Sage Journals: Discover world-class research

Abstract

Prior research on digital inequality has highlighted the role of sociocultural resources in shaping Internet beneficial use patterns by positively impacting on online literacy. Research on privacy protection online has—at the same time—shown the emergence of a “privacy cynicism,” where concerns about privacy fail to translate into protective actions. This study investigates how education level impacts privacy protection behavior through these two different mediation paths. Using unique data from a sample of 3,156 Italian Internet users, structural equation modeling (SEM) is employed to analyze the linkages between education level, privacy literacy, privacy cynicism, and protective behaviors. Contrary to expectations, the results reveal a moderate negative impact of education level on privacy protection behaviors. This total effect is the results of two different paths exerting opposite effects on protection behaviors. While a higher education correlates with increased privacy literacy, this competence does not translate into proactive protective actions. Surprisingly, individuals with higher privacy literacy exhibit even lower levels of protection behavior, contributing to a negative indirect effect of education on privacy protection. On the other side, the indirect effect of education on behaviors through privacy cynicism operates consistently with the digital inequality framework, partially compensating the negative effect through literacy. An interpretation of privacy protection as an exception within the digital inequality framework is proposed.

Keywords

digital inequality privacy divide privacy privacy cynicism surveillance capitalism

Introduction

Research on digital inequality has shown that the more socio-economic resources users have, the more they can exploit Internet use for their benefit (Helsper et al., 2015; van Dijk, 2020). In particular, there is evidence that digital inequality manifests itself in a sequential manner: higher socio-economic resources transform into higher digital literacy, which in turn leads to more capital-enhancing Internet use, which in turn leads to more beneficial outcomes (van Deursen et al., 2017). Education level is one of the most extensively studied factors influencing the activation of this sequential mechanism in adults (Scheerder et al., 2017). It serves as a key predictor for both the acquisition of digital skills (Hargittai, 2008) and the ability to translate those skills into tangible benefits and enhanced well-being (Gui & Büchi, 2021; van Deursen & Helsper, 2018).

The first goal of this paper is to investigate if the same sequential dynamic applies to privacy protection. Only a few studies have analyzed the impact of education level on online privacy protection practices, with mixed results: while some scholars suggest that more education translates into more privacy awareness and protection (Alhazmi et al., 2022; Dutton et al., 2022), others did not find such correlations (Gerber et al., 2018; Park, 2013). More importantly, there is a lack of literature discussing whether the positive impact of education on literacy translates into privacy protective behavior, as highlighted in many fields of digital inequality (Büchi et al., 2021).

A different stream of literature—mainly rooted in psychology—has postulated the existence of a “privacy paradox,” where users’ concerns about privacy do not transform into actual protective behavior or reduced self-disclosure (Baruh et al., 2017; Kokolakis, 2017). Explanations for the privacy paradox include the privacy calculus (Dinev & Hart, 2006), where the perceived benefits of the privacy-related behavior (e.g., convenience, financial rewards, and sociality) outweigh the privacy risks or costs, cognitive heuristics and biases (Liao et al., 2023), as well as a lack of agency due to power imbalances between users and platforms. This last approach argues that users develop resigned attitudes towards privacy, which are variably termed privacy apathy (Hargittai & Marwick, 2016), surveillance realism (Dencik & Cable, 2017), privacy fatigue (Choi et al., 2018), digital resignation (Draper & Turow, 2019; Turow et al., 2015), or privacy cynicism (Hoffmann et al., 2016; Lutz et al., 2020; Ranzini et al., 2023). Privacy cynicism is defined as “an attitude of uncertainty, powerlessness and mistrust towards the handling of personal data by online services, rendering privacy protection behavior subjectively futile” (Hoffmann et al., 2016). To date, few studies have investigated how privacy cynicism affects privacy-related outcomes such as privacy protection behavior (Lutz et al., 2020; van Ooijen et al., 2022), while there is no evidence about how it is socially structured. For this reason, in this paper, we also aim to investigate the role of cynicism as a mediator between education and protective behaviors. It may be the case that, in the specific field of privacy protection, the dynamics linked to the “privacy paradox,” and in particular to “privacy cynicism,” can co-exist with those defined by the usual digital inequality sequence. From a theoretical point of view, it is promising to integrate digital inequality aspects more strongly into privacy research and our study contributes to ongoing efforts in that area (Büchi et al., 2021; Epstein & Quinn, 2020; Hargittai, 2021; Hoffmann et al., 2024; Meier & Krämer, 2024; Park, 2021; Walker & Hargittai, 2021; Wang & Metzger, 2024): using psychologically oriented privacy theory together with sociological perspectives on digital inequality can yield rich insights about how privacy attitudes and privacy protection behavior depend on—or are independent of—someone’s social position (Büchi et al., 2021; Walker & Hargittai, 2021). Such knowledge about its social structuration leads to a more contextualized understanding of privacy and may meaningfully advance privacy theory (Hoffmann et al., 2024; Masur et al., 2025). Our study extends this line of inquiry by investigating the Italian context, explicitly integrating the concept of privacy cynicism, and emphasizing the role of privacy literacy—aspects that have rarely been jointly investigated in prior research. More importantly, shedding light on the path leading to the current low levels of privacy protection behaviors online is of great importance for its practical and policy implications. Policy solutions should differ depending on whether low protection primarily stems from a lack of literacy among less educated individuals or is instead driven by varying levels of privacy cynicism across population segments with different cultural resources.

We make use of unique data from a quota sample of 3,156 Italian Internet users, selected from a non-probability online panel and contacted via CAWI and CATI to participate in the survey Citizens and the value of digital data. Building on both the digital inequality framework (van Deursen et al., 2017) and the privacy paradox (Baruh et al., 2017), we examine alternative pathways linking education level, privacy literacy, privacy cynicism, and protective behaviors using a parallel mediation analysis within a comprehensive structural equation modeling (SEM) framework.

Privacy Literature: Digital Inequality in the Privacy Framework

Digital Inequalities: The Unequal Distribution of Digital Literacy and its Determinants

In the past decade, research on digital inequality has moved beyond the analysis of who does or does not have access to the Internet (Helsper, 2016), shifting the attention on digital skills or, more generally, digital literacy and explanations for its unequal distribution (amongst others DiMaggio et al., 2004; Hargittai, 2002; van Dijk, 2005; Witte & Mannon, 2010; Zillien & Hargittai, 2009).

Digital literacy is defined as “the ability to use ICT in ways that help achieve tangible, high-quality outcomes in everyday life” (Helsper, 2016, p. 176) and includes the ability to access tools and software, the ability to know how to interact with content appropriate to one’s needs and knowing how to translate these activities into personal benefits (Ibidem).

Most research on digital inequalities focuses on individual socio-economic characteristics as determinants of different digital skills. Research shows that education is a consistently strong predictor of digital skills (van Dijk & van Deursen, 2014). Additionally, there is also correlation between gender (Ono & Zavodny, 2008), age, ethnicity (Mesch & Talmud, 2011) and income (Witte & Mannon, 2010), and those resources needed to benefit from Internet use, such as conditions of access, use and skills (Gui & Büchi, 2021; Robinson et al., 2015; van Dijk, 2005; Witte & Mannon, 2010).

Therefore, it has been argued that digital inequality manifests sequentially: higher education levels are likely to result in increased digital literacy, opening up capital-enhancing uses of the Internet, and consequently, leading to more tangible outcomes (e.g., the use of the Internet for job search could result in finding a better job) (van Deursen et al., 2017). Although early studies on privacy protection observed minimal differences in privacy concerns across educational levels (O’Neil, 2001), recent research highlights the significance of education-based digital inequalities also in shaping privacy protection behavior. Specifically, emerging evidence indicates that education positively influences e-privacy management, largely through the mediation of digital skills and Internet use (Maineri et al., 2023; Park & Chung, 2017). Privacy literacy, closely associated with education, may therefore play a crucial role in addressing the privacy paradox, helping to close the gap between privacy concerns and actual privacy-protective behavior (Schubert et al., 2022).

Privacy Paradox: Its Various Explanations and the Concept of Privacy Cynicism

Experiencing life online implies having to deal with privacy issues extensively. Specifically, privacy concerns refer to individuals’ beliefs regarding the risks and potential negative consequences associated with sharing information (Cho et al., 2010; Zhou & Li, 2014). Existing research on privacy protection shows that individuals are concerned about their privacy on the Internet (van Ooijen et al., 2022): disclosure of personal data brings up feelings of vulnerability (Aguirre et al., 2015), intrusiveness (van Doorn & Hoekstra, 2013), and surveillance (Segijn & van Ooijen, 2020).

