Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2017
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Review Draft of 11 March 2017
Roger Clarke **
© Xamax Consultancy Pty Ltd, 2017
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/SOS/MPCA.html
Corporations acquire data about people in various ways. In some cases, they may purchase it from the individuals, in what are reasonably described as 'personal data markets'. In addition to such 'primary' markets, several forms of secondary market exist in which corporations trade data among themselves, without any involvement of the individuals who the data relates to. Relevant literature exists in journals and conferences in the IS and cognate disciplines, and the leading journal Electronic Markets published a Special Issue on the topic in mid-2015.
A critical content analysis was undertaken of the papers in that Special Issue. The research method was developed by reference to the literature on content analysis and literature review. The analysis concluded that the perspectives adopted by almost all the researchers were very strongly oriented towards the interests of corporations, with the interests of the data subjects primarily treated as constraints on the achievement of corporations' objectives, rather than as the objectives of one of the stakeholders.
The lack of balance is all the more striking because the Special Issue considered only primary personal data markets, in which people are not only data subjects but also participants, on one side of the market being studied. This gives rise to concern that the IS and cognate disciplines may be failing their academic obligations, by functioning as a service to business rather than as dispassionate, scientific observers of phenomena.
The term 'personal data markets' describes contexts in which the trading of data about individuals occurs. Although such transactions have been conducted for many years, it is only recently that a formalised research domain has begin to emerge within the Information Systems and cognate disciplines, An early-2017 Google Scholar search on <"personal data markets"> generated only 80 hits and <"personal information markets"> 79. On the other hand, searches on <"personal data" markets> generated 55,300 results, and <"personal information" markets> 107,000. Even allowing for substantial over-inclusiveness, it is clear that a moderately-sized literature pre-dates the generic terms coming into use.
The operation of such markets has substantial negative impacts on the privacy and consumer interests of the people whose data is traded, and some aspects of them violate data protection laws. Given that complexities and stakeholder conflict are inherent in personal data markets, it is reasonable to expect that research into them will reflect multiple interests.
An appropriate theoretical lens through which to observe this research genre is the notion of researcher perspective, which takes into account the power relationships among the stakeholders in information systems. Preliminary findings from studies of published IS research have suggested a very strong emphasis by researchers on the interests of system sponsors, to the detriment of people affected by systems.
It would be valuable to understand what researcher perspectives are adopted in the field of personal data markets. To address this question, content analysis was undertaken of a Special Issue on the topic published by the leading journal, Electronic Markets. Given the contested nature of personal data markets, it was necessary to take considerable care with the design of the research method. Drawing on hermeneutic approaches to literature review and critical discourse analysis, a discplined form of critical content analysis was developed and applied.
The paper commences by introducing the concept of personal data markets, and summarising the theory of researcher perspective through which the works are observed. In order to devise an appropriate content analysis method, the paper reviews the relevant research methods literature. The results of the critical content analysis are then presented. The final section suggests the implications of the work for research in IS and cognate disciplines in the area of personal data markets, and in other domains in which deep conflicts exists among stakeholders' interests.
A market or marketplace is a physical context in which buyers and sellers discover one another and transact business. An electronic market or marketspace differs in that the context is virtual rather than physical (Schmidt 1993, Rayport & Sviokla 1994, Bakos 1998, Segev et al. 1999, Weill & Vitale 2001). As with its correlates in physical places, an electronic market comprises tradable items, participants, processes that facilitate trading, and infrastructure that supports the participants and the processes (Benjamin & Wigand 1995, Schmid 1997, Kambil & van Heck 1998, Clarke 2001).
Participants in markets are depicted in Figure 1. They include sellers and buyers, sometimes agents for either or both of them, usually service-providers, and possibly an intermediary, usefully referred to in electronic contexts as a 'marketspace operator'. Key benefits that any particular instance of a market offers are the ability for buyers and sellers to discover one another, to discover what items are on offer, to develop sufficient confidence to be prepared to conduct the transaction, and to negotiate an agreement. A market may also facilitate the delivery of the goods or performance of the services.
In personal data markets, the tradable item is data that is associated or associable with individuals. Figure 1 includes a feature not needed when modelling markets generally. Because the tradable item in at least one direction is (copies of) personal data, an additional stakeholder in the operations of such markets exists, the person to whom the data relates, commonly referred to as the data subject.
Although there are instances of personal data traded on physical media (such as signed photographs of film-stars), data is mostly traded electronically in machine-readable form, and hence the focus of this research is on marketspaces. Property law (specifically, in common law countries, that of chattels) applies to a physical storage medium, but neither the law of chattels nor any of the variants of intellectual property law apply to the data itself. A variety of other laws do apply, however, in particular data protection laws, and personal data markets need to reflect those laws.
Personal data markets take a variety of forms. One distinguishing factor is whether the data subject is or is not a participant. A second factor reflects the manner in which the data came to be in the seller's possession. See Table 1. These factors are significant when considering the rights of sellers and buyers, and of data subjects; but also when assessing the quality of the tradable item, the external impacts of trading, and the regulatory context within which the market operates.
The seller is the person to whom data relates, and the buyer is some other entity.
The seller is an entity other than the person to whom the data relates, and the buyer is some other entity, and:
2.1 the seller acquired the data from the person to whom the data relates;
2.2 the seller created the data rather than acquiring it; and
2.3 the seller acquired the data from some other entity.
In a primary personal data market, a person trades personal data about themselves to another party, generally a corporation. The person's actions may be more or less conscious, more or less intentional, and more or less well-informed. Because in most cases buyer-corporations have considerably greater market power than seller-individuals, questions arise about the contractual terms and conditions that apply to transactions, the meaningfulness and informedness of consent, and the availability of choice.
In the first form of secondary market, an organisation that has acquired data about a person from that person trades it to another party. Some forms of trafficking in 'mailing list' data are of this nature, as are some instances of dealing in customer profiles and transaction data gathered in Web commerce. This is also one of the mechanisms whereby personal data is pooled into credit, insurance and tenancy surveillance databases.
The second form of secondary market involves an organisation that has created personal data about individuals trading it to another party. Examples of originating parties include informants, paparrazzi and investigators (e.g. private detectives, and insurance and law enforcement agencies). There are many circumstances in which use of the Internet, particularly the Web, gives rise to the collection of personal data about a user by a corporation in a manner that is sufficiently surreptitious that individuals are generally unaware of it and cannot meaningfully be regarded as market participants. An aphorism current since 2010 encapsulates the problem: "If you're not paying for it, you're not the customer; you're the product being sold". Moreover, the range of surveillance mechanisms is increasing, with streams of personal data flowing from devices that carry people, such as motor vehicles, devices that are carried by people, such as handheld computing equipment, and progressively devices that are worn by people, and are inserted into people.
In the third category of secondary market, a party trades to a second party data about a third party that is in its possession but that it neither acquired from the individual concerned nor created. The longstanding term `surveillance society' (Lyon 1994) has been joined by `surveillance economy' (Davies 1997, Hirst 2013), as a means of conveying how the `direct marketing' mechanisms of two to five decades ago have developed into heavy reliance by corporations on the acquisition of detailed electronic dossiers of information on large numbers of individuals, through any and all of the market categories identified above.
In primary markets, individuals are participants. In secondary markets, on the other hand, the data subjects are not involved in the trafficking of data that relates to them. The term `usees' is usefully applied to individuals who are not themselves `users' of a system, but who are affected by it (Clarke 1992, Fischer-Hübner & Lindskog 2001, Baumer 2015).
In principle, in most countries of the world, data that relates to an identifiable person is subject to considerable constraints. Greenleaf (2014 , 2017) documents the 120 countries with comprehensive data privacy laws in place in January 2017. The most economically and politically significant country that fell short at the time was the China (although some recent progress has been made), with the only other large countries yet to achieve an adequate level being Brazil, Egypt, Iran, Saudi Arabia and Sri Lanka.
There are many important qualifications to the bland statement about a country having laws in place. Of particular importance is the USA, which is an outlier in these matters in that, rather than having a generic data protection law, it has hundreds of laws in multiple jurisdictions that relate to specific contexts, most of them partial and very weak (Smith 2013). The significance of US law arises from the country's dynamism in the electronic commerce space generally, the dominance of US-based corporations in the practice of personal data collection, expropriation and exchange, and the tendency for other countries to tolerate the practices of US corporations, even where these breach local law. The expansion of Chinese enterprises elsewhere in the world gives rise to similar concerns.
Even in the jurisdictions with the strongest protections, generally across Europe but also in places such as Hong Kong, New Zealand and South Korea, there are large numbers of exemptions and exceptions within the data protection statute, and large numbers of separate legal authorisations in other statutes that are designed to override or create loopholes in the generic law. Moreover, in many countries the provisions relating to data subject consent are highly unclear and as yet unchallenged, permit token rather than substantive consent, or tolerate 'opt-out' arrangements, i.e. the presumption of consent. For an analysis of the elements of meaningful consent, see Clarke (2002).
As a result of the weakness of data protection laws, circumstances arise in which legal protections fall well short of public expectations (Reidenberg 2003, Charleseworth 2006). This gives rise to personal concerns and unresolved public policy issues, which in turn represent risk factors for corporations and government agencies that handle personal data. Analyses of personal data markets accordingly need to consider not only the characteristics that they inherit from markets generally, and the manner in which personal data comes to be available for trading, but also a wide range of legal, social and ethical factors.
Many people and institutions would seriously question the ethics of research into effective electronic markets for such services as slave-trading or human-trafficking, and the morality of individuals who conduct it. The ethicaltiy of some other markets is contested, such as those dealing in goods and services whose exchange and/or consumption are illegal in some jurisdictions, such as weaponry and cryptographic products; ebony and ivory; and sex, drugs, and rock'n'roll videos. Where do the boundaries lie between ethical and unethical research? This brief review of the notion of electronic markets as applied to personal data suggests that there may also be grounds for doubting the legitimacy of personal data markets as they are currently conceived. At the very least, it is essential that discussions about personal data markets take into account the issues arising in relation to the participation or otherwise of the individuals whose data is the subject of trading, trust in the tradeable item, the legitimacy of trading it, trust in the organisations conducting the trading, and the legitimacy of each of the various actions that might be taken with the data once it has been acquired.
This paper's primary purpose is to assess published research in relation to personal data markets. The approach adopted was to examine the perspective adopted by researchers as evidenced by the texts of their published articles. As researcher perspective is little-discussed in the IS literature, this section provides an overview of the concept and an indication of its significance.
Interpretivism brought a key point of difference to IS research in that "the phenomenon of interest [is] examined ... from the perspective of the participants" (Orlikowski & Baroudi 1991 p.5). However, this is better expressed as 'from the [plural] perspectives of the participants', in order to avoid the implication that all participants share the same view. This has enabled the rigour of what is commonly referred to as 'positivist' research to be complemented by work that achieves greater insights, particularly in contexts that involve multiple participants with conflicting interests.
