Next Article in Journal
Cybersecurity Access Control: Framework Analysis in a Healthcare Institution
Previous Article in Journal
An Evaluation of the Security of Bare Machine Computing (BMC) Systems against Cybersecurity Attacks
Previous Article in Special Issue
Humans and Automation: Augmenting Security Operation Centers
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JCP
Volume 4
Issue 3
10.3390/jcp4030034
jcp-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Protection of Personal Data in the Context of E-Commerce

by
Zlatan Morić
*,
Vedran Dakic
,
Daniela Djekic
and
Damir Regvart
Department of System Engineering and CyberSecurity, Algebra University, 10000 Zagreb, Croatia
*
Author to whom correspondence should be addressed.
J. Cybersecur. Priv. 2024, 4(3), 731-761; https://doi.org/10.3390/jcp4030034
Submission received: 19 July 2024 / Revised: 26 August 2024 / Accepted: 17 September 2024 / Published: 20 September 2024
(This article belongs to the Special Issue Data Protection and Privacy)
Browse Figures
Versions Notes

Abstract

:
This paper examines the impact of stringent regulations on personal data protection on customer perception of data security and online shopping behavior. In the context of the rapidly expanding e-commerce landscape, ensuring the security of personal data is a complex and crucial task. The study of several legal frameworks, including Malaysia’s compliance with EU regulations and Indonesia’s Personal Data Protection Law, provides valuable insights into consumer data protection. The challenges of balancing data safeguarding and unrestricted movement and tackling misuse by external entities are significant and require careful consideration. This research elucidates the pivotal role of trust in e-commerce environments and the deployment of innovative e-commerce models designed to minimize personal data sharing. By integrating advanced privacy-enhancing technologies and adhering to stringent regulatory standards such as the GDPR, this study demonstrates effective strategies for robust data protection. The paper contributes to the academic discourse by providing a comprehensive framework that synergizes legal, technological, and procedural elements to fortify data security and enhance consumer trust in digital marketplaces. This approach aligns with international data protection standards and offers a pragmatic blueprint for achieving sustainable data security in e-commerce.

1. Introduction

Online retail has experienced a significant surge in Croatia due to the closure of physical stores, driven by the global COVID-19 pandemic and its impact on consumer behavior. Amid an expanding digital marketplace, the convenience of this transition has brought to light critical vulnerabilities in protecting personal data. Robust data protection is a challenge in the face of the rapid shift to online shopping, which has increased the exposure of personal data to potential cyber threats.
Like many other regions, Croatia has seen rapid growth in online consumer activity, surpassing the advancement of necessary legal and technological protections. This gap brings forth a distinct array of challenges and risks. These include the potential for data breaches, unauthorized usage of data, and a lack of transparency in how data is handled. It is worth noting that these risks have become more prominent due to the significant increase in digital transactions. Trust in the e-commerce sector is being undermined due to the inadequacy of current regulatory measures and consumer protection frameworks in meeting the nuanced demands of a digitally driven consumer base. This is stifling the potential growth of the sector.
This study aims to tackle these pressing issues by examining the impact of stricter data protection regulations implemented in Croatia. Our objective is to determine if implementing these strengthened regulations can effectively address concerns regarding online shopping security and ultimately rebuild consumer trust. We conducted an extensive survey using Google Forms to capture various experiences and perceptions of online data security. The survey targeted a diverse demographic to ensure a comprehensive understanding of the topic. The survey was carried out from 1 to 10 September 2023 and consisted of 33 comprehensive questions. These questions assessed various aspects, including computer literacy, knowledge of data protection laws, and personal encounters with vulnerabilities in online shopping.
The gathered data, analyzed with great precision, quantifies the shifts in consumer attitudes toward data protection before and after implementing stricter regulations. Microsoft Excel was used for this meticulous analysis. Using detailed graphical representations, we demonstrate the impact of enhanced data protection measures on consumer perceptions of safety and trust in online environments. The study explores the relationship between different demographic factors, such as age, education, and digital literacy, and how they impact the effectiveness of regulatory changes in data protection.
We believe our research will significantly contribute to the ongoing academic and policy-making discussions surrounding data protection in e-commerce. This study seeks to present empirical evidence on the impacts of regulatory enhancements to contribute to better policy decisions. The ultimate goal is to promote more resilient data protection strategies, which will, in turn, create a secure and trustworthy digital shopping environment for consumers in Croatia.
This paper is organized as follows. The following section, Related Works, offers a critical review of existing studies on data privacy in e-commerce, followed by a discussion on protecting personal data on the Internet. Then, we move to discussing how an online store in Croatia works from the consumer and owner perspectives before discussing how those two perspectives merge as we try to do digital marketing in e-commerce. We also cover legal frameworks like GDPR and ePrivacy in that section. The section after that contains the practical part of our paper, exploring the association of stricter regulations with data sharing. The last sections of our paper include topics related to future research areas and conclusions.

2. Related Works

Data privacy is a significant concern in e-commerce, with various challenges and solutions explored across multiple studies. Arora [1] highlights the difficulties in protecting consumer data amidst the growing popularity of e-commerce platforms. This study underscores notable privacy breaches and the need for stringent government regulations to safeguard personal information. Future research should focus on evolving legal frameworks to address emerging threats.
Muneer et al. [2] discuss privacy and security threats in e-commerce, emphasizing the need for technical solutions to mitigate risks. The paper suggests that without eliminating these threats, consumer trust will falter. The authors call for further investigation into innovative privacy protection techniques and enhanced consumer awareness strategies.
Boritz and No [3] review the trade-off between necessary data disclosure and privacy risks in e-commerce. They observe that much of the research is outdated and fails to consider recent technological advancements. Future studies should address these gaps, examining the implications of new technologies on e-commerce privacy.
Ghani and Sidek [4] analyze how personal information is utilized in e-commerce and the associated privacy risks. They argue for stricter control measures to prevent misuse. The authors recommend further research into advanced encryption methods and developing comprehensive privacy policies to protect consumer data better.
Salim and Neltje [5] explore the legal protection of personal data in e-commerce transactions, using Indonesia as a case study. They identify significant legal gaps and advocate for implementing a comprehensive data protection bill. Future research should evaluate the effectiveness of such legislation in different jurisdictions.
Moores and Dhillon [6] question the efficacy of privacy seals in building consumer trust in e-commerce. Many websites lack privacy statements, and abuses continue despite self-regulation efforts. The authors suggest that future studies should explore mandatory privacy legislation and its impact on consumer trust.
Zhong and Wang [7] review current issues of consumer privacy leakage in e-commerce and propose technological and legal solutions. They highlight big data’s challenges and call for future research into developing robust privacy protection technologies and legal standards to mitigate these risks.
Farah and Higby [8] discuss the conflict between e-commerce data collection needs and consumer privacy. They highlight the limited success of self-regulatory initiatives and suggest the need for legislative action. Future research should focus on the impact of privacy laws like those in the EU on the profitability of e-commerce firms.
Antoniou and Batten [9] propose new models to enhance consumer trust in e-commerce by protecting personal information. They identify the cost implications for sellers and deliverers but suggest that increased consumer trust offsets these. Future studies should compare the effectiveness of these models against traditional protocols.
Bella et al. [10] introduce a paradigm balancing anonymity and trust to enforce privacy in e-commerce. They critique existing protocols and propose a differential privacy-preserving function. Future research should explore the practical implementation of this new paradigm and its impact on consumer behavior.
Budiono et al. [11] explore consumer legal protection against defaults in e-commerce transactions in Indonesia. They identify gaps in the current legal framework and suggest that protections must be preventive and repressive. The paper advocates for better legal measures to handle disputes and calls for future research to focus on the effectiveness of these legal protections in practice.
Gadjong [12] examines the legal relationship and protections between service providers and consumers in personal shopping services via e-commerce platforms. The study highlights that service providers can be held accountable if consumers suffer losses due to non-fulfillment of legal obligations. It emphasizes transparent communication and fulfilling obligations such as compensation or product replacements. Future research should explore the effectiveness of these legal protections and the role of government regulations in ensuring a fair e-commerce environment.
Lu [13] explores the computer e-commerce security system in the context of big data. The study identifies critical security threats and vulnerabilities in e-commerce platforms, emphasizing the need for comprehensive security measures. The paper discusses the importance of data encryption, secure payment gateways, and robust authentication mechanisms to protect consumer data. It suggests that future research should focus on developing advanced security technologies and implementing big data analytics to predict and prevent security breaches in e-commerce systems.
Saeed [14] argues that understanding customer reservations and perceptions of security and privacy in e-commerce applications is crucial for developing appropriate policies and secure technological infrastructures. Data collected in this paper were collected through an online questionnaire and analyzed using SmartPLS software and the partial least squares method. Research indicates that customers’ perceptions of online data security and trust in e-commerce applications are influenced by factors such as credit card usage, information security, motivational factors, trustworthiness, and reputation.
Monsalve-Obreque et al. [15] proposed a microenterprise solution to standardize processes and improve competitiveness in a demanding market. The methodology is based on quality management and customer satisfaction principles for e-commerce. It aims to identify both internal and external failures to prevent issues and achieve satisfactory outcomes. The proposed modifications seek to improve user experience, simplify purchase and payment procedures, bolster support for computer microenterprises, and fortify data security and privacy. This study on national-level quality regulations facilitates the formulation of recommendations for other microenterprises and the establishment of protocols for B2C electronic commerce transactions.
Duarte et al. [16] argue that Generation Z is poised to become the dominant consumer demographic in the future. Their research sought to ascertain Generation Z’s receptiveness to e-commerce in Portugal. This study employed a questionnaire to gather data, focusing on a conceptual model developed by reviewing existing literature. The dimensions were examined utilizing SmartPLS 4 and IBM SPSS Statistics 26. The results either confirmed or refuted hypotheses about trust, perceived risk, ease of use, attitude, usefulness, intention to use, privacy, and security.
Feedback data from a study by Chen et al. [17] have the potential to undermine user privacy by exposing buyers’ identities and preferences, resulting in a significant number of users refraining from providing ratings. They also present ARS-Chain, a robust reputation-sharing framework for e-commerce platforms that utilizes blockchain technology to ensure security. The experimental findings demonstrate that ARS-Chain improves user privacy and preserves system performance, influencing trust mechanisms in e-commerce platforms.
A study by Burlacioiu [18] examines the specific attributes of electronic commerce in European Union nations amidst a pandemic, utilizing data from Eurostat Digital Economy for 2019–2020. Principal component analysis (PCA) of 27 variables unveiled additional dimensions that facilitate more convenient visualization. Clustering techniques reveal the presence of four distinct groups of countries exhibiting unique online commerce patterns that necessitate attention from government and business entities. Despite experiencing substantial growth, Romania’s share of total retail in Southeastern Europe’s e-commerce industry remains relatively low, although it is considered a significant player in the region. Utilizing models from other nations can facilitate Romania’s progress toward achieving the level of success seen in advanced e-commerce economies.
A study by Kim [19] investigates the factors that motivate and impede online shopping on open-market platforms. A hierarchical regression analysis was performed on the response data collected from 417 Korean consumers to conduct a thorough investigation. The findings consistently demonstrated the influence of motivational factors on purchasing intention. Statistically, privacy concerns related to time-saving, perceived ease of use, and security concerns related to cost savings were found to moderate e-commerce concerns.
In their 2022 paper, Marjerison et al. [20] employ the uses and gratification (U&G) theory to investigate the acceptance of AI-based chatbots in online shopping among Chinese consumers. Data analysis reveals that practical factors such as the “authenticity of conversation” and “convenience”, as well as hedonic factors like “perceived enjoyment”, contribute to positive attitudes towards Chatbots. Nevertheless, the acceptance of this technology has been impeded by concerns regarding privacy and the lack of technological maturity.
A paper from 2019 by eCommerce Europe lays out the essentials for safeguarding personal data in e-commerce. It underscores the significance of adhering to legislation such as the GDPR. The research emphasizes the need for secure and transparent client data management to cultivate trust in online transactions. By adhering to the GDPR, e-commerce enterprises achieve legal compliance and bolster consumer trust, which is vi-tal for cross-border digital commerce and the sustained expansion of the European e-commerce industry [21].
Table 1 summarizes related works in e-commerce data privacy and highlights the significant contributions and gaps in existing research.
The strengths of each study are assessed, including the identification of critical privacy concerns, the proposal of new models, and the advocacy for stricter regulations. Nevertheless, the analysis highlights essential limitations, such as the failure to account for recent technological advancements, the narrow focus on specific regions, and the lack of empirical validation. Comprehensive and globally applicable solutions are needed to address the identified shortfalls highlighted in this evaluation.

