance on external or only if globally cooperative mechanisms are in place.
third-party data providers. Their in-house data capabilities
enable them to conform with regulatory parameters, even if
their data use might seem ethically questionable. We rec- Conclusion and research directions
ommend that regulators examine firms’ specific data shar-
ing and data monetization practices closely, with particular Adapting to ever-changing business environments and devel-
monitoring efforts focused on firms with extensive engage- oping long-term relationships with key stakeholders requires
ment in data monetization, such as data informants and extensive investments in digital technologies. Enabled by dig-
data experts. This targeted means to privacy regulation ital technologies, modern firms have access to massive
avoids some of the weaknesses of a “one-size-fits-all” ap- amounts of data, which they use to pursue various advantages.
proach. For example, many data informants are developers This research provides new insights into the role of digital
that offer free apps in exchange for customer data, and technologies by adopting a multidimensional approach and
their external monetization practices are largely unknown synthesizing current research and practical insights from the
to consumers. By applying the proposed data strategy ty- perspectives of firms, consumers, and regulators—each of
pology, policymakers can detect areas of data concentra- which is critical to developing an integrated, comprehensive
tion with the potential for misuse, such as among data framework.
experts and data patrons. Such considerations also could We begin by identifying the pressing tensions between
help limit the dominance of major tech firms. Regulators firms’ data monetization and sharing practices enabled by dig-
might apply the typology to understand the adverse effects ital technologies, as well as their implications for consumer
of privacy regulation, such as data portability on data privacy. By leveraging structuration theory, infused with
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1319

elements of the SDL, we delineate responses to these tensions intersection of the firm, consumer, and regulatory perspectives
exhibited by regulators, consumers, and firms. The produces an integrated framework of three tenets and seven

Table 4 Research agenda for data strategies

Theme Brief Description Research Questions

Firm data and privacy strategy

Data strategy As data become the new currency in the digital era, the firms • What data valuation models can motivate responsible data
that can create unique and sought-after data and business monetization and risk minimization?
intelligence from data-generating technologies wield in- • How do changing work cultures, such as increasing uses of
creasing power. Firms need to maximize value from data by home networks, personal and shared computers, and access
creating balanced, responsible data monetization and data to a wide range of systems from outside the office, increase
sharing. the threat of cyberattacks or data breaches?
• Can data sharing be improved via data interoperability?
Privacy innovation The benefits of data privacy innovations require further • Will firms’ enhanced data privacy practices become the new
investigation. In particular, additional research is needed to standard, such that innovating firms need to be even more
identify effective data privacy innovations that might novel in their privacy practices?
enhance the outcomes of data sharing or data monetization, • How is the relationship between innovative firms and digital
as well as the challenges to the adoption and technology providers likely to evolve?
implementation of privacy innovations. • What is the sustainable level of investment in privacy
innovation for data harvesters, data informants, data
patrons, and data experts?
• Do the benefits of privacy innovation justify the costs of
adoption and implementation?
Regulatory impact on firm level and ecosystem level
Impact of privacy According to structuration theory, structure is both the context • What are the risks of firms failing to adhere to reactive and
regulation at firm and product of actor behavior. In other words, firm proactive privacy requirements? How do differences in
level responses to privacy regulations can shape the regulatory regulations moderate these effects?
framework, which in turn constrain or promote subsequent • To what extent do firm responses to regulatory frameworks
firm actions. The impact of regulations may vary among change the regulation itself, which in turn might trigger a
firms with different characteristics such as data strategy and different set of firm actions?
firmographic variables. • How does the data strategy type moderate the effect of
privacy regulation on firm performance?
• How do firmographic variables moderate the effect of
privacy regulation (stringency) on firm performance?