Nonetheless, several studies have found that Internet users only rarely engage in privacy protection behavior, such as restricting online privacy settings, deleting cookies, restricting location-based services, or changing privacy-invasive default settings on websites (Acquisti, 2004; Boerman et al., 2021; Lanier & Saini, 2008).

Therefore, when people are online, instead of adapting their behavior, they develop coping mechanisms to manage the tension between participating online as a “digital citizen” and the risks posed by digital platforms’ access to personal data (Lutz et al., 2020).

Research found that privacy concerns exert only a weak effect on self-disclosure or online protection behaviors: individuals’ concerns about privacy do not necessarily reflect the privacy management choices they make, inasmuch users disclose substantial amounts of sensitive personal data despite strong privacy concerns (Dienlin & Trepte, 2015; Kokolakis, 2017).

This divergence between privacy concerns, on the one hand and privacy protection behaviors, on the other, is known as “privacy paradox” (amongst others Baruh et al., 2017; Barnes, 2006; Brown, 2001; Dienlin & Trepte, 2015; Kokolakis, 2017; Norberg et al., 2007). Numerous studies have investigated the concept of “privacy paradox,” also criticizing it (Solove, 2021). Kokolakis (2017) offers an interesting perspective arguing that the paradox can be explained by considering several factors. First, privacy calculus and the benefits of self-disclosure, that is, the role of a rational risk-benefit assessment: individuals decide to disclose personal information when potential gains exceed expected losses (amongst others Dinev & Hart, 2006; Xu et al., 2011). Second, social theory-based interpretations: users, to maintain their social lives, must disclose information about themselves online, despite their privacy concerns (amongst others Blank et al., 2014; Zafeiropoulou et al., 2013). Human decision-making is affected by cognitive biases and heuristics, such as optimism bias, overconfidence, affect bias, fuzzy-boundary and benefit heuristics, and hyperbolic discounting (e.g., Acquisti & Grossklags, 2003; Brandimarte et al., 2013). Moreover, many people fail to make a cost-benefit calculation in relation to the disclosure of personal data and do not have access to all the information needed to make informed judgments about privacy decisions, so individuals show a bounded rationality while taking decisions in a limited time and with incomplete information (Acquisti & Grossklags, 2005). Indeed, there are information asymmetries in the marketplace, where consumers have very limited knowledge about how their personal data are used (Buck et al., 2014).

Hoffmann et al. (2016) have proposed the concept of cynicism applied to privacy in order to explain the privacy paradox. Privacy cynicism represents a cognitive coping mechanism for users, allowing them to overcome or ignore privacy concerns, since privacy protection behavior can be rationalized as useless or ineffective (Choi et al., 2018; Hoffmann et al., 2016; Lutz et al., 2020; van Ooijen et al., 2022).

The concept of privacy cynicism allows us to describe users’ attitudes toward data protection and privacy in the context of limited subjective agency. People report a feeling of powerlessness online, given the fact that institutions, other users, and platforms may have access to their data (Hoffmann et al., 2016).

Some studies have also mentioned feelings of digital resignation, that is, “the condition produced when people desire to control the information digital entities have about them but feel unable to do so” (Draper & Turow, 2019, p. 1824), or privacy apathy as an expression of resignation about privacy violations (Hargittai & Marwick, 2016), privacy fatigue, that is, a multi-dimensional concept including exhaustion and cynicism (Choi et al., 2018), and surveillance realism (Dencik & Cable, 2017), which is defined as “a simultaneous unease among citizens with data collection alongside the active normalization of surveillance that limits the possibilities of enacting modes of citizenship and of imagining alternatives” (p. 763).

Individuals resort to cynicism when they perceive that they have limited control over their privacy and their information, and the risks then become unavoidable: this perception encourages inaction and fuels a feeling of resignation (Lutz et al., 2020).

In a research conducted by Hoffman et al. (2024), they also analyze how five types of structural constraints (i.e., interpersonal, cultural, technological, economic, and political) restrict user agency and contribute to the prevalence of privacy cynicism as a common response.

In this field, only a few studies investigate the impact of education level in these dynamics. First, some researchers posit a positive correlation between increased socio-economic resources and heightened awareness of privacy issues and corresponding protective measures (Alhazmi et al., 2022; Dutton et al., 2022). An et al. (2023) conducted a study postulating educational level as a moderator with an extended knowledge-attitude-behavior model of Internet security, using students’ year level as a proxy for the effect of educational level. They found that there was little difference in overall Internet security awareness between graduate and undergraduate students, suggesting that educational level had little effect on these students.

Conversely, other scholars, as evidenced by studies conducted by Park (2013) and Gerber et al. (2018), fail to identify such correlations. Therefore, it has been argued that people’s level of education could have both a negative and a positive effect on protective behavior (Boerman et al., 2021). On the one hand, research has found that the level of education has a negative effect on protective behavior: people with higher levels of education seem to have more knowledge about online behavioral advertising and cookies, express fewer concerns, and are consequently less likely to protect their privacy (McClain et al., 2023; Smit et al., 2014). On the other hand, greater privacy knowledge and literacy has been shown to increase privacy protection (e.g., Baruh et al., 2017; Ham, 2017; Park, 2013). Several studies suggest that education may affect online privacy protection: people with higher educational levels reported higher awareness of online information disclosure and greater adoption of privacy protection behavior (Büchi et al., 2021; Chen et al., 2016; Cotter & Reisdorf, 2020; Dodel & Mesch, 2018; Park, 2013).

Notably, the existing body of privacy literature has not explored the role of cynicism as an intermediary factor between education levels and individuals’ behavioral responses concerning privacy matters.

Hypotheses

To investigate whether the patterns of digital inequality also manifest themselves in the privacy protection domain, we formulated a first set of hypotheses along the primary expectations outlined in the digital inequality framework (e.g., Maineri et al., 2023; Schubert et al., 2022). According to this framework, we first hypothesize that there will be a positive relationship between higher education and privacy literacy (H1). On the one hand, this kind of relationship emerges clearly from decades of studies on the digital divide and digital inequality (van Dijk, 2020). On the other hand a few empirical studies have confirmed this association also in the field of privacy protection (Büchi et al., 2021; Dutton et al., 2022; Meier & Krämer, 2024). In particular, we expect that people who reach a higher school level have more educational resources that enable them to better learn principles and mechanisms of privacy. In addition, as in the digital inequality framework, we hypothesize that there will be a positive relationship between privacy literacy and privacy protection behavior (H2): people who have more privacy literacy have more knowledge and awareness about the potential risks of privacy violation in digital environments. This, in turns, leads to a better protection of their personal data and a more cautious behavior. As a result, adding together these two effects, we expect that a higher education level will predict more protective behaviors through the mediation of privacy literacy (H3).

A second set of hypotheses can be built based on the literature on privacy cynicism (Lutz et al., 2020; Van Ooijen et al., 2022). First, we expect that higher education will have a negative effect on privacy cynicism (H4). Previous research has shown how other forms of cynicism, such as political cynicism (Adriaansen et al., 2010) and police cynicism (Osborne, 2014), are negatively affected by education, so that those with low levels of education are most cynical. We expect the same tendencies to be at play for privacy cynicism. More educated individuals might feel less disenfranchised and more in control. We also hypothesize that privacy cynicism, in turn, has a negative effect on privacy protection behaviors (H5). Such a negative relationship has been found in existing research in other contexts such as Germany (Lutz et al., 2020) and the United States. According to the aforementioned definition, users showing high levels of privacy cynicism regard privacy protection as futile and they will therefore abstain from it or be less engaged in it than users with lower levels of cynicism. Thus we expect to also find a positive indirect effect of education on privacy protection behavior mediated by privacy cynicism (H6).

Finally, in light of the literature presented above, both in the field of digital inequality and that of privacy cynicism, we believe that these two represent the main channels through which the level of education can influence privacy behaviors. Therefore, we expect that—once inserted in the model—privacy cynicism and privacy literacy are full mediators, accounting for all the observed relationship between the two variables (H7) (Figure 1).

Figure 1.

Representation of the structural portion of our model and our hypotheses.