Addressing Shortfalls in Related Works

This research makes a valuable contribution to the field of data privacy in e-commerce by addressing several significant shortcomings found in previous studies:
  • Our study stands out from Boritz and No [3] by comprehensively analyzing emerging technologies and their impact on e-commerce privacy. We address the gap in the existing literature by examining how new technologies can be utilized to enhance privacy protection.
  • In our study, we take a step beyond the proposals made by Zhong and Wang [7] by conducting empirical evaluations of these solutions in different e-commerce scenarios. Our research provides solid evidence to support the implementation of these solutions, demonstrating their effectiveness.
  • Our research considers the limitations found in previous studies by Saeed [14] and Kim [19]. By integrating consumer perceptions with technological solutions, we offer a comprehensive approach to improving privacy and security in e-commerce platforms.
Our study showcases a comprehensive grasp of the problem domain and offers inventive solutions that effectively tackle the shortcomings of prior research.

3. Protection of Personal Data on the Internet

Data protection is a fundamental right that allows individuals to safeguard their privacy and prevent potential misuse of their personal information. Organizations with personal data must enable individuals to access and review their data. Additionally, they should effectively communicate the types of data collected and how it is managed. Furthermore, individuals should be empowered to correct any inaccuracies or, in exceptional circumstances, request the deletion of such information.
The enforcement of the General Data Protection Regulation (GDPR) in Croatia falls under the jurisdiction of the Personal Data Protection Agency (AZOP), which established the Personal Data Protection Act. One of the agency’s primary responsibilities is to educate the public about their data rights, ensure the proper implementation of GDPR, and offer professional development opportunities for data protection officers. Administrative duties under GDPR are also carried out by AZOP, which includes submitting annual reports to the Croatian Parliament regarding the state of personal data protection.
The management of data protection matters falls within the purview of AZOP, which operates within a legally defined framework and possesses specific responsibilities and authority. Detailed information on individuals’ data rights and the procedures for addressing incorrect or incomplete data can be found on the agency’s website. The rules for data collection, processing, and international transfer are established by the Personal Data Protection Act, which also enforces compliance through the imposition of fines for any violations.

3.1. Basic Personal Data Concepts

In 1948, the United Nations Universal Declaration of Human Rights highlighted the importance of ensuring individuals’ freedom from unwarranted interference in their personal lives, encompassing family, residence, and private correspondence. The principle discussed here applies to safeguarding personal data, which includes any information that can be used to identify a person. Primary personal data includes information such as name and address, while personal data encompasses details like race, religion, and political affiliation. Biometric data, on the other hand, refers to characteristics such as fingerprints and behavioral patterns. Ensuring the security of these data is crucial for safeguarding individual privacy and identity.
The Personal Data Protection Agency (AZOP) emphasizes the importance of organizations providing stakeholders with clear information regarding their data usage. The paper covers various aspects, such as the purpose of data use, the legal basis for processing, the duration of data storage, the sharing of data with third parties, and the rights of individuals about their data. It is essential to provide individuals with information regarding the transfer of their data outside the EU, their ability to file complaints, the process of withdrawing consent, and the contact details of the data processor.
When personal data is shared online, particularly during e-commerce transactions, individuals are entitled to certain rights. These rights encompass being informed about how their data is being processed, having the ability to request corrections for any inaccuracies, and, under specific circumstances, having their data completely erased, commonly referred to as the “right to be forgotten”. This condition applies when the data become unnecessary, when consent is revoked, when objections are raised without a valid reason for continuation, or if the data were unlawfully processed or collected. Maintaining trust and privacy in the digital age requires these protections to be in place.
The general workflow of an online shop and how the data move through its subsystems is shown in Figure 1:
Many websites allow users to write product reviews when setting up an account to make an online purchase. When users provide feedback, the website collects data, including comments, usernames, customer network addresses, and information about the user’s Internet browser and operating system. As a result of this data collection, an individual’s name may become associated with a webshop in an Internet search result.
This phenomenon may arise from misrepresenting an individual’s name or the user’s deliberate decision to exclude their personal information from search results. In such cases, individuals are entitled to contact the data controller, like Google, and ask to remove any hyperlinks containing their personal information in search results.

3.2. GDPR

A European Union regulation known as the General Data Protection Regulation (GDPR) has been established to ensure the standardization of personal data processing principles, define the rights of data subjects, and impose obligations on data controllers and processors within member states. It governs the organization of data protection systems, superseding national laws, including Croatia’s former Personal Data Protection Act. Since May 2018, the GDPR has been in full effect to safeguard EU citizens’ privacy and personal data. It mandates that all organizations, regardless of location, must comply if they interact with EU residents.
The “right to be forgotten” (RTBF) is a provision introduced by the GDPR that allows individuals to request the removal of their personal data from third-party records. The primary objective of the regulation is to grant individuals enhanced control over their data and guarantee its safeguarding. Applying this law to any organization that collects data, does business, or offers services to EU residents ensures uniform data protection across the EU.
The impact of stricter regulations, such as the GDPR, on customers’ perceptions of data security and their subsequent purchasing behavior is examined in this study. The respondents were asked questions regarding their knowledge of the GDPR, the significance of Internet security, and their inclination to share personal data online. A comparison was made between customer habits and awareness before and after the implementation of the GDPR to ascertain if the regulation has resulted in a rise in online purchases.

3.3. The Importance of Protecting Personal Data on the Internet

The increasing value of personal data can be attributed to its crucial role in marketing and the potential risks associated with its misuse and involvement in unlawful activities. Companies like Google and Facebook have revolutionized the Internet advertising industry by harnessing extensive top-notch personal data. As a result, they have outperformed traditional advertising channels like television and radio. Personal data protection within information systems has emerged as a pressing social concern and a vital aspect of contemporary business operations.
Severe consequences can arise from mishandling personal data, such as privacy violations and infringing fundamental human rights. Individuals face significant risks when fraudulent activities, such as unauthorized contracts and bank withdrawals, result from data breaches. An economic model called the Personal Information Management System (PIMS) has emerged in response to the growing demand for strong data protection. PIMS enables users to securely manage their data instead of relying on companies that may potentially sell it. Data confidentiality is prioritized in these systems, contrasting with service providers monetizing client data.
Contractual obligations ensure that PIMS providers prioritize the confidentiality of personal data, providing a secure option for users who may not have the time or technical know-how to handle their data. Implementing this approach can make data transfers between companies with similar activities safer while protecting personal information from exploitation.

