Measuring user confidence in social media security and privacy

Abstract

In today’s Information society it is an everyday scenario to be a part of an online community such as social media. Participation has become almost mandatory to the point of acting as a virtual extremity to one’s physical environment. This virtual extremity is the individual’s window to the outside world and vice versa. The process of being a part of social media has become very easy and user friendly where one is only a few private information entries away from communicating and connecting with the rest of the world. From the user’s perspective it may be a small price considering what it is gained from joining an online community, but with the rise of social networking platforms, arise privacy concerns regarding social networking services. It is questionable how many social media users consider the information they upload or post about online whether it’s their location, hobbies, employment places, age or any other private information. How many users actually read security and privacy terms when first registering for a social media account? What private information are individuals comfortable with entering and sharing on social networking sites? More and more loopholes are being found in social media frameworks that may compromise user’s privacy or that can be misused in a way that was not intended by the user. In 2010, the Google CEO Eric Schmidt was even quoted “ $\ldots$ If we look at enough of your messaging and your location, and use artificial intelligence, we can predict where you are going to go.” (Snickars, Pelle, Vonderau, 2012). That line alone raised a lot of concerns and questions about how exactly is the information users put online being used.

Keywords

Information privacy social media privacy concern

1. Personal data and privacy on social media

Based on the idea that to exist online, people must type themselves into being (Sundén, 2003) and Floridi’s condition of ‘onlife’ as a seamless merging of analogue and digital (Floridi, 2018), one can say that nowadays young adults have no other choice but to use existing social media to publish content such as photographs, posts or text and engage in the online community by reacting to other people’s content and commenting in order to be recognized and acknowledged (Marwick & Boyd, 2014). Since privacy is highly contextual, controlling it while engaging in social media depends highly on the ability to control the context of social media. Marwick and Boyd stated that teenagers think of privacy as an ability and a state of control over a situation including the information they share online (Marwick & Boyd, 2014). That privacy is endangered due to the increase of security risks that come with social media engagement. It is impossible to monitor where and how one’s personal data is being used. The language being used in privacy policies tend to use ambiguous words such as “may”, “reasonable time”, “might” which can be interpreted in several ways. As legal obligations force Facebook to make their privacy policy more extensive, Facebook users should consequently be more conscious and cautious about the protection of their accounts and information they publish through it. Users with less knowledge about the privacy settings are not sure about the amount of private information they are putting online and how much of that information is available to whom (Külcü & Henkoğlu, 2014). Due to a report of a research conducted by the European Commission in 2011 which showed a high level of user concern for data protection, a new draft directive on data protection was presented in 2012 (European Commission, 2012, as cited in Külcü and Henkoğlu, 2014). In 2017 the European Commission adopted a proposal for a Regulation on Privacy and Electronic Communications which should replace the Directive. The new 2017 Regulation advocates that user private information will be “used under strict conditions and for legitimate purposes and that organisations that collect and manage personal information must protect it from misuse and respect certain rights” (European Commission, 2021). The question still remains how can regular users protect themselves with these laws and regulations if they are written in terminology that is incomprehensible and can mean more than one thing.

2. Literature overview

Due to Facebook’s popularity, the platform as a subject matter is frequently used in social sciences research to determine the level of user privacy awareness (Külcü & Henkoğlu, 2014). Through the years, since Facebook went global or when it became more popular than MySpace in 2008, experts and researchers examined different aspects of privacy on Facebook. Areas covered over the years vary from social sciences, psychology, computer science, marketing and business. Most of the research about Facebook privacy settings for the last fifteen years was done focusing on the user privacy, potential risks of sharing private data, impression factors that influence Facebook users and norms of using the platform (Shiau, Dwivedi, Lai, 2018). Since 2006 when Facebook introduced News Feed, which at the time showed publicly every change that a user made to his/hers page (Hall, 2021), emerged a global concern for safety and privacy on the social media platform. Questions were asked about one’s private information on Facebook, and first researches appeared from different field studies. Early on, McKeon made an infographic of the Evolution of Privacy on Facebook based on statistics from Google, the Facebook Data Team and his own interpretation. The infographic showed a chart covering the period from 2005 to 2010 and in only five years there were significant changes in the rate of the private information Facebook obtained and made accessible to others (McKeon, 2010). Over the following years, the interest on this subject amongst the researchers only increased.