The notion of 'researcher perspective' refers to the viewpoint from which phenomena are observed. The perspective the researcher adopts may be explicit, or it may be apparent from the phrasing of the research questions. Alternatively, it may be necessary to infer it from the text. Relevant passages are most commonly found in the Introduction, Implications for Practice and Conclusions sections, where the the audience to which the paper is addressed is most likely to be apparent.
The notion of researcher perspective is distinct from the concepts of object of study and unit of study: a researcher observes phenomena (object of study) at a particular level of granularity (unit of study) utilising a body of theory (through a lens), but from a particular viewpoint (researcher perspective).
The adoption of dual and multiple perspectives by researchers is implied by statements in the interpretevist and critical literatures. "[Interpretive research] attempts to understand phenomena through the meanings that people assign to them" (Klein & Myers 1999, p.69). The 6th of their 7 Principles for Interpretive Field Research 'The Principle of Multiple Interpretations' states that "The principle of multiple interpretations requires the researcher to examine the influences that the social context has upon the actions under study by seeking out and documenting multiple viewpoints along with the reasons for them ... the researcher should confront the contradictions potentially inherent in the multiple viewpoints with each other, and revise his or her understanding accordingly" (p.77). In others among the sporadic appearances of the concept, Davison et al. (2004) refer to "the need to account for (and perhaps reconcile) the experiential and cognitive perspectives of different parties in the project" (p. 78). McGrath (2005) wries that "Research methods informed by an interpretive stance would look for multiple interpretations and deep understanding of the often conflicting rationalities of the actors involved in IS innovation" (p. 86). And Bartos & Nitev (2008) say that "Different interpretations from the different stakeholders are formulated and spread in the organisation in the form of narratives ... [paying] "particular attention to conflictual and opposing interpretations ... Gathering multi-voiced narratives exposed contradictions and conflicts between interpretations across actors, which we reconciled in our own narrated reconstruction of events in their organisational context" (pp.114, 116, 121).
In Clarke (2015, 2016), I argued that closer attention needs to be paid to the impact of researcher perspective on research quality:
In each research project, at least one 'researcher perspective' is adopted, whether expressly or implicitly, and whether consciously or unconsciously.
The researcher perspective influences the conception of the research and the formulation of the research questions, and hence the research design, the analysis and the results.
Each particular perspective is specific, not universal.
Because the interpretation of phenomena depends on the perspective adopted, the adoption of any single researcher perspective creates a considerable risk of drawing inappropriate conclusions.
It is common for IS researchers to adopt the perspective of a participant in an information system - particularly the companies that are connected to it, but sometimes the employees or customers of those companies who use it. However, many other perspectives can be adopted, including those of non-participating parties who are affected by the information system, such as the families of employees, people who live in the vicinity of a plant or campus that depends on the system, and the people whose data is stored in it. As discussed earlier, 'usees' is a term usefully applied to a person in the case of personal data trafficked in secondary markets.
The term 'stakeholder' is often used in relation to information systems. It may be used so as to refer only to those participants in a system that have significant market or institutional power, and whose concerns about, and particularly opposition to, an initiative could be expected to undermine the likelihood of adoption and achievement of the project's aims. On the other hand, the term `stakeholder' properly encompasses all participant and usee categories. In the case of secondary markets in personal data, this includes data subjects.
A particular participant that features prominently in IS research is usefully referred to as 'the system sponsor'. By that term is meant the organisation that develops, implements or adapts a system, process or intervention, or for whose benefit the initiative is undertaken. In some cases, the system sponsor may be a cluster or category of organisations. Previous analyses of samples from the information systems literature Clarke (2015, 2016) demonstrated that a high degree of uniformity exists in each of the samples, and probably exists in the sampling frames and in the population, that the system sponsor perspective is dominant, and that the interests of other stakeholders are mostly ignored or treated as, at best, constraints, and, at worst, mere irritants. Quality in IS research is undermined if the interests of some stakeholders are consistently overlooked, or if some stakeholders' interests are consistently prioritised over others'. Markets intrinsically involve at the very least buyers and sellers. In the case of secondary personal data markets, there are also effects on data subjects. It would therefore be problematical if personal data markets research were to be as committedly single-perspective as the previously-studied segments of the IS research arena.
Single-perspective research may be straightforward to undertake, but better better-quality results can be achieved in other ways. For example, dual-perspective research (e.g. considering the interests of both an employer and its employees, or of both the seller and buyer sides of a market) may enable the researcher to understand the whole system as a gestalt, rather than just part of the system. To the extent that the research is intended to have real-world relevance, dual-perspective approaches serve each stakeholder by assisting them to better understand the attitudes and needs of the other.
Moreover, some forms of research cannot be undertaken without adopting a multi-perspective approach. For example, highly integrated industries such as automotive manufacturing, international trade and health insurance depend on complex, multi-participant systems. Effective understanding of, and guidance for the design of, such systems simply cannot be achieved other than by means of multi-perspective research (Wrigley et al. 1994, Cameron & Clarke 1996, Cameron 2007).
The motivation for this paper was the discomfort felt by the author on reading the papers in the Special Issue on Personal Data Markets in EM 25, 2 (June 2015). The purpose of the study that I undertook was to examine the researcher perspectives adopted in the papers in that Issue. I felt concern that, in common with findings in various IS venues, the research reported on may have been confined to single-perspective approaches, and in particular to the perspective of corporate participants in those markets. The research question was framed as:
What researcher perspectives are evident in the Special Issue 25, 2 (June 2015) on `Personal Data Markets'?
The appropriateness of a research method depends on various aspects of the research being conducted. The work that gave rise to the theory of researcher perspective was performed using a critical research theory approach. The work reflected the effects of market and institutional power and information asymmetry, and the tendency of some stakeholders' interests to dominate those of other stakeholders. It brought to light "the restrictive and alienating conditions of the status quo" and set out to "eliminate the causes of alienation and domination" (Myers 1997). It conformed with the norm of critical IS research in that it "specifically opposes technological determinism and instrumental rationality underlying IS development and seeks emancipation from unrecognised forms of domination and control enabled or supported by information systems" (Cecez-Kecmanovic 2005, p.19), and is "characterized by an intention to change the status quo, overcome injustice and alienation, and promote participation" (Stahl 2008, p.139).
The original intention was to apply to the present project the same technique used in the previous empirical studies of researcher perspective (Clarke 2015, 2016). The manuscript was prepared for submission to the journal Electronic Markets, in which the Special Issue had appeared. The reviewers, who - as was very much appropriate - included two of the Issue Editors, were hostile. Their criticisms included one accusation of biased choice of quotations, another of dubious analysis, and concerns about overly strong assertions. Despite a substantial and substantive response explaining the research, and moderate changes to the paper, the second round resulted in rejection. One important, and to me surprising, message was that the reviewers did not accept the propositions that review of publications in a genre is research, and that criticism is a vital part of academic activity.
I accordingly invested further effort, by undertaking a deeper review of the research methods literature, in order to devise a research method for the project that would withstand stringent scrutiny, including by senior researchers who might perceive their own research approaches to fall within the critique's scope.
An approach was sought that reflects the critical nature of the researcher-perspective theoretical lens, and enables a tight focus on the research question.
Content analysis takes many forms. For example, it is central to qualitative research techniques such as ethnography, grounded theory and phenomenology. These generate text for the specific purposes of the research, sometimes from natural settings (field research), sometimes in contrived settings (laboratory experiments), and sometimes in a mix of the two settings (e.g. interviews conducted in the subject's workplace). The materials may originate as text, or as communications behaviour in verbal form (speech in interviews, which is transcribed into text), as natural non-verbal behaviour ('body-signals'), or as non-verbal, non-textual communications behaviour (such as answering structured questionnaires). In other cases, text is exploited by the researcher that has arisen in some naturalistic setting, e.g. social media content, electronic messages, or newspaper articles. However, these are all very different forms of content from the deliberative text contained in formal articles published in a Special Issue of a journal, and hence content analysis techniques in these contexts are only partially relevant to the matter at hand.
A technique widely used to examine published research is commonly referred to as literature review. There is, however, considerable variability among approaches to it. Informal literature reviews may be "selective, opportunistic and discursive" and may lack clear linkages "from primary research to the conclusions of the review". Systematic literature reviews, on the other hand, set out to provide a more structured and reliable approach, in order to "synthesise the findings of many different research studies in a way which is explicit, transparent, replicable, accountable and (potentially) updateable" (Oakley 2003, p.23).
In parallel with literature review, content analysis techniques have developed. Hsieh & Shannon (2005) provides the following definition (p.1278):
Content Analysis is the interpretation of the content of text data through the systematic classification process of coding and identifying themes or patterns
The approach has attracted attention among IS researchers. Citing Weber (1990), Indulska et al. (2012, p.4) offers this definition:
Content Analysis is the semantic analysis of a body of text, to uncover the presence of strong concepts
A 7-step process is offered by Hsieh & Shannon (2005), attributed to Kaid (1989). See also vom Brocke & Simons (2008):
As with any research technique, all aspects need to be subject to quality controls. Krippendorff (1980), Weber (1990) and Stemler (2001) emphasise steps 3-5 in relation to the coding scheme and its application. They highlight the importance of achieving reliability, through such techniques as as parallel coding by multiple individuals, and publication of both the source materials and the detailed coding sheets in order to enable audit by other parties.
Multiple variants in approach have been noted. For example, a positivist approach within the IS discipline distinguishes, "along a continuum of quantification", "narrative reviews, descriptive reviews, vote counting, and meta-analysis" (King & He 2005, p.666). Hsieh & Shannon (2005), on the other hand, offers three categories:
More recently, it has become necessary to break out from the third category a fourth, usefully described as Quantitative Computational Content Analysis. This also "involves counting and comparisons, usually of keywords or content, followed by the interpretation of the underlying context" ( Hsieh & Shannon (2005, p.1277). However, the new approach obviates manual coding by performing the coding programmatically, thereby enabling much larger volumes of text to be analysed.
The coding scheme may be defined manually, cf. directed content analysis / a priori coding. However, some techniques involve purely computational approaches to establishing the categories, cf. 'machine-intelligent' (rather than human-intelligent) emergent coding. This is currently highly fashionable, as part of the 'big data analytics' movement. The processing depends, however, on prior data selection, data scrubbing, data-formatting, selection of computational technique, and parameter-settings. In addition, interpretation of the results involves at least some degree of human activity.
