Computers in Human Behavior 31 (2014) 48–56

Contents lists available at ScienceDirect

Computers in Human Behavior journal homepage: www.elsevier.com/locate/comphumbeh

My privacy is okay, but theirs is endangered: Why comparative optimism matters in online privacy concerns
Young Min Baek a,⇑, Eun-mee Kim b, Young Bae c a Department of Communication, Yonsei University, Republic of Korea Department of Communication, Seoul National University, Republic of Korea c Department of Information Sociology, Soongsil University, Republic of Korea b a r t i c l e

i n f o

a b s t r a c t
It is easy to trace and compile a record of individuals’ online activities, and cases of online privacy infringement (i.e., improper use of personal information) have been reported in advanced societies. Based on existing risk perception research, this study examines comparative optimism regarding online privacy infringement (i.e., users tend to believe privacy infringement is less likely to happen to oneself than to others) and its antecedents and consequences. Relying on large-scale online survey data in South Korea (N = 2028), this study finds: (1) comparative optimism is higher when the comparison targets are younger; (2) online knowledge and maternalistic personality traits increase comparative optimism mainly by influencing perceived risk to others, while prior experience of privacy infringement increases comparative optimism mainly by influencing perceived personal risk; and (3) comparative optimism is related to both greater adoption of privacy-protective behaviors and a higher level of support for government policies to restrict the use of online information. Theoretical and practical implications of the findings, along with potential limitations, are discussed. Ó 2013 Elsevier Ltd. All rights reserved.

Article history: Available online 29 October 2013 Keywords: Online privacy Privacy infringement Comparative optimism Privacy policy

1. Introduction Individuals’ online activities are easily traced, collected, and stored (Holtzman, 2006; Lessig, 2002; Solove, 2007). Internet use has become integrated into the daily lives of many people, whose online activities may be under ‘‘24/7’’ surveillance (Andrejevic, 2007; Farrell, 2012). While such large-scale data may serve to advance our knowledge of human psychology and behavior, these circumstances raise the likelihood that individuals’ online privacy, defined as controllability over personal information (Holtzman, 2006; Lessig, 2002), will be infringed (Solove, 2007). With Internet use proliferating, online privacy is becoming an important social issue (Solove, 2007, 2011), but most studies on online privacy, to the best of our knowledge, examine personal privacy concerns or privacy-protective behaviors at the individual level (Gross & Acquisti, 2005; Norberg, Horne, & Horne, 2007; Tufekci, 2008; Youn & Hall, 2008). This study suggests that research on online privacy risk should be expanded to include risk perception about other members of society. To the best of our knowledge, only one study (Cho, Lee,
⇑ Corresponding author. Address: Department of Communication, Yonsei University, 50 Yonsei-ro, Seodaemun, Seoul 120-749, Republic of Korea. Tel.: +82 2 2123 2970; fax: +82 2 2123 8660. E-mail address: ymbaek@gmail.com (Y.M. Baek).
0747-5632/$ - see front matter Ó 2013 Elsevier Ltd. All rights reserved. http://dx.doi.org/10.1016/j.chb.2013.10.010

& Chung, 2010) has attempted to survey users’ perceptions of others’ online privacy risks. According to the study, online users perceive their own privacy to be safer and less vulnerable to external intrusion than that of generalized others. In the risk perception literature, this phenomenon (i.e., the tendency for people to report that they are less likely than others to experience negative events) has been termed comparative optimism,1 and it has been confirmed in a wide variety of risk scenarios, including car accidents, crime, and cancer (Helweg-Larsen & Shepperd, 2001). We examine the interrelationships among comparative optimism considering both personal risk and risk to others, its antecedents, and its consequences. After the empirical results are presented, the last section discusses theoretical and practical implications.

1 The concept of comparative optimism may be referred to by different terms, such as unrealistic optimism or optimistic bias. This study prefers comparative optimism to optimistic bias or unrealistic optimism for two reasons (Helweg-Larsen & Shepperd, 2001). First, ‘bias’ or ‘unrealistic’ implies that people’s risk perceptions are at odds with some ‘objective risk’ level. However, online privacy risks are very difficult to measure using objective statistics. Second, ‘bias’ or ‘unrealistic’ further implies that some respondents’ personal risk estimates seem more biased or unrealistic while others’ seem less biased or more realistic. However, no theoretical justifications are possible for this idea without statistics of objective risk which are very hard to accurately estimate in our study of online privacy risk.

