Sage Journals: Discover world-class research

Abstract

Smartphones have become daily companions and store many personal information, including contact lists, photos, and videos. Even though users download smartphone apps for various purposes, they are also data collection instruments. Within the Protection Motivation Theory research streamline, the present research focuses from a comparative perspective on young adults’ concerns and engagement with privacy protection behaviors while setting up smartphone apps. Aiming to assess how threat and coping appraisals relate to privacy protection behavior from a comparative perspective, we conducted an online survey (N = 931) in Germany (n = 479) and Romania (n = 452) with young adults (age 18–26 years). Findings showed differences between the two countries in the sense that individuals’ overarching privacy attitudes transfer to and manifest in the context-specific behavior of setting up apps. For German young adults, susceptibility and severity of the data collection by companies are positively related to privacy protection behavior while setting up apps. Romanians are confident that they can protect their data by setting up apps. For German and Romanian young adults, self-efficacy in online communication was related to response efficacy of privacy protection while configuring apps.

Keywords

cross-country comparison mobile communication privacy protection Protection Motivation Theory

Introduction

In the current complex online communication environments where data collection and commodification are standard practices (van Dijck et al., 2018), it is challenging for individuals to control their data (Van Ooijen & Vrabec, 2019). Relevant devices in the data-gathering processes are smartphones that enable the installation and running of diverse and multi-functional applications that are computer programs (de Reuver et al., 2016; Masur, 2018) and fulfill different needs (Joeckel & Dogruel, 2019). Smartphones store a vast amount of personal information, including contact lists, photos, and videos, and enable users’ location and movement to be tracked (Shklovski et al., 2014; Sipior et al., 2014). Moreover, certain mobile apps are marketed to falsely fulfill feelings of autonomy and relatedness. Since users risk having their data used unintendedly (Masur & Trepte, 2021), privacy protection should be of particular interest to users while setting up new applications on mobile devices such as smartphones.

Previous studies focused on privacy protection behavior while using apps highlighted the complexity of privacy protection compared with online communication in general (Dogruel et al., 2017; Joeckel & Dogruel, 2019). Hence, website users identified ways to protect their privacy by managing the privacy settings (Wottrich et al., 2019). However, regarding mobile apps, scholars argued that users had limited options to counter information disclosure risks (de Reuver et al., 2016; van Ooijen & Vrabec, 2019), resulting in carefree self-disclosing behavior (Barth & de Joung, 2017; Kokolakis, 2017). Besides, given that users are often required to make immediate privacy decisions (e.g., pop-ups requesting geo-location or app-tracking permissions), setting up an app involves more complex privacy management.

A form of sophisticated knowledge called mobile app knowledge (Smit et al., 2014) is needed to make privacy decisions while engaging with apps. Privacy protection behavior while setting up apps refers to actions taken by individuals to safeguard their personal data when installing and configuring new applications on their smartphones. Hence, paying attention to permission warnings while setting up apps can be considered an efficient measure to avoid the violation of data privacy (Sipior et al., 2014). Besides, it is a common practice that apps require access to specific data that is optional for them to work in a way that is aligned with the users’ downloading purpose. Salient examples are apps that require access to the smartphone’s geo-location to track the user’s location and movement or to the contact list within an app that performs photo editing. Hence, our study aims to contribute to researching privacy protection behavior in the context of setting up a new app.

Privacy protection behaviors in online communication are determined by socio-cultural factors (Wilhelm, 2021). Previous studies found evidence that specific user practices and the psychological process of understanding social media privacy calculus are culturally specific. Thus, in a study conducted in Germany, the Netherlands, the United States, and China, Trepte et al. (2017) showed that the subjective importance of privacy risk is higher in collectivist-oriented cultures (e.g., China) than in individualism-oriented ones (e.g., Germany and the Netherlands). Within this argumentation streamline, we have reasons to assume that privacy protection behavior during the setup of apps on smartphones differs across countries. Hence, aiming at a cross-country comparison, we looked at a Western and an Eastern European country, Germany and Romania, which differ in socioeconomic factors (Eurostat, 2024), level of trust in the institutions (European Commission, 2021), and attitudes toward privacy protection (Singh & Hill, 2003). A comparative, context-aware research of privacy protection can contribute to a nuanced understanding of the mechanism behind user’s privacy-protective behavior during the setup of apps. Moreover, as a benefit of cross-country comparison, practical implications such as specific privacy protection literacy and policy recommendations are worth mentioning.

In 2022, apps were downloaded overall 255 billion times, and among all adult age groups worldwide, with an average usage per month of 112.6 hr, young adults (18–24 years) spent 2022 the most time on mobile apps (Elad, 2023). Within the theoretical framework of the Privacy Motivation Theory (Maddux & Rogers, 1983; Rogers, 1975; Witte, 1992), our study aims to shed light on the mechanism behind users’ engagement in privacy protection behavior while setting up apps. We aim for a comparative perspective on what motivates young adults from Germany and Romania, the age group using apps the most in terms of hours per month (Elad, 2023). Furthermore, we investigate how young smartphone users from Germany and Romania (age 18–26 years) have overarching privacy attitudes, such as susceptibility and severity of the online data collection, and how they transfer to and manifest in the context-specific behavior of setting up apps.

Theoretical framework

Privacy in online and mobile communication

Privacy is defined as “the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (Westin, 1967, p. 337). Moreover, in line with Altman’s (1975) conceptualization of privacy, online privacy is described as the individual’s assessment of information accessibility. Online privacy is performed by interacting with other entities (Trottier, 2017) and considering themselves active actors in shaping their data accessibility through self-disclosure and privacy regulations (Trepte, 2021). However, privacy was also conceptualized as “personal control” (Johnson, 1974, p. 83). Considering that the correspondence between privacy and its benefits (e.g., maintaining confidentiality to prevent discriminatory practices) is often low, people might perceive engaging in privacy protection behavior as stressful and potentially avoid it. According to Johnson (1974), engaging in privacy protection behavior requires efforts that individuals are not always willing to make for outcomes they are unaware of.