In Indulska et al. (2012, p.4), a distinction is made between conceptual analysis, in which "text material is examined for the presence, frequency and centrality of concepts", and relational analysis, which "tabulates ... also the co-occurrence of concepts, thereby examining how concepts (pre-defined or emergent) are related to each other within the documents". Debortoli et al. (2016, p.7) distinguishes between dictionary-based text categorisation, which "relies on experts assembling lists of words and phrases that likely indicate text's membership to a particular category", supervised learning methods "[using] predefined categories; however, one does not explicitly know the mapping between text features and categories" and unsupervised machine-learning methods "for categorizing text [which] find hidden structures in texts for which no predefined categorization exists".
Quantified measures can be beneficial in that stronger analytical techniques can be applied. On the other hand, the degree of analytical rigour that quantification can actually deliver depends a great deal on the text selection, the express judgements and implicit assumptions underlying the choice of terms that are analysed, the thesaurus applied, and the significance imputed to each term. Publication of details of text selection and the analytical process is in all cases important, and essential where a degree of rigour and external validity is claimed.
This study is concerned with deep understanding of texts. Computational approaches appear ill-fitted to that purpose, whereas directed content analysis using a priori coding appears to offer greater prospects of satisfying the need.
Because of the complexity and variability of language use, and the ambiguity of a large proportion of words and phrases, a naive approach to counting words is problematic. At the very least, a starting-set of terms needs to be established and justified. A thesaurus of synonyms and perhaps antonyms and qualifiers is needed. Allowance must be made for both manifest or literal meanings, on the one hand, and latent, implied or interpreted meanings, on the other. Counts may be made not only of the occurrences of terms, but also of the mode of usage (e.g. active versus passive voice, dis/approval indicators, associations made).
A further consideration is whether the purpose of content analysis is merely exposition - that is to say the identification, extraction and summarisation of content - or whether it involves some degree of evaluation. Content analysis can be undertaken in a positive frame of mind, assuming that all that has to be done is to present existing information in a brief and palatable form. Alternatively, the researcher can bring a questioning and even sceptical attitude to the work. Is it reasonable to, for example, assume that all relevant published literature is of high quality? that the measurement instruments and research techniques have always been good, well-understood by researchers, and appropriately applied? that there have been no material changes in the relevant phenomena? that there have been no material changes in the intellectual contexts within which research is undertaken?
The present purpose is expressly critical. Criticism plays a vital role in scientific process. The conventional Popperian position is that the criterion for recognising a scientific theory is that it deals in statements that are empirically falsifiable, and that progress depends on scrutiny of theories and attempts to demonstrate falsity of theoretical statements: "The scientific tradition ... passes on a critical attitude towards [its theories]. The theories are passed on, not as dogmas, but rather with the challenge to discuss them and improve upon them" (Popper 1963, p.50).
Critical consideration of published works has been recognised as a legitimate approach within the IS discipline: "meta-critical analysis of the research literature in IS ... [focusses on] as research objects ... the investigations and theories pursued by other authors" (Cecez-Kecmanovic et al. 2008). Examples relevant to the analysis conducted here include Chen & Hirschheim (2004) and Richardson & Robinson (2007). On the other hand, there is a marked tendency within the IS discipline to prize politeness to prior authors, and to be wary of directly critical statements.
Two examples are commonly cited within the IS discipline as suggesting that conservativism is important and criticism is unwelcome. In a section on the tone to be adopted in a Literature Review, Webster & Watson (2002) recommended that "A successful literature review constructively informs the reader about what has been learned. In contrast to specific and critical reviews of individual papers, tell the reader what patterns you are seeing in the literature" (p.xviii, emphasis added). The recommendation to concentrate on 'patterns in the literature' is valuable, because it emphasises that the individual works are elements of a whole. On the other hand, the use of 'in contrast to' is, I contend, an overstatement. To make assertions about a population without providing sufficient detail about the individual instances invites reviewers to dismiss the analysis as being methodologically unsound. It is, in any case, essential to progress in the discipline that each of us be prepared to accept criticism.
The advice continued: "Do not fall into the trap of being overly critical ... If a research stream has a common 'error' that must be rectified in future research, you will need to point this out in order to move the field forward. In general, though, be fault tolerant. Recognize that knowledge is accumulated slowly in a piecemeal fashion and that we all make compromises in our research, even when writing a review article" (p.xviii, emphasis added). Here, the authors' expression failed to distinguish between two senses of the word 'critical'. The authors' intention appears to me to have been to warn against 'overly critical expression' - which is valuable advice. On the other hand, it is an obligation of researchers to 'think critically' and to 'apply their critical faculties'. I submit that it would be inappropriate for readers of the article to interpret this quotation as valuing politeness among researchers more highly than scientific insight and progress.
In the second frequently-cited example, a senior journal editor provided this advice on how to achieve publication in top journals: "the authors' contributions should be stated as gaps or new perspectives and not as a fundamental challenge to the thinking of previous researchers. To reframe, papers should be in apposition [the positioning of things side by side or close together] rather than in opposition" Straub (2009, p.viii, emphasis added). This is Machiavellian advice, in the positive, or at least amoral, sense of 'if the Prince wishes to be published in top journals, then ...'. Unfortunately, it has been all-too-easy for reader to interpret it as expressing a moral or even a quasi-legal judgement that 'criticism is a bad thing'.
It is clear that criticism needs to be cogent, clearly expressed, addressed to theory rather than individual theoreticians, no more negative than is necessary in the circumstances, and constructive (or re-constructive) in the sense of showing how theory has been improved as a result of the analysis. On the other hand, it is equally clear that progress in the discipline, especially in contexts that involve considerable conflict among stakeholder interests, is dependent on criticism being composed and communicated.
The guidance in relation to content analysis that is most relevant to this project was found in two sources within the IS literature, both addressing the topic of literature review. In Boell & Cecez-Kecmanovic (2014), a hermeneutic approach to literature review is espoused, embodying "questioning and critical assessment ... of previous research" (p.258), and analysis of "connections and disconnections, explicit or hidden contradictions, and missing explanations" and thereby the identification or construction of "white spots or gaps" (p.267).
"A critical assessment of the body of literature thus demonstrates that literature is incomplete, that certain aspects/phenomena are overlooked, that research results are inconclusive or contradictory, and that knowledge related to the targeted problem is in some ways inadequate [Alvesson and S[an]dberg, 2011]. Critical assessment, in other words, not only reveals but also, and more importantly, challenges the horizon of possible meanings and understanding of the problem and the established body of knowledge" (p.267). The authors' framework, reproduced in Figure 2, comprises two intertwined cycles: a search and acquisition circle and a wider analysis and interpretation circle.
From Boell & Cecez-Kecmanovic (2014, p.263)
Wall et al. (2015) go further, proposing that "As with any discipline, the information systems (IS) discipline is subject to ideological hegemony" (p.258), and that this is harmful: "Ideological hegemony refers to the conscious or unconscious domination of the thought patterns and worldviews of a discipline or subdiscipline that become ingrained in the epistemological beliefs and theoretical assumptions embedded in scientific discourse (Fleck, 1979; Foucault, 1970; Kuhn, 2012). In academic literature, a hegemony may manifest as common framing of research topics and research questions, the domination of theories and research methods that carry similar assumptions, common beliefs about what constitutes the acceptable application of research methods, and common beliefs about how research results should be interpreted.
"By ideology, we mean those aspects of a worldview that are often taken for granted and that disadvantage some and advantage others. Ideologies are not falsehoods in an empirical sense, but are a constitutive part of researchers' and research communities' worldview ... that are removed from scrutiny (Freeden, 2003; Hawkes, 2003). Thus, ideologies can be harmful to individuals who are disadvantaged or marginalized by them, and they can be problematic to scientific research because they represent blind spots" (p.258).
Most approaches to literature review "reproduce ideological assumptions and only lead to incremental advancement in theories (Alvesson & Sandberg, 2011)" (p.259). To overcome this deficiency, the authors propose a critical review method "based on Habermasian strains of critical discourse analysis (CDA) (Cukier, Ngwenyama, Bauer, & Middleton, 2009; Habermas, 1984)" (p.259). This "examines more than just a communicative utterance. Foucauldian analysis also examines the context in which an utterance was uttered by assessing power relationships between actors and the structures and processes that guide behavior and constrain the development of knowledge (Kelly, 1994; Stahl, 2008)" (p.261). Wall and his co-authors recommend assessment of the four Habermasian `validity claims', relating to truth, legitimacy, comprehensibility and sincerity, identify four principles to guide the development of research methods to address particular questions (pp.263-4), and propose a seven-step process (pp. 265-9).
The accumulated insights provided by the above literature were applied to the development of a content analysis process specification for the project. Significant implications for the work reported below were as follows:
The resulting process specification for critical content analysis is presented in Table 2.
Perform `orientational reading' of each paper, in order to "gain an overall impression" (Boell & Cecez-Kecmanovic, 2014, p.265).
Exclude papers that are 'Discipline-Internal', in that they do not adopt the perspective of any stakeholder in the phenomena. Examples include discussions of research methods, testing of survey instruments and teaching cases.
In the case of constructive approaches such as action research and design science, rather than a 'research question' (RQ), the term 'Objective' is generally more appropriate.
Prefer an explicit RQ or Objective if one is stated.
Failing that, search for parts of the text that together provide an implied RQ or Objective.
If necessary, infer an RQ or Objective, paying particular attention to the content in the Introduction, Research Method and Conclusions sections.
Perform deep `analytical reading' as as per Boell & Cecez-Kecmanovic (2014, p.265).
Researcher Perspective (RP) means "the viewpoint from which phenomena are observed".
The RP may be explicit, or may be implied by the phrasing of the research questions.
However, it may be necessary to infer it, most likely from comments in the Introduction and Conclusions, but also from the audience to which the paper appears to be addressed (e.g. in any 'Implications for Practice' section).
As an operational definition of 'passage', start with 'sentence', but use any of 'sentence group', 'clause', 'phase' and 'expression' if that is appropriate in order to capture the context or sense of the text.
Distinguish between passages that relate positively to the relevant entity's purpose or Objective (coded RP-O) and those that relate negatively, as Constraints on achieving that Objective (RP-C).
Extract a list of the keywords associated with each of RP-O and RP-C.
Note any synonyms, antonyms and qualifiers.
Note any indicators of intensity of expression.
Devise metrics that may assist in conveying the nature of the paper to the reader. Examples include counts of relevant passages, counts of keywords within passages, proportions of particular keywords, indicators of their intensity, and use of qualifications to statements.
Where practicable, use graphical presentation forms.
Postulate alternative views of the available evidence.
Consider the reasonableness of each alternative view.
Take into account express statements by the authors about their motivations and intentions.
Take great care in drawing any inferences about those motivations and intentions. In the absence of adequate evidence, assume that the behaviour is "unconscious hegemonic participation".