Y.M. Baek et al. / Computers in Human Behavior 31 (2014) 48–56

49

2. Online privacy risk estimate When explaining comparative optimism, most studies have emphasized risk denial, the idea that people disregard the probability of experiencing negative events (Arnett, 2000); ego protection, the idea that people desire to defend themselves against a negative self-image (Helweg-Larsen, Sadeghian, & Webb, 2002); or illusion of control, the idea that people are over-confident in their ability to control events (Weinstein, 1980). Prior studies, however, have focused solely on individuals’ internal psychological processes. In other words, the main focus of comparative optimism research has been the role of ‘me,’ rather than ‘others.’ Concern about others’ risk is also important, however, because it reflects people’s concern for the socially vulnerable, who need social or legal protection (Rojas, Shah, & Faber, 1996; Schmierbach, Boyle, Xu, & McLeod, 2011). As comparative optimism arises through comparing one’s own risk with that of others, it results from two different risk estimates, i.e., personal and target risk estimates (Helweg-Larsen & Shepperd, 2001), and it reflects societal risk as well as personal risk (Tyler & Cook, 1984). This study focuses on two issues which have not been addressed in the literature on comparative optimism regarding online privacy. First, online privacy has been emerging as a social issue, so that it is now perceived as ‘our’ problem rather than ‘my’ problem (Lessig, 2006; Solove, 2007, 2011). In other words, people who express serious concerns about online privacy may be driven partly by a desire to protect their own privacy and partly by the belief that society should provide legal protection for the socially vulnerable (Milberg, Smith, & Burke, 2000). Thus, comparative optimism regarding online privacy risk must have a dual characteristic, derived from concern about both personal risk and risk to others. This study examines how both aspects of comparative optimism relate to individual differences (online knowledge, personality, and prior experience with privacy infringement). Second, this study examines the effect of comparative optimism on people’s online privacy-protective behaviors and on their support for government regulatory policies to restrict the use of personal information on the Internet. Most studies on comparative optimism in the risk perception literature have investigated its effects on risky behaviors at the individual level (examining, for example, whether people with a high level of comparative optimism are more likely to engage in risky behaviors). This approach stems from the assumption that comparative optimism is more a result of underestimated personal risk than of overestimated target risk. Comparative optimism, however, can result from concern about target risk (i.e., overestimated target risk rather than underestimated personal risk). Perceived target risk, as opposed to perceived personal risk, will be more influential in determining people’s support for a preventive policy when a socially vulnerable group is expected to experience a negative event (Rojas et al., 1996). With online privacy policies emerging as one of the central issues in advanced societies, the perceived risk of others experiencing privacy infringement is important to consider when examining people’s motivations for supporting online privacy regulations (Milberg et al., 2000). To investigate these two issues, we rely on large-scale national survey data from 2012, focusing on three areas: (1) comparative optimism, calculated by subtracting perceived personal risk from perceived risk to comparison targets, who are classified according to five age groups; (2) antecedent factors influencing comparative optimism, including online knowledge, personality, and prior experience with privacy infringement; and (3) consequences of comparative optimism, including adoption of privacy-protective behaviors and support for government regulatory policies to restrict the use of personal information on the Internet.