Impact of privacy Privacy regulations may be increasingly necessary, but also • What is the impact of regulation stringency on network
regulation at network threaten the benefits that firms and consumers receive from performance? Does this effect vary with industry settings?
or ecosystem level data monetizing and sharing. That is, greater limits clearly • How do policy makers balance consumer privacy protection
may be warranted, but more stringent regulations can create with industry innovation?
unintended obstacles to value co-creation in a firm’s net- • Do the effects of privacy regulation on firms that control
work or broader ecosystem, especially when there may be flows of data, such as data experts and data patrons, spill
fragmentation in legislative regimes. over onto firms that are reliant on external data, such as data
harvesters?
• How do interactions of sector-specific regimes influence
ecosystem performance?
Consumer responses to the new digital era
Privacy attitudes As digital technologies penetrate consumers’ lives and new • What are consumers’ attitudes toward firms implementing
technologies become powerful means for firms’ data privacy innovations and firms using a specific data strategy
collection and use, it is important to understand consumers’ (i.e., data harvesters, informants, patrons, and experts)?
attitudes toward privacy in response to firm and regulatory • Do new technologies, such as super AI, threaten consumer
actions. information, individual, and communication privacy?
• How do consumers respond to regulation stringency?
• What can be done to make data trade-offs more acceptable
for customers?
Privacy protection In response to emerging threats to privacy, consumers employ • What are the outcomes of consumer privacy responses, and
behavior various forms of protection, both reactive and proactive. how do they translate into financial impacts on firms?
Understanding when these responses are triggered can help • When do consumers activate reactive and proactive
firms devise effective strategies. responses?
• What role do privacy-enhancing technologies play in con-
sumers’ privacy responses?
1320 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

corresponding propositions with the potential to advance un- Research also is needed to identify effective data privacy
derstanding of privacy as a central product of the interactions innovations that might enhance the outcomes of data sharing
across structure (i.e., digital technologies and regulatory and data monetization. In particular, research might determine
frameworks) and social practices (i.e., firms’ and consumers’ sustainable levels of investment in privacy innovation, re-
actions). We overlay these predictions with a typology of firm quired for firms of different sizes, business models, and data
strategies for data monetization and data sharing to highlight strategies (i.e., data harvesters, data informants, data patrons,
how firms’ privacy responses are influenced by resources (i.e., and data experts). A key question is whether the benefits of
digital technology), rules (i.e., regulations), and other actors’ privacy innovation justify the cost of its adoption and imple-
actions (i.e., consumers’ privacy protection behaviors). mentation. For example, state-of-the-art security schemes and
To stimulate further research, we propose an agenda across privacy-preserving technologies (e.g., blockchain-based ap-
three broad areas: firm data and privacy strategies, regulatory proaches) still suffer disadvantages regarding scalability and
impacts on firms and ecosystems, and consumer responses to data storage limitations (Jin et al., 2019), and they remain
the digital technologies. Each area comprises multiple re- costly to implement, despite the data protection improvements
search questions and avenues for marketing researchers and they provide.
practitioners, which we summarize in Table 4. Moreover, privacy innovation might create ripple effects,
due to the interconnected nature of firms in an ecosystem. For
example, privacy changes among data experts and informants
Firm data and privacy strategies might influence data harvesters, who rely on the services of
those data experts and informants. Therefore, a potential re-
Data strategy Our proposed framework acknowledges the re- search consideration might be the ripple effects of privacy
ality of growing data monetization and data sharing practices, innovation, including the positive inspiration of an ecosystem
as focal strategies that determine firm performance. Data are revolution but the simultaneous strain they put on the relation-
the new currency in the digital era, and firms that can create ship between firms and other actors.