Previous research stressed that although online privacy is a highly-debated subject, users rarely take action regarding their online protection, such as halting location services, changing the privacy-invasive settings on websites, or rejecting tracking cookies (Boerman et al., 2021). In online settings, users must be more interested in investing in privacy protection as a coping mechanism, disrupting the constant privacy concerns and data disclosure behaviors (van Ooijen et al., 2024). Mobile app development is a growing market worldwide (Elad, 2023) and privacy protection while interacting with apps has gained substantial attention (Wottrich et al., 2019). Mobile devices with high levels of functionality and a vast amount of personal information add to the complexity of digital environments and challenge privacy protection (Shklovski et al., 2014; Sipior et al., 2014; Wottrich et al., 2019).

Privacy protection when using mobile apps requires complex knowledge to avoid unwanted interference in their privacy (Smit et al., 2014). Adding to the challenges originating from the complex environment of mobile communication by using smartphone apps compared with online communication by accessing websites, power hierarchies, and data breaches are critical factors that explain differences in the perception of data collection via apps as a threat to data privacy (Ayaburi, 2023; Madan et al., 2023). Looking at the consistency of broader online privacy concerns and concrete actions like configuring apps after downloading is relevant in understanding how individuals’ general beliefs about privacy protection in online communication are linked to privacy protection measures in the specific context of setting up apps.

The Protection Motivation Theory

Previous research developed based on the Protection Motivation Theory (PMT) (Maddux & Rogers, 1983; Rogers, 1975; Witte, 1992) highlighted its relevance for comprehending privacy-protective behavior in online communication in general (Boehmer et al., 2015; Boerman et al., 2021; Cho et al., 2009; Van Ooijen et al., 2024), on social network sites (Meier et al., 2020; Mousavi et al., 2020; Sedek et al., 2018), in online behavioral advertising (Ham, 2017), and on mobile apps (Wottrich et al., 2019). Previous studies (Boehmer et al., 2015; Boerman et al., 2021; Cho et al., 2009; Mousavi et al., 2020; Van Ooijen et al., 2024) stressed that people identify potential threats and consider their actions efficient to protect themselves against those threats as coping mechanisms, these being predictors for privacy-protecting behaviors. According to the original PMT, the magnitude of a noxious event, its probability of occurrence, and the efficacy of protective response mediate attitudinal change (Maddux & Rogers, 1983; Rogers, 1975; Witte, 1992). Applying PMT in the context of privacy protection behaviors while setting up apps, among other aspects (e.g., literacy, motivation, situational context, cognitive capacity, etc.), the level of threat a user perceives in the context of using mobile apps determines the information-disclosing behaviors while setting up apps and the coping mechanisms that help users prevent data collection.

PMT discusses threat appraisal (the perceived susceptibility and severity) and coping appraisal (self-efficacy and response efficacy to these threats). Both appraisals influence people’s motivations to protect themselves against threats (Witte, 1992). The perceived susceptibility reflects people’s perception of a threat, while the perceived severity reflects people’s assessment of the personal impact of a harmful situation (Rogers, 1975). Self-efficacy is the belief in the capacity to perform a particular action to achieve a given goal (Bandura, 1997). Response efficacy refers to an individual’s belief in the effectiveness of a response in averting the threat (Witte, 1992). Hence, linked to personal efficacy, PMT underlines the importance of subjective appraisals determining privacy protection.

To evaluate privacy protection behavior while setting up apps, we looked at the broader context of online communication. Thus, given that many online activities are now conducted through mobile devices, the perception of threats encountered online can be transferred to the mobile communication context and can be related to the coping mechanism while setting up apps.

Threat appraisal

According to the PMT applied to online privacy behaviors, threat appraisal consists of the perceived severity and susceptibility of data collection and harmful usage (e.g., unauthorized data exploitation for financial gain, political manipulation, identity theft, etc.) by others, such as companies or individuals. Perceived costs and benefits are also considered predictors of privacy protection behaviors (Van Ooijen et al., 2024). The coping appraisal consists of privacy self-efficacy and privacy response efficacy regarding response to online threats (Boerman et al., 2021; Meier et al., 2020; Sedek et al., 2018; Vishwanath et al., 2018). The judgment of the threat, the threat appraisal, and the coping appraisal predict online privacy protection behaviors (Van Ooijen et al., 2024).

Depending on the nature of the perceived threats, individuals believe that they can or cannot protect themselves. If the threat is severe, individuals should be determined to protect themselves and adopt control strategies (Ham, 2017; LaRose & Rifon, 2007). Personal experiences are more likely to make individuals consider the associated risks more frequently and with more lucidity, leading to increased concerns. However, in the long term, protective behaviors remain unaffected (Masur & Trepte, 2021). Privacy violations that are perceived as threats are generally seen as a lack of boundaries in personal data and the often unwanted sharing of personal data (Chen & Atkin, 2020).

According to PMT, people are most likely to engage in data protection behaviors if they are aware that companies collect, use, and share their data (perceived susceptibility to online privacy threats) and are against those practices (perceived severity to online privacy threats). PMT sees a linear relation between threat appraisals and (privacy) protection behavior (Witte, 1992). Previous studies found evidence that perceived susceptibility is related to the perceived severity (Meier et al., 2020; Sedek et al., 2018) and that the perceived severity of the threat (Boerman et al., 2021; Mousavi et al., 2020) is positively related to privacy protection behaviors in online communication. Aiming to link the perception of online communication threats with privacy-protective behavior during the process of setting up apps, we hypothesized:

H1. Susceptibility to online privacy threats positively relates to the severity of online privacy threats.

H2. (a) Susceptibility to online privacy threats and (b) severity of online privacy threats are positively related to privacy protection behaviors while setting up apps.

Coping appraisal

Response efficacy is linked to a form of control the user has. This control can be operationalized as a state where the user considers the online flow of personal communication. However, handling these control leverages and response tools is perceived as stressful and demanding (Johnson, 1974). On social media platforms, for instance, privacy is not as private as one desires (Trepte, 2021). For users preoccupied with finding the proper protection tools, several actions revolving around the idea of limited information disclosure are available regarding privacy protection while setting up apps. Existing literature named paying attention to permission warnings and carefully reading terms and conditions as prevalent (Shklovski et al., 2014).