2.1. Comparative optimism and typicality of comparison group Offline privacy has been a ‘‘latently ambiguous’’ concept (Lessig, 2006) even among judges and legal scholars, and online privacy is also notorious for its lack of clear definitions (Solove, 2007). In this regard, Internet law scholars have approached online privacy contextually (Nissenbaum, 2010; Solove, 2007) or metaphorically (Lessig, 2006). Despite the murkiness of the concept, online privacy is widely understood and accepted as an issue of control over personal information (Holtzman, 2006; Lessig, 2002) because the Internet can be understood as a database of digital information (Berners-Lee, 1999; boyd & Ellison, 2007). Consistent with this notion, Lessig (2002) suggested that online privacy can also be understood in terms of copyright (i.e., intellectual property rights over personal information). In our study, online privacy is understood to mean control over personal information, and online privacy risk perception refers to the perceived danger of a user’s personal information being used improperly without his or her consent. Most studies on online privacy have focused on the so-called privacy paradox (Norberg et al., 2007), whereby users show substantial concern about misuse of personal information but tend not to engage in privacy-protective behaviors (e.g., selecting protection-oriented privacy settings or erasing cookies) or even engage in risky behaviors (e.g., visiting suspicious sites or revealing critical personal information) (Gross & Acquisti, 2005; Norberg et al., 2007). In short, the attitudes and actual behaviors of online users generally are inconsistent and in some contexts are even contradictory. To solve the privacy paradox, recent studies have focused on the lack of online skills, knowledge, or abilities among users (Debatin, Lovejoy, Horn, & Hughes, 2009; Park, 2013), which these studies term cognitive deficiency theory. Basically, cognitive deficiency theory argues that users are sincerely concerned about online privacy infringement but lack specific knowledge about how to protect their privacy (Debatin et al., 2009; Park, 2013). While cognitive deficiency theory is an effective and promising explanation of why users engage in risky online behaviors at the individual level, it is limited in its ability to explain why online privacy has emerged as a ‘social’ problem that many citizens want to address through legal protection (Solove, 2011). In fact, people fear that private companies will practice surveillance in the near future (Andrejevic, 2007) and are concerned that socially vulnerable groups, especially young online users, will be more likely to fall victim to privacy infringement (Livingstone, 2009). For example, some observers warn that young SNS users’ careless comments might hurt their future career prospects, as employers may examine applicants’ past online behaviors (Rosen, 2010). Cases like that of Kimberly Swan (Case, 2009), a young worker who was fired because she posted job-related complaints on Facebook, are alarming, though rare. For the above reasons, concerns about online privacy should be investigated at the societal level, not just the personal level, and the privacy paradox literature should distinguish personal privacy risk from risk to others. To the best of our knowledge, only one study (Cho et al., 2010) has compared these two sources (i.e., personal versus others) of privacy risk estimates. Consistent with the comparative optimism literature related to other risks (e.g., cancer or car accidents), Cho et al. (2010) reported that users, in general, believe that their own privacy is well-protected but that other users’ online privacy is vulnerable to external intrusion. Despite their theoretical achievements, Cho et al. (2010) defined others as ‘generalized others’ and thus did not attempt to differentiate the comparison targets. The literature suggests that the level of comparative optimism is related to the typicality of comparison targets (Helweg-Larsen & Shepperd, 2001; Perloff, 2009). For example, if the comparison targets are known to be very vulnerable to a particular risk (e.g., females as victims of crime), comparative

50

Y.M. Baek et al. / Computers in Human Behavior 31 (2014) 48–56

optimism is heightened among the less socially vulnerable. In the context of online privacy risk, young users are usually discussed as strong candidates to fall victim to privacy infringement, while older users are less concerned partly because they are not as active online and partly because their remaining days are shorter. Hence: H1: People, in general, perceive the likelihood of personal online privacy infringement to be lower than that for comparison targets. H2: The comparative optimism found in H1 is more pronounced when the comparison target is younger.

et al., 1996; Schmierbach et al., 2011). In other words, people whose personalities are strongly oriented towards protecting the socially vulnerable from external danger (i.e., maternalistic personality) (McLeod, Detenber, & Eveland, 2001; Silver & Weiss, 1992) will be more sensitive to others’ vulnerabilities, and this will lead them to overestimate others’ risk (i.e., target-oriented comparative optimism). In contrast, people who emphasize independence or self-confidence (i.e., paternalistic personality) show comparative optimism because they underestimate personal risk (i.e., person-oriented comparative optimism). Thus, it is expected: H4a: Having a maternalistic personality will be positively correlated with comparative optimism mainly due to the overestimation of target risk. H4b: Having a paternalistic personality will be positively correlated with comparative optimism mainly due to the underestimation of personal risk. Finally, prior experience with a certain risk has been shown to be a strong predictor for reduced comparative optimism (Cho et al., 2010; Helweg-Larsen & Shepperd, 2001). People who already experienced a negative event tend to believe that they lack controllability over the risk, and their risk perception, in turn, becomes more realistic or pessimistic. If a person experiences privacy infringement online and/or offline, he or she will perceive the online space as more threatening. Thus, this study expects personoriented comparative optimism: H5: Prior experience with privacy infringement will be negatively correlated with comparative optimism, mainly due to the underestimation of personal risk. 2.3. Consequences of comparative optimism Comparative optimism is important because of its behavioral implications. This study examines two consequences of comparative optimism: (1) privacy-protective behaviors and (2) support for government regulatory policy to restrict the use of personal information on the Internet. The literature on comparative optimism has demonstrated that comparatively optimistic people are more likely to engage in risky behaviors because they feel safe; they believe that negative events will not occur in their future (for a discussion of comparative optimism among smokers, see Arnett, 2000). However, there have been no studies to test the effect of comparative optimism regarding online privacy infringement on privacy-protective behaviors; even Cho et al. (2010), who examined comparative optimism among online users, did not address this issue. To fill this gap in the literature, we formulated the following hypothesis based on previous research into the effect of comparative optimism on individuals’ risky behaviors: H6: Comparative optimism regarding online privacy infringement will be negatively related to the adoption of privacyprotective behaviors. With online privacy becoming a controversial issue in society, ordinary users as well as advocacy groups argue that government or legal protection should be provided for teenagers or adolescents, who are perceived as the group most vulnerable to privacy infringement. If it is admitted that comparative optimism may result from societal risk perception (i.e., target-oriented comparative optimism), we expect that it will result in support for protectionoriented social policies. Formally put:

2.2. Antecedents of comparative optimism In the literature on comparative optimism and privacy risk perception, there has accumulated a list of antecedents of (comparative) risk estimates that can be grouped into three categories: (1) cognition, (2) personality, and (3) prior experience with the relevant risk. Because comparative optimism denotes the difference between personal and target risk (calculated as ‘perceived target risk – perceived personal risk’), its cause is expected to involve antecedents that either decrease perceived personal risk or increase perceived target risk. Our study termed the former as person-oriented comparative optimism and the latter as target-oriented comparative optimism.2 First, cognitive factors refer to a person’s stored knowledge about a certain topic—in this case, Internet use. Prior studies reported that people with sufficient knowledge about a topic showed higher levels of comparative optimism (Helweg-Larsen & Shepperd, 2001). Internet users with highly developed online skills or knowledge are more likely to know how to protect their personal information, such as erasing cookies (i.e., traces of online usage) or changing the default settings on SNS or browsers to be more protective (Debatin et al., 2009; Park, 2013). Consistent with the reasoning in prior studies, knowledgeable users may underestimate their own risk (i.e., person-oriented comparative optimism). At the societal level, however, knowledgeable users may also be expected to overestimate others’ vulnerabilities to online privacy infringement, assuming that others are relatively less knowledgeable about how to protect their privacy (i.e., target-oriented comparative optimism). Therefore: H3: Online knowledge will be positively correlated with comparative optimism by decreasing the estimate of personal risk and/or increasing the estimate of target risk. Second, this study defines personality as a person’s stable orientation towards others. While cognitive factors relate to domainspecific knowledge or beliefs, personality factors involve people’s generalized orientation towards other members of society. Given that most social discourse about online privacy focuses on teenagers and/or adolescents, online privacy is understood as an issue that concerns the protection of socially vulnerable groups (Rojas
2 To capture the difference between person-oriented and target-oriented comparative optimism, it might be helpful to consider an example. Let us imagine two people, John and Jack, who have the same estimates for perceived personal risk and target risk (‘3’ for each risk). First, assume that John’s perception of his own risk becomes weaker (‘1’), but his perceived target risk (‘3’) is maintained, resulting in a comparative score of ‘À2.’ Second, assume that Jack’s perception of his own risk is maintained (‘3’), but his perceived target risk increases (‘5’), in which case his comparative optimism is calculated as ‘À2.’ As shown in these two imaginary cases, the same comparative optimism score can be distinguished: John’s comparative optimism might be termed person-oriented, as it is triggered by his underestimation of his own risk, while Jack’s comparative optimism might be labeled target-oriented because it is driven by his overestimation of target risk.

Y.M. Baek et al. / Computers in Human Behavior 31 (2014) 48–56 Table 1 Descriptive statistics of respondents. Frequency Gender Male Female Age 19–29 30–39 40–49 50 and above Educational achievement Less than high school graduate High school graduate College/BA Advanced degree Monthly income Less than $1,000 $1000–$2000 $2000–$3000 $3000–$4000 $4000–$5000 $5000–$6000 $6000 and above

51

Percentage 53% 47% 23% 31% 27% 18% 1% 16% 72% 11% 26% 25% 21% 13% 7% 5% 3%

1083 945 474 674 552 368 20 321 1457 229 535 502 427 256 141 100 67

Note: N = 2028. Age was measured in years but then categorized by age group. Monthly income swas measured in Korean won but then converted to U.S. dollars. (According to the World Bank, GDP per capita in South Korea in 2012 was $23,113).