Data

To test our hypotheses, we make use of primary data from the survey Citizens and the value of digital data (N = 3,156), collected within the framework of the V-DATA (The value of digital data: enhancing citizens’ awareness and voice about surveillance capitalism) project. We administered the questionnaire to a quota sample of the Italian Internet population (aged 18 and above), adopting a mixed-mode sequential design. First (from 21st to 28th November 2022), we conducted a CAWI survey on a representative sample (by gender, age, geographic area of residence, and education) of the Opinione.net non-probability online panel members’ (N = 2,249). Then, (from 6th December 2022 to 17th January 2023), in order to reduce the potential coverage and selection bias of the CAWI sample, we carried out a CATI survey on a representative sample (by gender, age, and geographic area of residence) of people who have a phone number (landline or mobile), own/have at their disposal at least one digital device, and use at least three features offered by the digital devices (N = 907). Details on the distribution of the sample and how well it matches the target population are available in section A4 of the appendix. Moreover, descriptive statistics on the sociodemographic traits of the sample, including gender, age, region of residence, income, working status, and marriage status are available in section A5 of the appendix.

Variables and Methods

Following the digital inequality sequence (van Deursen et al., 2017), this study investigates the existence of a path linking education level, privacy literacy, privacy cynicism, and privacy protection behaviors¹ in a full structural equation modeling (SEM) framework.

To reach this goal, we preliminarily evaluated the psychometric properties of the latent constructs measuring privacy cynicism (CY) and privacy protection behaviors (PPB).

CY has been modeled with seven items translated from questions introduced by Lutz and colleagues (2020) measuring two subdimensions of privacy cynicism: powerlessness and resignation. We asked respondents how much they agree with statements regarding the perceived possibility of influencing the protection of personal data online on a 5-point Likert scale, for example: “I cannot effectively protect my personal data from being collected online” (CY.1).

PPB was instead defined by eight items measured on a 4-point Likert scale, partially drawn from Lutz and colleagues’ (2020) and van Ooijen and colleagues’ (2022) works. The questions ask respondents how often they engage in different behaviors to protect their data online, for example: “Refuse cookies when accessing a website” (PPB.2).

Data suitability was first assessed for CY and PPB by looking at the determinant of the correlation matrix (Det), the Kaiser–Meyer–Olkin measure of sampling adequacy (KMO) and Bartlett’s test of sphericity. Principal component and Horn parallel analysis with 5000 iterations were also carried out to inspect eigenvalues and the amount of the total item variance explained by the latent constructs. The internal consistency reliability of the construct was finally evaluated with Cronbach’s α.

Confirmatory factor analysis models (CFA) were then estimated separately for CY and PPB to test whether the observed items effectively covered the best-fitting model specifications that emerged from previous analyses, respecifying the models following modification indexes in case a satisfactory fit was not reached. Then, we evaluated the fit of the two models simultaneously.

An index measuring privacy literacy (PLI), resulted from counting the number of correct answers given to 20 questions measuring their knowledge regarding privacy regulations, adjusting them for straightlining.

Education was measured by asking respondents the highest education level achieved, according to the International Standard Classification of Education (ISCED; Schneider, 2013). Previous evidence on the influence of education on digital literacy suggest the existence of a positive relationship, with those with a tertiary degree being particularly predisposed to present higher literacy scores (Estrela et al., 2023; van Laar et al., 2019). On the other hand, research on online privacy management clearly indicates that having at most a school diploma is associated with higher levels of privacy cynicism and fatigue (e.g., Luzsa & Mayr, 2022). In line with previous research on the socio-demographic determinants of digital inequalities and privacy protection (e.g., Büchi et al., 2021; Van Deursen et al., 2011), respondents’ highest education level was then recoded and analyzed considering the following three reference categories: low (middle school or lower), medium (vocational, high school diploma or equivalent), and high (Bachelor’s, Master’s, and PhD or equivalent).

Gender and age were also included in the model as control variables. Gender was introduced as a dummy variable with males as the reference category. Age was instead recoded into the three categories of Young (younger than 30), Middle age (between 30 and 60), and Old age (older than 60), as previous research suggest that digital skills are significantly lower among older adults, while middle-aged adults present higher levels of internal heterogeneity in their distribution compared to young adults (e.g., Estrela et al., 2023).

We ran a full structural equation model to observe the directions and magnitudes of direct and indirect effects across the variables of interest. The degree of multivariate normality of CY and PPB items was performed through the Henze–Zirkler’s test, indicating a non-normal distribution for all of them (p-value <.001 for all the items). Based on these results, we chose to carry out measurement and structural analyses using the maximum likelihood estimator adjusted for non-normality (MLR), which is well suited for non-normally distributed ordered categorical data (Beauducel & Herzberg, 2006; Bovaird & Koziol, 2012; Liu et al., 2017). To evaluate model fit, we used the Comparative Fit Index (CFI), the Tucker–Lewis Index (TLI), the Root Mean Square Error of Approximation (RMSEA), and the Standardized Root Mean Square Residual (SRMR). To declare the goodness of fit, we used the threshold values indicated by Hu and Bentler (1999) (good fit: CFI>.950, TLI >.950, RMSEA <.050, SRMR <.050; acceptable fit: CFI>.900, TLI >.900, RMSEA <.060, SRMR <.080).

Recent research highlighted the lack of shared best practices in structural equation modeling with ordered categorical variables (Gerosa, 2021; Sass et al., 2014). Therefore, we additionally tested the consistency of our results by replicating all the analyses using the Diagonal Weighted least squares (DWLS) estimator (Kline, 2023). This estimator is better suited for use with categorical non-normally distributed endogenous variables, but cannot handle partially missing data (Edwards et al., 2012). Traditional cutoff values for evaluating model fit related to these indexes have not yet been adequately investigated and should be interpreted with caution when estimating models with DWLS (Xia & Yang, 2019). Results for models estimated with DWLS are reported in section A2 of the appendix. Analyses were conducted using the R package lavaan (Rosseel, 2012).

Results

Measurement Model

The first stage of analysis is focused on assessing suitability, dimensionality and internal consistency of PPB and CY (Table 1). PPB presents two adjusted eigenvalues greater than 1, but the second is only slightly above this threshold and inspections of the unadjusted spectrum of the correlation matrix clearly show an elbow beginning at the second eigenvalue (

λ_{1} = 3.150; λ_{2} = 1.072; λ_{3} = 0.917

). In addition, the other components emerging from the PCA were defined by the loadings of items PPB.5, PPB.6, PPB.7, and PPB.8, respectively, which are directly related to the possession of a smartphone and a personal computer (see the list of items in section A1.2 of the appendix). The specificity of these items compared to the rest of the PBB battery of items suggests that this second component could simply summarize individuals’ possession of these devices and their functionalities. These pieces of evidence led us to retain only the first dimension.

Table 1.

Results of the Data Suitability, Dimensionality, and Internal Consistency Tests.

	Det	KMO	Bartlett Test of Sphericity			PCA Horn Parallel Analysis			Cron.’s α
	Det	KMO	χ²	df	p-Value	N	Adjusted Eigenvalues	Prop. Expl. Variance	Cron.’s α
Privacy protection behavior	0.158	0.801	5814.82	28	0.000	2	3.074, 1.029	0.404, 0.151	0.777
Privacy cynicism	0.113	0.786	6872.71	21	0.000	2	2.956, 1.525	0.437, 0.216	0.780
Powerlessness	0.408	0.702	2825.47	3	0.000	1	2.088	0.706	0.791
Resignation	0.332	0.765	3474.17	6	0.000	1	2.375	0.605	0.780

Rules of thumb: Det >0.0001; KMO >0.600; Bartlett test p-value <.010; Cronbach’s α > 0.700.

The construct of privacy cynicism is expected to be defined by the two latent subdimensions of powerlessness and resignation (Lutz et al., 2020), and the results reported in Table 1 confirm our expectations. The two-factor structure of the data was confirmed looking at the unadjusted spectrum of the correlation matrix ( $λ_{1}$ = 3.024; $λ_{2}$ = 1.566; $λ_{3}$ = 0.630).

We therefore modeled privacy cynicism as a second-order factor. To identify the model, the two first-order factors have been imposed to have equal loadings on the higher-order factor. We first estimated a model with no cross-loadings, with three items (PPB.1, PPB.2, PPB.3) loading on Powerlessness, and the others on Resignation, but it resulted in an unsatisfactory value of RMSEA (MLR estimation: CFI = 0.954, TLI = 0.926; RMSEA = 0.087; SRMR = 0.053). We then respecified the model following modification indexes by adding two cross-loadings (PPB.4 and PPB.5 on Powerlessness), which led to a significantly better fit (MLR estimation: CFI = 0.984, TLI = 0.969, RMSEA = 0.056; SRMR = 0.026).