Privacy concerns and confidence in the ability to control the information that is being provided online, dates back as early as 2006 (Acquisti, Gross, 2006), when Facebook’s popularity was slowly rising and reaching a global audience. Tsay-Vogel, Shanahan and Signorielli examined the effects of Facebook use on privacy perceptions and self-disclosure behaviours from 2010 to 2015. During the five year period time, the researchers noticed younger users caring less about privacy settings, but as they matured they became more conscious about the kind of private information they publish online (Tsay-Vogel et al., 2018).

About privacy concern and related behaviour, wrote Buchanan et al., when they conducted a study of 1,515 examinees and developed a scale for measuring privacy-related attitudes including privacy concern and behaviours: general caution and technical protection (Buchanan et al. 2006). Further on, a three-art study examined disclosure on Facebook profiles. Researchers found a link between the amount of data published online and user age, that being the older the users got, the less information they provided publicly on Facebook (Nosko et al., 2010). This confirms the previous research done by Tsay-Vogel, Shanahan and Signorielli. In addition to topics covered, studies have been conducted on the subject of changes in user privacy and disclosure behaviour (Stutzman et al., 2013), to studies which analyse effective ways to do Facebook research which included concern about privacy (Wilson et al., 2012). Further on, Pereira, Xavier, and Prates got deeper into the issue of the challenges for users to understand the nature and options of Facebook privacy settings. Their research was based on a simulator that was provided to the examinees where they could explore different scenarios of adjusting privacy settings and understand the rules of how the platform works better (Pereira et al., 2014).

Saeri et al., integrated various theoretical approaches in their research in order to observe online privacy protection. They used the theory of planned behaviour, norm focus theory and variables which include perceived risk as well as trust. The conclusion was that not enough researchers included injunctive and descriptive norms when investigating online privacy protection and that the impact of trust towards social media as well as risk perceptions needs more theoretical base (Saeri et al., 2014).

The papers that inspired this research and whose author’s steps were applied as a part of the measurement were by Alexa K. Fox and Marla B. Royne and Hsuan-Ting Chen. Foy and Royne developed a measure of one user’s understanding of social media privacy policies and proposed a detailed list of suggestions on how to improve privacy policies’ text language in order to be more understandable to everyday users (Fox & Royne 2018). The later paper by Chen questioned the privacy paradox issue and included factors such as privacy self-efficacy to the existing measurement consisting of privacy concerns and self-disclosure as key components. What was confirmed was that social media visibility rate highly correlates with privacy concern both in the USA and in China, where the studies were carried out, but in Hong Kong privacy concern was negatively related to self-disclosure and not significantly related in the study conducted in the USA (Chen, 2018).

Observed from a global point of view, researchers did not go past children as the observed research population. A research was conducted by Staksrud, Ólafsson and Livingstone who gathered a sample of almost 1000 children from 25 European countries. They were interested to find out if the use of Facebook increases experiences of online risk among children, which as a research result confirmed their data (Staksrud et al., 2013).

Privacy settings and Facebook users are a moderately common topic for many excellent researchers internationally as noted previously in the literature review. There aren’t however many papers written on this subject in Croatia, especially papers covering the student population. Kosić is one of the authors who wrote about this issue with regard to the population of children. His work was concentrated in the ways children (8th grade of secondary school) use Facebook and what kind of information they view and share, and did not go into security and privacy issues (Kosić, 2010). Grmuša et al., in their work on parent’s and Facebook privacy discuss the trend of publishing photos of children and minors without their knowledge or consent, creating a certain digital identity without fully considering and understanding privacy policies. The researchers focused on parents as a research population and examined their awareness of: the privacy risks on Facebook, privacy protection mechanisms, GDPR regulation and the parent’s overall opinion about it (Grmuša et al., 2019). A research that was conducted among first-year students of the Faculty of Educational Sciences in Pula, gave results which showed that the examinees were not familiar enough with the rules of using data on the platform, or with privacy settings and neither with the conditions for using Facebook (Ružić-Baf et al., 2012). Pavuna in his research with the sample of the study being users aged 14 to 75 years, discovered that the research participants consider their privacy important, but they easily renounce and compromise it in order to use Facebook and other social media (Pavuna, 2019). This is in agreement with the previous privacy paradox theories mentioned where users are willing to give up on their privacy at the very beginning of creating a Facebook account.