H7: Comparative optimism regarding online privacy infringement will be positively related to support for governmental policies regulating the use of personal information online. 3. Methods 3.1. Sample A total of 2028 representative online users were drawn from the South Korean online panel (about 12,000) maintained by Nielsen/ KoreanClick. In essence, Nielsen/KoreanClick is a company that gathers online usage metrics (e.g., internet traffic or user traces), similar to Nielsen/Online in the United States. The survey was conducted on the Internet, and its total length was about 25 min. Basic sociodemographic information on the respondents is provided in Table 1. 3.2. Measures 3.2.1. Comparative optimism regarding online risk There are two distinct sources that constitute comparative optimism: perceived personal and target risk. First, perceived personal risk was measured by asking respondents, ‘‘How likely are you to fall victim to improper use of online personal information?’’ A conventional 5-point Likert scale was used (‘1’ = ‘Least likely’; ‘5’ = ‘Most likely’). On average, the perceived personal risk among respondents was above the midpoint (M = 3.66, SD = .75). Second, perceived target risk was measured using the same question and Likert scale, but replacing ‘you’ with ‘others,’ with ‘others’ specified as teenagers or those in their 20s, 30s, 40s, or 50s and above (i.e., a total of five target groups). As the comparison targets became older, the perceived target risks declined, but all remained above the midpoint: (Mteenagers = 3.99, SDteenagers = .77; M20s = 3.91, SD20s = .73; M30s = 3.78, SD30s = .76; M40s = 3.62, SD40s = .86; M50s above = 3.49, SD50s above = .97). 3.2.2. Antecedents of comparative optimism Three antecedents were considered in this study: (1) online knowledge, (2) maternalistic and paternalistic personalities, and (3) prior experience with privacy infringement.

First, online knowledge was measured based on web-use skill questions suggested by a previous study (Hargittai & Hsieh, 2012). Specifically, this study pre-tested the full list of 27 items of skill indices recommended by Hargittai and Hsieh (2012, see Table 4a) using a small undergraduate sample in South Korea (N = 62). Based on the results of the student sample, items whose mean scores were extremely high or low were excluded; the skills excluded for having high scores are known to everyone, while those excluded for having low scores are so esoteric that almost no ordinary users can identify them. A total of eight items were finally selected and included in a survey to the general population in South Korea: tagging, podcasting, cookies, spyware, RSS, firewall, bookmark, and phishing. All eight items were included in the abbreviated web-use skills index for the general population that Hargittai and Hsieh (2012) recommended. Consistent with those authors, a four-point scale was used to measure respondents’ online knowledge (‘1’ = ‘Not familiar at all’; ‘4’ = ‘Very familiar’). Thus, online knowledge was calculated by averaging the self-reported familiarity with these eight items (M = 2.66; SD = .59, Cronbach’s a = .74).3 Second, maternalistic personality was assessed based on prior studies on regulatory policy (McLeod et al., 2001; Rojas et al., 1996) and medical psychology (Silver & Weiss, 1992). Based on measures borrowed from prior studies (McLeod et al., 2001; Schmierbach et al., 2011), seven items were adopted using a conventional five-point Likert scale (‘1’ = ‘Strongly disagree’; ‘5’ = ‘Strongly agree’). Four items were averaged for the paternalism score (M = 3.27, SD = .58, Cronbach’s a = .76): ‘‘The world would be a better place if more people thought like me’’; ‘‘I wish I had more power to get people to act the way I do’’; ‘‘I am smarter than most people’’; and ‘‘My beliefs about the world are better than most.’’ Three items were averaged to construct a maternalism index (Mmaternalism = 3.54, SDmaternalism = .56, Cronbach’s a = .72): ‘‘I feel upset when others are harmed’’; ‘‘I worry about what happens to other people’’; and ‘‘It bothers me when people are hurt.’’ Finally, prior experience with privacy infringement was calculated by assessing whether users had experienced dissemination of their personal information without their consent. Respondents were asked whether they had experienced the following four situations: (1) ‘‘I received an email from unknown companies about products that I had not requested’’ (95%); (2) ‘‘I received postal mail from unknown companies about products that I had not requested’’ (91%); (3) ‘‘My phone number was revealed to unknown people or companies that I had never contacted before’’ (61%); and (4) ‘‘I have experienced voice phishing’’ (61%). On average, the users had experienced about three cases of privacy infringement (M = 3.07, SD = .99, KR-20 = .67). 3.2.3. Consequences of comparative optimism As measures for consequences of comparative optimism, we considered both privacy-protective behaviors and support for relevant government regulatory policies. Privacy-protective behavior was calculated by asking users whether they engage in the following three online behaviors to guard against improper use of their personal information: (1) erasing cookies on a regular basis, (2) using anti-spyware programs, and (3) avoiding suspicious
3 The self-reported familiarity with each item, in increasing order of familiarity, is as follows: tagging (M = 1.59; SD = .88), RSS (M = 1.78; SD = .98), podcasting (M = 1.98; SD = 1.01), phishing (M = 3.17; SD = 1.02), favorites (M = 3.29; SD = .99), firewall (M = 3.34; SD = .91), spyware (M = 3.62; SD = .75), and bookmark (M = 3.82; SD = .54). In general, Korean respondents’ reported familiarity corresponds closely with that of American people, except for the item of tagging. Americans are very familiar with tagging, while Koreans report being unfamiliar. While it is not conclusive, we suspect that the term ‘tagging’ may sound unfamiliar to Korean ears because of linguistic differences, as many Korean bloggers use the function but refer to it by a different Korean term. In other words, suboptimal translation may have caused the reported unfamiliarity for this item.