Several studies focusing on online protection behaviors found evidence that self-efficacy (Mousavi et al., 2020; Wottrich et al., 2019) and response efficacy (Boehmer et al., 2015; Boerman et al., 2021; Mousavi et al., 2020) are positively related to privacy protection behaviors. Thus, Ham (2017) observed that high levels of risk and self-efficacy lead to advertising avoidance as a protective action.

High levels of individual self-efficacy are positively related to protective behaviors (not giving out personal information online such as home address) and limitation of information disclosure in online communication (Chai et al., 2009). In addition, well-rounded digital skills ease the understanding of privacy and ad-blocking tools, increasing the chance of protective behaviors (Chancary et al., 2018). However, the coping appraisals are mixed, as users need more confidence in protecting their personal information while believing that some tools can efficiently halt the collection and usage of online data (Boerman et al., 2021).

In their study on privacy protection in the context of mobile apps, Wottrich et al. (2019) did not introduce their model response efficacy as a variable but mobile app knowledge (Smit et al., 2014). In the present study, we focused on what users consider response efficacy while setting up apps. Furthermore, our conceptual model aims to capture the relationship between the coping mechanism in online communication and during the setup of apps in particular and the relation to privacy protection behavior. Therefore, like previous studies (Meier et al., 2020; Sedek et al., 2018), we looked at the relationship between coping appraisal elements and posited that online communication self-efficacy is related to response efficacy while setting up apps. Furthermore, in line with PMT, self-efficacy in online communication and response efficacy while setting up apps are positively related to privacy protection behaviors during app setup. To look at privacy-protective behavior, we address specific and individual smartphone-based actions users perform while setting up apps to keep their data safe. Therefore, we posited:

H3. Self-efficacy in online communication positively relates to response efficacy while setting up apps.

H4. (a) Self-efficacy in online communication and (b) response efficacy while setting up apps positively relate to privacy protection behaviors while setting up apps.

Our hypotheses model is depicted in Figure 1.

Figure 1.

Hypotheses model.

Comparing Germany and Romania

Our research aims to compare Germany and Romania, a Western and an Eastern European country. Several factors potentially impacting privacy protection behavior, such as historical background, legislative framework, attitudes toward privacy, values, trust in institutions, and socioeconomic factors, differ across countries. The historical background is worth mentioning as we aim to compare a Western and an Eastern European country with different democratic governance experiences in the decades before 1989. Moreover, in recent history, Germany was preoccupied with the regulation of data protection long before Romania, considering that the state of Hesse issued the first data protection act worldwide in 1970, followed by a federal law, The Federal Data Protection Act, in 1977 (Morey & Schoop, 2015). At that time, Romania was a communist country ruled by a dictator, so measurements to assure personal data protection were unimaginable. The historical background might be related to the societal relevance of privacy protection and the perceptions of hierarchies, a critical factor for the perception of vertical privacy threats (Ayaburi, 2023; Madan et al., 2023). By vertical privacy, we refer to individuals seeking privacy to prevent providers and institutions within the context of “a new economy that centers on their personal information as a commodity” (Masur, 2018, pp. 12–122).

Furthermore, from the perspective of the attitudes toward privacy, The Special Eurobarometer Digital Rights and Principles showed differences between the two countries. On one hand, a trusted online environment where people are protected from cybercrime, illegal content, and goals is essential for 70% of German participants. On the other hand, ranked last by the results of this survey, only 43% of the Romanians consider it very important, which is far below the mean of the 27 European Union member states (61% very important) (European Commission, 2021). Previous studies showed that Germans have strong views regarding protecting their data while online surfing (Engström et al., 2023) and are willing to support stricter legislation (Singh & Hill, 2003). Hence, how people relate to online safety in the two countries is different; therefore, the severity of online threats might differ.

Cultural factors influence how people assess the value of privacy and engage in privacy protection behavior in online communication (Abokhodair & Hodges, 2019; Wilhelm, 2021). The World Value Survey conducted in 2021 showed that according to the Inglehart-Wenzel Cultural Map (Inglehart & Welzel, 2005), traditional and survival values are prevalent in Romania compared with Germany, where secular-rational and self-expression values prevail (World Value Survey, 2021). Survival values are related to low levels of trust, and self-expression is related to rising demands to participate in economic and political decision-making (Inglehart & Welzel, 2005). Furthermore, Romania has one of the lowest levels of trust in public institutions in the EU (Organisation for Economic Co-operation and Development, 2023). On one hand, the levels of trust in state institutions determine vertical privacy concerns and result in being suspicious of data collection practices. On the other hand, the rising demand to participate in decision-making might result in more data protection awareness.

From the socio-economical perspective, although Germany and Romania are both European Union member states, there are significant differences regarding the welfare state and gross domestic product (Eurostat, 2024). These differences can result in differences in protection motivation between smartphone users in Germany and Romania when downloading mobile applications. Therefore, we asked:

RQ1. How do the differences in threat appraisal (susceptibility and severity) and coping appraisal (self-efficacy and response efficacy) and subsequently in the privacy protection behavior while setting up apps between young adults from Germany and Romania emerge?

Method

Sample

In January 2020, we conducted two group discussions (N = 25) with young adults (age: 18–24 years) from Germany, aiming to identify data protection measurements of the target group while setting up apps (e.g., not allowing a newly installed app to access users’ smartphone contacts if not necessary). The group interviews offered insights that helped us understand what measures they consider adequate for data protection while setting up apps. Thus, participants discussed for about one and a half hours protecting measurements of the data while setting up apps on their smartphone apps. The interviews were manually coded, and thematic analysis was applied, focusing on categories such as privacy measurements they take while setting up apps and effective measurements to protect their data. We used an inductive-deductive approach. Hence, some categories were driven from the existing literature (e.g., Boerman et al., 2021), while additional categories resulted from coding. The Coding scheme in the online supplementary materials on Open Science Framework repository (OSF) (https://osf.io/mj4bn/?view_only=None).