Re-visit each paper after an interval sufficiently long that the text, the extracts, the analysis and the interpretations can be read afresh.
Review the approach adopted to quality assurance, and to the reliability of selection, coding, interpretation and presentation of passages.
Reflect on whether any aspects of the selection, coding, interpretation or presentation of passages is unreasonable or biassed: "By intentionally expressing, questioning, and reflecting upon their subjective experiences, beliefs, and values, critical researchers expose their ideological and political agendas" (Cecez-Kezmanovich 2001, p.147)
Revise the selections, coding, interpretations and presentation as necessary.
The process described in the preceding section was applied in turn to each of the five contributed papers in the Special Issue. The process was then applied to each of the three elements that provide context to the Issue: the Call for Papers, the Preface and the Issue Editors' Position Paper. This section presents the results. Supplementary Materials are provided, comprising the text of each paper, the relevant passages, the keywords and categorisations, and the analysis. See Annexes 1.1 et seq.
In the first paper, Roeber et al. (2015), four employees of Boston Consulting Group in Germany build on a stream of research associated with Acquisti & Gross (2006). The search for the research question identified 4 relevant passages. The paper applies conjoint analysis "to investigate consumers' data sharing sensitivities along six dimensions of context and across ten private and public sectors" (p.95).
Passages were sought that identified the research perspective. In the positive sense of an objective, 19 were located, and in the negative sense of a constraint, 4 passages.
The keywords associated with objectives in 16/19 cases related to data-acquiring organisations (6 directly and 10 by proxies such as 'industries'), in 1/19 case to policy makers and in 2/19 cases to consumers. Most of the 16 references to organisations included strong emphasis, and the ideas were repeated and to some degree articulated. Examples included "personal data ... a critical asset in more and more industries" (p.95), "increase consumers' willingness to share their data" (p.95, and repeated 15 times), "insights for private and public institutions" (p.105), "comprehensive data minimization pays off for organizations" (p.105). The 2 mentions of consumers and the 1 of policy makers were in passing, without elaboration. The keyword associated with constraints, on the other hand, was in 4/4 cases consumers, and related to consumers' "concerns" and "anxiety".
Reversing the analysis, searches on the keywords identified 13 relevant instances of 'organization', 13/13 of which were associated with the organisation's interests as the objective, and 26 relevant occurrences of 'consumer', 2/26 of which related to consumer's interests as an objective, and 24/26 to consumers' concerns as constraints on the achievements of organisations' goals. Also indicative of a very strong commitment to the perspective of organisations is the frequency of occurrence of 'for' in conjunction with 'organisation' rather than with 'consumer' (6 cf. 1).
The paper's focus is on ways in which data-using organisations can increase consumers' "willingness to share personal data". There are potential benefits for consumers in, for example, "[data] minimization through anonymization". However, such comments appear as asides and in a throwaway sentence at the end of the paper: "More choices for data sharing along the context dimensions would allow consumers to adopt their sharing better to their preferences and probably result in an overall increased sharing that is more beneficial for organizations and consumers alike" (p.105). This does very little to diminish the very strong emphasis on the interests of data-acquirers.
In summary, the paper adopts a single-perspective approach, and the perspective is that of the organisation acquiring the data. The individuals whose data is being traded are recognised in the paper as an object of study; but their interests are relevant because of their impact on the interests of the organisations trading in the data. Implications and insights for the individuals are not in focus.
In Gkatzelis et al. (2005), three employees of HP Labs propose a market design whose objective is to minimise the cost to buyers of acquiring access to samples of private data from sellers. The paper talks in a balanced manner of "appropriately compensating the individuals to whom the data corresponds (the sellers)" (pp. 109, repeated on p.119, emphasis added). On the other hand, the interpretation of 'appropriately' is made clear in many passages, including "identify the optimal way to bundle demand so as to minimize the expected payment to a risk averse seller", "the expected payment minimization objective", and "to minimize the expected value of the price that the buyers are asked to pay [to sellers]" (pp. 110, 113, 117, emphases added). The minimum price is to the advantage of the corporation-buyer and to the disadvantage of the data-subject-seller.
In association with that objective, the keyword 'buyers' is used on 23 occasions. For example, "We consider settings where each buyer is interested in a specific attribute of a representative subset of individuals with certain characteristics" (p. 110). On 5 occasions the focus is on the needs of 'the market-maker', although in all of these that party is operating for the benefit of buyers, e.g. "our goal is to design truthful mechanisms that the market-maker can use, i.e., mechanisms that incentivize the sellers to always report their true privacy related preferences" (p. 111, emphasis in original). On 1 occasion, the keyword 'sellers' is also used positively: "benefiting both the sellers and the buyers of big data" (p. 120). However, this sole occurrence appears in the very last clause of the paper, and is not supported by any other passages.
There are 28 passages concerned with constraints on the achievement of the objective. In 28/28 cases, the keywords are 'sellers' or proxies for sellers ('individuals', 'users that this data pertains to' and 'the general public'), e.g. "the risk-averse attitude of sellers", "ensuring that the sellers are willing to participate" (pp. 109, 110).
The paper declares that "we approach this problem from the market-maker's perspective, aiming to minimize the expected payment that the sellers will receive, while ensuring that these sellers still choose to opt into the market" (p.111). The market-maker is assumed to prioritise the interests of the buyers over those of the sellers. Although the concept of market power is not discussed in the paper, it appears that sellers are perceived to be in a weak bargaining position and/or are not foreseen as a source of revenue, and hence it is 'appropriate' to subordinate their interests to those of the buyers.
The market-design has a privacy-sensitive element, in that the assumption is declared that the market is dealing in "raw anonymized data" (p. 110). However, the analysis both assumes away re-identifiability, and expressly excludes the approach of adding noise to the data-set. Given the richness of many relevant categories of data, e.g. health care data, it is far from clear that the assumption that the data is anonymous is warranted. Even leaving privacy concerns aside, consumers' interests in a 'fair' price (let alone a maximum price) appear to be regarded as a constraint on the achievement of the buyers' desires, not as an objective. Further, the possibility that sellers might mislead or collude is recognised as a deficiency needing to be managed, whereas buyer bundling is an approved feature. The paper also implicitly assumes that all consumers have a price, and hence the exercise by an individual of a denial of consent appears to be outside the model.
More committedly pro-corporate-purchaser / anti-consumer-seller/usee approaches to research can be conceived. For example, market designs can incorporate means to obscure Terms that are harmful to sellers' interests; and sellers, and market-makers on their behalf, can seek regulatory interventions that override data subject consent and authorise exploitation of personal data. Nonetheless, the dominance of the interests of parties on one side of the market over those on the other, and the intentional manipulation of consumer behaviour, which are inherent in this research, are at least morally questionable.
In the third paper, Heimbach et al. (2015), three IS academic authors adopt as their Research Question "what kind of data on a user's social networking site profile [serves] as a good base for product recommendations at a social shopping site ... to contribute to the existing research on solving the cold start problem?" (p. 126).
Passages were sought that identify stakeholders whose interests are regarded as objectives. A total of 7 relevant passages were identified in the text, together with the paper's title. The intended beneficiary is explicit in only 1 case, where the reference is to "developers of product recommenders based on Facebook profile data" (p. 137).
Of the other passages, 3/7 plus the title refer to the generation of targeted product recommendations for new users, but leave open which stakeholder(s) is/are the intended beneficiary. However, from the context, it is most easily inferred that service to the user is not the end in itself, but a means to an end. The end is expressed as "to increase the user's perceived usefulness of and trust in the recommendation system" (p. 126), and to "foster add-on and cross-sales" (p. 125). This is consistent with the Research Question's focus on social shopping sites as the intended beneficiaries of the research. The impression is reinforced by the declaration that the source of the catalogue data was "the social shopping site of the world's largest mail order company" (p. 126), and the academic authors' reference to that company as "our business partner" (p.129).
The second category of passages sought were those that identify stakeholders whose interests act as constraints on the achievement of the objectives. There were 6 such passages, of which 3 related to the lack of transaction history for new users, also referred to as 'the cold start problem'. Of the others, ,1/6 - although expressed in a positive form - noted that limited information on a user's profile site reduces recommendation quality, 1/6 noted that users are often not willing to provide such information, and the other 1/6 considered the impact of a new user not being satisfied with the recommender system. Hence, in 6/6 instances where stakeholder interests were perceived as constraints, the stakeholder in question was users of social shopping sites.
A third category of passages was identified, extracted and analysed - those where a constraint exists but is implicit. Despite the paper noting that "the users are often not willing to provide such information" (p. 127), the word 'privacy' occurs only twice, there is no discussion of the privacy interests of new users, and the reader is simply referred to an article by one of the Special Issue Editors. Yet users' privacy interests intrude into the authors' narrative in 12 passages, one of them requiring a 180-word diversion. Those passages give rise to a number of inferences:
These factors together suggest that the researcher perspective is so fully committed to the interests of social shopping sites that the privacy interests of the sites' users have been pushed far into the background.
In Rayna et al. (2015), a team of two academic computer scientists and an economist presents a mathematical analysis that evaluates the effects of first-degree price discrimination for digital music. Consolidating two passages, a comprehensive statement of the research question appears to be"[whether] by rewarding consumers for the disclosure of information, it is possible to design a form of first-degree price discrimination that is mutually advantageous to both firms and consumers ... i.e., whether consumers can be sufficiently rewarded to incite them to disclose enough information, while keeping profits of firms sufficiently high, despite the reward" (pp. 139, 142).
The title and research question provide the keywords "mutually advantageous to both firms and consumers". The authors' claim is accordingly that a dual-perspective approach has been adopted. However, analysis of the passages that disclose the stakeholder(s) whose objectives are being addressed throws doubt on that claim.
A total of 32 passages were found that relate to stakeholder objectives. Of these, only 2/32 were unequivocally dual-perspective, and they occurred in the title and the statement of the Research Question. A further 5/32 were ambiguous, in that they could be interpreted either as being dual or as being oriented towards the interests of the firm, e.g. "another important aspect of big data is that it also enables price personalization" (p. 139), and "mutually advantageous trades ... can be seen as a way [for firms producing digital goods] to monetize the 'long tail'" (p. 143).