unique, sought-after data, business intelligence, and responsi-
ble data-generating technologies will wield increasing power. Regulatory effects on firms and ecosystems
To maximize the value of data, firms should seek balanced,
responsible data monetization and data sharing. Such efforts Effect of privacy regulation on firms We anticipate that as
would benefit from an optimal data valuation model that regulatory frameworks and consumer responses to privacy
promises to maximize value and minimize risks through re- issues evolve, firms will face more restrictions on their strat-
sponsible data monetization and sharing. Firms should care- egies and practices. Continued research should examine the
fully consider their dynamic inventory of information assets, risks if firms fail to adhere to reactive and proactive privacy
the features of their data that are central to realizing their requirements. The outcomes might be subject to contextual
potential, and metrics for assessing the value of data and factors, because regulation stringency varies across countries
returns on their investments (Deloitte, 2020). and industries. Privacy regulations restrict firm actions related
Data sharing poses unique challenges, especially across to data monetization and sharing, but as we have outlined,
platforms and organizations. A key question is how to im- structuration theory also predicts that actors’ behaviors shape
prove data sharing through interoperability on secure, the structures. Therefore, it would be interesting to identify the
permission-based platforms. In addition, changing work cul- extent to which firm responses to regulatory frameworks can
tures, such as the increased use of home networks, personal change the regulations themselves, which in turn might trigger
and shared computers, and access to office systems from ex- a different set of firm actions. Uncovering nuanced effects
ternal work venues, increase threats of cyberattacks and data according to firm size, industry, and other firmographics is
breaches. Such developments represent new obstacles to data an important direction to inform regulatory efforts. We thus
sharing, and they offer a fruitful research area. call for investigations of how the typology of data strategy and
firmographic variables moderates the effect of privacy regu-
Privacy innovation Regardless of firm size or data strategy lations on firm performance.
type, data privacy innovations extend beyond mere compli-
ance and can lead to competitive advantages. The benefits of Effect of privacy regulations on firm networks Privacy regu-
data privacy innovations across all firm data strategy types lations may be increasingly necessary, but they also have the
require further investigation. In particular, data privacy inno- potential to restrict the benefits that both firms and consumers
vation should gain momentum as a positive catalyst for the receive from data monetizing and data sharing. That is, greater
firm and ecosystem performance. We need research that de- limits may be warranted, but more stringent regulations can
tails effective implementations of privacy innovation practices create unintended obstacles to the performance of a firm’s
and their long-term effects. network and ecosystem. Research should continue to address
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1321

the impact of regulation stringency on network effectiveness. Declarations

Finally, different, fragmented data access regimes exist in var-
ious sectors, such as utilities, automotive, finance, and digital Conflict of interest The authors declare that they have no confict of
interest.
content/services (Graef & van den Boom, 2020). It is therefore
relevant to test the interactions of sector-specific regimes to
predict broader network performance. Open Access This article is licensed under a Creative Commons
Attribution 4.0 International License, which permits use, sharing, adap-
tation, distribution and reproduction in any medium or format, as long as
Consumer responses to digital technologies you give appropriate credit to the original author(s) and the source, pro-
vide a link to the Creative Commons licence, and indicate if changes were
Privacy attitudes As digital technologies penetrate consumers’ made. The images or other third party material in this article are included
lives further and become increasingly powerful means for in the article's Creative Commons licence, unless indicated otherwise in a
credit line to the material. If material is not included in the article's
firms’ data collection and use, fresh privacy concerns emerge. Creative Commons licence and your intended use is not permitted by
Research is needed to understand how new digital technolo- statutory regulation or exceeds the permitted use, you will need to obtain
gies such as artificial general intelligence (i.e., AI on a par permission directly from the copyright holder. To view a copy of this
with human intelligence) threaten consumers’ information, licence, visit http://creativecommons.org/licenses/by/4.0/.
individual, and communication privacy risks. Research thus
might investigate consumers’ perceptions of firms’ data strat-
egy (i.e., data harvester, informant, patron, and expert), actual
data privacy actions, and regulation stringency, which could References
help construct long-term, technology-proof outcomes for all
Alsmadi, D., & Prybutok, V. (2018). Sharing and storage behavior via
parties involved. Notably, all our informants acknowledge cloud computing: Security and privacy in research and practice.
data skeptics, who proactively protect their privacy by using Computers in Human Behavior, 85, 218–226.
encrypted platforms or refusing all personalized services, but Altman, I. (1975). Privacy: Definitions and properties. In I. Altman (Ed.),
they believe most consumers are willing to accept some loss The environment and social behavior: Privacy, personal space, ter-
ritory, crowding. Brooks/Cole Publishing Company.
of privacy in exchange for personalization of the right expe-
Appel, G., Grewal, L., Hadi, R., & Stephen, A. T. (2020). The future of
rience. A critical question is how to identify consumer seg- social media in marketing. Journal of the Academy of Marketing
ments and make data trade-offs more acceptable for them. Science, 48(1), 79–95.