Turning to the PPB scale, we estimated a single-factor CFA specification without model constraints. The fit of the model to the data was not satisfactory (MLR estimation: CFI = 0.821, TLI = 0.749; RMSEA = 0.128; SRMR = 0.062), suggesting a respecification of the model. Following modification indexes, we included two error correlations, with item PPB.5 correlating with PPB.6, and item PPB.7 correlating with PPB.8 obtaining a good-fitting model (MLR estimation: CFI = 0.977; TLI = 0.965; RMSEA = 0.048; SRMR = 0.025). As mentioned, the error correlations are theoretically motivated given the items involved. A more detailed discussion on this can be found in section A1.2 of the appendix.

We then estimated a simultaneous CFA model (Table 2), including CY and PPB and we obtained a more than satisfactory goodness of fit (MLR estimation: CFI = 0.959; TLI = 0.949; RMSEA = 0.045; SRMR = 0.038; DWLS estimation: CFI = 0.985; TLI = 0.982; RMSEA = 0.052; SRMR = 0.047). These further results underline that our measurements work also when keeping within the same model all the 15 items involved in the construction of the two latent factors, with items measuring privacy cynicism not loading on privacy protection behavior and vice-versa, and no empirical sign of unspecified relevant unmeasured latent causes.

Table 2.

Results From the Simultaneous CFA (MLR Estimation).

	Factor loadings
	Estimate	Standardized	p-value
Pow
CY.1	1.000	0.735	.000
CY.2	1.095	0.791	.000
CY.3	1.006	0.724	.000
CY.4	0.390	0.260	.000
CY.5	0.197	0.135	.000
Res
CY.4	1.000	0.460	.000
CY.5	1.283	0.607	.000
CY.6	1.826	0.821	.000
CY.7	1.544	0.712	.000
PPB
PPB.1	1.000	0.551	.000
PPB.2	0.796	0.424	.000
PPB.3	1.052	0.543	.000
PPB.4	1.223	0.623	.000
PPB.5	0.928	0.408	.000
PPB.6	1.062	0.479	.000
PPB.7	1.27	0.599	.000
PPB.8	1.329	0.613	.000
Error covariances
PPB.5 with PPB.6	0.436	0.436	.000
PPB.7 with PPB.8	0.296	0.411	.000
Factor covariance
CY With PPB	−0.067	−0.378	.000
Fit indexes
CFI	0.959
TLI	0.949
RMSEA	0.045
SRMR	0.038

Structural Hypotheses Testing

In this second stage of analysis, we estimated a full structural equation model for the analysis of the path linking respondents’ education level with PLI, CY, and PPB. The fit indices confirmed the existence of an acceptable fit of the model to the data with both the MLR and the DWLS estimators (MLR estimation: CFI = 0.921; TLI = 0.903; RMSEA = 0.046; SRMR = 0.039; DWLS estimation: CFI = 0.969; TLI = 0.977; RMSEA = 0.053; SRMR = 0.051) (Table 3).

Table 3.

Results From the Full Structural Equation Model (MLR Estimation).

	Estimate	Standardized	p-value
PPB
CY	−0.559	−0.403	0.000
Female (ref. Male)	−0.047	−0.047	0.03
High education (ref. Low)	−0.053	−0.047	0.085
Medium education (ref. Low)	−0.008	−0.008	0.751
Middle age (ref. Young)	−0.031	−0.031	0.289
Old age (ref. Young)	−0.015	−0.013	0.691
PLI	−0.031	−0.189	0.000
CY
Female (ref. Male)	0.004	0.005	0.858
High education (ref. Low)	−0.084	−0.104	0.003
Medium education (ref. Low)	−0.027	−0.038	0.264
Middle age (ref. Young)	0.053	0.073	0.067
Old age (ref. Young)	0.225	0.272	0.000
PLI
Female (ref. Male)	−0.175	−0.029	0.000,1
High education (ref. Low)	1.702	0.251	0.000
Medium education (ref. Low)	1.105	0.184	0.000
Middle age (ref. Young)	0.295	0.049	0.041
Old age (ref. Young)	0.391	0.057	0.017
Fit indexes
CFI	0.921
TLI	0.903
RMSEA	0.046
SRMR	0.040

Starting from education, we can see large, positive, and significant associations between medium and high levels of education and privacy literacy. Therefore, according to H1, highly educated individuals performed significantly better on the standardized test concerning privacy regulations. Notice that, given the two variables involved, the unstandardized coefficient is directly interpretable. Compared to the average performance of the less educated (up to middle school) in the privacy literacy test, respondents with a high-school diploma answered 1.105 (p < .001) more questions correctly, while those having a university degree performed even better, with 1.702 (p < .001) more correct answers.

The estimate for the relationship between PLI and PPB is instead negative. Showing higher levels of knowledge regarding privacy significantly affects the adoption of PPB of about −0.031 (p < .001). Consequently, Table 4 shows that also the indirect effect of respondents’ education on PPB passing through PLI becomes negative (−0.054, p < .001), leading us to reject both H2 and H3.

Table 4.

Indirect and Total Effect From the Full SEM Model (MLR Estimation).

Path	Estimate	Standardized estimate	p-value
Indirect effects
High education → PLI → PPB	−0.054	−0.047	0.000
High education → CY → PPB	0.047	0.042	0.005
Total effects
High education → PPB	−0.059	−0.053	0.042

Moving to our second set of hypotheses, we found that education is negatively and significantly associated with CY. Overall, according to H4, having a university degree is associated with a reduction in CY of −0.084 (p = .003) compared with having a middle school degree. Also, in line with Lutz and colleagues’ (2020) findings, privacy cynicism measured through powerlessness and resignation has a very strong, significant, and negative association with privacy protection behavior. Indeed, we registered one standard deviation change in CY corresponds to a reduction of 0.559 (p < .001) standard deviations in PPB, an effect even higher than that found by previous studies (Lutz et al., 2020). Moreover, looking at the indirect path of the relationship between education and PPB passing through CY, we found a positive and significant effect of 0.047 (p = .005). These further results allow us to retain both H5 and H6.

Finally, the overall parallel mediation model resulted in a small but significant total effect of education on PPB equal to −0.059 (p = .042) which is fully mediated by the indirect effects passing through PLI and CY (Table 4). That means that, in line with our initial expectations, we can also retain H7.

Summary

The positive effect of education on privacy literacy (H1) aligns with our expectations and previous research. Specifically, Epstein and Quinn (2020), who use a comparable privacy literacy measure to ours in their US-based study, found that education has a significant positive influence on privacy literacy. In a recent study from Germany, Meier and Krämer (2024) used Trepte et al.’s (2015) online privacy literacy scale and also identified a positive association between education and privacy literacy. This is not surprising as privacy is a complex topic that covers different areas, from more institutional and legal aspects to information about the digital society more broadly, including the role of online services (Trepte et al., 2015), something individuals learn more about the longer they engage with the education system. Thus, our resource-based explanation of this relationship turned out to be reflected in the data.

By contrast, we did not find support for hypothesis 2. The counter-intuitive result that privacy literacy relates negatively to privacy protection behavior could have several explanations. Individuals with higher privacy literacy might have a clearer understanding of the risks and benefits of certain online activities and therefore feel more confident engaging in them without additional protective measures. Alternatively, these people might believe that their literacy protects them and thus they feel less need for active protective behaviors. Finally, there might be a link via trust in technology. Those with higher levels of privacy literacy might trust technology such as digital platforms more because they understand it better. This trust, in turn, could lead to a higher sense of security and therefore less urgency to engage in privacy protection behavior. While little research has investigated how privacy literacy affects privacy protection behavior, Ma and Chen (2023) found no significant effect for “objective privacy literacy” (measured similarly to us based on factual knowledge rather than subjective self-evaluation) on privacy protection behavior in their study of Chinese digital natives. Similarly, Choi (2023), in a survey of US-based Facebook users, did not identify a significant effect of privacy literacy on “privacy rule adaptation”, which corresponds with privacy protection behavior. There are some exceptions, however. Epstein and Quinn (2020), also using an “objective” knowledge-based measure of privacy literacy, found a positive effect of privacy literacy on privacy protection behavior. Bartsch & Dienlin (2016), although using a subjective measure, also found a positive effect. Taken together, the findings from our sample suggest that, while users with educational attainments show a higher level of privacy literacy, this is not transformed into actual behavior. This knowledge-action gap in our data seems to depict privacy protection as an exception in the digital inequality framework. Indeed, a significant theoretical challenge to that framework arises when even individuals equipped with superior educational resources and high privacy literacy choose to refrain from active protective measures. However, the findings might seem counterintuitive only if we assume that protective behaviors directly lead to favorable outcomes. Building on the initial wave of digital inequality studies, we are currently positing that these behaviors represent “capital-enhancing” activities (DiMaggio et al., 2004). However, there is a lack of empirical evidence demonstrating the translation of online privacy protective behaviors into “tangible outcomes” of Internet use (Helsper et al., 2015). It is plausible that our scale measuring privacy protection behaviors encompasses two distinct constructs: on the one hand, practical behaviors that are more likely to be adopted by conscious users, and on the other, practices that hold theoretical value but offer marginal impact on users’ lives, with benefits potentially outweighed by their costs upon closer examination. Future research should aim to untangle this seemingly contradictory evidence concerning the determinants of online privacy protection.