The remaining 25/32 passages referred to the interests of only one of the parties. In genuinely dual-perspective research, it would be reasonable to expect a moderate balance between the two sides. However, 23/25 (92%) of the passages involved the interests of firms as the objective, and only 2/25 (8%) the interests of consumers. Examples include "personal data that can be collected via electronic networks provides means [for firms producing digital goods] to accurately assess the consumers' willingness to pay" (p. 139), "financial gains ... can entice consumers to give away personal data [to firms producing digital goods]" (p. 140), "rewards ... can induce consumers to disclose personal information [to firms producing digital goods]" (p. 140), "this model ... can be seen as a way [for firms producing digital goods] to monetize the `long tail'" (p. 143), "this pricing model ... reduces the attractiveness of illegal downloads [to the advantage of firms producing digital goods]" (p. 143), "the 'refund' mechanism introduced in the model would enable [firms producing digital goods] to artificially create value for consumers" (p. 150), "the manner in which the pricing system is presented to consumers [the framing effect] will be of critical importance [to firms producing digital goods]" (p. 150), and "nothing prevents the firm from using (or selling) the collected data for other products and services than music" (p. 151, all emphases added).
A total of 31 passages were identified that related to constraints on the objective. Consumer attributes that were recognised as constraints included unwillingness to "end up paying more for the same product or service" (p. 139, but repeated several times), perceived unfairness "to have paid more than other consumers for the exact same product" (p. 150), "[doing] anything they can to avoid revealing information that would lead them to be price discriminated" (p. 140), "manipulating personal data" (p. 139, but mentioned a further 6 times) and "lying" (p. 148, with a total of 30 occurrences) "in order to masquerade as a consumer with a lower willingness to pay" (p. 139, 15 occurrences), needing incentives in order "to decrease their level of privacy" (p. 140, 3 occurrences), 'piracy' (p. 140, 8 occurrences), the need for consent (p. 145, 3 occurrences), the need for "both high valuation and low valuation consumers [to] accept to be monitored" (p. 145), suspicion that "data may be used to price-discriminate consumers in other markets" (pp. 142, 151), consumers with "no data history" (p. 151), ability to hide some of their actions (p. 148, 3 occurrences), and dislike of being monitored (p. 152, although contemplated only in the last paragraph of the paper and only regarded as "could be worthwhile considering").
All 31/31 passages related to consumers, and 0/31 to firms. Cheating and lying by consumers to the detriment of firms is perceived as a problem to be addressed, whereas the possibility that firms might cheat or lie to the detriment of consumers is not considered. For example, in addition to the licence to mislead consumers inherent in passages quoted earlier, nothing prevents the seller artificially inflating the 'buy' (flat fee) alternative, in order to increase the apparent attractiveness of the 'try' ('give us your data') offer; and nothing prevents the seller using a 'willingness to pay' calculation that always gives an answer that maintains the minimum price at a predetermined level (e.g. $0.99 per music track).
The scheme requires that the seller acquires perfect knowledge about consumers, whereas the consumer-buyer has only limited knowledge about the corporation-seller. Consumer untrustworthiness must be controlled, whereas controls over unfair actions by the monopoly provider are not considered. The firm's interests dominate the discussion about objectives, whereas the discussions of constraints are exclusively about consumers. Despite the claim of being dual-perspective, content analysis reveals that the researcher perspective is very strongly oriented towards the interests of firms.
The fifth paper in the Special Issue, which is declared in the paper's heading to be invited rather than contributed, is Maguire et al. (2015). This paper was written by a team from Microsoft, and proposes architecture for an artefact, reflecting a constructive or design-science approach to the research. Combining elements of two passages, the objective of the artefact is to "[allow] permissions and policies to be bound to data, ... , enabling any entity to handle that data in a way that is consistent with a user's wishes ... [in a manner] flexible enough to allow for changing trust norms" (p. 155).
Difficulties were encountered with the analysis of the researcher perspective adopted in the paper, because the terms used by the authors for stakeholder groups are both variable and non-conventional. The word 'user' occurs on 31 occasions as a synonym for 'data subject' or 'the human entity to whom the date relates'; whereas the conventional interpretation of 'user' is as 'an entity that uses data'. It might have been expected that the authors would have noticed that ambiguity arose, because, in places where they meant 'an entity that uses data', they applied a different term, 'data user'.
The confusion is compounded by 11 non-standard applications of the expression 'user permissions'. This conventionally means 'the capabilities granted to a user or category of user', but in this paper it refers instead to 'the declarations made by an individual about what capabilities they intend data users to have in relation to data about themselves'. A commonly-used and suitably descriptive expresssion for that notion is 'user consent policies' (and it is used once in the paper - p.156). These misleading usages resulted in this author's initial evaluation of the paper misinterpreting it. Once the terminological confusion was discovered, it was necessary to discard the original analysis and re-commence the process.
There are 23 passages that relate to stakeholders' objectives. In 7 cases, the text is indicative of a multi-perspective approach - 'all participants', 'all major stakeholders' (plus 3 times implicitly), 'all stakeholders', 'multiple entities'. In 3 cases, the sense is dual-perspective - 'users and business', 'users and industry', 'trustworthy [by data subjects] data exchange [by data users]'. Taking into account the passages in which a single perspective is evident, there are 22 mentions of relevant keywords. Of those, 10/22 deal with the objectives of data users (variously referred to as 'business', 'enterprises', 'industry', 'data processors' and 'decision requestors'), and a total of 12/22 passages relate to data subjects, as 'users', 'individuals', and 'consumers' (9) but also through the proxy 'regulators' (3).
Careful inspection of the passages discloses a somewhat stronger focus on data users' interests as objectives than on those of data subjects. Examples include "enable data ... to flow, be analyzed, and be exchanged freely [interpreted as the objective] ..., while minimizing risks and harms [interpreted as a constraint]" (p. 155); "a foundation for trustworthy [by data subjects] data exchange [amongst data users]" (p. 156), i.e. the objective is data exchange and the facilitative mechanism is trustworthiness; and "the real value comes from enabling data flows across ... multiple entities" (p. 159). Moreover, there is some evidence of equivocation about the powers actually to be granted to data subjects: "There could also be a service that enables [data subjects] to control and renegotiate policies for personal data use across all services ... users directly express their wishes" (p. 159, emphases added). Satisfying data subjects' interests is seen as an enabling factor, whereby what the authors refer to as 'the ecosystem' can function effectively and not be undermined by either data subject distrust or destructive regulatory interference.
As regards constraints on the achievement of objectives, 11 passages mention a variety of entity-types. All 11/11 of the passages essentially relate to process, i.e. to factors that need to be considered in designing the proposed scheme. The primary focus is on the achievement of trustworthiness by data subjects, in order that the scheme will achieve credibility and hence enable personal data to flow. This reinforces the impression that the stakeholder category whose interests are the ultimate end is data users; but also that the serving of those interests is subject to such a powerful constraint - in the form of data subjects' interests - that the ultimate objective can only be achieved by devising a scheme that satisfies the data subjects as well.
Considered as a whole, the passages evidence sufficient balance that the research is most reasonably categorised as being dual-perspective, and hence this appears to be alone among the five papers in demonstrating the balance to be expected of research into a primary personal data market.
Unfortunately, however, the authors adopt a narrow view of 'architecture', and as a result the proposal as it stands falls far short of achieving its aim. The gatekeeper function involves a check that the data user has declared undertakings. But that is of no use unless breaches of those undertakings are detected, those breaches are declared by law to be criminal offences and/or civil wrongs or torts, enforcement processes exists, and those processes are readily accessible by the parties who are negatively affected by the breaches. On the one hand, those aspects cannot themselves be part of the technological solution. On the other hand, a comprehensive scheme must specify the organisational and legal safeguards that are needed for it to work, not just the technological features. All that the authors offer in this regard is "regulators can take advantage of greatly improved auditability of data, along with a stronger and better-defined connection between data and policies that govern its use" (p. 156), and "Compliance would also need to be pursued through other means, such as regulation, audit, or binding rules within a trust framework" (p. 157), without specifying those means. The 'metadata-based architecture' has been treated by the authors as though it only extended to IT infrastructure, when it clearly must encompass much more than that.
The content analysis of the five papers was intentionally performed independently of the framing elements of the Special Issue. That context is now considered, by means of content analysis of:
The Call for Papers sought "theoretical understanding and empirical investigation of personal data markets". Markets inherently involve buyers and sellers, and hence the Call is in principle dual-perspective in nature, at least in respect of primary personal data markets. Through its inclusion of the statement that "Data aggregators ... sell access to personal and household information", and its inclusion in the list of "topics of interest" mention of "multi-sided markets" and "secondary markets", the Call created the possibility of considering data subjects as usees and not only as sellers.
On the other hand, corporations' objectives are express in 6/9 passages and were inferred in 3/9, whereas individuals' objectives are express in 0/9 and inferred in only 3/9; and the stakeholders associated with constraints on achieving objectives are primarily consumers - expressly in 6/10 and inferred in 4/10; whereas corporations are express in 0/10 and inferred in only 4/10.
The mentions of the interests of individuals ("privacy", "debate over ... ethicality", the possible desire of individuals not to trade their data at all) are heavily outweighed by the attention paid to corporate interests.
In the list of "topics of interest", only 4/25 (16%) are relevant to the objectives of data subjects ("Compatibility with data protection and privacy laws (in various jurisdictions)", "Privacy-enhancing technologies relating to personal data markets", "Contract enforcement mechanisms" and "Privacy metrics for personal data markets"); whereas all are relevant to marketspace operators and most to corporations dealing in data. Examples of topics of interest to data subjects which do not appear in the list are:
The Preface to the Special Issue of course did not declare a research question. Three statements of purpose were identified, however (all on p.91), which indicate the frame within which the Editors expected authors to work and/or perceived them to have worked:
The first two of these appear to reflect a dual-perspective approach to primary markets, and hence it would seem that the Issue Editors at least sought, and perhaps had assembled, a group of papers that balance the perspectives of the buyers of personal data with those of the individuals to whom the data relates.
On the other hand, to the extent that stakeholder objectives can be discerned in passages in the Preface, the focus is on the interests of "business" and "companies"; whereas all 6/6 passages in which stakeholders' interests are perceived as constraints are concerned with how the interests of individuals impinge upon corporations' interests.
A further concern is that the term "seemingly opposing poles", sets up a strange juxtaposition, between privacy and personal data markets. Personal data markets comprise two or more stakeholder groups: buyers and sellers. Throughout the Special Issue, the implicit assumption is made that sellers are individuals and buyers are corporations. Privacy is an important interest of those sellers. It would appear more appropriate for a term such as 'opposing poles' to be applied to a pair of stakeholders, or to a pair of interests. It is incongruous to apply it to an interest of one of the stakeholders in the market, on one hand, and to the market as a whole on the other. The tension that underlies the research domain is between the interest of people in privacy and the interest of corporations in using personal data in ways that are almost inevitably privacy-invasive.