Apple (2021). Apple Customer Privacy Policy, Apple, viewed 20/05/
Privacy protection behavior Research on privacy in marketing 2021, from https://www.apple.com/legal/privacy/
Bennett, C. J. (2018). The European general data protection regulation:
has predominantly focused on privacy concerns, leaving a
An instrument for the globalization of privacy standards?
dearth of evidence about actual privacy behaviors (Pomfret Information Polity, 23, 239–246.
et al., 2020). Consumers employ various forms of protection Bleier, A., Goldfarb, A., & Tucker, C. (2020). Consumer privacy and the
from privacy risks, whether reactive or proactive. future of data-based innovation and marketing. International
Understanding when these responses are triggered and the role Journal of Research in Marketing, 37(3), 466–480.
BMW (2021). BMW Group Data Ecosystem. BMW, viewed 20/05/2021,
of privacy-enhancing technologies in evoking them would
from https://www.bmwgroup.com/en/innovation/technologies-and-
help firms devise more effective strategies. Additional re- mobility/bmw-group-data-ecosystem.html
search could explore how consumer privacy responses trans- Bornschein, R., Schmidt, L., & Maier, E. (2020). The effect of con-
late into financial impacts for firms. sumers’ perceived power and risk in digital information privacy:
As our explication of digital technologies highlights, data The example of cookie notices. Journal of Public Policy &
Marketing, 39(2), 135–154.
and their applications continue to transform the marketing Bu, F., Wang, N., Jiang, B., & Liang, H. (2020). “Privacy by design”
landscape. The novel framework we propose can help clarify implementation: Information system engineers’ perspective.
digital technologies and the future of data for firms, con- International Journal of Information Management, 53, 102124.
sumers, and regulators. But much work remains. We hope this Cisco (2020). Protecting data privacy to maintain digital trust: The im-
research offers some compelling directions for further inquiry, portance of protecting data privacy during the pandemic and be-
yond, Cisco, viewed 13/10/2020, from https://www.cisco.com/c/
along with new insights into the future of digital technologies. dam/en_us/about/doing_business/trust-center/docs/cybersecurity-
series-2020-cps.pdf
Cox, K. (2017). Gambling services use big data to target recovering
Electronic supplementary material The online version of this article gamblers, low-income families, Consumerist, viewed 13/10/2020,
(https://doi.org/10.1007/s11747-022-00845-y) contains supplementary from https://consumerist.com/2017/08/31/gambling-services-use-
material, which is available to authorized users. big-data-to-target-recovering-gamblers-low-income-families/
Crozier, R. (2019). How Woolworths uses Google to power its massive
analytics uplift, itnews, viewed 13/10/2020, from https://www.
Funding Open Access funding enabled and organized by CAUL and its itnews.com.au/news/woolworths-uses-google-to-power-massive-
Member Institutions. data-analytics-uplift-523639
1322 J. of the Acad. Mark. Sci. (2022) 50:1299–1323

Davenport, T., Guha, A., Grewal, D., & Bressgott, T. (2020). How arti- Taxonomy and survey. Journal of Network and Computer
ficial intelligence will change the future of marketing. Journal of the Applications, 171, 102807.
Academy of Marketing Science, 48(1), 24–42. Kamboj, S., Sarmah, B., Gupta, S., & Dwivedi, Y. (2018). Examining
Davis, B., Grewal, D., & Hamilton, S. (2021). The future of marketing branding co-creation in brand communities on social media:
analytics and public policy. Journal of Public Policy & Marketing, Applying the paradigm of stimulus-organism-response.