52

Y.M. Baek et al. / Computers in Human Behavior 31 (2014) 48–56

websites. This study counted the number of positive responses (M = 1.96, SD = 1.15, KR-20 = .75). Support for relevant government policies was measured using three questionnaire items: ‘‘The government should pass a law prohibiting use of online personal information without obtaining service users’ explicit consent’’; ‘‘The government should allow use of personal information except for commercial purposes’’; ‘‘The government should allow use of personal information if personal identifying information is deleted.’’ A conventional five-point Likert scale (‘1’ = ‘Strongly disagree’; ‘5’ = ‘Strongly agree’) was used to obtain responses, and the averaged scores across the three questions were used (M = 3.97, SD = .80, Cronbach’s a = .66) after the second and third items were reversely coded. 3.2.4. Control variables Seven variables were used as statistical controls in analyzing the relationships among comparative optimism, its antecedents, and its consequences. First and foremost, the following sociodemographic characteristics of respondents were included in analyses: gender, age, education level, and household income (descriptive statistics found in Table 1). Second, respondents’ political ideology, measured on a 10-point scale (‘1’ = ‘Extremely liberal’; ‘10’ = ‘Extremely conservative’), was included (M = 5.17, SD = 1.65) because this variable may influence support for government regulatory policies. Third, the amount of time respondents spend using the Internet is controlled (Mhour = 2.43, SDhour = 1.64), as less active users may be less concerned about online privacy. 3.3. Statistical methods To test H1 and H2, the paired sample t-test was used, and exploratory factor analysis was adopted to cluster the five age groups. To test H3, H4, and H5, perceived personal risk, perceived target risk, and comparative optimism (calculated as ‘perceived target risk – perceived personal risk’) were regressed on a set of antecedents as well as statistical controls. To test H6 and H7, privacy-protective behavior and support for government regulatory policy were regressed on comparative optimism after entering statistical controls, antecedents of comparative optimism, and personal risk estimates into the regression equations. All measures in regression analyses were re-scaled from 0 to 1 in order to compare the effect size of predictors on each outcome measure. 4. Results 4.1. Target typicality and comparative optimism regarding online privacy infringement H1 tests whether comparative optimism is observed in generalized others, and H2 tests whether target typicality moderates the size of comparative optimism. Table 2 provides a series of results from the paired sample t-test and Cohen’s d with repeated measures (Morris & DeShon, 2002), which shows the effect size of comparative optimism across the five age groups. As shown in Table 2, the perceived online privacy risks to others are closely related to the age of comparison targets. When the five target age groups are aggregated, a weak effect size of comparative optimism is detected (t(2026) = 6.28, p < .001, Cohen’s d = .14), indicating that H1 is supported. However, the magnitude of comparative optimism fluctuates according to the age of comparison targets. When the comparison targets are teenagers, the mean of the perceived target risk is substantially higher than the perceived personal risk (t(2026) = 17.90, p < .001, Cohen’s d = .40). The effect size of comparative optimism (i.e., Cohen’s d) drops slightly to .34 when the comparison targets