A Position Paper by the Issue Editors is presented as the last paper in the set (Spiekermann et al. 2015b). As might be expected from leaders in the field, this paper evidences vastly greater awareness of many of the issues raised in this paper. The Issue Editors' stated intention is to outline "some of the economic, technical, social, and ethical issues associated with personal data markets, focusing on the privacy challenges they raise" (p. 161). Combining keywords from various parts of the paper, the over-arching research question appears to be: 'How can "companies" deal with "the privacy challenges", and achieve "trust" by "people" in "the trading of consumer data"?'.
Across the 19 passages relating to stakeholder objectives, corporations are mentioned 17 times, whereas consumers are referred to explicitly 3 times (e.g. "potential for creating added value for ... consumers" - p.161), and possibly indirectly a further 6 times (but only if, for example, "information pertaining to individuals had become a crucial asset in the digital economy" - p.161 - were to be interpreted as encompassing consumers' interests). Research questions that reflect the perspective of corporations are prioritised, whereas research questions about personal objectives are lacking. There are plenty to choose from: What degree of 'marketing efficiency' do people want? To what extent are 'innovative services' and 'convenience' important to them? If individuals actually knew and understood what was done with their data, would they willingly trade it at all, and if so then for what price? How much diversity exists in the outlooks and valuations of different categories of people? To what extent do people relinquish control of data about themselves because of the market power of service-providers? Or because of carefully-devised network effects ('all my friends are there')? Or because of the personal costs involved in searching out alternative service-providers with less intrusive demands? Or because of the embarrassment of being seen as a trouble-maker? Or because of the difficulties in achieving any form of dialogue with the service-provider? Or because alternative service-providers all make much the same intrusive demands for personal data?
A total of 46 passages indicated constraints on the achievement of stakeholder objectives. The diversity of keywords found was sufficient that two rounds of keyword identification, classification, sorting and review were necessary in order to lay a sufficient foundation for interpretation of the passages. About 25% of the passages relate to challenges in the design of personal data markets. The remaining 35/46 passages comprise 60% the concerns of individuals, 11% more general social concerns, and 29% legal and regulatory factors. The existence of privacy protection laws is of course a reflection of the nature and degree of individual and social concerns. Hence, leaving aside market design factors, 100% of the constraints related to individuals and none of them to corporations. (An arguable exception, which was classified as a market design factor, was "what kind of controls and guarantees do [people] want and need to trust in the market they participate in?" - p. 165).
If the research approach were dual-perspective in nature, then some degree of balance would exist between the mentions of the two stakeholder groups. The content analysis shows, on the other hand, that corporations dominate passages dealing with objectives (possibly only 17:9, but more realistically 17:3), whereas individual and social concerns dominate the passages dealing with constraints (35:0 or 34:1).
Consistently with those metrics, the Position Paper is framed not in terms of balance between competing interests, but in terms of 'privacy challenges': "We ... highlight the major questions that market players and policy makers will arguably need to face in handling [personal data] markets" (p.162), and "The challenge is how to internalize ... privacy externalities so that the data subject can be fairly compensated" (p.161). The conclusion is that "Our position ... is that companies, which hold customer relationships should go back to more trustworthy relationships with their customers" (p.165, emphases added). The word 'challenge' appears in the title, in the Abstract, in 4 section-headings, and in 9 places in the text. The researcher perspective throughout is that of the organisations that participate in markets, with the interests of individuals - even where they are themselves market-players - perceived as "challenges" to, and hence as constraints on, the interests of corporate players.
The privacy challenge to corporations is seen to be significant because of the high degree of public concern, and hence there is a material risk that corporations' market power may be challenged by that of individuals combined with the institutional power of regulators. It is therefore necessary that corporations take account of individuals' interests - at least to the extent necessary to manage the risks to corporations' own interests.
The paper notes that "Thought leaders have proposed whole new market structures and business models that may allow consumers to get into the driver's seat for their personal data (Searls 2012; Hamlin 2013)" (p.162), acknowledges negative effects on society of "the mere existence of personal data markets" (p. 163), mentions "social cohesion, equality of opportunity, freedom, and democracy" (p.163), and includes a 3/4-page segment considering the concerns of individuals (pp.164-165). However, these are presented as 'challenges' to business, not as means of addressing the needs of individuals, nor as a way to shift research from an orientation towards corporations' interests to a dual- or multi-perspective approach.
The paper also lacks recognition of the significance of data protection to the physical safety of many segments of society (GFW 2011). This dimension of privacy is becoming far more important than it was in the past firstly because of the substantial recent developments in relation to the promiscuity of personal data and location from handsets (Clarke 1999b, Dobson & Fisher 2003, Clarke & Wigan 2011, Michael & Clarke 2013), and secondly the loudly-promised proliferation of eObjects that are intended to continually monitor individuals' behaviour, associations and movements (Weber 2010, Manwaring & Clarke 2015). Moreover, the single mention of 'democracy' fails to convey the impossibility of exercising political freedoms in a context in which surveillance of behaviour and experience are pervasive (Raab 1997, Gross 2004, Clarke 2008b).
A further concern is that the proposition that "many consider privacy an inalienable right [but] data markets have developed in the opposite direction" (p.162) fails to confront the crucial facts that the 'inalienable right' is embodied in an international convention (ICCPR 1966), that it has been ratified by 169 nations, with the only significant non-adopters being China, Saudi Arabia, Malaysia and Singapore, and that scores of countries have embedded these rights at least in legislation, and in many cases in their constitutions. The problem goes even deeper, however, in that the breaches committed by organisations are referred to using the euphemisms of "legal grey zones", "enforcement gaps" and "regulatory arbitrage" - which gives the appearance of mere playfulness rather than the corporate misbehaviour and in some cases outright illegality that it actually is.
The paper recognises that "Interpreting personal data as a tradable good raises ethical concerns about whether people's lives, materialized in their data traces, should be property at all" (p. 164). On the other hand, the discussion frequently reverts to the theme of 'data as property' (9 occurrences), and to the question of how people's reticence can be overcome, and how people can be made to put a price on access to their data - all to meet the desires of corporations, irrespective of the needs and desires of people.
The Position Paper to some degree recovers the substantial imbalance of the Special Issue. On the other hand, the Paper:
Of the substantive contributions in the Special Issue, four are single-perspective and committed to the interests of corporations, one is balanced, and the last, although it is insightful and talks of balance, fails to deliver it. Where focus is brought to bear on data subjects, it is because their interests represent impediments to achieving corporations' objectives. It is disturbing that the Issue is so one-sided in its approach, because it is a leading example of research in this area, and is very likely to influence future researchers.
This section discusses several implications of the research reported in this paper.
The conclusion from the analysis is that 5 of the 6 papers in the Special Issue are, whether consciously or not, committed to the cause of corporations seeking to acquire and use personal data, and are concerned about the interests of other participants and usees only to the extent that they might have sufficient market power to harm the interests of data-exploiting corporations, and might exercise that power. Privacy-sensitive design is seen as necessary to satisfy corporate objectives, not to fulfil human rights obligations or to satisfy data subjects' needs.
Perhaps these characteristics are limited to the 6 papers that have been subjected to analysis, or are specific to personal data markets research. Alternatively, they may be a feature of particular research genres, such as economic analyses of market design, and laboratory experimentation into the exploitation of personal data, particularly social media data. The possibility exists, however, that they are a common trait of all research within the IS discpline and/or cognate disciplines, or within some sub-set of the IS discipline, such as MIS research conducted within Business Schools in the US, or within Business Schools more generally, and wherever else the Business School ethos is adopted.
Wall et al. (2015) explain the term 'ideology' as "aspects of a worldview that are often taken for granted and that disadvantage some and advantage others ... [and which] can be problematic to scientific research because they represent blind spots" (p.258). The Blackwell Encyclopedia of Sociology explains 'ideological hegemony' as "the way in which relationships of domination and exploitation are embedded in the dominant ideas of society" (BES 2016).
Are the problems of a preponderance of single-perspective research, and an overly heavy commitment to the interests of corporations, indicative of ideological hegemony? Are contributors to the Special Issue trapped into a disciplinary Weltanschauung dictated by the bodies of theory that have emerged over the last 50 years? Is the IS discipline on the path towards being merely a service industry supporting business executives? Further research needs to be undertaken, to assess the scope of publications that exhibit the characteristics evident in the Special Issue.
My contention is that inadequate diversity in researcher perspectives is an inappropriate characteristic of an academic discipline. Historians who re-write history for dictators are pilloried. Laboratory scientists who falsify data or results in order to serve the needs of a client are dismissed from academe. Conducting research single-mindedly for corporations, to the detriment of other participants and of non-participant 'usees' who are affected by systems, bears an uncomfortable resemblance to such behaviour.
The first question to address is whether the Special Issue is unusual in respect of researcher perspectives or is representative of research into personal data markets. If single-perspective research dominates, then the object of study is not 'markets', but rather just one side of them - the buyers of personal data.
Conducting a study across the breadth of the electronic commerce literature is challenging, not least in relation to the definition of the population and the isolation of appropriate sampling frames. It also demands substantial resources, especially if it is undertaken with the intensity necessary to perform critical content analysis.
In order to provide a first glimpse into the literature, a brief, exploratory study was undertaken. A convenience sample presented itself, in the form of a list of papers identified by the Editors of Electronic Markets (EM). Their own Editorial at the beginning of the Special Issue 25, 2 (June 2015) provides an analysis of past articles in EM "on security and privacy" (Alt et al. 2015, p.89). Of the c. 750 papers published in EM to date, the Editorial identified 25 articles published between 2001 and 2014 that dealt with "the relationship between trust and privacy" (p.88). Articles were discarded from the set if they were not specifically relevant to personal data markets (1), related to the very narrow sense of the term 'privacy' used by some authors in the computer science discipline, whereby it is a synonym for 'confidentiality' within the CIA model (8), or the object of study was organisations rather than people (4). That left 12 articles for consideration. These were assessed in order to identify the perspective(s) that they adopted. The articles were coded in accordance with the same protocol as has been applied to articles published in a range of other venues (Clarke 2015, 2016). The process description, the coding protocol and the coded data for the papers are provided in the Supplementary Materials. See Annexes 2.1-2.3.
The findings were that the researcher perspective adopted in all 12/12 articles was that of the system-sponsor, with the focus being on such factors as "the effectiveness of three vendor strategies", "a firm may be able to create a competitive advantage by increasing customer trust", and "the exchange of sensitive information between companies is limited by ... regulatory compliance". In no case were any implications of the research framed in a manner that addresses the interests of the individuals who were the object of study, despite many opportunities to do so. The research questions and key quotations were such that it appears that application of the full critical content analysis technique presented in this paper would be unlikely to produce any change in the assessment.