40(4), 447–452. International Journal of Information Management, 39, 169–185.
de Oliveira Santini, F., Ladeira, W. J., Pinto, D. C., Herter, M. M., Kietzmann, J., Lee, L. W., McCarthy, I. P., & Kietzmann, T. C. (2020).
Sampaio, C. H., & Babin, B. (2020). Customer engagement in social Deepfakes: Trick or treat? Business Horizons, 63(2), 135–146.
media: A framework and meta-analysis. Journal of the Academy of Kim, J. (2021). Advertising in the Metaverse: Research agenda. Journal
Marketing Science, 48(6), 1211–1228. of Interactive Advertising, 21, 1–4.
Deloitte (2020). Data valuation: Understanding the value of your data Kobusińska, A., Leung, C., Hsu, C. H., Raghavendra, S., & Chang, V.
assets, Deloitte, viewed 10/05/21, from https://www2.deloitte.com/ (2018). Emerging trends, issues and challenges in internet of things,
content/dam/Deloitte/global/Documents/Finance/Valuation-Data- big data and cloud computing, future generation computer systems,
Digital.pdf volume 87. October, 2018, 416–419.
Fazzini, K. (2019). Europe’s sweeping privacy rule was supposed to Kopalle, P. K., & Lehmann, D. R. (2021). EXPRESS: Big data, market-
change the internet, but so far it’s mostly created frustration for ing analytics, and public policy: Implications for health care.
users, companies, and regulators. CNBC, viewed 22/10/2021, from Journal of Public Policy & Marketing, 0743915621999031, 453–
https://www.cnbc.com/2019/05/04/gdpr-has-frustrated-users-and- 456.
regulators.html. Kshetri, N. (2014). Big data’s impact on privacy, security and consumer
FTC (2019). FTC imposes $5 billion penalty and sweeping new privacy welfare. Telecommunications Policy, 38(11), 1134–1145.
restrictions on Facebook, Federal Trade Commission, viewed 20/ Kwok, A. O., & Koh, S. G. (2020, April). Neural network insights of
08/2020, from https://www.ftc.gov/news-events/press-releases/ blockchain technology in manufacturing improvement. In 2020
2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy- IEEE 7th international conference on industrial engineering and
restrictions applications (ICIEA) (pp. 932-936). IEEE.
Giddens, A. (1984). The constitution of society: Outline of the theory of Lapowsky, I. (2019). How Cambridge Analytica Sparked the Great
structuration. University of California Press. Privacy Awakening, Wired, viewed 20/08/2020, from https://
Graef, I., & van den Boom, J. (2020). Spill-overs in data governance: www.wired.com/story/cambridge-analytica-facebook-privacy-
Uncovering the uneasy relationship between the GDPR’s right to awakening/
data portability and EU sector-specific data access regimes. Journal Lavelle, J. (2019), Gartner survey shows accelerating privacy regulation
of European Consumer and Market Law, 9(1). returns as the top emerging risk worrying organizations in 1Q19.