Aligned with the objectives of our research, we conducted an online survey with N = 931 young adults and smartphone users from Germany (n = 479, 18–26 years, M = 22.10, SD = 1.69) and Romania (n = 452, 18–26 years, M = 20.39, SD = 1.49). Most respondents were females (67%) and had a high school (72%) or a bachelor’s degree (27%). We collected the data in January to March 2021 in Germany and November 2022 to February 2023 in Romania. The survey was applied in German and Romanian, the native languages of the participants, with the help of the survey platform Qualtrics. Regarding the sampling strategy, we focused on a homogeneous population of age and young adults, representing the demographic using apps the most in monthly hours (Elad, 2023).

Measurements

Susceptibility to online privacy threats was measured by asking respondents the extent to which they agreed to three statements (e.g., “I believe that companies collect information about my online behavior.”) on a 7-point Likert-type scale from 1 (strongly disagree) to 7 (strongly agree; α = .82; Vishwanath et al., 2018). The severity of online privacy was measured by asking respondents the extent to which they agreed to three statements (e.g., “Having companies collect data about my online behavior is a problem for me.”) on a 7-point Likert-type scale from 1 (strongly disagree) to 7 (strongly agree; Ham, 2017). Finally, self-efficacy in online communication was measured using three statements (e.g., “I can protect my personal information, such as my browsing behavior, on the internet.”) on a 7-point Likert-type scale ranging from 1 (strongly disagree) to 7 (strongly agree; based on Boerman et al., 2021).

Based on the findings of the initial group discussions as well as on the existing literature (Boerman et al., 2021), we developed unidimensional scales to measure response efficacy, the self-perceived ability to protect their privacy while setting up apps on their smartphones, and privacy protection behavior while setting up apps. Thus, response efficacy was measured by asking respondents the extent to which they agree that each of the seven actions contributes to the protection of their data against collection via mobile apps (e.g., “Do not allow the app to access your smartphone’s photo gallery unless necessary”) on a 7-point Likert-type scale from 1 (strongly disagree) to 7 (strongly agree). Two items (“Carefully read the terms and conditions when buying a smartphone”; Carefully read the terms and conditions when installing apps on the smartphone”) were dropped because their loadings in the exploratory factor analysis (EFA) using principal component analysis were less than 0.6 for both countries.

Privacy protection behavior while setting up mobile apps (PPB) was measured by asking respondents the extent to which they agree that they perform each of the seven actions (e.g., “Not allow a newly installed app to access your smartphone’s photo gallery unless necessary”) on a 5-point Likert-type scale from 1 (never) to 5 (very often). Compared with the other measured variables, a 5-point Likert-type scale was employed to measure PPB to diminish the bias of similar scale format and anchors on the behavioral research results (Podsakoff et al., 2003). Similar to response efficacy, two items (“I carefully read the terms and conditions when buying a new smartphone.”; “I carefully read the terms and conditions before installing a new app on my smartphone.”) were dropped because their loadings in the EFA were less than 0.6 in both samples. The results of EFA are shown in the online supplement material.

We then performed confirmatory factor analysis (CFA) with SPSS AMOS 26 to measure the invariance of the scales developed by the authors including five items for response efficacy (RE2, RE3, RE4, RE5, and RE7) and PPB (PPB12, PPB3, PPB4, PPB5, and PPB7) and assess the same constructs across the German and the Romanian sample. Four measurement invariance tests were initially conducted: configural, metric, scalar, and residual (van de Schoot et al., 2012; Putnik & Bornstein, 2016). The initial findings showed that the response efficacy and PPB scales have only partial metric, scalar, and residual invariance. Two items from PPB (PPB5, “Not allowing a newly installed app to access my smartphone’s contacts if not necessary,” and PPB 7, “Not allowing a newly installed app to access the location of my smartphone if not necessary”) were the source of noninvariance at all three steps. Hence, following existing literature (Putnik & Bornstein, 2016; Vandenberg & Lance, 2000), we dropped the items from the PPB scale and conducted new measurement invariance tests. The results of the final tests, presented in Table 1, showed configural, metric, and scalar invariance for the two scales. However, our findings showed partial residual invariance, with one residual left free in each scale.

Table 1.

Measurement invariance for response efficacy and privacy protection behavior.

	χ²	df	CFI	TLI	RMSEA	BIC	AIC	p-value for Δ χ²
Configural invariance	116.418	38	0.990	0.985	0.047 [0.038, 0.057]	218.396	216.418
Metric invariance	128.717	44	0.989	0.986	0.046 [0.037, 0.055]	218.458	216.717	0.06
Scalar invariance	135.253	50	0.989	0.987	0.043 [0.034, 0.052]	212.756	211.253	0.37
Partial residual invariance	138.802	56	0.989	0.989	0.040 [0.032, 0.048]	204.067	202.802	0.74

Note. N = 931; p < .001.

The results of the CFA are shown in Table 2.

Table 2.

Results of the CFA of response efficacy and privacy protection behavior in the Romanian and German samples.

Scales’ items	Germanrespondents	Romanianrespondents
Response efficacy while setting up apps To what extent do you agree that the following actions ensure the protection of your data against their collection through mobile apps?
RE2. Do not allow the app to access your smartphone’s photo gallery unless necessary.	0.84	0.84
RE3. Do not allow the app to access your smartphone’s microphone unless necessary.	0.94	0.93
RE4. Do not allow the app to access your smartphone’s camera unless necessary.	0.96	0.93
RE5. Do not allow the app to access the smartphone’s contacts unless necessary.	0.92	0.88
RE7. Do not allow the app to access the location unless necessary.	0.80	0.72
Privacy protection behavior To what extent do you agree with the statements below that refer to the actions you performed while setting up a mobile app?
PPB2. Not allowing the app to access your smartphone’s photo gallery unless necessary.	0.90	0.88
PPB3. Not allowing the app to access your smartphone’s microphone unless necessary.	0.95	0.97
PPB4. Not allowing the app to access your smartphone’s camera unless necessary	0.96	0.92

Note. N = 931.

Results

Reliability of the measurements and correlations

Findings revealed that the average variance extracted (AVE) is above 0.6, and composite reliability (CR) is higher than 0.7 in both samples. Hence, our results indicate the model variables’ internal consistency and convergent validity. Furthermore, we tested for multicollinearity between the variables, and the largest variance inflation factor (VIF) is 1.12. Table 3 shows, besides the values of AVE and CR, descriptive statistics and the values of bivariate correlations between the variables included in our model.