In an extension to the studies of researcher perspective undertaken to date, the author is currently examining a longitudinal sample of papers in the IS `basket of 8' journals. A further variant of that project is being considered, which would gather a sufficient sample of papers in the personal data markets domain, and hence develop a deeper understanding of the orientations that researchers who publish in those venues are bringing to their analyses. Other approaches that can be adopted include the application of critical content analysis, or less resource-intensive techniques, to targeted samples of papers on specific sub-topics within the field, and within particular literatures, such as 'eCommerce journals and conferences', 'economics of IS' venues, or IS and computer science generally.
The suggestions in the two previous sections are refined forms of 'navel-gazing'. They may highlight and articulate an important problem, but they do not themselves solve it. If quality is low, how can it be improved?
One approach would be to undertake and to stimulate substantial research projects that adopt the perspective of individuals rather than corporations. This would represent a counter-weight to the existing predominance of corporation-oriented studies. On the other hand, this approach suffers from the same deficiency that has been decried in the Special Issue: it is one-dimensional, and does not assist the two or more stakeholders whose interests conflict to appreciate one another's perspectives and devise (or even negotiate) market designs that satisfy both or all sides' needs.
Better approaches would be to adopt:
Existing exemplars of dual- and multi-perspective research can be utilised to assist in the conception and design of such research.
In order to conduct this research, it was necessary to review the literature relating to content analysis and literature review, and devise a specification of a form of critical content analysis appropriate to the research question and the context. The application of the technique to the text in the Special Issue needs to be subjected to review. For this purpose, the full audit trail is provided as Supplementary Materials.
The research technique itself, specified in Table 2, needs to be itself subjected to critical review, both of an intellectual nature, and arising empirically from its application to other, somewhat different research questions. It also requires re-articulation for particular circumstances.
Critical content analysis of the Special Issue showed that the papers were strongly oriented towards the objectives of corporations, and for the most part treated the interests of the people whose data is traded as constraints rather than as objectives. It appears that the dominance of corporate interests may reflect ideological assumptions that have become engrained in IS and in nearby research specialisations in both computer science and economics. It is suggested that, if IS aspires to being an academic discipline rather than merely a service to corporations, those ideological assumptions need to be recognised, and replaced with a more balanced world view.
Even in its own terms, however, the current genre of personal data markets research is ineffective. Much better information would be provided to corporations if researchers adopted dual- and multi-perspective approaches to research, and developed genuine understanding of the various stakeholders' interests and needs, rather than playing laboratory games intended to minimise the cost to business of enveigling consumers into trading their privacy off for convenience or a small amount of money.
Beyond that, however, the current genre of personal data markets research is ethically dubious. The large majority of research actively and wilfully ignores the interests even of participants other than the corporation-buyer, let alone the interests of people who are non-participants but who are affected by the system. To the extent that researchers are also IS professionals, they are in breach of their obligations under professional bodies' Codes of Ethics. They only escape being in breach of obligations under the Code of Research Conduct of the academic Association for Information Systems (AIS) because that body has yet to grasp the nettle and extend its coverage to the protection of people other than its own members.
The dominance of the system-sponsor perspective in IS research is consistent with what Wall et al. (2015) refer to as 'ideological hegemony'. That dominance may be so great that the argument pursued here might well appear to mainstream MIS and even IS researchers as 'beyond the pale', an outlier and even extremist view, or a plaintive call in the wilderness. US Business Schools successfully use excusatory language as camouflage for the consumer-exploitative techniques that they teach and research - in recent decades under such mottos as 'business ethics' and 'corporate social responsibility'. The IS research community can readily hitch itself more formally to such flags of convenience. It could overcome its eternal existential angst by abandoning 'IS' as its focal point, adopting the 'MIS' tag as its formal title, and excluding interests other than those of business from the discipline's scope.
If, on the other hand, the IS discipline aspires to the mantle of a genuine academic discipline, it needs to carve out a much larger space. The discipline can revert to the original notion of 'everything about systems that handle information', and recognise that the explosion in IT's capabilities and applications has drawn the whole world inside those systems, and that those systems have very substantial impacts and implications for individuals, groups, societies and polities. That approach makes it almost incontrovertible that the perspectives of all affected parties need to be reflected in the corpus of IS research.
Venues that adopt the latter, expansive and positive approach rather than the existing, retractive and negative one, need to do something about how they acquire papers for publication. Calls for papers need to expressly address dimensions additional to the economic, and the perspectives of all stakeholders, broadly defined. Further, Editors need to decline submissions that are mechanistic and narrow - and clearly explain what the authors need to do in order for their submissions to be re-considered. Editors need to develop a culture among their associates, seniors and reviewers that strongly favours dual- and multi-perspective research, and that sets the bar much higher for the routine, single-perspective research that currently takes up so much of journal and conference in-trays.
The focus of this paper has been on personal data markets, within the broader area of electronic markets. The problems that it has found appear to have ramifications well beyond those genres, and to raise questions about the future path of the IS discipline as a whole.
Acquisti A. & Gross R. (2006) 'Imagined communities: awareness, information sharing, privacy on the Facebook' Proc. Privacy Enhancing Technology Workshops (PET), 2006, 1-22, at http://people.cs.pitt.edu/~chang/265/proj10/zim/imaginedcom.pdf
Alt R., Militzer-Horstmann C. & Zimmerman H.-D. (2015) 'Editorial 25/2: Electronic Markets and privacy' Electronic Markets 25, 2 (June 2015) 87-90
Bakos Y. (1998) 'The emerging role of electronic marketplaces on the Internet' Communications of the ACM 41, 8 (August 1998) 35-42, at http://people.stern.nyu.edu/bakos/emkts-cacm.pdf
Bartis E. & Mitev N. (2008) 'A multiple narrative approach to information systems failure: a successful system that failed' Euro. J. of Information Systems 17 (2008) 112-124, at http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.431.4206&rep=rep1&type=pdf
Baumer E.P.S. (2015) 'Usees' Proc. 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI'15), April 2015
Benjamin R.I. & Wigand R.T. (1995) 'Electronic Markets and Virtual Value Chains on the Information Superhighway' Sloan Management Review 36, 2 (1995) 62-72
BES (2016) `Blackwell Encyclopedia of Sociology Online' Wiley-Blackwell, 2016, at http://www.sociologyencyclopedia.com/public/
Boell S.K. & Cecez-Kecmanovic D. (2014) 'A Hermeneutic Approach for Conducting Literature Reviews and Literature Searches' Communications of the Association for Information Systems 34, 12, at http://tutor.nmmu.ac.za/mgerber/Documents/ResMeth_Boell_2014_Literature%20Reviews.pdf
vom Brocke J. & Simons A. (2008) 'Towards a Process Model for Digital Content Analysis - The Case of Hilti' BLED 2008 Proceedings. Paper 2, http://aisel.aisnet.org/bled2008/2
Cameron J. (2007) 'An Integrated Framework for Managing eBusiness Collaborative Projects' PhD Thesis, UNSW, March 2007, at http://unsworks.unsw.edu.au/fapi/datastream/unsworks:2112/SOURCE01?view=true
Cameron J. & Clarke R. (1996) 'Towards a theoretical framework for collaborative electronic commerce projects involving small and medium-sized enterprises' Proc. 9th Int'l Conf. on EDI-IOS, Bled, Slovenia, 1996
Cecez-Kecmanovic D. (2001) 'Doing Critical IS Research: The Question of Methodology' Ch.VI in 'Qualitative Research in IS: Issues and Trends: Issues and Trends' (ed. Trauth E.M.), pp. 141-163, Idea Group Publishing, 2001, at https://pdfs.semanticscholar.org/37b1/e4c060b93fcfa04d81f03b750e746ba42f2d.pdf
Cecez-Kecmanovic D. (2005) 'Basic assumptions of the critical research perspectives in information systems' Ch. 2 in Howcroft D. & Trauth E.M. (eds) (2005) 'Handbook of Critical Information Systems Research: Theory and Application', pp.19-27, Edward Elgar, 2005
Cecez-Kecmanovic D., Klein H.K. & Brooke C. (2008) 'Exploring the critical agenda in information systems research' Information Systems Journal 18, 2 (March 2008) 123-135
Charlesworth A. (2006) `The future of UK data protection regulation` Information Security Technical Report 11, 1 (2006) 46-54
Chen W.S. & Hirschheim R. (2004) `A paradigmatic and methodlogical examination of information systems research from 1991 to 2001' Information Systems Journal 14, 3 (2004) 197-235
Clarke R. (1992) 'Extra-Organisational Systems: A Challenge to the Software Engineering Paradigm' Proc. IFIP World Congress, Madrid, September 1992, PrePrint at http://www.rogerclarke.com/SOS/PaperExtraOrgSys.html
Clarke R. (1999) 'Person-Location and Person-Tracking: Technologies, Risks and Policy Implications' Proc. 21st Int'l Conf. on Privacy and Personal Data Protection, pp.131-150, Hong Kong, September 1999. Revised version in Information Technology & People 14, 2 (Summer 2001) 206-231, PrePrint at http://www.rogerclarke.com/DV/PLT.html
Clarke R. (2001) 'Towards a Taxonomy of B2B e-Commerce Schemes' Proc. 14th Int'l eCommerce Conf., Bled, Slovenia, June 2001, pp. 591-615, at http://www.rogerclarke.com/EC/Bled01.html