Education has a limited role in shaping privacy protection behavior. We did not find any direct effect of education on privacy protection. This is in line with other studies, for example, Epstein and Quinn (2020), who failed to detect significant effects of education on both horizontal and vertical privacy protection behavior. The same is true for Boerman et al. (2021) in their two-wave study in the Netherlands. Finally, in the United Kingdom and in the context of smart speakers, Lutz and Newlands (2021) revealed non-significant effects of education on two of three privacy protection behaviors (technical and social), while there was only a small and weak—but significant—effect on data privacy protection behavior. However, we showed significant indirect effects of higher education on privacy protection behavior through privacy literacy (H3) and privacy cynicism (H6). The indirect effect through privacy literacy is negative, while the one through privacy cynicism is positive (the direct negative effect of education on cynicism supports our H4).

Secondly, the role of privacy cynicism shows that more cynical users are much less likely to protect their privacy online. The direct effect of privacy cynicism on privacy protection behavior was the largest in standardized terms (−0.404), supporting H5. These findings are in line with earlier research, for example, Lutz and colleagues (2020) in Germany and van Ooijen et al. (2022) in the USA. Thus, this result seems to generalize, at least in Western countries. Summing up our results, two opposite and independent paths emerge through which education level impacts privacy protection behavior: one exhibiting a negative impact on protective behaviors (mediated by privacy literacy) and the other demonstrating a positive influence (mediated by privacy cynicism). While the second goes along our expectations, the first represents a challenge both for digital inequality and privacy studies. The two paths fully mediate the relationship between education and privacy protective behavior (H7), signaling their centrality in explaining how resources coming from a higher education level pour into the field of privacy protection (Figure 2).

Figure 2.

The parallel mediation model with standardized regression coefficients. Note. *p < .05; **p < .01; ***p < .001.

Implications

Our findings have implications for different stakeholders. For fellow researchers, we make a theoretical contribution that connects privacy research, which often operates with a psychological scope, with digital inequality research, which is more rooted in sociology. Thus, we provide an interdisciplinary contribution, showing how bringing together different schools of thought can be useful. It is relevant to note that the study is one of the first to look at the social structure of privacy cynicism, thus heeding the calls by Draper et al. (2024) and Hoffmann et al. (2024) to connect scholarship on privacy (cynicism) more strongly to digital inequality.

For users, our findings show drivers of privacy protection behavior and privacy cynicism. When it comes to privacy protection behavior, users might reflect on the importance of privacy and its protection more strongly. Items PPB.7 (Cover the camera of my devices) and PPB.8 (Turn off access to my device’s microphone) had particularly skewed values and low frequencies. Given the increased integration of sensors and Internet-of-Things devices into our daily lives, reflecting and acting on less obvious but intrusive streams of data collection and privacy risks (such as visual or audio data) might make users feel more aware, in control, empowered and eventually more willing to protect their privacy (van Deursen et al., 2022). However, we should avoid the trap of only relying on user self-responsibilization (Obar, 2015).

Indeed, our results may suggest the existence of some structural limitations that prevent users—even those with high literacy—to gain tangible benefits from protective behaviors. The challenging result concerning the negative effect of privacy literacy on protective behaviors signals a knowledge-action gap that has to be filled. From this point of view, interventions aimed at reducing cynicism among users without facing these structural limitations may result in ineffectiveness. Therefore, data collectors and policymakers have an important role to play as well. Data collectors should make privacy protection easy, accessible, and not hidden or inconvenient. Thus, privacy-by-design should become more prioritized, and this could lower users’ privacy cynicism.² Policymakers should communicate more clearly what privacy rights users have and—maybe even more importantly—how they can have them enforced. This comprehends rights enshrined in the GDPR such as the right to erase or the right to access their own data. Urgent measures should also include technological solutions, such as privacy-enhancing technologies and privacy-by-design, as well as legal solutions in the form of stringent data protection laws (Tamò-Larrieux, 2018).

Finally, educators could put privacy more strongly on their curricula and agenda. On the one hand, we found that those with higher education are less cynical about their privacy. These results align with the digital inequality literature, especially research on the third-level digital divide and the compound nature of inequalities (van Deursen et al., 2017), so that those who are more disadvantaged tend to be more at risk. The indirect effects also suggest that higher education, through privacy cynicism, can boost privacy protection behavior. Privacy should be conveyed as relevant and fun, so that students and children from a young age learn about its importance. On the other hand, even if awareness could not currently translate directly into beneficial action because of structural problems, the important function of media education remains that of cultivating the conditions for media reforms in younger generations (Buckingham & Sefton-Green, 1997).

Limitations and Future Research

Our study has limitations that point to avenues for future research. First, while our analysis relied on large-scale, current and high-quality data, we conducted the survey in Italy. Thus, our conclusions might not apply to other countries, especially countries with a different Internet eco-system or education system such as those in the Global South. Future research should study the social structuration of privacy protection behavior, the role of education, privacy literacy, and privacy cynicism in other countries. Comparative studies would be particularly fruitful. Second, our survey is cross-sectional, so that strong causal claims cannot be made. Future research could employ longitudinal design such as panel studies or experiments. However, manipulating central variables in our study such as privacy literacy and privacy cynicism might turn out to be challenging. Thus, qualitative and narrative accounts are very useful too.

Third, our measure of privacy protection behaviors primarily captures active engagement, such as the use of privacy-enhancing technologies, or conscious opt-out choices, for example, refusing cookies when accessing a website. However, privacy protection can also take more subtle forms. For example, we may have overlooked the “chilling effects”, where individuals safeguard their privacy through less visible actions—such as restricting the personal information they share or modifying search terms on sensitive topics—due to concerns about governmental and corporate surveillance (Büchi et al., 2020; Penney, 2017). Our specific measurement approach may have influenced the findings, particularly the unexpected negative relationship between privacy literacy and protection behaviors.

Finally, due to space constraints and our scope, we could not include all potential antecedents of privacy protection behavior. For example, situational or contextual aspects such as specific Internet use modalities could not be integrated. Future research should include context-specific data collections with different contextual integrity norms (Nissenbaum, 2010), for example, in areas such as education, healthcare, and work.

Supplemental Material

Supplemental Material - Lower Cynicism, Not Higher Literacy, Promotes Protective Behavior: Exploring the “Privacy Exception” in the Digital Inequality Framework

Supplemental Material for Lower Cynicism, Not Higher Literacy, Promotes Protective Behavior: Exploring the “Privacy Exception” in the Digital Inequality Framework by Chiara Respi, Marco Gui, Gaetano Scaduto, Miriam Serini, Dario Pizzul, Tiziano Gerosa, and Christoph Lutz in Social Science Computer Review

Footnotes

Declaration of Conflicting Interest

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: “The value of digital data: enhancing citizens’ awareness and voice about surveillance capitalism (V-DATA),” authorship, and/or publication of this article: this work was supported by the Fondazione Cariplo (Bando 2020, Ricerca Sociale: Scienza Tecnologia e Società).

Ethical Statement

ORCID iDs

Chiara Respi

Marco Gui

Gaetano Scaduto

Miriam Serini

Dario Pizzul

Tiziano Gerosa

Christoph Lutz

Data Availability Statement

Data used for the analyses are shared in the public data repository UNIDATA—Bicocca Data Archive ().

Supplemental Material

Supplemental material for this article is available online.

Notes

Author Biographies

Chiara Respi (PhD) is Technologist at the Department of Sociology and Social Research of the University of Milano-Bicocca, where she works on the MUSA project (Spoke6) “Towards an Educational Pact for Digital Well-being and Safety at school and in the family. A participatory path for the city of Milan”, also collaborating in organizing activities for the Digital Transformation and Wellbeing Lab. Her research interests primarily focus on web-based quantitative surveys and the relationship of young people with technological devices and digital media.