Greene, T., Shmueli, G., Ray, S., & Fell, J. (2019). Adjusting to the Gartner, viewed 20/10/2021, from https://www.gartner.com/en/
GDPR: The impact on data scientists and behavioral researchers. newsroom/press-releases/2019-04-11-gartner-survey-shows-
Big Data, 7(3), 140–162. accelerating-privacy-regulation-returns-as-the-top-emerging-risk-
Helberger, N., Huh, J., Milne, G., Strycharz, J., & Sundaram, H. (2020). worrying-organizations-in-1q19
Macro and exogenous factors in computational advertising: Key Leswing, K. (2021). Apple’s privacy change is poised to increase the
issues and new research directions. Journal of Advertising, 49(4), power of its app store. CNBC, viewed 20/05/2021, from https://
1–17. www.cnbc.com/2021/03/19/apples-privacy-change-could-increase-
Hilken, T., de Ruyter, K., Chylinski, M., Mahr, D., & Keeling, D. (2017). the-power-of-its-app-store.html
Augmenting the eye of the beholder: Exploring the strategic poten- Lomas, N. (2020). GDPR enforcement must level up to catch big tech,
tial of augmented reality to enhance online service experiences. report warns. TechCrunch, viewed 22/10/2021, from https://
Journal of the Academy of Marketing Science, 45(6), 884–905. techcrunch.com/2020/11/26/gdpr-enforcement-must-level-up-to-
Hung, H., & Wong, Y. H. (2009). Information transparency and digital catch-big-tech-report-warns/
privacy protection: Are they mutually exclusive in the provision of Luo, Y. (2006). Political behavior, social responsibility, and perceived
e-services? Journal of Services Marketing, 23(3), 154–164. corruption: A structuration perspective. Journal of International
Ioannou, A., Tussyadiah, I., & Lu, Y. (2020). Privacy concerns and dis- Business Studies, 37(6), 747–766.
closure of biometric and behavioral data for travel. International Lwin, M., Wirtz, J., & Williams, J. (2007). Consumer online privacy
Journal of Information Management, 54, 102122. concerns and responses: A power-responsibility equilibrium per-
Izrailevsky, Y., Vlaovic, S., & Meshenberg, R. (2016). Completing the spective. Journal of the Academy of Marketing Science, 35(1),
Netflix Cloud Migration, Netflix, viewed 13/10/2020, from https:// 572–585.
about.netflix.com/en/news/completing-the-netflix-cloud-migration Martin, K. D., & Murphy, P. E. (2017). The role of data privacy in
Jia, J., Jin, G. Z., & Wagman, L. (2021). The short-run effects of the marketing. Journal of the Academy of Marketing Science, 45(2),
general data protection regulation on technology venture invest- 135–155.
ment. Marketing Science, 40(4), 661–684. Martin, K. D., & Palmatier, R. W. (2020). Data privacy in retail:
Jin, H., Luo, Y., Li, P., & Mathew, J. (2019). A review of secure and Navigating tensions and directing future research. Journal of
privacy-preserving medical data sharing. IEEE Access, 7, 61656– Retailing, 96(4), 449–457.
61669. Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy:
Johnson, G A., Shriver, S. K., & Goldberg, S. G. (2020). Privacy and Effects on customer and firm performance. Journal of Marketing,
market concentration: intended and unintended consequences of the 81(1), 36–58.
GDPR. United States Federal Trade Commission, viewed 20/10/ McStay, A. (2020). Emotional AI, soft biometrics and the surveillance of
2021, from https://www.ftc.gov/system/files/documents/public_ emotional life: An unusual consensus on privacy. Big Data &
events/1548288/ privacycon-2020-garrett_johnson.pdf Society, 7(1), 2053951720904386.
Jones, M. R., & Karsten, H. (2008). Giddens's structuration theory and Mende, M., Scott, M. L., van Doorn, J., Grewal, D., & Shanks, I. (2019).
information systems research. MIS Quarterly, 32, 127–157. Service robots rising: How humanoid robots influence service ex-
Kaaniche, N., Laurent, M., & Belguith, S. (2020). Privacy enhancing periences and elicit compensatory consumer responses. Journal of
technologies for solving the privacy-personalization paradox: Marketing Research, 56(4), 535–556.
J. of the Acad. Mark. Sci. (2022) 50:1299–1323 1323

Merrick, R., & Ryan, S. (2019). Data privacy governance in the age of Sabillon, R., Cano, J., Cavaller Reyes, V., & Serra Ruiz, J. (2016).
GDPR. Risk Management, 66(3), 38–43. Cybercrime and cybercriminals: A comprehensive study.
Musa, J. (2020). Retail, robots, and COVID-19: Trends and how can International Journal of Computer Networks and Communications
robots play a role in safe shopping. Soft Bank robotics, viewed 13/ Security, 2016, 4(6), 165–176.