Table 3.

The average variance extracted, composite reliability, and bivariate correlations.

	Romanian sample			German sample			Pearson correlations
	α	AVE	CR	α	AVE	CR	1	2	3	4	5
1. PPB	.94	0.901	.961	.95	.915	.967	1	.173^a	.179^a	.113^b	.156^a
2. Susceptibility	.81	0.732	.857	.81	.742	.865	.010	1	.220^a	−.035	.166^a
3. Severity	.76	0.681	.813	.73	.658	.791	.085	.061	1	.006	.145^a
4. Self-efficacy	.72	0.643	.776	.73	.651	.784	.145^a	−.120^a	−.101^b	1	.176^a
5. Response efficacy	.93	0.792	.950	.95	.837	.963	.434^a	.080	.100^b	.119^a	1

Note. N = 931; α = Cronbach’s alpha; AVE = average variance extracted; CR = composite reliability; Pearson correlations below the diagonal are in the Romanian sample; Pearson correlations above the diagonal are in the German sample.

Correlation is significant at the 0.01 level (two-tailed).

Correlation is significant at the 0.05 level (two-tailed).

As shown in Table 3, significant bivariate correlations exist between PPB, self-efficacy, and response efficacy in the German sample. Contrary to our expectations, there is no significant correlation between PPB, severity, and susceptibility in the Romanian sample. The significant correlations are very low, except for the moderate bivariate correlation between PPB and response efficacy in the Romanian sample.

Hypotheses testing

To investigate the hypothesized model, we used SPSS AMOS 26 for SEM (Byrne, 2010). Results show that our hypothesized model for the entire sample fits the data (GFI = .936, AGFI = .913, CFI = .969, RMSEA = .039). We posited that susceptibility to online privacy threats positively relates to the severity of online privacy threats (H1). Results of the path analysis showed that susceptibility has a positive impact on severity only in the German sample (β = .29, p < .001). Moreover, we hypothesized that susceptibility to online privacy threats and severity of online privacy threats are positively related to PPB while setting up apps (H2a and H2b). Our findings show a significant path between susceptibility (β = .14, p = .008), severity (β = .18, p = .001), and PPB only in the German sample. Hence, H2a and H2b were supported by the German group.

We posited that self-efficacy positively relates to response efficacy (H3). Findings showed that self-efficacy positively relates to response efficacy in both the Romanian (β = .20, p < .001) and the German sample (β = .20, p < .001). Thus, we found evidence to support H3. Finally, we hypothesized that self-efficacy and response efficacy positively relate to PPB (H4a and H4b). Results showed that self-efficacy (β = .13, p = .011) and response efficacy (β = .38, p < .001) are positively related to PPB in the Romanian sample. Only self-efficacy relates to PPB within German respondents (β = .13, p = .014). Therefore, H4a and H4b were supported in the Romanian sample and partially in the German sample. Figure 2 shows the standardized coefficients for the model for each country.

Figure 2.

Models with standardized path coefficients for the German (left) and Romanian (right) participants.

To answer our research question (RQ1), we ran a multiple-group analysis that showed a significant difference between the models if we compared the Germans and the Romanians (CMIN = 1,126.29, DF = 18, p < .001). The results of the multi-group analysis presented in Table 4 highlighted that out of six hypothesized relations between variables, regarding the loadings, only two are similar in both countries, while the other four are different.

Table 4.

Comparison between German and Romanian respondents.

	German respondentsstandardized coefficients	Romanian respondentsstandardized coefficients	Chi test of differencebetween loadings
Susceptibility PPB	.14**	−.01	CMIN = 5.024, DF = 1, p = .025
Severity PPB	.18**	.05	CMIN = 3.975, DF = 1, p = .046
Self-efficacy PPB	.13*	.13*	CMIN = 0.740, DF = 1, p = .390
Response-efficacy PPB	.07	.38**	CMIN = 21.656, DF = 1, p < .000
Susceptibility Severity	.29**	.04	CMIN = 8.789, DF = 1, p = .003
Self-efficacy Response efficacy	.20**	.20**	CMIN = 1.859, DF = 1, p = .173

N = 931, Germany n = 479, Romania n = 452.

p < .05. **p < .01.

Discussion and conclusion

Our findings showed that susceptibility to online threats enhances the severity of the online threats, and both elements of threat appraisal are significantly related to PPB while setting up apps only in the case of the German respondents. Regarding the coping appraisal, our findings showed that self-efficacy in the general online context is positively related to PPB and response efficacy while setting up apps in both groups. However, response efficacy is not significantly related to PPB while setting up apps for the German respondents.

Our findings differ from previous studies on privacy protection behavior while setting up apps, which observed a relationship between the awareness of users that companies collect and use data and less engagement in privacy-protective behavior while setting up apps (Wottrich et al., 2019). Hence, contrary to our predictions, the awareness of data collection and the perceived severity of this practice have no impact on the protective behavior of Romanians.

German young adults engage in privacy protection behavior while setting up apps when perceiving the severity of online threats. Thus, our findings align with previous research that highlighted the strong connection between privacy concerns and protective behavior in the case of young adults (Masur, 2020, 2023). While young German adults perceive online data collection as a threat that leads to the engagement of privacy protection behavior during the setup of apps, Romanian young adults do not relate privacy protection behavior to threat appraisal. Cross-country differences can be explained by different perceptions of the relevance of the trusted environment in the two countries. As The Special Eurobarometer Digital Rights and Principles highlights, a trusted online environment where people are protected from cybercrime, illegal content, and goals is crucial for Germans (European Commission, 2021) but less relevant for Romanians. The historical factor explains the positive association between susceptibility and severity on one hand and severity of privacy protection behavior on the other hand in the case of German respondents. Given the existence of a legislative framework long before other countries, Germany shows society’s preoccupation with privacy concerns that are reflated in the relevance of threat appraisal elements for privacy protection behavior. Furthermore, the data collection took place during the COVID-19 pandemic (January to March 2021) only for German and not for the Romanian respondents. Hence, data collection time could have affected the perceived susceptibility and severity given the public discussions about implementing COVID-19 apps with tracking features.