Marco Gui is Associate Professor at the Department of Sociology and Social Research and Director of the “Digital Transformation and Wellbeing Lab” (digitalwellbeing.eu) at the University of Milano-Bicocca. His research interests concern social and individual differences in the use of the Internet, with a particular focus on digital inequality, youth and media and the relationship between digital media use and well-being. His research appears in many of the most influential journals in these fields. He was called upon as an expert or has been an advisor for OECD, The Council of the European Union, Sync – Digital Wellbeing Program (Ithra), INVALSI (Italian Institute of Education Evaluation), European Schoolnet and Philea Research Forum. He is part of the Editorial Board of Social Science Computer Review.

Gaetano Scaduto is a PhD candidate in Analyses of Social and Economic Processes (ASEP) at the University of Milano-Bicocca and a visiting researcher with the “Media, Movement, and Politics” (M2P) research group at the Department of Political Science of the University of Antwerp. His works have appeared in South European Society and Politics, Mass Communication & Society, and The International Journal of Press/Politics. In 2024 he was awarded the prize for “Best Paper from a Junior Researcher” by the Italian Political Communication Association (ASSOCOMPOL).

Miriam Serini is a Phd student in URBEUR – Urban Studies at the University of Milano-Bicocca. Her main research interests are public policy, local welfare, crip studies and inclusive education.

Dario Pizzul is a postdoctoral researcher at the University of Pavia (Italy). He received his PhD from the University of Milano-Bicocca in the program “Analysis of Social and Economic Processes”. His research interests lie broadly within Science and Technology Studies and the many issues surrounding digital technology, with a specific recent focus on datafication.

Tiziano Gerosa (PhD) is a sociologist and social science methodologist specializing in counterfactual policy evaluation, experimental methods, complex data analysis, and measurement issues. As a researcher at the University of Applied Sciences and Arts of Southern Switzerland (SUPSI), his work focuses on the intersection of sustainability and subjective well-being, with particular attention to the environmental and social impacts of mobility practices and information and communication technologies.

Christoph Lutz is a Professor in the Department of Communication and Culture, BI Norwegian Business School (Oslo, Norway). He is also the co-director of the Nordic Centre for Internet and Society. His research interests include digital inequality, privacy, the sharing economy, the future of work, and the social implications of emerging technologies such as artificial intelligence and social robots. Christoph has published widely on these topics in renowned journals such as New Media & Society, Big Data & Society, the Journal of Management Information Systems, Communications of the ACM, and Science and Engineering Ethics.

References

Acquisti

(2004). Privacy in electronic commerce and the economics of immediate gratification. In Proceedings of the 5th ACM electronic commerce conference (pp. 21–29). ACM.

Acquisti

Grossklags

(2003). Losses, gains, and hyperbolic discounting: An experimental approach to information security attitudes and behavior. In 2nd annual workshop on economics and information security-WEIS, College Park, MD, May 29th and 30th, pp. 1–27.

Acquisti

Grossklags

(2005). Privacy and rationality in individual decision making. IEEE Security & Privacy, 2(1), 24–30. https://doi.org/10.1109/MSP.2005.22

Adriaansen

M. L.

Van Praag

De Vreese

C. H.

(2010). Substance matters: How news content can reduce political cynicism. International Journal of Public Opinion Research, 22(4), 433–457. https://doi.org/10.1093/ijpor/edq033

Aguirre

Mahr

Grewal

de Ruyter

Wetzels

(2015). Unravelling the personalization paradox: The effect of information collection and trust-building strategies on online advertisement effectiveness. Journal of Retailing, 91(1), 34–49. https://doi.org/10.1016/j.jretai.2014.09.005

Alhazmi

Imran

Alsheikh

M. A.

(2022). How do socio-demographic patterns define digital privacy divide? IEEE Access, 10, 11296–11307. https://doi.org/10.1109/access.2022.3144436

Hong

W. C. H.

Zhang

Kolletar-Zhu

(2023). How education level influences internet security knowledge, behaviour, and attitude: A comparison among undergraduates, postgraduates and working graduates. International Journal of Information Security, 22(2), 305–317. https://doi.org/10.1007/s10207-022-00637-z

Barnes

S. B.

(2006). A privacy paradox: Social networking in the United States. First Monday, 11(9), 11–15. https://doi.org/10.5210/fm.v11i9.1394

Bartsch

Dienlin

(2016). Control your Facebook: An analysis of online privacy literacy. Computers in Human Behavior, 56, 147–154.

10.

Baruh

Secinti

Cemalcilar

(2017). Online privacy concerns and privacy management: A meta-analytical review. Journal of Communication, 67(1), 26–53. https://doi.org/10.1111/jcom.12276

11.

Beauducel

Herzberg

P. Y.

(2006). On the performance of maximum likelihood versus means and variance adjusted weighted least squares estimation in CFA. Structural Equation Modeling: A Multidisciplinary Journal, 13(2), 186–203. https://doi.org/10.1207/s15328007sem1302_2

12.

Blank

Bolsover

Dubois

(2014). A new privacy paradox [Working paper]. University of Oxford, Global Cyber Security Capacity Centre.

13.

Boerman

S. C.

Kruikemeier

Zuiderveen Borgesius

F. J.

(2021). Exploring motivations for online privacy protection behavior: Insights from panel data. Communication Research, 48(7), 953–977. https://doi.org/10.1177/0093650218800915

14.

Bovaird

J. A.

Koziol

N. A.

(2012). Measurement models for ordered-categorical indicators. In Hoyle

R. H.

(Ed.), Handbook of structural equation modeling (pp. 495–511). Guilford Press.

15.

Brandimarte

Acquisti

Loewenstein

(2013). Misplaced confidences: Privacy and the control paradox. Social Psychological and Personality Science, 4(3), 340–347. https://doi.org/10.1177/1948550612455931

16.

Brown

(2001). Studying the internet experience. HP Laboratories Technical Report HPL, 49.

17.

Büchi

Festic

Just

Latzer

(2021). Digital inequalities in online privacy protection: Effects of age, education and gender. In Festic

(Ed.), Handbook of digital inequality. Edward Elgar.

18.

Büchi

Fosch-Villaronga

Lutz

Tamò-Larrieux

Velidi

Viljoen

(2020). The chilling effects of algorithmic profiling: Mapping the issues. Computer Law & Security Review, 36(■■■), Article 105367. https://doi.org/10.1016/j.clsr.2019.105367

19.

Buck

Horbel

Germelmann

C. C.

Eymann

(2014). The unconscious app consumer: Discovering and comparing the information-seeking patterns among mobile application consumers. In Proceedings of the 2014 European Conference on Information Systems (ECIS2014), Tel Aviv, Israel, 9–11 June, 2014.

20.

Buckingham

Sefton-Green

(1997). Multimedia education: Media literacy in the age of digital culture. In Kubey

(Ed.), Media literacy in the information age: Current perspectives (pp. 285–305). Transaction.

21.

Chen

Beaudoin

C. E.

Hong

(2016). Protecting oneself online: The effects of negative privacy experiences on privacy protective behaviors. Journalism & Mass Communication Quarterly, 93(2), 409–429. https://doi.org/10.1177/1077699016640224

22.

Cho

Lee

Chung

(2010). Optimistic bias about online privacy risks: Testing the moderating effects of perceived controllability and prior experience. Computers in Human Behavior, 26(5), 987–995. https://doi.org/10.1016/j.chb.2010.02.012

23.

Choi

Park

Jung

(2018). The role of privacy fatigue in online privacy behavior. Computers in Human Behavior, 81(April), 42–51. https://doi.org/10.1016/j.chb.2017.12.001

24.

Choi

(2023). Privacy literacy on social media: Its predictors and outcomes. International Journal of Human-Computer Interaction, 39(1), 217–232. https://doi.org/10.1080/10447318.2022.2041892

25.

Cotter

Reisdorf

B. C.

(2020). Algorithmic knowledge gaps: A new horizon of (digital) inequality. International Journal of Communication, 14, 21.

26.

Dencik

Cable

(2017). The advent of surveillance realism: Public opinion and activist responses to the Snowden leaks. International Journal of Communication, 11, 763–781.

27.

Dienlin

Trepte

(2015). Is the privacy paradox a relic of the past? An in-depth analysis of privacy attitudes and privacy behaviors. European Journal of Social Psychology, 45(3), 285–297. https://doi.org/10.1002/ejsp.2049

28.

DiMaggio

Hargittai

Celeste

Shafer

(2004). From unequal access to differentiated use: A literature review and agenda for research on digital inequality. In Neckerman

K. M.

(Ed.), Social inequality (pp. 355–400). Russell Sage Foundation.

29.

Dinev

Hart

(2006). An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17(1), 61–80. https://doi.org/10.1287/isre.1060.0080

30.