3.4. Collecting Confidential Information Online

The Internet makes global connectivity and access to numerous services possible and serves as a crucial platform for gathering and analyzing personal data, regardless of the provider’s location. Organizations often collect data through various methods, such as requesting it for service delivery, tracking behaviors using cookies, or obtaining data from external sources. Personal data, such as names and dates of birth, are often requested by online services like free email and social networks to grant access to their platforms. Although these services may seem free, the price is paid with personal data, which companies utilize to generate profits, frequently without consumers fully comprehending the worth or consequences of the data they supply.
Data collection methods encompass two main types: “first-party” data, which involves companies directly gathering information from users, and “third-party” data, which involves aggregating information from multiple sources and subsequent sales. Generally, companies view “first-party” data as more reliable due to their knowledge of its source and collection methods, which helps ensure compliance with regulations. However, risks arise when dealing with “third-party” data, including data overlap, uncertainty regarding collection methods, and potential regulatory violations. There has been a significant shift in data collection approaches, driven by a growing understanding and regulatory measures such as the GDPR. This has led companies to decrease their dependence on third-party data and prioritize protecting data privacy. Personal information is stolen for malicious purposes through social engineering techniques alongside legitimate data collection practices. Phishing, vishing, and smishing are commonly used to obtain sensitive information through deceptive emails, fraudulent phone calls, and text messages. Victims are often manipulated into revealing personal data by attackers who assume false identities, resulting in significant financial and reputational damage for both individuals and businesses. These attacks, which fall under the umbrella of social engineering, are a severe concern. Additional methods of data theft involve the creation of fraudulent websites, unauthorized acquisition of databases, and disseminating malware and spyware through unreliable sources.

3.5. Identity Theft

Identity theft involves illicitly using an individual’s personal information for deceit, typically for financial benefit. The Internet facilitates identity theft, as personal data is exploited by criminals to assume another person’s identity without their knowledge or consent. Identity theft commonly occurs when individuals exploit identification documents, credit cards, and personal information such as names and addresses, taking advantage of the convenience of online access. Significant harm is caused to the victim’s finances and reputation because of identity theft. The Internet’s environment is well-suited for such crimes due to its widespread access to personal data and the ability to operate anonymously from remote locations. Decreased vigilance among users has been observed because of the growing trend of sharing personal information online, which is a significant factor in identity theft. With the normalization of data sharing and the unfortunate presence of consumer negligence, the door is opened for data thieves to take advantage of inadequate security measures or even resort to creating fraudulent websites to steal valuable information.
In addition, identity theft can occur without the direct theft of personal information. This is because individuals often unknowingly put themselves at risk by sharing personal data on social networks. The lack of caution and increased vulnerability to identity theft resulting from this casual data-sharing approach has become widespread in the digital age.

4. Online Store in Croatia

In Croatia, online businesses face a significant hurdle due to the relatively low Internet adoption rate. Only 69% of the population uses the Internet, which places Croatia near the bottom among EU member states. In Croatia, only 47% of Internet users engage in online shopping. The primary reasons for this hesitation stem from concerns regarding the security of payment transactions, the reliability of delivery and product replacement, and the difficulties in filing complaints. Most online payments are made through mobile devices, accounting for 61%. Card payments come in second at 22%, while the remaining payments are made through bank transfers and gift cards.
In Croatia, digital platforms may not have gained as much prominence as traditional media and brick-and-mortar stores. This could be attributed to a lack of education, an understanding of modern technologies, and a cultural preference for conventional practices. The eCommerce Croatia Trusted Shop label, introduced by the Association of Croatian Web Retailers, aims to establish trust in online shopping by guaranteeing customers secure payments, transparent pricing, reliable delivery, and authentic product reviews. The trust mark has been designed to enhance consumer confidence in online shopping, specifically focusing on smaller items such as electronics, books, and clothing, which can be conveniently purchased and returned through online platforms.
Food delivery platforms like Pauza, Glovo, and Wolt have experienced an increase in usage within Croatia’s online retail industry. These platforms offer a convenient way to order and select food from various restaurants, gradually replacing traditional fast-food restaurant leaflets. As a result of this shift, many fast-food restaurants have come to depend on these platforms for delivery and ordering services rather than maintaining their systems.

4.1. Advantages and Limitations of Online Commerce

Online stores provide a multitude of benefits for both individual and corporate users, often surpassing the disadvantages of traditional shopping. A wide variety of stores can now be accessed online, allowing customers to search for products based on specific criteria and make informed purchasing decisions by reading reviews. This eliminates the need for customers to visit multiple physical stores. Significant benefits arise from the convenience of shopping from home, the avoidance of traffic and parking hassles, and the ability to shop outside of traditional working hours. In online commerce, intense competition often results in price wars, which can benefit customers by offering them better deals. One can easily compare products and prices across various stores with just a few clicks when shopping online. This greatly enhances the chances of finding desired items at the most favorable prices. The shopping experience is enhanced by the ease of comparison and the wide range of products available from different locations, including cities and countries. In addition, online shopping offers a sense of privacy and eliminates the need for aggressive sales interactions, creating a more relaxed atmosphere for customers. They can quickly contact vendors for any extra information they may require.
One notable advantage is acquiring digital items such as movies, music, and software, which can be promptly delivered upon purchase, eliminating the necessity for physical mediums. Comprehensive online product catalogs facilitate quick and efficient searches, saving customers valuable time and enhancing the streamlined and enjoyable shopping process. Some of these conveniences are presented in Figure 2.
One of the significant drawbacks of online shopping is the lack of transparency, where customers cannot fully assess the product until it arrives. This uncertainty can lead to dissatisfaction if the product does not meet expectations. Additionally, the delivery process can be excessively long, depending on the delivery provider and the merchant’s practices, with some orders taking several weeks to arrive, even after prompt payment. This delay and the potential hassle of returning or replacing items make online shopping less convenient than purchasing from a physical store.
Another disadvantage is the complexity and time-consuming nature of returning or replacing items purchased online, which cannot replicate the immediate resolution possible in a brick-and-mortar store. Furthermore, the increasing trend of offering “discounts” for single payments in online stores, where there are significant price differences between cash payments, single installment card payments, and multiple installment payments, can be seen as an unfair trading practice. Traditional stores typically do not engage in such practices, making them more straightforward in pricing and payment options.

4.2. The Importance of GDPR for the Growth of Online Consumption

A significant concern when buying from online stores is the possible exposure of private data. Although customers frequently voice privacy concerns when shopping online, their behavior often contradicts these worries, which is called the privacy paradox. Marketing firms have developed a high level of proficiency in collecting and analyzing consumer data and closely monitoring user activity to obtain valuable insights into purchasing patterns. While the ethical use of this data can be helpful, there are concerns about potential misuse and privacy violations due to the combination of aggressive advertising and the sale of visitor data.
Authorities have implemented stricter legislative frameworks, like the General Data Protection Regulation (GDPR) in the European Union, in response to privacy concerns. The GDPR has strengthened security measures to ensure that merchants do not retain payment data if users withdraw consent. This regulation is being implemented as part of a larger initiative to minimize potential negative impacts on consumers and rebuild confidence in online transactions. Nevertheless, tension persists between consumers and e-commerce platforms, as personal data collection is necessary to facilitate transactions.
Consumers need to be aware of the potential risks of online shopping, including identity theft. Caution should be exercised when sharing personal information. Creating a secure environment that fosters trust is crucial for organizations, as they must acknowledge and cater to the preferences and needs of online consumers. Implementing stricter regulations is anticipated to be vital in restoring consumer confidence in online shopping security. This, in turn, is expected to foster the expansion of e-commerce and favorably impact consumer behavior. This paper aims to investigate enhanced privacy laws’ influence on online commerce’s growth and their implications for consumer behavior.

5. Digital Marketing in E-Commerce

Although initially appearing complex and broad, digital marketing is an effective and empowering strategy for promoting products, services, and businesses. Various marketing techniques use digital technologies and media to reach audiences effectively. With the advancement of digital services and the increasing digitalization of life, online activities are becoming more prominent. This shift towards digital media replacing traditional advertising methods, such as newspapers and radio ads, is primarily driven by the widespread use of mobile devices like smartphones, tablets, and PCs.
By utilizing location, age, and gender, companies can customize their campaigns, enabling them to target specific groups effectively. Consequently, businesses can allocate their marketing budgets more precisely and directly promote their offerings to the intended audience. In addition, the effectiveness of campaigns can be measured through digital marketing, a feature absent in traditional advertising. Online behavioral advertising (OBA) plays a crucial role in digital marketing by tracking and profiling users’ browsing habits to deliver personalized ads.
Although OBA is widely acknowledged as a highly effective advertising technique, there are legitimate concerns regarding possible privacy violations. Collecting user data as they navigate different websites involves using identifiers like HTTP cookies to create detailed user profiles. Marketers can evaluate user behaviors by utilizing historical data, which has raised concerns among users regarding the management and protection of their privacy.