3. Facebook privacy policy

Facebook privacy terms and conditions are difficult to interpret with certainty. The text is written in a way to encourage the user and instil confidence, but because of ambiguous sentences and occasional specific words used in the body text, suspicion arises that the text can be interpreted in favour of the platform more than in favour of the user. When reading general terms of Facebook services, in the section it says The permissions you giveus:

“Specifically, when you share, post, or upload content that is covered by intellectual property rights on or in connection with our Products, you grant us a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content (consistent with your privacy and application settings). This means, for example, that if you share a photo on Facebook, you give us permission to store, copy, and share it with others (again, consistent with your settings) such as service providers that support our service or other Facebook Products you use. This license will end when your content is deleted from our systems” (Facebook, 2021).

What this means is that Facebook can copy any content you post on the platform, but promises that if you delete the content it won’t be visible to anyone again. However, what the company doesn’t promise is to delete the content they copied from you, so basically it is still available, it may be still visible and subject to exploitation even when you delete your account entirely. Facebook’s privacy terms and conditions text is full of such ambiguities and an analysis and legal interpretation of every section could be conducted in consultation with attorneys and other professionals who can advise the user in a timely manner. But this is too much work for one individual who just wants to share a lovely image of an abroad location they just visited with their online community (at least from a user perspective). The fact that 1.7 billion users use Facebook (Shiau et al., 2018) helps tremendously with the trust the users have in the platform. It is alarming to think that user’s privacy is easily breachable and endangered in present-day informational era and the revised privacy framework does not resolve the problem and question of one’s safety in online surroundings (even though Facebook complies with current EU data protection law, which includes the GDPR) (Sevignani, 2016). Even today, when users have to allow “cookies” and other permissions to every site they visit online, there is uncertainty and doubt over how their private information is collected, stored, downloaded, shared, purchased, stolen, and (mis)used (Fox, Royne, 2018). Users give permissions to their private information despite their suspicions because in their estimation they have more to gain than to lose. They give up some privacy to be a part of a globally networked consumer society (Turow et al., 2008).

Facebook is commercially organised, as are most of the present social media services. That means it has to gain profit and since setting up an account on Facebook is free, profit must be obtained by the secondary use of user interactions. Users engage on social media, they communicate with their friends, family and public. They comment, watch and read news and posts, organize events, form groups and leave their online bread crumbs in a number of different ways. All of this data is gathered and later used for advertisement purposes which are targeted to the person who provided the data in the first place (Sevignani, 2016). All this being a vicious circle of mutual acceptance of goods, with a questionable true state of user’s safety and digital privacy.

4. GDPR and facebook

GDPR (General Data Protection Regulation) is a law that protects the personal data and privacy of the European Union members in terms of businesses exploiting personal data for commercial or other purposes. Since the GDPR went into effect on May 25th in 2018, this law affected Facebook as well and influenced the way it stores, collects and processes data. Facebook has undertaken steps to ensure it abides by the GDPR regulations, but that doesn’t mean big and small businesses aren’t responsible for using personal data (Vodić kroz GDPR za početnike, 2021). On the contrary, businesses of all kinds have to make sure they don’t run into legal issues if they don’t respect GDPR rules. What the new EU law brought to the Facebook users is the obligation to give permission for the information they put online to be used and in return advertisers must be transparent about the ways they use that information. Now, EU Facebook users should be able to withdraw their consent whenever they want, they should be able to see the information businesses are using at any time and should be able to edit or delete the information they want to provide (Villi, 2021). The trick is that Facebook is not responsible for businesses who do not comply by the GDPR rules and there are small but significant user design issues which are questionable and may serve as a further point of research in the future. Just to give an example, when accepting terms and conditions there is an accept and continue button which the user can hit regardless of whether he or she reads the information and scrolls all the way through the explanatory text. Users are being overwhelmed by the “read and accept” popping up windows that it is likely, they are just clicking the accepting button to get rid of the window without understanding what they are accepting and just hoping for the best. The GDPR regulations have tried to protect users, but what do users do to protect themselves?

5. Research and method

The aim of this research was to find out the degree of students’ awareness of the context that influences the ability for private information to stay private on social media. Given that social media is increasingly being used not only for entertainment, information but also education and shopping, it is interesting and crucial to investigate the literacy of the student population on social networks, since the assumption is that the student population has the highest level of media literacy considering their education levels and being constantly surrounded by social media.