Dodel

Mesch

(2018). Inequality in digital skills and the adoption of online safety behaviors. Information, Communication & Society, 21(5), 712–728. https://doi.org/10.1080/1369118x.2018.1428652

31.

Draper

N. A.

Pieter Hoffmann

Lutz

Ranzini

Turow

(2024). Privacy resignation, apathy, and cynicism: Introduction to a special theme. Big Data & Society, 11(3), 1–9. https://doi.org/10.1177/20539517241270663

32.

Draper

N. A.

Turow

(2019). The corporate cultivation of digital resignation. New Media & Society, 21(8), 1824–1839. https://doi.org/10.1177/1461444819833331

33.

Dutton

W. H.

Blank

Karpauskaite

(2022). A digital privacy divide: How privacy concerns reinforce inequalities online (July 31, 2022). Available at SSRN 4177311.

34.

Edwards

M. C.

Wirth

R. J.

Houts

C. R.

(2012). Categorical data in the structural equation modeling framework. In Hoyle

R. H.

(Ed.), Handbook of structural equation modeling (pp. 195–208). The Guilford Press.

35.

Epstein

Quinn

(2020). Markers of online privacy marginalization: Empirical examination of socioeconomic disparities in social media privacy attitudes, literacy, and behavior. Social Media + Society, 6(2), 1–13. https://doi.org/10.1177/2056305120916853

36.

Estrela

Semedo

Roque

Ferreira

P. L.

Herdeiro

M. T.

(2023). Sociodemographic determinants of digital health literacy: A systematic review and meta-analysis. International Journal of Medical Informatics, 177, Article 105124. https://doi.org/10.1016/j.ijmedinf.2023.105124

37.

Gerber

Volkamer

(2018). Explaining the privacy paradox: A systematic review of literature investigating privacy attitude and behavior. Computers & Security, 77(1), 226–261. https://doi.org/10.1016/j.cose.2018.04.002

38.

Gerosa

(2021). Measurement invariance with ordered categorical variables. Applications in longitudinal survey research. In Cernat

Sakshaug

J. W.

(Eds.), Measurement error in longitudinal data (pp. 259–288). Oxford University Press. https://doi.org/10.1093/oso/9780198859987.003.0011

39.

Gui

Büchi

(2021). From use to overuse: Digital inequality in the age of communication abundance. Social Science Computer Review, 39(1), 3–19. https://doi.org/10.1177/0894439319851163

40.

Ham

(2017). Exploring how consumers cope with online behavioral advertising. International Journal of Advertising, 36(4), 632–658. https://doi.org/10.1080/02650487.2016.1239878

41.

Hargittai

(2002). Second-level digital divide: Differences in people’s online skills. First Monday, 7(4), 1–19. https://doi.org/10.5210/fm.v7i4.942

42.

Hargittai

(2008). The digital reproduction of inequality. In Grusky

(Ed.), Social stratification (pp. 936–944). Westview Press.

43.

Hargittai

(Ed.), (2021). The handbook of digital inequality. Edward Elgar.

44.

Hargittai

Marwick

(2016). “What can I really do?” Explaining the privacy paradox with online apathy. International Journal of Communication, 10, 3737–3757.

45.

Helsper

E. J.

(2016). Inequalities in digital literacy: Definitions, measurements, explanations and policy implications. In Pesquisa sobre o uso das tecnologias de informação e comunicação nos domícilios brasileiros: TIC domicílios 2015 = Survey on the use of information and communication technologies in Brazilian households: ICT households 2015 (pp. 175–185). The London School Economic and Political Science Research Online.

46.

Helsper

E. J.

van Deursen

A. J.

Eynon

(2015). Tangible outcomes of internet use: From digital skills to tangible outcomes project report. Oxford University Press.

47.

Hoffmann

C. P.

Lutz

Ranzini

(2016). Privacy cynicism: A new approach to the privacy paradox. Cyberpsychology: Journal of Psychosocial Research on Cyberspace, 10(4), Article 7. https://doi.org/10.5817/cp2016-4-7

48.

Hoffmann

C. P.

Lutz

Ranzini

(2024). Inequalities in privacy cynicism: An intersectional analysis of agency constraints. Big Data & Society, 11(1), 1–19. https://doi.org/10.1177/20539517241232629

49.

L. T.

Bentler

P. M.

(1999). Cutoff criteria for fit indexes in covariance structure analysis: Conventional criteria versus new alternatives. Structural Equation Modeling: A Multidisciplinary Journal, 6(1), 1–55. https://doi.org/10.1080/10705519909540118

50.

Kline

R. B.

(2023). Principles and practice of structural equation modeling. Guilford Publications.

51.

Kokolakis

(2017). Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & Security, 64(January), 122–134. https://doi.org/10.1016/j.cose.2015.07.002

52.

Lanier

C. D.

Saini

(2008). Understanding consumer privacy: A review and future directions. Academy of Marketing Science Review, 12(2), 1–3.

53.

Liao

Sundar

S. S.

Rosson

(2023). Online privacy cues and heuristics. In Trepte

Masur

(Eds.), The Routledge handbook of privacy and social media (pp. 80–88). Routledge.

54.

Liu

Millsap

R. E.

West

S. G.

Tein

J. Y.

Tanaka

Grimm

K. J.

(2017). Testing measurement invariance in longitudinal data with ordered-categorical measures. Psychological Methods, 22(3), 486–506. https://doi.org/10.1037/met0000075

55.

Lutz

Hoffmann

C. P.

Ranzini

(2020). Data capitalism and the user: An exploration of privacy cynicism in Germany. New Media & Society, 22(7), 1168–1187. https://doi.org/10.1177/1461444820912544

56.

Lutz

Newlands

(2021). Privacy and smart speakers: A multi-dimensional approach. The Information Society, 37(3), 147–162. https://doi.org/10.1080/01972243.2021.1897914

57.

Luzsa

Mayr

(2022). Links between online privacy fatigue, technology attitudes and sociodemographic factors in a German population sample. In Proceedings of Mensch und Computer 2022, Darmstadt Germany, 4–7 September, 2022, pp. 360–364.

58.

Chen

(2023). Are digital natives overconfident in their privacy literacy? Discrepancy between self-assessed and actual privacy literacy, and their impacts on privacy protection behavior. Frontiers in Psychology, 14, Article 1224168. https://doi.org/10.3389/fpsyg.2023.1224168

59.

Maineri

A. M.

Achterberg

Luijkx

(2023). The closing educational gap in e-privacy management in European perspective. Sociological Research Online, 28(1), 37–57. https://doi.org/10.1177/13607804211023524

60.

Masur

P. K.

Epstein

Quinn

Wilhelm

Baruh

Lutz

(2025). Comparative privacy research: Literature review, framework, and research agenda. The Information Society, 41(2), 1–22. https://doi.org/10.1080/01972243.2025.2451863

61.

McClain

Faverio

Anderson

Park

(2023). Views of data privacy risks, personal data, and digital privacy laws. Pew Research Center.

62.

Meier

Krämer

N. C.

(2024). Differences in access to privacy information can partly explain digital inequalities in privacy literacy and self-efficacy. Behaviour & Information Technology, 44(6), 1–16. https://doi.org/10.1080/0144929X.2024.2349183

63.

Mesch

Talmud

(2011). Ethnic differences in internet access: The role of occupation and exposure. Information, Communication & Society, 14(4), 445–471. https://doi.org/10.1080/1369118x.2011.562218

64.

Nissenbaum

(2010). Privacy in context: Technology, policy and the integrity of social life. Stanford University Press.

65.

Norberg

P. A.

Horne

D. R.

Horne

D. A.

(2007). The privacy paradox: Personal information disclosure intentions versus behaviors. Journal of Consumer Affairs, 41(1), 100–126. https://doi.org/10.1111/j.1745-6606.2006.00070.x

66.

Obar

J. A.

(2015). Big data and the phantom public: Walter Lippmann and the fallacy of data privacy self-management. Big Data & Society, 2(2), 1–16. https://doi.org/10.1177/2053951715608876

67.

O’Neil

(2001). Analysis of Internet users’ level of online privacy concerns. Social Science Computer Review, 19(1), 17–31. https://doi.org/10.1177/089443930101900103

68.

Ono

Zavodny

(2008). Immigrants, English ability and the digital divide. Social Forces, 86(4), 1455–1479. https://doi.org/10.1353/sof.0.0052

69.

Osborne

R. E.

(2014). Observations on police cynicism: Some preliminary findings. North American Journal of Psychology, 16(3), 607–628.

70.