5.1. The Importance of Digital Marketing for Online Commerce

The increasing number of people online and the growing competition in selling products and services make it essential for companies to stand out and reach more customers. Companies struggle to grow without an online presence or advertising, as visibility is crucial in today’s market. Google, the leading search engine, drives over 90% of Internet traffic, making it vital for businesses to appear in search results or through paid advertising. Effective campaigns, whether through pay-per-click (PPC) ads, pay-per-mille (PPM) ads, or SEO optimization, can give companies a competitive edge, regardless of the strength of their competitors.
One of the key advantages of Internet marketing is its ability to facilitate two-way communication, allowing customer participation in offer creation and providing valuable company feedback. Many digital marketing tools enable precise audience targeting, a challenge in traditional advertising. Internet advertising is often more cost-effective, especially for smaller companies that cannot afford expensive marketing strategies like television ads. The flexibility of digital marketing allows companies to adjust their strategies in response to market changes, enhancing their competitiveness.
Using digital marketing tools significantly increases a company’s online visibility, driving more traffic to online stores and boosting revenue. These tools provide transparent and measurable results, offering insights into campaign effectiveness and allowing businesses to refine their strategies for better outcomes and higher returns on investment (ROI). Beyond advertising, digital marketing enhances a store’s image, brand, and customer connectivity, further contributing to increased revenue and growth.

5.2. Effects of GDPR and ePrivacy on Digital Marketing

The advertising industry faces new challenges due to the introduction of regulations and the revision of existing ones. Among these challenges, digital marketing is particularly affected. Business data management tools are believed to have been improved by the GDPR.
Third-party cookie abolition poses significant challenges for small advertisers and agencies as they grapple with the announcements made by Google, Facebook, and Apple. Disabling data tracking through these companies’ tools and services will pose significant challenges for small companies and advertisers in collecting data, identifying precise target groups, and analyzing campaign success. Upon the user’s withdrawal or opt-out, it is observed that approximately 50% of marketing agencies cease web tracking, thus effectively meeting the user’s expectations. Small businesses will face numerous challenges as marketing giants benefit from these changes. Reading the privacy policy can be challenging for users due to complex legal and technical terminology in lengthy texts. The GDPR has introduced stricter requirements regarding obtaining parental consent for processing child data and respecting the data subject’s right to revoke consent.

6. Research Objectives and Methodology

Due to the pandemic and store closures, many Croatians had to buy online for the first time. Given citizens’ distrust of new technologies and the provision of personal data, especially financial data like credit card numbers, it is interesting to see if stricter regulations have created trust in this type of purchase. In addition to more stringent regulations, it is interesting to study whether the regulation affected online commerce more or caused the inability to shop traditionally.

6.1. Questionnaire and Data Collection

This study aims to examine and demonstrate the level of awareness among users regarding the vulnerability of their data on the Internet and the impact of stricter regulations on personal data protection on the trust and acceptance of online stores when users share their personal information. The questionnaire aims to examine respondents’ understanding of Internet data security, their awareness of indicators of secure communication, and their views on the potential advantages of more stringent regulations for them as users.
The research and data collection were conducted using a questionnaire administered through the Google Forms platform, widely recognized as a free and commonly used tool for conducting survey research. The data collection period spanned ten consecutive days from 1 to 10 September 2021. Due to the requirement of being of legal age, data analysis was limited to individuals over 18. The sample size consisted of 100 respondents. The questionnaire was disseminated via social networks and directly emailed to acquaintances.

6.2. Structure of the Data Protection Questionnaire

The questionnaire comprises 33 questions categorized into three sections. The initial section focuses on gathering demographic information from respondents, including age, gender, residence, education, and income. The second set of questions pertains to the overall understanding of computer and Internet operations, familiarity with safeguarding personal data privacy, and the ability to identify secure websites based on specific indicators. The third set of questions pertains to the respondents’ experience with an online store, including the frequency of purchases before and after implementing stricter regulations, the types of goods and services they most frequently purchase online, and their overall shopping experience.

6.3. Results Analysis

The analysis of survey data collected from a targeted demographic focuses on perceptions, behaviors, and attitudes toward personal data protection in e-commerce. As digital commerce environments evolve, so does the regulatory framework governing data security and consumer privacy. This necessitates an examination of public sentiment and the effectiveness of regulations like the GDPR.
This study aimed to evaluate the correlation between enforcing stricter data protection regulations and their perceived impact on consumer trust and behavior in online markets, with a specific emphasis on Croatia. This analysis is pivotal for determining whether consumers perceive enhanced regulatory measures as adequate protections or if they are undermined by practical challenges or a lack of awareness. Insights derived from this analysis aim to contribute to understanding the interplay between legal measures and consumer trust in digital commerce, suggesting pathways for enhancing data protection strategies in e-commerce.

6.3.1. Demographic Overview

In the study, data was collected from a total of 100 participants. The demographic distribution of the respondents, as depicted in Figure 3, reveals a gender composition where 58% were identified as male and 42% as female. Age-wise, most respondents, constituting 34%, were aged between 36 and 45. This group was closely followed by those aged 26 to 35, representing 32% of the sample. Respondents aged 18 to 25 comprised 15% of the population, whereas those between 46 and 55 accounted for 13%. The smallest age group, respondents over 56, comprised 6% of the sample.
The educational qualifications of the respondents reveal that 63% of the participants possess higher education, while 37% have attained primary and secondary education. Within this distribution, individuals with secondary education predominate, comprising 34% of the sample. Those with graduate studies constitute 25%. Furthermore, 19% of the respondents reported having undergraduate degrees, and 13% have completed either a postgraduate specialist study or a scientific master’s degree. Respondents with postgraduate university qualifications or doctoral degrees account for 10%, and the smallest group, those with only primary education, comprises 3% of the sample.
The employment relationship data reveal that 68% of the participants are employed, 19% are students, 8% are unemployed, 3% are pensioners, and 2% have not disclosed their employment status. Regarding earnings, the highest % of respondents, 27%, report a monthly income exceeding EUR 1500.00. Another 20% earn between EUR 1001.00 and EUR 1200.00 monthly, while 18% receive EUR 501.00 to EUR 1000.00. Approximately 16% of the participants have no income, and 6% earn up to EUR 500.00 monthly.
Regarding residence, 37% of the respondents live in areas with populations exceeding 150,000. Smaller communities with 10,001 to 50,000 inhabitants house 23% of the respondents; 16% reside in areas with 100,001 to 150,000 inhabitants, 14% in communities with fewer than 10,000 people, and 10% in regions housing 50,001 to 100,000 inhabitants. For household composition, the largest group, 27%, consists of households with four members, followed by three-member households at 21%, two-member households at 20%, and individuals living alone at 18%. Households with five members account for 10%, those with six members comprise 3%, and the smallest group, 1%, has nine members.
Concerning marital status, the majority of the respondents, 43%, are single. Married respondents comprise 38% of the sample, 15% live with a partner, and 4% are widowed.
Data on household composition indicate that the most significant proportion of respondents, 27%, reside in households consisting of four individuals. Households with three members account for 21% of the sample, followed closely by two-person households comprising 20%. Eighteen percent of the participants live alone. Ten percent of the respondents are part of five-member households, while households with six and nine members represent 3% and 1% of the sample, respectively.
The second segment of the questionnaire aimed to evaluate respondents’ perceptions of their competencies in computer operation, Internet usage, and personal data privacy protection, including their ability to recognize indicators of secure websites. Respondents were asked to rate their skills using a Likert scale from 0 (representing computer illiteracy) to 7 (indicating expert computer skills). The analysis reveals that the respondents generally perceive their IT literacy as high, with the average score across attributes being 5.25 and the most frequent response being 6. Notably, individuals aged between 36 and 45 reported higher levels of IT proficiency, whereas those aged 56 to 65 tended to rate their computer knowledge lower.
Respondents were queried about the frequency of their Internet use. The results show that a significant portion of the participants are frequently online: 37% reported always being connected, 28% very often, 24% relatively often, 9% sometimes, and a small minority of 2% rarely use the Internet. This indicates a high level of Internet presence among the respondents.
Several significant demographic trends are highlighted by the survey results, with a particular focus on gender and age differences among respondents. Further discussion is warranted regarding the dominance of male respondents across most age groups, except for those aged 56 and above. Several underlying factors may contribute to this pattern:
  • Male respondents were more prevalent in the 18–35 age range. One possible explanation for this phenomenon is the higher level of digital literacy and more frequent use of online shopping channels among men, which may contribute to their increased engagement with technology and e-commerce platforms. Sharing personal information online may be more common among males in these age groups, possibly due to social and cultural factors that encourage early technology adoption.
  • It is worth noting that in the 56+ age group, there is a shift in the trend, with females outnumbering males among the respondents. Several factors could contribute to this shift. One possible reason is that women tend to have longer life expectancies, resulting in a larger female population in older age groups. Additionally, older males may be more concerned about privacy and avoid online sharing of personal data.
  • Analyzing performance in terms of familiarity with GDPR and comfort with online transactions, it was observed that the 36–45 age group, particularly males, displayed the highest level of performance. This group has probably already established themselves in their careers, possessing higher disposable income and greater familiarity with online transactions. This contributes to their confidence in navigating e-commerce platforms. In contrast, the oldest age group (56+), particularly females, exhibited the lowest performance in these areas. There appears to be a potential difference in understanding and trust in digital privacy regulations between different generations. This difference could be due to older respondents having lower levels of digital literacy and less online experience than younger individuals.
  • The survey findings indicate a positive relationship between higher levels of education and income and a more robust comprehension and trust in online shopping and data protection laws. Individuals with higher education levels demonstrated a greater sense of assurance in their capacity to navigate online transactions securely. In contrast, those with lower income levels exhibited more caution, possibly stemming from economic vulnerability and limited exposure to digital platforms.
Considering these demographic insights, targeted interventions may be worth considering.
  • Targeted educational campaigns could benefit older age groups, especially those above 56, by enhancing their digital literacy and understanding of online privacy regulations. Possible options for disseminating information could involve organizing workshops, hosting webinars, and providing user-friendly guides that clarify the intricacies of online shopping and data protection.
  • A potential strategy to enhance female involvement in the 18–35 age group could be to emphasize the advantages of online shopping and digital literacy on platforms and social networks catering to women. We can encourage greater female engagement by addressing the unique concerns that might discourage them from participating in e-commerce.
  • A potential solution to address the disparity in digital engagement is to offer resources and support to individuals with lower incomes. This could include providing affordable access to secure online payment methods and educating them on the economic advantages of online shopping.
The strategies outlined in this study aim to promote inclusivity in e-commerce, foster trust among diverse demographics, and ultimately boost engagement in online shopping platforms.