Since the largest population active on social media is the younger demographics, ages from 16–24, (Chaffey, 2019) a questionnaire was conducted amongst the student population on the Faculty of Social Sciences and Humanities in the city of Osijek and Zadar. The fundamental aim of this research was to examine the awareness of the context that influences students’ privacy, their knowledge of privacy policies on social networks, their attitude toward sharing private information on social networks, toward safety and privacy on social media. The goal of the research is to influence the awareness of the academic community on the need for information literacy at a national level and to initiate active organization and participation in projects, workshops and lectures that will cover the field of personal data protection in the digital environment with an emphasis on social media. Four research questions were formulated:

1.
To what degree are users of social media aware of the amount of personal data they are providing the social networking sites?
2.
To what degree are users of social media concerned with possible misuse of their personal data by the social networking sites?
3.
To what degree are social media users aware of the way their private information is used by social networking sites?
4.
To what degree are users of social media concerned with the personal data they are providing the social networking sites?

The survey questionnaire was set up online, consisting of several Likert scales measuring respondents’ attitudes and awareness of proposed elements that influence privacy. The questions were based on Facebook privacy policy content analysis, researches done by Fox and Royne (Fox & Royne, 2018) and Chen (Chen, 2018). The aim was to examine existing knowledge and attitudes about Facebook privacy rules as well as the degree of self-confidence and concern about the sharing and misuse of private information. Sample of students was gathered from the pool of students at the Osijek and Zadar University. Questionnaire was prepared in a way that can be as easily used on a mobile phone or tablet as well as on a personal computer or laptop.

A total of 163 questionnaires were submitted by the students. Call for participation in the research was sent to official university e-mails of all students of Faculty of social sciences and humanities, University of Osijek and Department of information sciences, University of Zadar. All together 1489 e-mails were sent, but it is unclear how many students were reached. It is known fact that a lot of students, especially at Faculty of social sciences and humanities, University of Osijek do not use official e-mail, but use private gmail and similar accounts instead. For that reason, calculating precise turnout was not possible. For the same reason it was impossible to draw a representative sample, but gender and age results are in agreement with both Osijek and Zadar students’ statistics. In the text below and showed in Table 1 the analysis of demographic data was provided.

Table 1
Privacy concerns

Privacy concerns – PC Mean Crombah Alpha

The information I submit on social media could be misused 3.75 0.912

Anyone can find private information about me on social media 3.65

Information shared on social networks can later be used to the detriment of the individual 3.97

Information shared on social networks can later be used in a way that was not originally intended 4.06

Figure 1 shows the percentage of gender of the respondents. There were 122 female and 41 male respondents. Higher number of female students is consistent with the demographic statistics of social sciences and humanities studies at Osijek and Zadar university. 16 students did not have Facebook accounts, so 147 students entered the final analysis.

Figure 1.
Gender distribution.

Figure 2 shows the age distribution of the respondents. Most of the respondents belong to the category of 19–23 years of age, which makes up the average student population.

Figure 2.
Age distribution.

6. Privacy and misuse concern

Privacy concerns – PC	Mean	Crombah Alpha
The information I submit on social media could be misused	3.75	0.912
Anyone can find private information about me on social media	3.65
Information shared on social networks can later be used to the detriment of the individual	3.97
Information shared on social networks can later be used in a way that was not originally intended	4.06

For measurement of personal data privacy and misuse concern two Likert scales were used. Both showed very high internal consistency (Crombah Alpha $>$ 0.9) and items’ scores were averaged to form indexes.

Likert scale was adapted from Chen (Chen, 2018) and respondents were asked to rate their concern on a measurement scale from 1 (Not concerned at all) to 5 (Very concerned).

On average respondents exhibit concern that is firmly on a positive end of a scale although far from the extreme showing somewhat concern for personal data privacy.

Table 2 shows respondent’s degree of misuse concern. Likert scale was formed with 9 items with the same (Not concerned at all) to 5 (Very concerned) measurement scale.

Table 2
Misuse concern

Misuse concern – MC	Mean	Crombah Alpha
I am concerned that my personal Facebook account could be hacked at any time which could result in the theft of personal information	3.37	0.941
I am concerned that my personal Facebook account could be hacked at any time which could result in redirecting my friends/followers to malware	3.46
I am concerned that Facebook collects data through my account about when, where and in what way I use the social media	3.45
I am concerned about whether my Facebook account will be a victim of a Phishing attack	3.18
I am concerned that my Facebook account will be compromised and that cyber criminals will hack all my Facebook friends’ accounts through my account	3.09
I worry about whether my Facebook account will be compromised via Botnet network	3.03
I am concerned whether Facebook will share my data with independent entities, without my knowledge or consent	3.50
I am concerned whether I will become a victim of cyberbullying or stalking	3.24
I am concerned about how Facebook uses my location information because I use a smartphone to access the platform, and my location is automatically recorded	3.65

Misuse concern is again, on average, on the positive end of the scale with all items but obviously to a somewhat lesser degree then with the privacy concern.