Park

Y. J.

(2013). Digital literacy and privacy behavior online. Communication Research, 40(2), 215–236. https://doi.org/10.1177/0093650211418338

71.

Park

Y. J.

(2021). Why privacy matters to digital inequality. In Hargittai

(Ed.), Handbook of digital inequality (pp. 284–295). Edward Elgar Publishing.

72.

Park

Y. J.

Chung

J. E.

(2017). Health privacy as sociotechnical capital. Computers in Human Behavior, 76, 227–236. https://doi.org/10.1016/j.chb.2017.07.025

73.

Penney

(2017). Internet surveillance, regulation, and chilling effects online: A comparative case study. Internet Policy Review, 6(2), 1–39. https://doi.org/10.14763/2017.2.692

74.

Ranzini

Lutz

Hoffmann

(2023). Privacy cynicism: Resignation in the face of agency constraints. In Trepte

Masur

(Eds.), The Routledge handbook of privacy and social media (pp. 134–143). Routledge.

75.

Robinson

Cotten

S. R.

Ono

Quan-Haase

Mesch

Chen

Schulz

Hale

T. M.

Stern

M. J.

(2015). Digital inequalities and why they matter. Information, Communication & Society, 18(5), 569–582. https://doi.org/10.1080/1369118x.2015.1012532

76.

Rosseel

(2012). lavaan: An R package for structural equation modeling. Journal of Statistical Software, 48(2), 1–36. https://doi.org/10.18637/jss.v048.i02

77.

Sass

D. A.

Schmitt

T. A.

Marsh

H. W.

(2014). Evaluating model fit with ordered categorical data within a measurement invariance framework: A comparison of estimators. Structural Equation Modeling: A Multidisciplinary Journal, 21(2), 167–180. https://doi.org/10.1080/10705511.2014.882658

78.

Scheerder

Van Deursen

Van Dijk

(2017). Determinants of Internet skills, uses and outcomes. A systematic review of the second-and third-level digital divide. Telematics and Informatics, 34(8), 1607–1624. https://doi.org/10.1016/j.tele.2017.07.007

79.

Schneider

S. L.

(2013). The international standard classification of education 2011. Comparative Social Research, 30(■■■), 365–379. https://doi.org/10.1108/S0195-6310(2013)0000030017

80.

Schubert

Marinica

Mosetti

Bajka

(2022). Mitigating the privacy paradox through higher privacy literacy? Insights from a lab experiment based on Facebook data. Collegium Helveticum.

81.

Segijn

C. M.

van Ooijen

(2020). Perceptions of techniques used to personalize messages across media in real time. Cyberpsychology, Behavior, and Social Networking, 23(5), 329–337. https://doi.org/10.1089/cyber.2019.0682

82.

Smit

E. G.

van Noort

Voorveld

H. A.

(2014). Understanding online behavioural advertising: User knowledge, privacy concerns and online coping behaviour in Europe. Computers in Human Behavior, 32(1), 15–22. https://doi.org/10.1016/j.chb.2013.11.008

83.

Solove

D. J.

(2021). The myth of the privacy paradox. Georgetown Washington Law Review, 89(1), 1–51. https://doi.org/10.2139/ssrn.3536265

84.

Tamò-Larrieux

(2018). Designing for privacy and its legal framework: Data protection by design and default for the internet of things. Springer.

85.

Trepte

Teutsch

Masur

P. K.

Eicher

Fischer

Hennhöfer

Lind

(2015). Do people know about privacy and data protection strategies? Towards the “online privacy literacy scale” (OPLIS). In Reforming European data protection law (pp. 333–365). Springer.

86.

Turow

McGuigan

Maris

E. R.

(2015). Making data mining a natural part of life: Physical retailing, customer surveillance and the 21st century social imaginary. European Journal of Cultural Studies, 18(4–5), 464–478. https://doi.org/10.1177/1367549415577390

87.

van Deursen

A. J.

Helsper

Eynon

van Dijk

J. A.

(2017). The compoundness and sequentiality of digital inequality. International Journal of Communication, 2017(11), 452–473.

88.

van Deursen

A. J.

Helsper

E. J.

(2018). Collateral benefits of Internet use: Explaining the diverse outcomes of engaging with the Internet. New Media & Society, 20(7), 2333–2351. https://doi.org/10.1177/1461444817715282

89.

van Deursen

A. J.

van der Zeeuw

de Boer

Jansen

van Rompay

(2022). Development and validation of the internet of things skills scale (IoTSS). Information, Communication & Society, 25(13), 1883–1899. https://doi.org/10.1080/1369118x.2021.1900320

90.

van Deursen

A. J.

Van Dijk

J. A.

Peters

(2011). Rethinking Internet skills: The contribution of gender, age, education, Internet experience, and hours online to medium-and content-related Internet skills. Poetics, 39(2), 125–144. https://doi.org/10.1016/j.poetic.2011.02.001

91.

van Dijk

(2005). The deepening divide: Inequality in the information society. Sage.

92.

van Dijk

(2020). The digital divide. John Wiley & Sons.

93.

van Dijk

van Deursen

A. J. A. M.

(2014). Digital skills: Unlocking the information society. Palgrave Macmillan.

94.

van Doorn

Hoekstra

J. C.

(2013). Customization of online advertising: The role of intrusiveness. Marketing Letters, 24(4), 339–351. https://doi.org/10.1007/s11002-012-9222-1

95.

van Laar

van Deursen

A. J.

van Dijk

J. A.

De Haan

(2019). Determinants of 21st-century digital skills: A large-scale survey among working professionals. Computers in Human Behavior, 100(11–12), 93–104. https://doi.org/10.1016/j.chb.2019.06.017

96.

van Ooijen

Segijn

C. M.

Opree

S. J.

(2022). Privacy cynicism and its role in privacy decision‐making. Communication Research, 51(2), 146–177. https://doi.org/10.1177/00936502211060984

97.

Walker

A. M.

Hargittai

(2021). Drills and spills: Developing skills to protect ones privacy online. In Hargittai

(Ed.), Handbook of digital inequality (pp. 358–372). Edward Elgar.

98.

Wang

L. H.

Metzger

M. J.

(2024). The online privacy divide: Testing resource and identity explanations for racial/ethnic differences in privacy concerns and privacy management behaviors on social media. Communication Research, Onlinefirst. https://doi.org/10.1177/00936502241273157

99.

Witte

Mannon

(2010). The internet and social inequalities. Routledge.

100.

Xia

Yang

(2019). RMSEA, CFI, and TLI in structural equation modeling with ordered categorical data: The story they tell depends on the estimation methods. Behavior Research Methods, 51(1), 409–428. https://doi.org/10.3758/s13428-018-1055-2

101.

Dinev

Smith

Hart

(2011). Information privacy concerns: Linking individual perceptions with institutional privacy assurances. Journal of the Association for Information Systems, 12(12), 798–824. https://doi.org/10.17705/1jais.00281

102.

Zafeiropoulou

A. M.

Millard

D. E.

Webber

O’Hara

(2013). Unpicking the privacy paradox: Can structuration theory help to explain location-based privacy decisions? In Proceedings of the 5th Annual ACM Web Science Conference, Paris, France, May 2–4 2013.

103.

Zhou

(2014). Understanding mobile SNS continuance usage in China from the perspectives of social influence and privacy concern. Computers in Human Behavior, 37(1), 283–289. https://doi.org/10.1016/j.chb.2014.05.008

104.

Zillien

Hargittai

(2009). Digital distinction: Status-specific types of internet usage. Social Science Quarterly, 90(2), 274–291. https://doi.org/10.1111/j.1540-6237.2009.00617.x

Supplementary Material

Please find the following supplemental material available below.

For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.

For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.

0.00 MB

0.20 MB

Lower Cynicism,Not Higher Literacy,Promotes Protective Behavior: Exploring the “privacy exception” in the Digital Inequality Framework

Abstract

Keywords

Introduction

Privacy Literature: Digital Inequality in the Privacy Framework

Digital Inequalities: The Unequal Distribution of Digital Literacy and its Determinants

Privacy Paradox: Its Various Explanations and the Concept of Privacy Cynicism

Hypotheses

Data

Variables and Methods

Results

Measurement Model

Structural Hypotheses Testing

Summary

Implications

Limitations and Future Research

Supplemental Material

Supplemental Material - Lower Cynicism, Not Higher Literacy, Promotes Protective Behavior: Exploring the “Privacy Exception” in the Digital Inequality Framework

Footnotes

Declaration of Conflicting Interest

Funding

Ethical Statement

ORCID iDs

Data Availability Statement

Supplemental Material

Notes

Author Biographies

References

Supplementary Material