6.3.2. Data Security and Privacy Awareness

Additionally, the survey explored respondents’ understanding of personal data protection. This included assessing their knowledge of what constitutes personal data, aiming to gauge their awareness and comprehension of data privacy issues.
An analysis of survey responses revealed exciting insights into what respondents consider personal data. As shown in Table 2, a significant misconception was observed; 66% of respondents incorrectly identified the registration number of a legal entity as personal data, and 58% made the same error with the financial data of legal entities. Additionally, it is particularly noteworthy that 40% of respondents do not recognize students’ school grades as personal data. These findings highlight gaps in understanding what constitutes personal data among the public.
The research reveals significant concerns among respondents regarding their online data security. The majority, 58%, identify the unauthorized sharing of their data as the primary threat. Cybercriminals are considered a potential threat by 49% of the respondents, followed by the threat of employee data theft at 40%. Accidental data loss is noted by 34%, while 29% are concerned about misuse of personal data by another country, and 25% are concerned about data breaches related to terrorist activities.
Regarding computer protection, 78% of respondents report installing antivirus systems on their PCs, highlighting a prevalent adherence to basic cybersecurity measures. Despite this, only 26% of respondents feel secure about their data online, with a scant 7% feeling extremely secure, indicating widespread unease about online data safety.
A substantial 74% of participants strongly agree on the importance of Internet security, with an additional 16% generally agreeing. Only a tiny fraction (5%) disagree, and 2% view online security as unimportant. When asked about experiences with online fraud, 64% have not encountered fraud, whereas 37% have faced some inconveniences while shopping online.
Negative online shopping experiences have led to significant behavioral changes among consumers. Of those affected by such experiences, 14% temporarily ceased online purchases, and 7% stopped altogether. Conversely, 52% now purchase only from verified retailers post-experience, demonstrating a cautious approach to online shopping, while 28% report no change in their shopping behavior.
According to guidelines from the European Commission, safe online purchasing practices include verifying that a website uses the “https://” protocol and displays a locked padlock icon, indicating secure data transmission. Websites labeled with “http://” or displaying an unlocked red padlock or exclamation mark are deemed insecure for transmitting personal information.
Survey results show that a significant percentage of respondents, 63%, adhere to these security guidelines when shopping online. However, 39% of the participants do not consistently observe these safety measures during online transactions. This indicates a gap between awareness and practical security measures among Internet users.
Regarding cookie consent, 40% of respondents admit never reading the terms of use for cookies before consenting. Meanwhile, 42% have read these terms at least once but do not revisit the documents, simply accepting the cookies subsequently. A more cautious 20% always review the cookie terms each time they visit a new site.
When it comes to types of cookies, technical cookies, which are essential for website functionality and cannot be disabled, receive consent from 54% of respondents; functional cookies, which can be turned off and used to enhance site functionality and personalization, are accepted by 20% of respondents. Marketing cookies, used for tracking and delivering targeted advertising, are consented to by 12%, and statistical cookies, which track site activity and effectiveness, are accepted by only 9% of respondents. Surprisingly, 36% of respondents indicated that they consent to all types of cookies presented.
The survey results revealed essential insights into respondents’ understanding of data security and privacy. It is worth noting that respondents have a notable misconception regarding the definition of personal data. The study found that a significant number of respondents (66%) mistakenly identified the registration number of a legal entity as personal data. Similarly, a considerable proportion (58%) of respondents had made the same error with financial data associated with legal entities. The prevalent gap in public understanding is highlighted by this misclassification, indicating a need for improved education on the distinction between personal and non-personal data.
In addition, the study reveals that although most participants (78%) have implemented fundamental cybersecurity measures, such as installing antivirus software on their devices, there is still a prevailing concern regarding online data security. A small percentage of respondents expressed confidence in protecting their online data, with an even smaller percentage feeling extremely secure. The widespread sense of insecurity may stem from frequent data breaches and the intricate nature of online privacy, which can be challenging for many users to navigate or fully understand.
Additional analysis indicates a significant concern regarding unauthorized data sharing and cybercrime, as evidenced by 58% of respondents identifying unauthorized data sharing as their primary worry. The statement highlights a strong understanding of the potential dangers of data exposure, emphasizing the importance of organizations implementing more robust and transparent data protection measures when handling personal information.
Based on these findings, it becomes evident that there is a discrepancy between respondents’ acknowledgment of the significance of data security and their actual implementation of it. As an example, recommended security practices, like checking for secure connections (e.g., “https://”) when shopping online, are not consistently followed by 39% of respondents. There is a clear need to address the gap between knowledge and action, indicating that implementing more intuitive and user-friendly security features and ongoing public education could be instrumental in closing this divide.
To tackle these challenges, organizations must give utmost importance to transparent communication regarding the usage and security of data. This includes making privacy policies easily accessible and understandable to the average user. In addition, the public’s understanding of data privacy could be significantly improved through targeted educational campaigns, which would help to correct any misconceptions and enhance overall awareness of data security.

6.3.3. Consumer Trust and Regulatory Impact

The third set of questions in the survey addressed the respondents’ online shopping experiences, including the frequency of purchases before and after the enactment of stricter data protection regulations, the types of goods and services commonly purchased online, and general shopping experiences. The majority of respondents, 38%, reported shopping online every month. Annually, 29% of respondents make purchases, and 19% shop weekly. An equal percentage of 7% either shop daily or do not shop online.
Respondents’ familiarity with the GDPR varied, with 57% indicating partial familiarity. Twenty-two percent of respondents reported complete familiarity with the regulation, while 21% were unfamiliar.
The GDPR’s impact on respondents’ confidence in online shopping was significant, particularly among those aged 36–45, who reported the highest influence, rating their increased trust with the highest score of 7 on a Likert scale. In contrast, the youngest and oldest age groups reported no significant change in trust levels, whereas middle-aged groups showed increased confidence in online shopping.
Familiarity with the GDPR across different age groups showed that 94.12% of respondents aged 36–45 years were fully or somewhat familiar with the regulations, with only 5.88% lacking any familiarity. This pattern of familiarity was generally higher among respondents with higher educational backgrounds, with 96% of those holding a graduate or undergraduate degree reporting some level of understanding.
As shown in Figure 4, regarding the frequency of online purchases post-regulation, 26% of respondents who previously shopped infrequently (“rarely”) perceived an increase in their shopping frequency, suggesting a minimal but noticeable shift toward more frequent online shopping following stricter regulations. However, no significant increase was observed in other respondent groups regarding shopping frequency post-regulation.
The following dominated product categories purchased online: clothing, footwear, and fashion accessories, with 59% of the sample purchasing them. Information technology, home appliances, and sports equipment were also popular categories, with 41% and 37% of respondents purchasing these items.
The survey results, as shown in Figure 5, indicate significant concerns among respondents regarding online shopping, with the highest anxiety centered around credit card misuse (59%), followed by fear of fraud (48%) and personal data theft (47%). A total of 42% of respondents reported concerns about losing money, and the inability to return purchases concerned 28%. Additional worries included the cost and potential taxes on shipping (24%), while 16% expressed a general distrust of online shopping. Only 1% were concerned about not receiving their ordered items.
The survey results provide a nuanced perspective on the impact of regulatory frameworks like the General Data Protection Regulation (GDPR) on consumer trust in online transactions. Although 64% of respondents reported being aware of the GDPR, only 45% expressed a significant improvement in their data security. This discrepancy indicates that although the regulation is acknowledged, there is a mixed perception regarding its effectiveness in improving consumer trust.
Significant variations in trust levels across different demographics are evident from the data. In the case of younger respondents (aged 18–35), there was a tendency for them to exhibit higher levels of confidence in the security of their data compared to older age groups. Youthful consumers may feel more confident due to their comfort with digital environments and greater trust in technological solutions. In contrast, individuals aged 56 and above exhibited the lowest levels of trust due to their limited exposure to digital platforms and heightened concerns regarding privacy and security.
It is worth noting that the survey revealed a significant preference among 53% of respondents for online shopping with companies that effectively communicate their adherence to GDPR. Transparency and clear communication regarding data protection measures greatly influence consumer trust. However, 27% of respondents still expressed skepticism, believing that companies may only comply with regulations in name without making genuine improvements to data security practices.
The findings highlight a critical issue: even with strict regulations such as GDPR, 41% of respondents are uncertain about how companies utilize their data. This uncertainty fuels ongoing mistrust about the journey of consumers’ data once it is shared, leaving them feeling a lack of control and understanding.
Based on these insights, it becomes clear that regulations like GDPR shape consumer trust. However, the impact of these regulations is limited without clear and consistent communication from companies. Organizations must surpass compliance and actively showcase their dedication to safeguarding consumer data. One possible approach is implementing more transparent data management practices, ensuring that consumers are regularly updated on how their data is protected. Additionally, it would be beneficial to provide consumers with easily understandable information regarding their rights under GDPR.