6.1 Objective and subjective understanding of privacy policies

Objective understanding of privacy policies were formed by adapting 7 items from Fox and Royne’s 2018 Consumers’ understanding of social media privacy policies (Fox & Royne, 2018) Likert scale (CUSPP) which were expanded with additional 4 items. Respondents were asked to rate their agreement on a 1 (strongly disagree) to 5 (strongly agree) measurement scale with overall internal consistency of Crombah Alpha $=$ 0.833. Items’ scores were averaged to form an index.

Table 3
Objective understanding of privacy policies

Objective understanding of privacy policies – OUPP	Mean	Crombah Alpha
Information about me can be shared with Facebook’s third-party affiliates	3.52	0.833
If the owner of the social networking site changes, my information can be transferred to the new owner	3.69
When I add content to the social networking site, the site will collect this data for future use	4.03
If I modify my personal information, the site can keep a copy of the original information	3.97
If I choose to delete my account, my information can still be retained on the site	3.93
If I interact with third-party affiliates through the social networking site, those affiliates will receive my personal information	3.57
The information that I provide can be copied by anyone who can see it	4.32
Facebook places cookies on my computer and other devices I use	4.32
Facebook allows third-parties to place cookies on my computer regardless of whether I have a Facebook account and whether I am logged in or not	3.67
Facebook identifies the website I visit after leaving the social networking site	3.80
Facebook uses the information shared about me by my connections on the site	3.86

All items are formulated as being essentially true so overall agreement on average level of mostly “Somewhat agree” show that respondents mostly understand Facebook privacy policies albeit not with absolute certainty.

Subjective understanding of privacy policies was adapted from Fox and Royne (Fox & Royne, 2018) example on subjective knowledge, and respondents were asked to rate their agreement on a 1 (strongly disagree) to 5 (strongly agree) measurement scale with overall internal consistency of Crombah Alpha $=$ 0.910. Items’ scores were averaged to form an index. Table 4.

Table 4

Subjective understanding of privacy policies

Subjective understanding of privacy policies – SUPP	Mean	Crombah Alpha
I fully understand the social networking site’s privacy policy	3.25	0.910
I understand the terms used in the privacy policy	3.35
I am confident in my understanding of the privacy policy	3.33
I understand how my data will be used	3.23
I understand enough about the privacy policy to feel safe when sharing content and information	2.99
I am familiar with how my data will be used	3.01
I could explain the privacy policy to others	2.48
I’m sure I know how to block spam or unwanted content on social media	4.15

Interestingly on average subjective confidence in understanding privacy policies seem to be somewhat lesser than objective assessment. It seems that respondents understand the privacy policies better than they think they do.

6.2 Privacy self-efficacy and self disclosure

According to Dienlin and Metzger (Dienlin & Metzger, 2016) Privacy concern is negatively correlated with privacy self-efficacy and self disclosure. In this research both factors self-efficacy and self disclosure were adapted from Chen 2018. On both Likert scales respondents were asked to rate their agreement on a 1 (strongly disagree) to 5 (strongly agree) measurement scale with high internal consistencies (Crombah Alpha $>$ 0.8). Items’ scores were averaged to form indexes.

The level of privacy self-efficacy was to show how confident the respondents feel about the privacy settings on Facebook (Crombah Alpha $=$ 0.866). The sample questions were taken from Privacy Paradox research paper by Chen (Chen, 2018).

Table 5
Privacy self-efficacy

Privacy self-efficacy – PSE	Mean	Crombah Alpha
I feel confident enough about my relationship with Facebook and the way it collects and uses my personal information	3.13	0.866
I feel confident enough to learn new skills to protect my privacy on Facebook	3.68
I feel confident enough when it comes to recognizing and blocking unwanted content on Facebook	4.09
I feel confident enough when it comes to adjusting my Facebook privacy settings	3.88
I feel confident enough when it comes to managing my personal profile on Facebook	4.09

As shown in the results table respondents Privacy self-efficacy tends to be positively rated with the Self disclosure being the opposite.