10/2020, from https://www.softbankrobotics.com/emea/en/blog/ Schneider, M. J., Jagpal, S., Gupta, S., Li, S., & Yu, Y. (2017). Protecting
news-trends/retail-robots-and-covid-19-trends-and-how-can-robots- customer privacy when marketing with second-party data.
play-role-safe-shopping International Journal of Research in Marketing, 34(3), 593–603.
Najjar, M. S., & Kettinger, W. J. (2013). Data monetization: Lessons Shapiro, R (2019). What Your Data Is Really Worth to Facebook.
from a retailer's journey. MIS Quarterly Executive, 12(4), 213–225. Washington Monthly, viewed 20/08/2020, from https://
Nica, G. (2020). BMW joins forces with German companies to create washingtonmonthly.com/magazine/july-august-2019/what-your-
auto data alliance, BMWBlog, viewed 20/08/2020, from https:// data-is-really-worth-to-facebook/
www.bmwblog.com/2020/12/03/bmw-joins-forces-with-german- Statt, S. 2021, Google is weighing an anti-tracking feature for android,
companies-to-create-auto-data-alliance/ following Apple’s lead, The Verge, https://www.theverge.com/
Nijholt, A. (2021). Experiencing social augmented reality in public 2021/2/4/22266823/google-anti-tracking-feature-android-privacy-
spaces. In Adjunct proceedings of the 2021 ACM international joint apple-ios-app-tracking-transparency
conference on pervasive and ubiquitous computing and proceedings Sun, Y., Wang, N., Shen, X. L., & Zhang, J. X. (2015). Location infor-
of the 2021 ACM international symposium on wearable computers mation disclosure in location-based social network services: Privacy
(pp. 570-574). calculus, benefit structure, and gender differences. Computers in
Norwegian Consumer Council (2020), Out of Control: How Consumers Human Behavior, 52, 278–292.
are Exploited by the Online Advertising Industry, 177–83, viewed Sydow, J., & Windeler, A. (1998). Organizing and evaluating interfirm
20/09/2021, from https://www.forbrukerradet.no/out-of-control/ networks: A structurationist perspective on network processes and
OAIC. (2020). Australian Community Attitudes to Privacy Survey 2020. effectiveness. Organization Science, 9(3), 265–284.
Office of the Australian Information Commissioner, viewed 30/05/ Vargo, S. L., & Lusch, R. F. (2016). Institutions and axioms: An exten-
2021, from https://www.oaic.gov.au/__data/assets/pdf_file/0015/ sion and update of service-dominant logic. Journal of the Academy
2373/australian-community-attitudes-to-privacy-survey-2020.pdf of Marketing Science, 44(1), 5–23.
O'Flaherty, K. (2021). iPhone Users’ Favorite iOS 14.5 Feature Is A Rip- Walker, K. L. (2016). Surrendering information through the looking
Roaring Success. Forbes, viewed 20/05/2021, from https://www. glass: Transparency, trust, and protection. Journal of Public Policy
forbes.com/sites/kateoflahertyuk/2021/05/14/iphone-users-favorite- & Marketing, 35(1), 144–158.
ios-145-feature-is-a-rip-roaring-success/?sh=3f9e327e6e76 Weisbaum, H. (2018). Trust in Facebook has dropped by 66 percent since
Okazaki, S., Eisend, M., Plangger, K., de Ruyter, K., & Grewal, D. the Cambridge Analytica scandal, NBC news, viewed 20/08/2020,
(2020). Understanding the strategic consequences of customer pri- from https://www.nbcnews.com/business/consumer/trust-facebook-
vacy concerns: A meta-analytic review. Journal of Retailing, 96(4), has-dropped-51-percent-cambridge-analytica-scandal-n867011
458–473. Westin, A. F. (1967). Privacy and freedom. Atheneum.