6.3.4. Payment Methods and Economic Trust

The survey results provide valuable insights into consumer payment preferences and their relationship to economic trust in online transactions. A considerable number of respondents, approximately 61%, exhibited an apparent inclination toward utilizing mobile payment methods for their online transactions. The increasing popularity of mobile payments can be attributed to the convenience and accessibility they offer, especially among younger consumers who are well-versed in using smartphones for their everyday activities.
Nevertheless, the survey brings attention to a significant worry among consumers regarding the security of various payment methods. Although mobile payments enjoy widespread popularity, 42% of respondents expressed complete confidence in their security, highlighting a noticeable disparity between convenience and trust. There is a suggestion that although mobile payments are preferred for convenience, there is still a significant concern regarding their security. Older age groups exhibit more caution when embracing new payment technologies and may have less trust in them.
According to the survey, most respondents (58%) consider credit card payments more secure than mobile payments, despite the latter being more popular. The preference for credit cards may be attributed to their added protection, including fraud detection and the ability to dispute charges. These features contribute to fostering consumer trust in economic transactions. It is worth mentioning that the security of storing credit card information online raised concerns for 22% of respondents, suggesting that complete trust in this payment method is not universal.
Despite their secure nature, only 9% of respondents opted for bank transfers, making them the least popular payment method. Possible reasons for the low usage may stem from bank transfers being more cumbersome compared to the convenience offered by mobile and credit card payments. In addition, consumers who are used to the instant gratification provided by other payment methods may be discouraged by the lack of immediacy in bank transfers.
A crucial finding from the survey is that the level of trust that consumers have in online transactions is significantly impacted by the transparency and security of the payment methods provided. Clear information about the security measures in place to protect payment data increased the likelihood of respondents completing a purchase in online stores. The significance of providing secure payment options and effectively communicating these security features to establish consumer trust cannot be overstated.
Based on these findings, it is suggested that older consumers be educated about the security and benefits of newer payment methods, such as mobile payments. This could help bridge the trust gap and promote wider adoption. Proactively addressing these concerns can significantly enhance consumer economic trust, increasing customer satisfaction and loyalty.

6.3.5. Factors Influencing Online Retail Choices

The survey results reveal several key factors influencing consumer choices when selecting online retailers. The most critical determinants that emerged were price competitiveness, product variety, and trust in the retailer.
  • The primary reason for consumers to choose one online retailer over another is competitive pricing, according to 78% of respondents. Price remains the most influential factor in their decision-making process. Consistency in this finding is observed across all age groups, suggesting a high level of price sensitivity among consumers when shopping online. It is worth noting that although low prices may attract consumers, they do not necessarily ensure long-term customer loyalty. Balancing aggressive discounting and upholding quality and trust is crucial for retailers to effectively retain customers over time.
  • The second most important factor identified was the availability of a wide range of products, with 64% of respondents expressing a preference for a broad selection of retailers. Younger consumers (18–35) place high importance on the convenience of having all their desired items available in a single location. Enhancing the shopping experience by offering a wide range of products, including niche or hard-to-find items, makes these retailers more appealing to consumers.
  • Another crucial factor to consider is the level of trust that consumers, particularly those aged 56 and above, have in the retailer. These individuals tend to prioritize security and reliability over price and variety. In the decision-making process, the retailer’s reputation and the website’s perceived security played a crucial role for 54% of the respondents. Building and maintaining trust through secure transactions and transparent business practices is essential for this demographic. They are more inclined to stick with a retailer they trust, even if prices are slightly higher or the product range is more limited.
  • Website navigation ease and overall user experience play crucial roles in influencing online retail choices. Approximately 47% of respondents deemed a user-friendly interface important, emphasizing quick load times and simple checkout processes. Customers are often deterred by cluttered, slow, or difficult-to-navigate websites, particularly those who are less familiar with technology or who have limited time to complete their purchases.
  • The speed of delivery and the range of delivery options are important factors influencing consumer decisions. According to the survey, many participants preferred online retailers that provide prompt and dependable delivery services, including express shipping and local pick-up. Time-sensitive purchases and convenience are critical considerations for consumers.
  • A total of 42% of respondents highlighted a significant influence on online retail choices, customer reviews, and recommendations. Positive reviews and high ratings bolster confidence in the retailer and the product, motivating new customers to purchase. In contrast, potential buyers may be discouraged by negative reviews or a lack of reviews, regardless of the price or variety of the product.
These insights suggest that online retailers should prioritize improving the factors that have the most significant impact on consumer decisions:
  • Price Transparency and Competitiveness: Retailers must maintain competitive pricing strategies while prioritizing pricing transparency. This means avoiding hidden fees that could potentially erode consumer trust.
  • Expanding Product Offerings: Increasing the variety of products available can attract a broader audience, especially younger consumers who prefer the convenience of one-stop shopping.
  • Establishing Trust: To gain and maintain consumer trust, particularly among older demographics, it is crucial to prioritize website security, ensure transparent communication about data protection, and uphold a positive reputation.
  • Enhancing User Experience: By prioritizing a seamless, user-friendly interface and ensuring swift website performance, businesses can significantly enhance the shopping experience and foster customer loyalty.
  • Enhancing Delivery Services: Providing prompt, dependable, and adaptable delivery choices can be a distinguishing factor in a fiercely competitive market, attracting customers who prioritize convenience.
  • Utilizing Customer Feedback: Encouraging satisfied customers to share positive reviews willingly and openly addressing negative feedback can significantly contribute to establishing a solid reputation and influencing potential customers’ purchasing choices.
By addressing these key factors, online retailers can more effectively meet consumer expectations, strengthen their competitive edge, and cultivate greater customer loyalty.

6.3.6. Ad Blocking and Personalized Advertising

The survey results provide insights into consumer attitudes regarding ad-blocking software and personalized advertising, uncovering a divide in how users navigate their online experience and address privacy concerns.
According to the survey, 47% of respondents use ad-blocking software, while 54% do not. Youthful consumers, specifically those between 18 and 35, are inclined to use ad-blockers. This demographic tends to possess more excellent technological proficiency and express heightened apprehension toward the intrusive nature of online advertisements. The preference for ad-blocking among this demographic indicates an increasing awareness and a desire to control their online experience to avoid unwanted interruptions and potential invasions of privacy. On the other hand, ad-blocker usage was lower among the older demographic (aged 56 and above), which could be attributed to their potentially limited familiarity with the technology or their reduced sensitivity to online ads.
Online consumer behavior continues to be influenced by personalized advertising despite the prevalence of ad-blocking software. Most respondents (61%) understood the concept of targeted advertising, with many expressing mixed feelings about its benefits. Targeted ads are generally better received by younger users who are more familiar with online tracking and personalization. They are more likely to accept these ads if they find them relevant and helpful. Many respondents expressed concerns about the privacy implications of personalized advertising, especially those aged 46 and above. This group may view such practices as invasive, resulting in a preference for ad-blocking tools.
Concerns regarding data collection and privacy were raised in the survey, with 59% of respondents expressing their views on the practice of data brokers collecting data for targeted advertising. There appears to be a notable sentiment among consumers who already utilize ad-blocking software, suggesting a connection between privacy concerns and adopting tools to minimize data tracking. According to the findings, personalized advertising can improve the consumer experience by providing relevant content. However, it also brings up significant privacy concerns, which may result in the use of ad-blocking measures.
These insights provide valuable information for online advertisers and retailers, allowing for the identification of several potential strategies:
  • Transparency in Data Usage: Advertisers should prioritize transparency in collecting and utilizing consumer data. Clear communication about data practices can alleviate concerns, which is especially important for older consumers with a higher level of skepticism toward personalized advertising.
  • Striking a Balance Between Personalization and Privacy: To mitigate the negative response to personalized advertisements, companies must prioritize finding a middle ground that encompasses providing tailored content and upholding user privacy. Offering users the ability to control the level of personalization could potentially reduce trust and the need for ad-blocking.
  • Improving User Experience: Advertisers can enhance the quality and relevance of online ads to decrease the perceived necessity for ad-blocking software. Companies can promote positive engagement with their ads by prioritizing user-friendly advertising formats and minimizing intrusiveness.
  • Targeted Education Campaigns: To address the concerns of older demographics, educational campaigns may be beneficial to enhance their understanding of how personalized ads function and the steps taken to safeguard user privacy. One potential benefit of data tracking is alleviating concerns and increasing the acceptance of targeted advertising.
By addressing these concerns, online retailers and advertisers can enhance their engagement strategies, minimize the use of ad-blocking software, and foster more vital consumer trust in personalized advertising.