Self disclosure statements were to show what kind of content the respondents were sharing in order to see if there is any correlation with the level of confidence and concern about privacy on social media (Crombah Alpha $=$ 0.809). Some of the questions were adopted from Chen’s research paper on Privacy Paradox (Chen, 2018).

Table 6

Self disclosure

Self disclosure – SD	Mean	Crombah Alpha
I like to share my personal moods	1.61	0.809
When I have something to say, I like to share it on social media	1.58
I always find time to keep my social media profile up to date	1.88
I share life events	1.93
I often use location tagging	1.54

All items in the Self disclosure scale have the average score on the negative end of the measurement scale with all of them being between strongly and somewhat disagree. This shows self disclosure is not something respondents on average do very often. Correlation analysis will show that privacy concern may not be the reason.

6.3 Sharing of personal content and personal information

With the last two factors sharing of separately personal information and personal information were measured.

Sharing of personal information. Respondents were asked to indicate which of given personal information they share on their profile. Index was calculated as the number of items shared. Internal consistency was satisfactory (Crombah Alpha $=$ 0.719).

Information sharing was included in the questionnaire in order to show not only what kind of content the respondents share on social media, but what kind of exact information they make visible whether to everyone or just themselves and thus Facebook as well (Crombah Alpha $=$ 0.719).

Table 7
Information sharing

Information sharing – IS	%	Crombah Alpha
Email address	19.7	0.719
Legal name and surname	93.9
Phone number	5.4
Gender	91.2
Birth date	68.7
Hobbies	23.8
Residence location	45.6
Visited locations	18.4
Marital status	21.1
Family and Relationships	23.1
Education	70.1
Workplace	18.4
Number of Facebook friends	40.1
List of Facebook Friends	26.5

Results show that almost all respondents use their real name for their profile which mostly also show the gender. Birth date and education is disclosed by more than 2/3 of respondents. All other information mostly not shown publicly Sharing of content. Similar to personal information respondents were asked to indicate which of the given content they usually share. Internal consistency in this case is rather low but still above minimum for use in the analysis (Crombah Alpha $=$ 0.613).

Table 8

Content sharing

Content sharing – CS	%	Crombah Alpha
Cultural topics	41.5	0.613
Political topics	6.1
Religious topics	4.1
Entertainment topics	47.6
Private life	36.7
Business life	7.5
Personal religious attitudes	17.0
Personal political views	4.8
Personal life moments	25.2

As for sharing content, cultural, entertainment and private life topics are the most shared content.

6.4 Correlation matrix

All 7 factors were intercorrelated which produced two uncorrelated clusters. As expected, both concern factors are strongly correlated and moderately negatively correlated with self-efficacy which is in turn positively correlated with subjective understanding of privacy policies.

Figure 3.

Correlation matrix. *Correlation significant at the 0.05 level; **Correlation significant at the 0.01 level.

On the other hand there is a complete lack of correlation with sharing and self disclosure. Also objective and subjective understanding of privacy policies are not correlated with objective one having low but significant correlation with self disclosure.

7. Discussion

Even after 15 and more years of observing and questioning social media users, researchers are puzzled by the issue of the privacy paradox, which in principle says that users are concerned about privacy but use social networks anyway even though they are aware the platforms use their private data for company gain (Chen, 2018).

Obtained sample can be considered representative for social sciences and humanities students which have similar gender ratio at all Croatian universities and age distribution is typical for student population in general. This research shows that students in the obtained sample are moderately concerned both about their privacy and about possible misuse of their private data and that those concerns are highly correlated. Moreover both are negatively correlated with privacy self-efficacy. We can say that the more students are concerned about their private data, the less they feel they are in control of their privacy. Beside that, the less they think they understand privacy policies to a somewhat higher degree they are more concerned about their privacy and the more they think they understand privacy policies the more they feel self-efficient on their privacy. We can argue that all factors are more or less subjective and show what students perceive. This confirms what Fox and Royne concluded in their first study and that is the objective and subjective knowledge about the subject of privacy doesn’t really reflect what they actually know, but rather what they think they know (Fox & Royne, 2018). The other four factors consist of more objective elements; content sharing, information sharing, self disclosure and objective understanding of privacy policies. Three sharing factors are more or less indicators of behaviour and all three show moderately high positive intercorrelation with self disclosure being somewhat negatively correlated to objective understanding of privacy policies. We can argue that all 7 factors form one objective and one subjective cluster both of them being completely uncorrelated with each other. This seems to be in contradiction to results of Chen (2018) who showed that the users profile visibility was limited due to privacy concerns. It could be argued that Chen research was conducted on the general population which may be stated is different from the student population. Also, there might be some cultural differences, but it may also be consistent with Uses and gratification theory (Katz et al., 1973). This line of reasoning might be highly speculative, and not supported by data in this research, but results suggest that since sharing and self-disclosure is not correlated to privacy concern, self-efficacy and subjective understanding there must be something else that dominantly influences sharing and self disclosure or that gratification from the use outweighs concern or renders it insignificant however strong it may be. It also might be that students’ motives or young people’s motives in general, as a basis for gratification, are considerably different from the general population.