Our findings aligned with previous studies that showed mixed results concerning the relationship between coping appraisal and privacy protection behavior (Boerman et al., 2021) as response efficacy is positively related to privacy protection behavior during the setup of apps, only in the case of the Romanian sample. Romanian young adults are more confident that they can protect their online data and report using the measurements of restricted access to smartphone features. Low levels of trust in public institutions result in increased self-reliance as Romanian young adults were confident in their ability to take action to safeguard their privacy while setting up a new app. Besides, as Germans have more trust in public institutions, they also perceived responsibility more as resting with higher authorities and only acting when faced with serious privacy threats. In contrast, Romanians with lower trust in public institutions (World Value Survey, 2021) acknowledge their individual responsibility.

Our study has theoretical and practical implications. Our research contributes to a better understanding of what determines young adults from two European countries, a Western European country, Germany, and an Eastern European country, Romania, to (not) engage in privacy-protective behavior during the setup of apps. The study adds to the existing literature on PMT by focusing on protecting behavior while setting up new apps. Compared with previous research (e.g., Boerman et al., 2021; Mousavi et al., 2020; van Ooijen et al., 2024), we investigated how individuals’ overarching privacy attitudes transfer in context-specific privacy behavior. Thus, compared with other studies focusing on privacy protection behavior while using apps (e.g., Wottrich et al., 2019), we found evidence that self-efficacy in online communication is positively related to the response efficacy while setting up a new app.

Moreover, the comparative approach can add nuances to the PMT based on elements specific to the diverse country contexts. We also contribute to the PMT from the methodological perspective, given the two measurement scales, response efficacy and privacy-protective behavior, while setting up apps we developed and tested. Even though previous literature showed that users are skeptical that they can do much to protect their data when using mobile apps, we found evidence of users’ awareness of being in control of apps’ access to their smartphone features while setting up apps.

Our study offers the opportunity to evaluate the assumptions of PMT critically. According to PMT, individuals are, to some extent, constantly vigilant and under threat concerning their privacy protection while using apps, and their self-efficacy and response efficacy while setting up apps affect their privacy protection behavior. However, our findings did not align with these assumptions given that threat appraisal elements did not significantly result in privacy protection behavior for the Romanian respondents, nor did response efficacy as a coping appraisal element result in privacy protection behavior for the German participants. Considering privacy’s complex and abstract nature, protection may require systemic changes to strengthen institutional responsibility and trust and not place the entire responsibility of privacy protection on app users. Furthermore, the complexity of the digital environment that is constantly evolving is a challenge for PMT, and social influence and norms are underemphasized by PMT, which oversees social dynamics.

Our study has practical implications for educators and policymakers in the two countries. In addition to developing and strengthening privacy regulations in the complex mobile communication environment, policymakers should promote digital literacy initiatives such as training young adults to raise awareness of the risk of data disclosure while using mobile apps and practical measures for privacy protection while setting up apps.

Limitations and future research

The present research had its limitations. First, it is not an experimental study; the collected data are self-reported, and privacy protection behavior, even though it referred to behavior the respondents engage with, was a self-assessed measurement. A more accurate version is the collection of data through observation. Moreover, the Romanian and the German samples are not representative samples. However, as cross-country comparisons looking at privacy protection in mobile communication are needed, our study provides insight into how young adults from Romania and Germany see privacy protection while setting up apps. According to the literature (Chancary et al., 2018), young adults are a digitally skilled demographic most aware of prior privacy violations experienced online and, therefore, the most prone to adopting privacy protection mechanisms. Therefore, investigating only an age group is a limitation of the present study, and future research should look at age-heterogeneous samples.

Given that smartphones are widely used worldwide, especially by young adults, future studies should look at cross-country differences in privacy protection behavior in countries from different geographical areas, including the Global South. Moreover, experimental research can contribute to a better understanding of the causal relationship that affects privacy protection behavior while setting up apps.

Future research must also consider other factors beyond access control, such as corrective behaviors, acceptance, and disengagement (Cho et al., 2020; Trepte, 2021) that may be relevant to privacy management during the setup of apps.

Overall, the present study on privacy protection while setting up apps offers significant benefits by enabling a deeper understanding of how different user groups, such as young adults from Germany and Romania, perceive and respond to privacy threats, allowing for the identification of commonalities and differences across different cultures.

Footnotes

Acknowledgements

The authors would like to thank the research participants.

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Ethical Approval

The research was approved by the Ethical Committee for the Research Evaluation, Faculty of Communication and Public Relations of the National University of Political Studies and Public Administration Bucharest.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: The research was founded by the Babes-Bolyai University SEED Development Founds.

Informed Consent

Respondents gave their informed consent before filling in the questionnaires.

ORCID iDs

Delia Cristina Balaban

Maria Mustățea

Valeriu Frunzaru

Data Availability Statement

Data is available on the OSF repository ().

Author Biographies

Delia Cristina Balaban (PhD European University Viadrina Frankfurt/Oder) is a professor at the Department of Communication, Public Relations, and Advertising within the Babes-Bolyai University in Cluj-Napoca, Romania. Her research interests include privacy protection behavior, political communication on social media, and social media influencers.

Maria Mustățea (PhD Babes-Bolyai University Cluj-Napoca) is an assistant professor at the Department of Communication, Public Relations, and Advertising within the Babes-Bolyai University in Cluj-Napoca. Her research interests include privacy protection and digital communication.

Valeriu Frunzaru (PhD Babes-Bolyai University of Bucharest) is an associated professor at the Department of Communication, within the National University of Political Studies and Public Administration in Bucharest. His research interests include research methods in online communication, with a particular focus on the impact of social media on the rise of materialistic values and anti-intellectualism.

References

Abokhodair

Hodges

(2019). Toward a transnational model of social media privacy: How young Saudi transnationals do privacy on Facebook. New Media & Society, 21, 1105–1120. https://doi.org/10.1177/1461444818821363

Altman

(1975). The environment and social behavior: Privacy, personal space, territory, and crowding. Brooks/Cole.

