Business data privacy practices in contact tracing: a double-edged sword

Contact tracing plays an important role in supporting public health and safety during the COVID-19 pandemic (Centers for Disease Control and Prevention, 2021). In many countries, proximity tracing has been adopted in hospitality venues where people provide contact details to hospitality businesses to support governments’ rapid proximity tracing (Lin et al., 2021; Williams et al., 2021). However, such contact tracing triggers customers’ privacy concerns, especially in the Western countries where privacy is highly valued (Fahey & Hino, 2020; Rowe, 2020). Noticeably, privacy issues have become prevalent in the hospitality industry with increasing external security threats (Gwebu & Barrows, 2020). Many reports show that customers become reluctant to disclose their information and even provide false information for contact tracing (Jervis-Bardy, 2020). Therefore, hospitality businesses need to understand how to address privacy concerns around contact tracing in order to promote customer cooperation and maintain good customer relationships.

Recent studies on customer data privacy call for incorporating gossip theory into customers’ perceptions of business data privacy practices (i.e., how businesses collect and manage customer data) (e.g., Martin, Borah, & Palmatier, 2017). According to this theoretical view, transparency and control of the practices are the two major factors that determine customers’ privacy concerns and vulnerability (Martin et al., 2017; Morey, Forbath, & Schoop, 2015). However, there is a theoretical gap regarding how these perceptions influence customer commitment to the business. Moreover, given that governments could intervene in customer privacy issues, recent research further suggests that the role of the government in shaping customers’ perceptions of businesses’ data privacy practices should be explored (e.g., Lwin, Wirtz, & Williams, 2007; Martin & Murphy, 2017). Therefore, our study aims to examine how customers evaluate businesses’ data privacy practices and develop subsequent responses.