8. Conclusions

There is no correlation between privacy concern and private information and content sharing. According to the results, it is concluded that privacy concern is a subjective attitude that is not related to sharing behaviour and objective understanding of privacy policies. Another factor affects the amount of content sharing, but it is not a matter of what will happen to the content that is being shared or how and who will use it. What can also be argued is that what the respondents think is at least partially interconnected and what they do is interconnected, but what they think and what they do shows no correlation. Possible explanation: What they do is driven by need, what they think is not. The need can be explored through future research. And this would be in line with the Uses and gratification theory according to which the use of all media, including social ones, represents the satisfaction of needs and gratification outweighs concern or renders it insignificant, however strong it may be.

The results gave a clearer picture of the attitude of the student population towards the protection and sharing of private information on social media. Overall, the studied student population think they know less than they actually do about privacy policies and they showed somewhat concern for personal data privacy they provide on social media and are somewhat concerned with possible misuse. These results are indicators that there is a need to promote awareness and to protect personal information not only on social media, but in the online environment in general.

One side of the research was observed, i.e. how users behave on social media and what are they doing with their private information. It would be interesting to see how users behave towards other people’s private information? Is their behaviour and attitude toward other people’s private information related to the amount of private information they share and make visible? Are we faced with a generation of digital introverts who are willing to observe the social media community, but not actively participate in creating content? Are Croatian young adults migrating to another social media platform where they are more engaged and if so what is their attitude toward privacy policies there? New questions open as the ones that are asked are closed, but what remains is the ever going issue of how safe users are on social media and what are they doing to protect themselves?

References

Acquisti

Gross

(2006). Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. Lecture Notes in Computer Science, 4258, 36-58. 10.1007/11957454_3.

Buchanan

Carina

Joinson

A. B.

Ulf-Dietrich

(2006). Development of Measures of Online Privacy Concern and Protection for Use on the Internet. Journal of the American Society for Information Science and Technology, 58(2), 157-65.

Chaffey

(2019). Global Social Media Research Summary 2019: Smart Insights. Smart Insights. https://www.smartinsights.com/social-media-marketing/social-media-strategy/new-global-social-media-research/.

Chen

(2018). Revisiting the Privacy Paradox on Social Media With an Extended Privacy Calculus Model: The Effect of Privacy Concerns, Privacy Self-Efficacy, and Social Capital on Privacy Management. American Behavioral Scientist, 62(10), 1392-1412. doi: 10.1177/0002764218792691.

Dienlin

, & Metzger

M. J.

(2016). An extended privacy calculus model for SNSs: Analyzing self-disclosure and self-withdrawal in a representative U.S. sample. Journal of Computer-Mediated Communication, 21, 368-383. doi: 10.1111/jcc4.12163.

European Commission, (2021). Digital privacy. https://digital-strategy.ec.europa.eu/en/policies/digital-privacy.

Facebook.com. (2021). Facebook. https://m.facebook.com/terms/.

Fox

, & Royne

(2018). Private Information In A Social World: Assessing Consumers’ Fear And Understanding Of Social Media Privacy. Journal Of Marketing Theory And Practice, 26(1-2), 72-89. doi: 10.1080/10696679.2017.1389242.

Grmuša

Tomulić

A.M. i.

(2019). Zaštita privatnosti djece i maloljetnika na društvenoj mreži Facebook: navike i iskustva roditelja. Communication Management Review, 4(1), 78-97. doi: 10.22522/cmr20190141.

10.

Hall

(2021). Facebook: Overview, History, & Facts. https://www.britannica.com/topic/Facebook.

11.

