People worry about privacy. Yet they continue to shop online, book flights, check financial accounts, and register for digital services. They say privacy matters, but in practice they often provide their names, addresses, credit card numbers, preferences, and behavioral data. This contradiction has long been known as the “privacy paradox.” Tamara Dinev and Paul Hart’s paper, An Extended Privacy Calculus Model for E-Commerce Transactions, is one of the major information systems studies that directly addresses this paradox.
The paper asks a clear question: Why do people provide personal information for e-commerce even when they recognize privacy risks? Dinev and Hart do not explain this behavior as simple ignorance or irrationality. Instead, they argue that individuals weigh risks and benefits at the same time, while conflicting beliefs operate simultaneously. This decision-making structure is what the paper calls the “privacy calculus.”
Privacy calculus theory begins with the idea that individuals compare the costs and benefits of disclosing personal information. Disclosure creates risks. Information may be misused, sold to third parties, transferred to unknown companies, or accessed by government agencies. But disclosure also produces benefits. It allows people to purchase products, use desired services, and access information of personal value. Dinev and Hart extend this logic specifically to the context of e-commerce transactions.
The authors place four key factors at the center of their model. The first is perceived Internet privacy risk, which refers to the belief that personal information provided online may be misused or disclosed to third parties. The second is Internet privacy concern, meaning the degree to which users worry about how their personal information will be handled. The third is Internet trust, or the belief that a website will handle personal information safely and reliably. The fourth is personal Internet interest, which captures a user’s personal desire for information, services, or experiences available online.
The research model is straightforward. Perceived privacy risk lowers the intention to provide personal information, increases privacy concern, and reduces Internet trust. Privacy concern also lowers disclosure intention. By contrast, Internet trust and personal Internet interest increase the intention to provide personal information. In other words, people’s decisions do not follow a simple formula in which higher risk automatically prevents disclosure. Even when risk and concern remain present, trust and interest may be strong enough to push users toward disclosure.
The empirical foundation of the study is a survey of 369 respondents. The authors collected data from a diverse sample in the southeastern United States, including undergraduate students, graduate students, school employees, corporate employees, financial-sector workers, and retail and service-sector workers. They used structural equation modeling, or SEM, to test the relationships among multiple latent variables that influence the intention to disclose personal information.
The findings supported the proposed model. All hypotheses were statistically significant. Perceived Internet privacy risk reduced the intention to provide personal information, increased privacy concern, and weakened Internet trust. Privacy concern reduced disclosure intention. Internet trust and personal Internet interest, on the other hand, increased disclosure intention. Notably, Internet trust had a particularly strong positive effect, while personal interest also emerged as an important driver.
These results matter because they offer a more refined explanation of the privacy paradox. People do not disclose personal information because they have no privacy concerns. Rather, they may disclose information despite those concerns because other factors outweigh them. If users trust a website or feel a strong personal interest in a product, service, or piece of information, they may still choose to provide personal data. It is therefore inaccurate to interpret disclosure behavior simply as evidence of indifference.
One of the most important elements of the paper is the variable of personal Internet interest. Much e-commerce research had focused on trust, risk, usefulness, and convenience. Dinev and Hart add that the user’s attraction to specific information or services can overcome privacy concerns. Personal interest is not merely entertainment or curiosity. It reflects a cognitive pull toward something the user wants to obtain from the Internet. This variable remains highly relevant today, especially for understanding platform services, recommendation systems, and generative AI.
For example, users of generative AI may worry about how their prompts, documents, or conversations are stored and used. Yet they may still enter sensitive information because the system offers convenience, productivity, speed, or creative support. The structure is similar to the privacy calculus described by Dinev and Hart. The risk does not disappear. Rather, perceived benefit, trust, interest, and necessity may override that risk.
Another strength of the paper is that it acknowledges the coexistence of conflicting beliefs. A user may perceive high privacy risk while still trusting the Internet. A user may have privacy concerns while also feeling strong interest in a particular service. Human decision-making is not driven by a single attitude. Multiple beliefs operate at the same time, and behavioral intention depends on which of those beliefs becomes more influential in a given situation. In this sense, the paper interprets privacy behavior not as a simple gap between attitude and action, but as a complex decision-making process.
The study also has limitations. First, the sample was limited to respondents in the southeastern United States, making it difficult to fully account for cultural and national differences. Privacy perception can vary across legal systems, cultural norms, digital experiences, and platform environments. Second, the study measured perceptions of Internet websites in general rather than specific platforms. Users may evaluate Amazon, banks, hospitals, social media platforms, and generative AI services very differently.
Third, the study relied on self-reported survey data. There may be a gap between the intention to disclose personal information and actual disclosure behavior. Future studies need to examine real behaviors such as clicks, registration processes, personal data entry, browser setting changes, and cookie consent decisions. Even with these limitations, the paper has strong academic value because it structurally organizes the core variables that explain personal information disclosure.
The paper also offers practical implications for businesses. Online service providers should not assume that users are unconcerned about privacy simply because they provide personal information. In many cases, users may disclose information while still feeling anxious about privacy. Therefore, companies should not treat disclosure as a simple sign of consent. They must build systems and policies that reduce risk and sustain trust. Clear privacy policies, understandable notices, meaningful security measures, and limits on data use are not merely legal procedures. They are essential foundations of trust.
In today’s era of generative AI and platform economies, the paper carries even greater significance. Users no longer provide personal information only to buy goods. They now enter sensitive information into systems for AI conversation, document drafting, image generation, health advice, learning support, and work automation. The center of privacy calculus is shifting. In the past, credit card numbers and addresses were the core concern. Today, thoughts, worries, work documents, creative outputs, relationship information, and emotional records may all become part of the privacy equation.
Ultimately, An Extended Privacy Calculus Model for E-Commerce Transactions delivers a clear message. Providing personal information is not a simple act of consent. It is the result of a calculation in which risk, concern, trust, and interest collide. People do not necessarily disclose information because they have abandoned privacy. They disclose it because, at particular moments, trust, need, and personal interest may become stronger than privacy concern.
The paper transformed the privacy paradox from a language of blame into a language of explanation. Users are not simply contradictory. They are individuals making decisions in complex digital environments. The responsibility of today’s digital services is not to exploit that complexity to extract more data, but to help users disclose only what is necessary under conditions they can trust. Privacy calculus is ultimately not just a technical issue. It is a question of trust, and trust is not created by a single click. It is built through continuous responsibility.