are in their 20s (t(2026) = 15.29, p < .001), and it further drops to .16 when they are in their 30s (t(2026) = 7.33, p < .001). However, when the comparison targets are in their 40s, comparative optimism disappears, while comparative pessimism is detected (t(2026) = À2.78, p < .01, Cohen’s d = À.06). Comparative pessimism becomes more pronounced when the comparison targets are in their 50s and above (t(2026) = À7.86, p < .001, Cohen’s d = À.18). In short, comparative optimism regarding online privacy infringement depends on how similar the given comparison targets are to the socially vulnerable, indicating that H2 is also supported. While it is meaningful that comparative optimism decreases as the age of the comparison target increases, the five perceived targets are inter-correlated, suggesting the need for factor analysis. Exploratory factor analysis with oblique rotation showed that the five comparison target groups can be classified into two groups: young users (teens, 20s, and 30s; Cronbach’s a = .85) versus old users (40s and 50s and above; Cronbach’s a = .91). Thus, two factor scores were calculated: (1) comparative optimism towards young users, which subtracts perceived personal risk from perceived young users’ risk; and (2) comparative optimism towards old users, which subtracts perceived personal risk from perceived old users’ risk. 4.2. Antecedents of comparative optimism regarding online privacy infringement H3, H4, and H5, respectively, test the effects of online knowledge, maternalism and paternalism, and prior experience with privacy infringement on comparative optimism regarding online privacy risk. After testing the hypotheses, this study examined their effect on perceived personal risk and perceived risk to both young and old users in order to assess whether comparative optimism is person-oriented or target-oriented. The results are provided in Table 3. First, comparative optimism increases as a respondent possesses more online knowledge, regardless of whether the comparison target is young (b = .04, p < .01) or old (b = .04, p < .01). However, online knowledge increases the perceived risk to both young users (b = .07, p < .01) and old users (b = .08, p < .01), while it fails to affect perceived personal risk (b = .01, p = n.s.). These findings indicate that more knowledgeable respondents are more likely to overestimate the perceived risk to others without underestimating perceived personal risk. In short, target-oriented comparative optimism emerges among knowledgeable users. H3 receives limited support because online knowledge fails to

Table 2 Paired sample t-test and effect size of comparative optimism regarding online privacy. Mean (SD) Perceived personal risk Perceived target risk when target’s age Teenagers 20s [20–29] 30s [30–39] 40s [40–49] 50s and above [50$] Aggregated risk for five target groups 3.67 (.75) is . . . 3.99 3.91 3.78 3.62 3.49 3.76 (.65) (.73) (.76) (.86) (.97) (.65) 17.90*** 15.29*** 7.33*** À2.78** À7.86** 6.28*** .40 .34 .16 À.06 À.18 .14 t statistic Cohen’s d

Note. N = 2023. The paired sample t-test compares the means of perceived target risk and perceived personal risk. Cohen’s d is calculated following Morris and DeShon’s (2002) Eq. (8), which corrects dependency between two variables. Please note that the original formula for Cohen’s d is designed for the independent sample t-test, not for the paired sample t-test. ** p < .01. *** p < .001.

Y.M. Baek et al. / Computers in Human Behavior 31 (2014) 48–56 Table 3 Effects of online knowledge, personality, and experience with privacy infringement on perceived personal risk, perceived target risk, and comparative optimism. Comparative optimism towards Young users Intercept Control variables Gender (1 = female) Age years Education level Household income Liberal-conservative Internet use Antecedents of comparative optimism Online knowledge Paternalistic personality Maternalistic personality Prior experience with privacy infringement R2 Adjusted R2 .43*** (.02) Old users .49*** (.02) .51*** (.03) Perceived personal risk Perceived target risk Young users .45*** (.03) Old users .49*** (.04)

53

.01* (.005) .04*** (.01) .01 (.01)