Ayaburi

E. W.

(2023). Understanding online information disclosure: Examination of data breach victimization experience effect. Information Technology & People, 36(1), 95–114. https://doi.org/10.1108/ITP-04-2021-0262

Bandura

(1997). Self-efficacy. The exercise of control. W. H. Freeman and Company.

Barth

de Jong

M. T. D.

(2017). The privacy paradox – Investigating discrepancies between expressed privacy concerns and actual online behavior: A systematic literature review. Telematics and Informatics, 34(7), 1038–1058. https://doi.org/10.1016/j.tele.2017.04.013.

Boehmer

LaRose

Rifon

Alhabash

Cotton

(2015). Determinants of online safety behaviour: Towards an intervention strategy for college students. Behaviour & Information Technology, 34(10), 1022–1035. https://doi.org/10.1080/0144929X.2015.1028448

Boerman

S. C.

Kruikemeier

Zuiderveen Borgesius

F. J.

(2021). Exploring motivations for online privacy protection behavior: Insights from panel data. Communication Research, 48(7), 953–977. https://doi.org/10.1177/0093650218800915

Byrne

B. M.

(2010). Structural equation modeling with AMOS: Basic concepts, applications, and programming (2nd ed.). Routledge/Taylor & Francis Group.

Chai

Bagch Sen

Morrell

Rao

H. R.

Upadhyaya

S. J.

(2009). Internet and online information privacy: An exploratory study of preteens and early teens. IEEE Transactions on Professional Communication, 52, 167–182.

10.

Chancary

Abdelaziz

Chiasson

(2018). Privacy concerns amidst OBA and the need for alternative models. IEEE Internet Computing, 22, 52–61. https://doi.org/10.1109/MIC.2017.3301625

11.

Chen

Atkin

(2020). Understanding third-person perception about internet privacy risks. New Media & Society, 23, 146144482090210. https://doi.org/10.1177/1461444820902103

12.

Cho

Goh

Z. H.

(2020). Privacy risks, emotions, and social media: A coping model of online privacy. ACM Transactions on Computer-human Interaction, 27(6), 1–28. https://doi.org/10.1145/3412367

13.

Cho

Rivera-Sánchez

Lim

S. S.

(2009). A multinational study on online privacy: Global concerns and local responses. New Media & Society, 11(3), 395–416. https://doi.org/10.1177/1461444808101618

14.

de Reuver

Nikou

Bouwman

. (2016). Domestication of smartphones and mobile applications: A quantitative mixed-method study. Mobile Media & Communication, 4(3), 347–370. https://doi.org/10.1177/2050157916649989

15.

Dogruel

Joeckel

Vitak

(2017). The valuation of privacy premium features for smartphone apps: The influence of defaults and expert recommendations. Computers in Human Behavior, 77, 230–239. https://doi.org/10.1016/j.chb.2017.08.035

16.

Elad

(2023). Mobile app industry statistics by millennial preferences, smart phone users, country, user retention, age group, spending over time. Mobile App Industry Statistics. https://www.enterpriseappstoday.com/stats/mobile-app-industry-statistics.html#google_vignette

17.

Engström

Eriksson

Björnstjerna

Strimling

(2023). Global variations in online privacy concerns across 57 countries. Computers in Human Behavior Reports, 9, 100268. https://doi.org/10.1016/j.chbr.2023.100268

18.

European Commission. (2021). Special Eurobarometer 518. Digital rights and principles.

19.

Eurostat. (2024). GDP and main components (output, expenditure, and income). https://ec.europa.eu/eurostat/databrowser/view/NAMA_10_GDP__custom_9906867/default/table?lang=en

20.

Ham

C.-D.

(2017). Exploring how consumers cope with online behavioral advertising. International Journal of Advertising, 36(4), 632–658. https://doi.org/10.1080/02650487.2016.1239878

21.

Inglehart

Welzel

(2005). Modernization, cultural change, and democracy: The human development sequence. Cambridge University Press.

22.

Joeckel

Dogruel

(2019). Default effects in app selection: German adolescents’ tendency to adhere to privacy or social relatedness features in smartphone apps. Mobile Media & Communication, 8(1), 22–41. https://doi.org/10.1177/2050157918819616

23.

Johnson

C. A.

(1974). Privacy as personal control. In Margulis

S. T.

(Ed.), Man-environment interactions: Evaluations and applications (pp. 83–100). Dowden, Hutchinson & Ross.

24.

Kokolakis

(2017). Privacy attitudes and privacy behavior: A review of current research on the privacy paradox phenomenon. Computers & Security, 64, 122–134. https://doi.org/10.1016/j.cose.2015.07.002

25.

LaRose

Rifon

N. J.

(2007). Promoting i-safety: Effects of privacy warnings and privacy seals on risk assessment and online privacy behavior. Journal of Consumer Affairs, 41(1), 127–149. https://doi.org/10.1111/j.1745-6606.2006.00071.x

26.

Madan

Savani

Katsikeas

C. S.

(2023). Privacy, please: Power distance and people’s responses to data breaches across countries. Journal of International Business Studies, 54, 731–754. https://doi.org/10.1057/s41267-022-00519-5

27.

Maddux

J. E.

Rogers

R. W.

(1983). Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology, 19(5), 469–479. https://doi.org/10.1016/0022-1031(83)90023-9

28.

Masur

P. K.

(2018). Situational privacy and self-disclosure: Communication processes in online environments. Springer. https://doi.org/10.1007/978-3-319-78884-5

29.

Masur

P. K.

(2020). How online privacy literacy supports self-data protection and self-determination in the age of information. Media and Communication, 8(2), 258–269. https://doi.org/10.17645/mac.v8i2.2855

30.

Masur

P. K.

(2023). Understanding the effects of conceptual and analytical choices on “finding” the privacy paradox: A specification curve analysis of large-scale survey data. Information, Communication & Society, 26(3), 584–602. https://doi.org/10.1080/1369118X.2021.1963460

31.

Masur

P. K.

Trepte

(2021). Transformative or not? How privacy violation experiences influence online privacy concerns and online information disclosure. Human Communication Research, 47(1), 49–74. https://doi.org/10.1093/hcr/hqaa012

32.