6.3.7. Attitudes towards Data Brokers and Privacy

The survey results provide an insightful analysis of consumer attitudes toward data brokers and their practices, particularly about privacy concerns. The increasing recognition of data collection processes and concerns about the potential risks linked to the extensive utilization of personal information by external entities is evident in these attitudes. There is a prevailing lack of trust in data brokers, as indicated by the survey results. A substantial majority of respondents, accounting for 59% of the total, consider the practices of data brokers to be a significant concern. Older respondents, aged 46 and above, exhibit heightened distrust, primarily driven by concerns over privacy and discomfort with the notion of their data being shared with unfamiliar third parties. Wariness is also expressed by younger respondents (aged 18–35), although they tend to be more accepting of these practices as a necessary trade-off for accessing free online services. A significant majority of respondents (72%) expressed their belief that there is a lack of transparency in the operations of data brokers. There is a perceived lack of sufficient information regarding collecting, sharing, and utilizing personal data. Negative attitudes towards data brokers are often fueled by a perceived lack of transparency, which can leave consumers feeling vulnerable about the security of their personal information.
The impact of privacy concerns on consumer behavior is evident, as indicated by 54% of respondents who expressed a decreased likelihood of engaging with companies associated with data brokers. A notable sentiment exists among individuals already utilizing privacy-enhancing tools, such as ad blockers. This sentiment reflects a more significant trend where consumers are actively taking measures to safeguard their personal information. Considering the prevailing concerns regarding data privacy, it is worth noting that a significant majority of respondents, 67% to be precise, have expressed their support for more stringent regulations about data brokers and the safeguarding of personal data. This aligns with a more significant movement towards greater regulatory scrutiny in the digital realm, akin to regulations such as the GDPR in Europe. Consumers increasingly demand stricter data collection, storage, and sharing regulations and more robust measures to ensure that companies are held responsible for privacy breaches.
These insights provide a basis for making several recommendations to effectively address consumer concerns and enhance attitudes toward data brokers:
  • Enhanced Transparency: Data brokers and companies that utilize their services should prioritize transparency. They should provide clear and easily accessible information regarding collecting, using, and sharing consumer data. Possible measures to consider are implementing regular updates to privacy policies and improving direct communication with consumers regarding their data rights.
  • Enhanced Consumer Empowerment: Building trust can be facilitated by giving consumers increased control over their data, including options to opt out of data collection or effectively manage their data. Possible improvements could include developing interfaces that are easier for users to navigate when adjusting privacy settings and providing more precise options for managing consent.
  • Enhancing Regulatory Compliance: Companies must adhere to current regulations and actively support the implementation of more stringent measures in data protection, in line with the growing consumer demand for enhanced safeguards. Companies that take a proactive approach to compliance and actively support stronger regulations can establish themselves as leaders in privacy protection, enhancing their reputation among privacy-conscious consumers.
  • Educational Campaigns: Informing consumers about data brokers, their operations, and the measures that can be taken to safeguard personal information can help address concerns and dispel misunderstandings. This education can be delivered through company websites, social media, and targeted campaigns.
Addressing these concerns can help companies enhance their relationships with consumers, mitigate the adverse effects of data broker practices on their brand, and cultivate a trusting environment where consumers perceive their privacy to be valued and safeguarded.

7. Discussion

The examination of survey data reveals an intricate picture of consumer behavior and trust dynamics in the digital commerce environment. The survey found that although a large section of the public has high IT literacy and uses the Internet frequently, there is still a considerable difference between how people view their ability to secure their data and their understanding of personal data. The presence of misunderstandings regarding the nature of personal data, such as the improper categorization of legal entity data as personal information, highlights the necessity for improved educational initiatives in conjunction with regulatory actions.

7.1. The Effectiveness of GDPR and Its Broader Consequences

The enactment of the GDPR has been a fundamental aspect of recent endeavors to strengthen online privacy and data security. The implementation of this legislation seems to have had a significant impact on consumer attitudes, especially among middle-aged consumers who exhibited the most essential levels of familiarity and confidence. Nevertheless, the many perspectives on GDPR, which span from strict compliance to noticeable deficiencies in adherence, indicate that the implementation of legislation is inadequate without vigorous enforcement and extensive public education initiatives.
Although a robust legal structure exists, our research reveals that 39% of consumers do not consistently adhere to the suggested security protocols while making online purchases, such as ensuring secure connections and website validity. This discrepancy is undoubtedly a contributing factor to the ongoing worries about the misuse of credit cards, fraudulent activities, and data theft.

7.2. Impact of Socio-Economic Factors on Online Behavior

Age, education level, and socio-economic position are important demographic parameters that considerably impact online behavior and how people perceive security. Younger and more educated individuals show higher levels of adaptation and reactivity to changes in data protection legislation, possibly because of their better digital literacy rates. In contrast, the older and less educated portions of the population exhibit decreased levels of trust and adherence to security practices, indicating the existence of a digital gap that regulatory authorities and e-commerce platforms need to tackle.
The economic ramifications are also apparent in the payment methods favored by consumers. The high frequency of cash on delivery, viewed as a more secure technique, suggests a persistent lack of faith in online payment systems. Robust security measures and clear consumer protection regulations are crucial for instilling trust in electronic payment systems.

7.3. Guidelines for Strengthening Data Protection Strategies

One of the key findings of this study is the persistent lack of trust among consumers regarding the security of online payments. Although the GDPR and other strict regulations have been implemented, consumers still have reservations about fully embracing e-commerce because of worries about the security of their personal and financial information. This lack of trust hinders online business growth, presenting a broader challenge to the digital economy. To effectively address this issue, it is necessary to take a targeted approach that focuses on strengthening online payment security and rebuilding consumer confidence. This roadmap presents a step-by-step approach to accomplishing the desired objective.

7.3.1. Strengthening Payment Security Protocols

The strength and effectiveness of encryption and authentication mechanisms are crucial for ensuring the security of online payment systems. The process of converting sensitive information into a secure format that is unreadable to unauthorized users is known as encryption. Implementing the most advanced encryption technologies is crucial for e-commerce platforms to protect payment data throughout the transaction process. AES-256, an encryption standard with a 256-bit key, is highly regarded and extensively employed. Modern standards deem AES-256 virtually unbreakable, owing to the vast array of potential vital combinations. Implementing AES-256 guarantees payment data security, including credit card numbers and personal information, during Internet transmission and while stored on the platform’s servers. This level of encryption significantly reduces the risk of data interception or unauthorized access. To enhance security, it is recommended that e-commerce platforms utilize Transport Layer Security (TLS) protocols. These protocols guarantee that the data transmitted between the user’s browser and the server are encrypted, safeguarding the data from eavesdropping, tampering, and forgery. Maintaining the confidentiality and integrity of sensitive payment information during online transactions is crucial, and TLS plays a vital role in achieving this.
Multi-factor authentication (MFA) enhances security by adding an extra layer of protection. Users must verify their identity through multiple verification forms and robust encryption. In many cases, MFA incorporates a combination of factors such as user knowledge (e.g., a password), user possession (e.g., a smartphone or hardware token), and user biometrics (e.g., a fingerprint or facial recognition). As an illustration, a typical MFA process could include the user inputting their password (something they know), followed by a one-time code sent to their mobile device (something they have). To further enhance security, specific systems may also include biometric authentication, such as a fingerprint scan, which verifies the user’s identity based on their unique physical characteristics. MFA significantly decreases the likelihood of unauthorized access by implementing multiple forms of authentication, even if one factor (e.g., a password) is compromised.
To maintain the integrity of an e-commerce platform’s security systems, ongoing vigilance and proactive measures are necessary. A robust security strategy necessitates regular security audits and penetration testing.
A thorough examination of the platform’s security policies, procedures, and controls is conducted during security audits. The effectiveness of the existing security measures is assessed through these audits, which aim to identify any weaknesses or gaps that cybercriminals could exploit. Regular audits are conducted to maintain compliance with security standards and regulations, including the Payment Card Industry Data Security Standard (PCI DSS), specifically designed to safeguard cardholder data. It is recommended that independent third-party security experts conduct audits to provide an unbiased assessment of the platform’s security posture. To make well-informed decisions regarding the required security improvements and updates, utilizing the findings obtained from these audits is advisable.
A simulated cyberattack, known as penetration testing or “pen testing”, is conducted on the platform’s systems to uncover potential vulnerabilities that attackers could exploit. System breaches are attempted by ethical hackers, who are also referred to as penetration testers. They employ the same techniques as malicious hackers to accomplish this. The objective is to identify vulnerabilities in the platform’s defenses before they can be exploited in an attack. A variety of potential vulnerabilities can be revealed through penetration testing, such as weak passwords, unpatched software, insecure coding practices, and misconfigured systems. After identifying these vulnerabilities, the platform can address them by updating software, enhancing password policies, or reconfiguring security settings. Regular penetration testing is crucial for maintaining consumer trust, as it showcases the platform’s dedication to security and its proactive stance in identifying and mitigating potential threats. Addressing vulnerabilities proactively can help e-commerce platforms prevent data breaches, safeguard sensitive information, and uphold the trust of their customers.
Enhancing payment security protocols requires cutting-edge encryption technologies, robust authentication methods, and continuous security assessments. Implementing these measures can significantly decrease the likelihood of data breaches, boost consumer confidence, and create a secure online transaction environment. Efforts of this nature are of utmost importance, as they play a crucial role in safeguarding consumer data, upholding the platform’s reputation, and ensuring adherence to industry standards and regulations.