Palmatier, R. W., & Martin, K. D. (2019). Understanding and valuing Wilkie, W. (2020) Hyperdrive BMW and SAP Join Forces to Build
customer data. In The intelligent Marketer’s guide to data privacy German Auto Data Alliance, Bloomberg, viewed 20/08/2020, from
(pp. 133–151). Palgrave Macmillan, . https://www.bloomberg.com/news/articles/2020-12-01/bmw-and-
Park, Y. J., Chung, J. E., & Shin, D. H. (2018). The structuration of digital sap-join-forces-to-build-german-auto-data-alliance
ecosystem, privacy, and big data intelligence. American Behavioral Wong, J. (2018). Elon Musk joins #DeleteFacebook effort as Tesla and
Scientist, 62(10), 1319–1337. SpaceX pages vanish, The Guardian, viewed 20/08/2020, from
Patterson, D. (2020). Facebook data privacy scandal: A cheat sheet. https://www.theguardian.com/technology/2018/mar/23/elon-musk-
TechRepublic, viewed 20/10/2021, from https://www.techrepublic. delete-facebook-spacex-tesla-mark-zuckerberg
com/article/facebook-data-privacy-scandal-a-cheat-sheet/ Xiao, L., & Kumar, V. (2019). Robotics for customer service: A useful
Poels, G. (2019). Enterprise modelling of digital innovation in strategies, complement or an ultimate substitute? Journal of Service Research,
services and processes. In International conference on business pro- 1094670519878881, 9–29.
cess management (pp. 721–732). Springer, . Yap, J. E., Beverland, M. B., & Bove, L. L. (2012). Doing privacy:
Pomfret, L., Previte, J., & Coote, L. (2020). Beyond concern: Socio- Consumers’ search for sovereignty through privacy management
demographic and attitudinal influences on privacy and disclosure practices. Research in Consumer Behavior, 14, 171–190.
choices. Journal of Marketing Management, 36(5–6), 519–549. Yun, H., Lee, G., & Kim, D. J. (2019). A chronological review of em-
Quach, S., Thaichon, P., Lee, J. Y., Weaven, S., & Palmatier, R. W. pirical research on personal information privacy concerns: An anal-
(2020). Toward a theory of outside-in marketing: Past, present, ysis of contexts and research constructs. Information &
and future. Industrial marketing management. 10.1016/ Management, 56(4), 570–601.
j.indmarman.2019.10.016. Zarouali, B., Ponnet, K., Walrave, M., & Poels, K. (2017). “Do you like
Rasoulian, S., Grégoire, Y., Legoux, R., & Sénécal, S. (2017). Service cookies?” Adolescents' skeptical processing of retargeted Facebook-
crisis recovery and firm performance: Insights from information ads and the moderating role of privacy concern and a textual
breach announcements. Journal of the Academy of Marketing debriefing. Computers in Human Behavior, 69, 157–165.
Science, 45(6), 789–806. Zarouali, B., Poels, K., Ponnet, K., & Walrave, M. (2020). The influence
Roesner, F., Kohno, T., & Molnar, D. (2014). Security and privacy for of a descriptive norm label on adolescents’ persuasion knowledge
augmented reality systems. Communications of the ACM, 57(4), 88– and privacy-protective behavior on social networking sites.
96. Communication Monographs, 1–21.
Roggeveen, A. L., Tsiros, M., & Grewal, D. (2012). Understanding the Zubcsek, P. P., Katona, Z., & Sarvary, M. (2017). Predicting mobile
co-creation effect: When does collaborating with customers provide advertising response using consumer colocation networks. Journal
a lift to service recovery? Journal of the Academy of Marketing of Marketing, 81(4), 109–126.
Science, 40(6), 771–790.
Rustad, M. L., & Koenig, T. H. (2019). Towards global data privacy Publisher’s note Springer Nature remains neutral with regard to jurisdic-
standard. Florida Law Review, 71(2), 365–454. tional claims in published maps and institutional affiliations.