Clarke R. (2002) 'e-Consent: A Critical Element of Trust in e-Business' Proc. 15th Bled Electronic Commerce Conference, Bled, Slovenia, 17-19 June 2002, at http://www.rogerclarke.com/EC/eConsent.html
Clarke R. (2008) 'Dissidentity: The Political Dimension of Identity and Privacy' Identity in the Information Society 1, 1 (December, 2008) 221-228, PrePrint at http://www.rogerclarke.com/DV/Dissidentity.html
Clarke R. (2015) 'Not Only Horses Wear Blinkers: The Missing Perspectives in IS Research' Opening Keynote, Proc. Australasian Conf. in Infor. Syst., Adelaide, December 2015, PrePrint at http://www.rogerclarke.com/SOS/ACIS15.html
Clarke R. (2016) 'An Empirical Assessment of Researcher Perspectives'
Proc. Bled eConf., Slovenia, June 2016, PrePrint at http://www.rogerclarke.com/SOS/BledP.html
Clarke R. & Wigan M.R. (2011) 'You Are Where You've Been: The Privacy Implications of Location and Tracking Technologies' Journal of Location Based Services 5, 3-4 (December 2011) 138-155, PrePrint at http://www.rogerclarke.com/DV/YAWYB-CWP.html
Davies S. (1997) 'Time for a byte of privacy please' Index on Censorship 26, 6 (1997) 44-48
Davison R.M., Martinsons M.G. & Kock N. (2004) 'Principles of canonical action research' Info Systems J. 14 (2004) 65-86, at https://www.researchgate.net/profile/Robert_Davison/publication/220356660_Principles_of_canonical_action_research/links/0a85e52e135ac5a7b4000000.pdf
Debortoli S., Müller O., Junglas I. & vom Brocke (2016) 'Text Mining For Information Systems Researchers: An Annotated Topic Modeling Tutorial' Communications of the Association for Information Systems 39, 7, 2016
Dobson J. & Fisher P. (2003) 'Geoslavery' IEEE Technology and Society 22 (2003) 47-52
EUD (1995) 'The Data Protection Directive' EU Directive 95/46/EC, Data Protection Commissioner, 1995, at https://www.dataprotection.ie/docs/EU-Directive-95-46-EC-Chapter-1/92.htm
Fischer-Hübner S. & Lindskog H. (2001) ' Teaching Privacy-Enhancing Technologies' Proc IFIP WG 11.8 2nd World Conference on Information Security Education, Perth, Australia (2001)
GDPR (2016) 'EU General Data Protection Regulation' SecureDataService, 2016, at http://www.privacy-regulation.eu/en/index.htm
GFW (2011) 'Who is harmed by a "Real Names" policy?' Geek Feminism Wiki, undated, apparently of 2011, at http://geekfeminism.wikia.com/wiki/Who_is_harmed_by_a_%22Real_Names%22_policy%3F
Gkatzelis V., Aperjis C. & Huberman B.A. (2015) 'Pricing private data' Electronic Markets 25, 2 (June 2015) 109-123
Greenleaf G. (2014) 'Asian Data Privacy Laws: Trade and Human Rights Perspectives' Oxford University Press, October 2014
Greenleaf G. (2017) '120 national data privacy laws now include Indonesia and Turkey' Privacy Laws & Business 145 (February 2017) 10-26
Gross E. (2004) 'The Struggle of a Democracy against Terrorism - Protection of Human Rights: The Right to Privacy versus the National Interest - the Proper Balance' Cornell International Law Journal 37, 1 (2004) Article 2, at http://scholarship.law.cornell.edu/cilj/vol37/iss1/2
Heimbach I., Gottschlich J. & Hinz O. (2015) 'The value of user's Facebook prof ile data for product recommendation generation' Electronic Markets 25, 2 (June 2015) 125-138
Hirst M. (2013) `Someone's looking at you: welcome to the surveillance economy' The Conversation, 26 July 2013, at http://theconversation.com/someones-looking-at-you-welcome-to-the-surveillance-economy-16357
Hsieh H.-S. & Shannon S.E. (2005) 'Three Approaches to Qualitative Content Analysis' Qualitative Health Research 15, 9 (November 2005) 1277-1288, at http://www33.homepage.villanova.edu/edward.fierros/pdf/Hsieh%20Shannon.pdf
Indulska M., Hovorka D.S. & Recker J.C. (2012) 'Quantitative approaches to content analysis: Identifying conceptual drift across publication outlets' European Journal of Information Systems 21, 1, 49-69, at /http://eprints.qut.edu.au/47974/
Kaid L.L. (1989) 'Content analysis' In Emmert P. & Barker L.L. (Eds.) 'Measurement of communication behavior', pp. 197-217, Longman, 1989
Kambil A. & van Heck E. (1998) 'Reengineering the Dutch flower auctions: A framework for analysing exchange operations' Inf. Sys. Research 9, 1 (1998) 1-19, at http://archive.nyu.edu/ bitstream/2451/14208/1/IS-96-24.pdf
King W.R. & He J. (2005) 'Understanding the Role and Methods of Meta-Analysis in IS Research' Communications of the Association for Information Systems 16, 32
Klein H.K. & Myers M.D. (1999) 'A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems' MIS Qtly 23, 1 (March 1999) 67-93
Krippendorff K. (1980) 'Content Analysis: An Introduction to Its Methodology' Sage, 1980
Lyon D. (1994) 'The Electronic Eye: The Rise of Surveillance Society' Polity Press, 1994
McGrath K. (2005) 'Doing critical research in information systems: A case of theory and practice not informing each other' Information Systems Journal 15, 2 (April 2005) 85-101, at http://dspace.brunel.ac.uk/bitstream/2438/3734/1/Fulltext.pdf?origin%3Dpublication_detail
Maguire S., Friedberg J., Nguyen M.-H.C. & Haynes P. (2015) 'A metadata-based architecture for user-centered data accountability' Electronic Markets 25, 2 (June 2015) 155-160
Manwaring K. & Clarke R. (2015) ''Surfing the third wave of computing: a framework for research into eObjects' Computer Law & Security Review 31,5 (October 2015) 586-603, at http://www.rogerclarke.com/II/SSRN-id2613198.pdf
Michael K. & Clarke R. (2013) 'Location and Tracking of Mobile Devices: Überveillance Stalks the Streets' Computer Law & Security Review 29, 3 (June 2013) 216-228, PrePrint at http://www.rogerclarke.com/DV/LTMD.html
Myers M.D. (1997) 'Qualitative research in information systems' MISQ Discovery, June 1997, at http://www.academia.edu/download/11137785/qualitative%20research%20in%20information%20systems.pdf
Myers M.D. & Klein H.K. (2011) 'A Set Of Principles For Conducting Critical Research In Information Systems' MIS Quarterly 35, 1 (March 2011) 17-36, at https://pdfs.semanticscholar.org/2ecd/cb21ad740753576215ec393e499b1af12b25.pdf
Oakley, A. (2003) Research evidence, knowledge management and educational practice: early lessons from a systematic approach, London Review of Education, 1, 1: 21-33, at ttp://www.ingentaconnect.com/contentone/ioep/clre/2003/00000001/00000001/art00004?crawler=true&mimetype=application/pdf
Orlikowski W.J. & Baroudi J.J. (1991) 'Studying Information Technology in Organizations: Research Approaches and Assumptions' Info. Sys. Research 2, 1 (March 1991) 1-28
Popper K. (1963) 'Conjectures and Refutations: The Growth of Scientific Knowledge' Harper & Row, 1963
Raab C.D. (1997) 'Privacy, democracy, information' Ch. 10 in Loader B. (ed.) 'The Governance of Cyberspace: Politics, Technology and Global Restructuring', pp. 155-174
Rayna T., Darlington J. & Striukova L. (2015) 'Pricing music using personal data: mutually advantageous first-degree price discrimination' Electronic Markets 25, 2 (June 2015) 139-154
Rayport J. F. & Sviokla J. H. (1994) 'Managing in the Marketspace' Harv. Bus. Rev. (Nov-Dec 1994) 141-150
Reidenberg J.R. (2003) `Privacy Wrongs in Search of Remedies' 54Hastings L. J. 54 (2003) 877, at http://ir.lawnet.fordham.edu/faculty_scholarship/36
Richardson H. & Robinson B. (2007) 'The mysterious case of the missing paradigm: a review of critical information systems research 1991-2001' Information Systems Journal, 17, 3 (July 2007) 251-270
Roeber B., Rehse O., Knorrek R. & Thomsen B. (2015) 'Personal data: how context shapes consumers' data sharing with organizations from various sectors' Electronic Markets 25, 2 (June 2015) 95-108
Schmidt B. (1993) 'Electronic Markets' 3, 3 (October 1993), at http://www.electronicmarkets.org/fileadmin/user_upload/doc/Issues/Volume_03/Issue_03/Electronic_Markets.pdf
Schmid B.F. (1997) 'Requirements for Electronic Markets Architectures' Electronic Markets 7,1 (1997) 3-6, at http://www.electronicmarkets.org/fileadmin/user_upload/doc/Issues/Volume_07/Issue_01/V07I1_Requirements_For_Electronic_Markets_Architecture.pdf
Segev A., Gebauer J. & Färber F. (1999) 'Internet-based electronic markets' Electronic Markets 9, 3 (1999) 138-146, at http://aws.iwi.uni-leipzig.de/em/fileadmin/user_upload/doc/Issues/Volume_09/Issue_03/V09I3_Internet-based_Electronic_Markets.pdf
Smith R.E. (2013) 'Compilation of State and Federal Privacy Laws 2013' Privacy Journal, June 2013, plus the 2015 Supplement, adding 20 more laws
Spiekermann S., Böhme R., Acquisti A. & Hui K.-L. (2015a) 'Personal Data Markets' Preface to the Special Issue, Electronic Markets 25, 2 (June 2015) 91-93
Spiekermann S., Böhme R., Acquisti A. & Hui K.-L. (2015b) 'The challenges of personal data markets and privacy' Position Paper, Special Issue, Electronic Markets 25, 2 (June 2015) 161-167
Stahl B.C. (2008) 'The ethical nature of critical research in information systems' Information Systems Journal 18, 2 (March 2008) 137-163
Stemler S. (2001) 'An overview of content analysis' Practical Assessment, Research & Evaluation 7, 17 (2001), at http://PAREonline.net/getvn.asp?v=7&n=17
Straub D. W. (2009) 'Editor's comments: Why top journals accept your paper' MIS Quarterly, 33, 3 (September 2009) iii-x, at http://misq.org/misq/downloads/download/editorial/3/
Wall J.D., Stahl B.C. & Salam A.F. (2015) 'Critical Discourse Analysis as a Review Methodology: An Empirical Example' Communications of the Association for Information Systems 37, 11 (2015)
Weber R.H. (2010) 'Internet of Things - New security and privacy challenges' Computer Law & Security Review 26, 1 (Jan-Feb 2010) 23-30, at https://www.researchgate.net/profile/Rolf_Weber3/publication/222708179_Internet_of_Things_-_New_security_and_privacy_challenges/links/0c96053cab03fee371000000.pdf
Weber R.P. (1990) 'Basic Content Analysis' Sage, 1990
Webster J. & Watson R.T. (2002) 'Analyzing The Past To Prepare For The Future: Writing A Literature Review' MIS Quarterly 26, 2 (June 2002) xiii-xxiii, at http://intranet.business-science-institute.com/pluginfile.php/247/course/summary/Webster%20%20Watson.pdf
Weill P. & Vitale M. (2001) 'Place to Space: Migrating to eBusiness Models' Harvard Business School Press, 2001
Wrigley C.D., Wagenaar R.W. & Clarke R. (1994) 'Electronic data interchange in international trade: frameworks for the strategic analysis of ocean port communities' Journal of Strategic Information Systems 3 (3), 211-234
For each segment of the Special Issue, the folder provides files containing the text of the paper, the relevant passages, the keywords and categorisations, and the analysis.
These files provide the process, results and coding for the analysis of the other 12 relevant papers published in earlier Issues of Electronic Markets.
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in Cyberspace Law & Policy at the University of N.S.W., and a Visiting Professor in the Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 1 March 2017 - Last Amended: 11 March 2017 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/SOS/MPCA.html