Meier

Schäwel

Krämer

N. C.

(2020). The shorter the better? Effects of privacy policy length on online privacy decision-making. Media and Communication, 8(2), 291–301. https://doi.org/10.17645/mac.v8i2.2846

33.

Morey

Schoop

(2015, May). Customer data: Designing for transparency and trust Don’t sacrifice long-term goodwill for short-term benefits. Harvard Business Review. https://hbr.org/2015/05/customer-data-designing-for-transparency-and-trust

34.

Mousavi

Chen

Kim

D. J.

Chen

(2020). Effectiveness of privacy assurance mechanisms in users’ privacy protection on social networking sites from the perspective of protection motivation theory. Decision Support Systems, 135, 113323. https://doi.org/10.1016/j.dss.2020.113323

35.

Organisation for Economic Co-operation and Development. (2023). Government at a glance 2023. https://doi.org/10.1787/3d5c5d31-en.

36.

Podsakoff

P. M.

MacKenzie

S. B.

Lee

J.-Y.

Podsakoff

N. P.

(2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879–903. https://doi.org/10.1037/0021-9010.88.5.879

37.

Putnick

D. L.

Bornstein

M. H.

(2016). Measurement invariance conventions and reporting: The state of the art and future directions for psychological research. Developmental Review, 41, 71–90. https://doi.org/10.1016/j.dr.2016.06.004

38.

Rogers

R. W.

(1975). A protection motivation theory of fear appeals and attitude change. The Journal of Psychology, 91(1), 93–114. https://doi.org/10.1080/00223980.1975.9915803

39.

Sedek

Ahmad

Othman

N. F.

(2018). Motivational factors in privacy protection behavior model for social networking. MATEC Web of Conferences, 150, 5014. https://doi.org/10.1051/matecconf/201815005014

40.

Shklovski

Mainwaring

S. D.

Skúladóttir

H. H.

Borgthorsson

(2014, April). Leakiness and creepiness in app space: Perceptions of privacy and mobile app use. In Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems (pp. 2347–2356). Association for Computing Machinery. https://doi.org/10.1145/2556288.2557421

41.

Singh

Hill

M. E.

(2003). Consumer privacy and the Internet in Europe: A view from Germany. Journal of Consumer Marketing, 20(7), 634–651. https://doi.org/10.1108/07363760310506175

42.

Sipior

J. C.

Ward

B. T.

Volonino

(2014). Privacy concerns associated with smartphone use. Journal of Internet Commerce, 13(3–4), 177–193. https://doi.org/10.1080/15332861.2014.947902

43.

Smit

E. G.

van Noort

Voorveld

H. A. M.

(2014). Understanding online behavioural advertising: User knowledge, privacy concerns and online coping behaviour in Europe. Computers in Human Behavior, 32, 15–22. https://doi.org/10.1016/j.chb.2013.11.008

44.

Trepte

(2021). The social media privacy model: Privacy and communication in the light of social media affordances. Communication Theory, 31(4), 549–570. https://doi.org/10.1093/ct/qtz035

45.

Trepte

Reinecke

Ellison

N. B.

Quiring

Yao

M. Z.

Ziegele

(2017). A cross-cultural perspective on the privacy calculus. Social Media + Society, 3(1). https://doi.org/10.1177/2056305116688035

46.

Trottier

(2017). Privacy and surveillance. In Burgess

Marwick

Powell

(Eds.), The sage handbook of social media (pp. 463–478). Sage.

47.

Vandenberg

R. J.

Lance

C. E.

(2000). A review and synthesis of the measurement invariance literature: Suggestions, practices, and recommendations for organizational research. Organizational Research Methods, 3(1), 4–70. https://doi.org/10.1177/109442810031002

48.

van de Schoot

Lugtig

Hox

(2012). A checklist for testing measurement invariance. European Journal of Developmental Psychology, 9(4), 486–492. https://doi.org/10.1080/17405629.2012.686740

49.

van Dijck

Poell

De Wall

. (2018). The platform society. Public values in a connective world. Oxford University Press.

50.

van Ooijen

Segijn

C. M.

Opree

S. J

. (2024). Privacy cynicism and its role in privacy decision-making. Communication Research, 51, 146–177. https://doi.org/10.1177/00936502211060984

51.

van Ooijen

Vrabec

H. U

. (2019). Does the GDPR enhance consumers’ control over personal data? An analysis from a behavioral perspective. Journal of Consumer Policy, 42(1), 91–107. https://doi.org/10.1007/s10603-018-9399-7

52.

Vishwanath

Ngoh

(2018). How people protect their privacy on Facebook: A cost-benefit view. Journal of the Association for Information Science and Technology, 69(5), 700–709. https://doi.org/10.1002/asi.23894

53.

Westin

A. F.

(1967). Privacy and freedom. Atheneum.

54.

Wilhelm

(2021). A socio-cultural and comparative approach to representations of digital technology. Privacy and “digital hygiene” in Germany. Interfaces Numériques, 10(21), 1–18. https://doi.org/10.25965/interfaces-numeriques.4589

55.

Witte

(1992). Putting the fear back into fear appeals: The extended parallel process model. Communication Monographs, 59(4), 329–349. https://doi.org/10.1080/03637759209376276

56.

World Value Survey. (2021). WVS wave 7. https://www.worldvaluessurvey.org/WVSContents.jsp

57.

Wottrich

van Reijsmersdal

Smit

E. G.

(2019). App users unwittingly in the spotlight: A model of privacy protection in mobile apps. Journal of Consumer Affairs, 53, 1056–1083. https://doi.org/10.1111/joca.12218

Understanding the Motivations of Young Adults to Engage in Privacy Protection Behavior While Setting Up Smartphone Apps: A Cross-Country Comparison Between Romania and Germany

Abstract

Keywords

Introduction

Theoretical framework

Privacy in online and mobile communication

The Protection Motivation Theory

Threat appraisal

Coping appraisal

Comparing Germany and Romania

Method

Sample

Measurements

Results

Reliability of the measurements and correlations

Hypotheses testing

Discussion and conclusion

Limitations and future research

Footnotes

Acknowledgements

Declaration of Conflicting Interests

Ethical Approval

Funding

Informed Consent

ORCID iDs

Data Availability Statement

Author Biographies

References