Katz

Haas

, & Gurevitch

(1973). On the use of the mass media for important things. American Sociological Review, 38(2), 164-181. doi: 10.2307/2094393.

12.

Kosić

(2010). Online društvene mreže i društveno umrežavanje kod učenika osnovne škole: navike facebook generacije. Život i škola, LVI (24), 103-125. https://hrcak.srce.hr/63281.

13.

Külcü

Ö.

, & Henkoğlu

(2014). Privacy in social networks: An analysis of Facebook. International Journal Of Information Management, 34(6), 761-769. doi: 10.1016/j.ijinfomgt.2014.07.006.

14.

Floridi

(2018). Soft ethics and the governance of the digital. Philosophy and Technology, 31(1).

15.

Marwick

A. E.

, & Boyd

(2014). Networked privacy: How teenagers negotiate context in social media. New Media & Society, 16(7).

16.

McKeon

(2010). The evolution of privacy on Facebook: Changes in default profile settings over time (online). http://mattmckeon.com/facebook-privacy/.

17.

Nosko

Wood

, & Molema

(2010). All about me: Disclosure in online social networking profiles: The case of Facebook. Computers In Human Behavior, 26(3), 406-418. doi: 10.1016/j.chb.2009.11.012.

18.

Pavuna

(2019). Paradoks privatnosti: empirijska provjera fenomena. Politička misao, 56(1), 132-162. doi: 10.20901/pm.56.1.05.

19.

Pereira Junior

de Rezende Xavier

, & Prates

(2014). Investigating the Use of a Simulator to Support Users in Anticipating Impact of Privacy Settings in Facebook. Proceedings Of The 18th International Conference On Supporting Group Work, 63-72. doi: 10.1145/2660398.2660419.

20.

Ružić-Baf

Radetić-Paić

M. i.

, & Jovanović

(2012). Jesu li društvene mreže sigurne?Školski vjesnik, 61(4), 563-575. https://hrcak.srce.hr/94788.

21.

Saeri

Ogilvie

La Macchia

Smith

, & Louis

(2014). Predicting Facebook Users’ Online Privacy Protection: Risk, Trust, Norm Focus Theory, and the Theory of Planned Behavior. The Journal Of Social Psychology, 154(4), 352-369. doi: 10.1080/00224545.2014.914881.

22.

Sevignani

, (2016). Privacy and capitalism in the age of social media. New York: Routledge, p. 1.

23.

Shiau

Dwivedi

, & Lai

(2018). Examining the core knowledge on facebook. International Journal Of Information Management, 43, 52. doi: 10.1016/j.ijinfomgt.2018.06.006.

24.

Snickars

Vonderau

(2012). Moving Data: The Iphone And The Future Of Media. New York: Columbia University Press.

25.

Staksrud

Ólafsson

, & Livingstone

(2013). Does the use of social networking sites increase children’s risk of harm?Computers In Human Behavior, 29(1), 40-50. doi: 10.1016/j.chb.2012.05.026.

26.

Stutzman

Gross

, & Acquisti

(2013). Silent Listeners: The Evolution of Privacy and Disclosure on Facebook. Journal Of Privacy And Confidentiality, 4(2). doi: 10.29012/jpc.v4i2.620.

27.

Sundén

(2003). Material Virtualities: Approaching Online Textual Embodiment. New York: Peter Lang.

28.

Tsay-Vogel

Shanahan

, & Signorielli

(2018). Social media cultivating perceptions of privacy: A 5-year analysis of privacy attitudes and self-disclosure behaviors among Facebook users. New Media & Society, 20(1), 141-161. doi: 10.1177/1461444816660731.

29.

Turow

Hennessy

, & Bleakley

(2008). Consumers’ Understanding Of Privacy Rules In The Marketplace. Journal Of Consumer Affairs, 42(3), 411-424. doi: 10.1111/j.1745-6606.2008.00116.x.

30.

Villi

(2021). GDPR and Facebook: all you need to know. https://leadsbridge.com/blog/guides/gdpr-and-facebook-all-you-need-to-know-to-keep-advertising-safely/.

31.

Vodič kroz GDPR za početnike – GDPR Informer. (2021). https://gdprinformer.com/hr/vodic-kroz-gdpr.

32.

Wilson

R. E.

Gosling

S. D.

, & Graham

L. T.

(2012). A Review of Facebook Research in the Social Sciences. Perspectives on Psychological Science, 7(3), 203-220. doi: 10.1177/1745691612442904.