7.3.2. Enhancing Transparency and Consumer Communication

Building and maintaining consumer trust in e-commerce platforms relies heavily on transparency. Ensuring the security of personal and financial information during online transactions is paramount for consumers. To accomplish this, e-commerce platforms must do more than implement strong security measures. They must also clearly and effectively convey these measures to their customers.
Providing detailed information about the platform’s security protocols effectively establishes trust. The paper explains the measures taken to protect payment data, such as encryption, continuous monitoring for suspicious activities, and contingency plans in case of a data breach. For instance, the utilization of advanced encryption technologies like AES-256 and Transport Layer Security (TLS) should be clearly explained by platforms. These technologies ensure the protection of data during both transmission and storage. It is important to inform customers that these technologies have been specifically developed to prevent unauthorized access to their sensitive information, thereby significantly reducing the potential risk of data theft. Furthermore, platforms need to provide a detailed account of the measures they employ to monitor transactions and actively detect fraud. One possible approach is to explain how machine learning algorithms can be utilized to identify abnormal behavior patterns. This would involve identifying transactions that deviate from a user’s usual activity and implementing additional verification measures to ensure the transaction’s authenticity. Platforms must outline incident response plans to provide comprehensive coverage. Consumers need to be aware that, in the rare occurrence of a data breach, the platform is fully equipped to address and minimize any potential harm promptly. Notifying affected users, securing compromised systems, and providing support services like credit monitoring to safeguard against identity theft are all part of the process.
Ensuring transparency is crucial, including writing all communications, particularly privacy policies, in simple language that the average consumer can easily understand. Complex terminology and convoluted language can hinder comprehension, resulting in perplexity and skepticism. Privacy policies must provide clear and transparent information regarding data collection, usage, sharing, and purposes. Consumers’ rights should also be outlined, such as accessing, correcting, or deleting their data. In addition, it would be beneficial for the policy to provide clear instructions on how consumers can effectively manage their privacy settings and enhance the security of their personal information. For example, rather than stating, “State-of-the-art encryption technologies are utilized to secure your data”, a more consumer-friendly approach would be to say, “Your personal information is protected with strong security measures to ensure it remains safe from hackers”. By implementing this approach, consumers are provided with a comprehensive understanding of data protection, bolstering their trust in the platform.
Transparency extends beyond the initial communication of security measures—it should be maintained continuously. E-commerce platforms should provide consumers with regular updates regarding changes and improvements to security protocols. Users can feel confident that their data are constantly protected using the most up-to-date security technologies, which helps to maintain ongoing reassurance.
Platforms should inform users whenever significant security enhancements are made, such as implementing a new encryption standard or adding multi-factor authentication options. Various channels can be utilized to communicate these updates, such as email notifications, in-app messages, or website banners. By ensuring that consumers are well-informed, platforms showcase their dedication to security and proactive stance in safeguarding user data.
Platforms should promptly notify users of a potential security threat, such as discovering and patching a vulnerability. Building trust is facilitated by the platform’s transparency, demonstrating its commitment to safeguarding consumer data. In the event of a data breach, it is crucial to have prompt and transparent communication. It is essential to provide consumers with information regarding the breach, the measures being implemented to resolve it, and any necessary actions to safeguard themselves, such as modifying passwords or monitoring their accounts for any signs of suspicious activity.
A trusting relationship can be fostered between e-commerce platforms and their users through regular communication regarding security measures and potential threats. Maintaining customer loyalty and encouraging repeat business relies heavily on this trust. Engaging with the platform, sharing personal information, and completing transactions are more likely for consumers who have confidence in the security of their data. Furthermore, a competitive edge can be gained through effective and transparent communication. Transparency and prioritizing it as a core part of their customer engagement strategy can set platforms apart in a crowded marketplace. This approach highly appeals to consumers who value security and trust, giving these platforms a competitive edge.
Building and maintaining consumer trust requires enhancing transparency and communication regarding data security. Users can be reassured about protecting their personal and financial data through e-commerce platforms through clear and accessible information about security measures, regular updates on improvements and threats, and plain language in privacy policies. The ongoing transparency ensures the protection of consumers and fosters a stronger relationship between the platform and its users, ultimately leading to long-term success in the digital marketplace.

7.3.3. Educating Consumers on Safe Online Practices

Maintaining a secure online environment is crucial in the digital age, and consumer education is vital. E-commerce platforms must proactively educate users about safe online practices, equipping them with the necessary knowledge and tools to safeguard themselves against cyber threats. Comprehensive and accessible education should be provided, considering all users’ diverse needs.
Developing detailed security guides and tutorials is highly effective in educating consumers. The basics of online safety can be covered by these resources, which include information on recognizing secure websites through the presence of “https://” in the URL and the identification of the padlock symbol that signifies a secure connection. In addition, it is essential to highlight the significance of creating strong and unique passwords for every online account. To minimize the likelihood of passwords being easily guessed or cracked, it is recommended to utilize a combination of upper- and lower-case letters, numbers, and special characters. In addition, it is essential for educational content to include instructions on recognizing and evading phishing attempts, which are misleading messages created to deceive users into revealing sensitive information. Examples of standard phishing emails and text messages could be provided, along with tips on verifying the legitimacy of such communications. By presenting real-world scenarios, these guides can assist users in developing their ability to identify and evade potential threats.
Interactive webinars and workshops would be a valuable addition to the existing static guides and tutorials on e-commerce platforms. These live sessions allow consumers to interact with cybersecurity experts directly, inquire about their concerns, and receive immediate feedback. Webinars can encompass various subjects, from fundamental cybersecurity practices to more intricate topics like personal data management and comprehension of privacy settings on social media platforms. Workshops have shown remarkable effectiveness in utilizing security tools, including password managers and multi-factor authentication apps. Workshops are crucial in simplifying cybersecurity and promoting wider acceptance of these practices by providing step-by-step guidance on tool setup and usage. These sessions are recorded and available on the platform’s website to ensure that users can conveniently access the information.
New threats regularly emerge in the constantly evolving cybersecurity landscape. To protect consumers, e-commerce platforms should provide regular updates and alerts about the latest security risks. Possible topics for discussion may encompass novel phishing scams, vulnerabilities found in widely used software, or emerging threats targeting specific demographics or industries.
A practical method for keeping consumers informed involves real-time threat alerts. Users are promptly notified of any new threat through email, SMS, or the platform’s app. For example, if a new phishing campaign explicitly targeting the platform’s users is detected, an alert could be dispatched to explain the threat and offer guidance on preventing it. This communication actively safeguards consumers and demonstrates the platform’s dedication to security.
Maintaining a dedicated security blog or resource center on the platform’s website is an effective strategy. Regular updates containing articles, tips, and news related to cybersecurity are recommended for this section. Possible subjects to explore include identifying indicators of a data breach, actions to be taken in case of personal information compromise, and recent advancements in data protection legislation and regulations. E-commerce platforms can establish themselves as reliable sources of information on cybersecurity by carefully selecting and sharing relevant content.
The ultimate objective of these educational efforts is to enable consumers to assume control over their online security. With the knowledge and tools provided by e-commerce platforms, users can make informed decisions about their digital safety. Educated consumers are likelier to adopt safe practices, including using secure payment methods, caution with personal information, and vigilance against emerging threats.
Highlighting safe online practices to consumers is not only a responsibility but also a valuable investment in the long-term security of the digital ecosystem. E-commerce platforms can significantly reduce the risk of cyber incidents by implementing comprehensive education programs, interactive learning opportunities, and regular updates on emerging threats. Protecting consumers and enhancing their trust in the platform will result in a more secure and reliable online shopping experience.

7.3.4. Implementing a Feedback Loop for Continuous Improvement

Effective consumer feedback mechanisms are crucial for e-commerce platforms to establish a secure and responsive online environment. Designing these channels to enable effortless and prompt reporting of security concerns, such as phishing attempts, suspicious activities, or any other anomalies encountered during online transactions, is crucial. Platforms can ensure that no issue goes unreported by offering users various channels to express their concerns, such as dedicated online forms, chatbots, or customer support hotlines.
By incorporating real-time reporting systems, the platform’s responsiveness to emerging threats can be significantly improved, in addition to the standard feedback channels. For example, by including a “Report an Issue” button in transaction confirmations or account activity logs, users can quickly identify and notify any potential problems. Urgent reports, such as those concerning fraud or compromised accounts, can be automatically prioritized and escalated by the system, guaranteeing prompt attention from the security team.
After collecting feedback, it is essential to centralize and analyze it systematically to identify patterns or recurring issues. Platforms can analyze vast amounts of user feedback and identify patterns using cutting-edge data analytics tools. For instance, they can identify a sudden surge in reports of a specific phishing scam or many complaints regarding a particular vulnerability. The analysis provides valuable insights into the scope and scale of the issue, which can be used to prioritize security enhancements.
Furthermore, it is recommended that platforms consider establishing user-driven forums or communities where consumers can exchange their experiences and propose solutions to prevalent security issues. These collaborative spaces facilitate learning from one another and promote a sense of community and shared responsibility for online security. In addition, the platform can integrate the knowledge gained from these forums into its overall security strategy, thereby ensuring that the solutions provided by users contribute to ongoing enhancements.
Collecting consumer feedback drives continuous improvement in the platform’s security protocols. This process should be iterative, with regular reviews and updates to security measures based on user input and emerging threats. For example, if feedback suggests that users perceive the current authentication process as burdensome or unclear, the platform can consider alternative methods that prioritize user experience while ensuring security.
Insights gained from feedback should be used to make practical changes using agile development practices. It is recommended that security enhancements be implemented promptly as soon as they become available rather than waiting for periodic updates. For instance, if feedback uncovers a vulnerability necessitating immediate attention, the security team should prioritize promptly deploying a patch or update rather than delaying it until the next scheduled release.
Informing users about the actions taken based on their feedback is of utmost importance for e-commerce platforms. The platform’s transparency not only provides reassurance to consumers that their concerns are being addressed but also helps to strengthen trust in the platform. Keeping users informed about security improvements is essential to show that their feedback is valued and helps create a safer online experience. This can be done through various means, such as emails, newsletters, or notifications.
To foster continued engagement in the feedback process, platforms may want to consider offering incentives to users who provide particularly valuable or practical insights. Various options are available, such as offering discounts, giving loyalty points, or acknowledging individuals publicly in the community. This approach to incentivizing feedback motivates users to report issues and enhances the platform’s security measures.
Maintaining and enhancing an e-commerce platform’s security requires implementing a robust feedback loop. Platforms can proactively address potential threats by implementing effective reporting systems, carefully analyzing feedback to identify patterns, and continuously improving. In addition, transparent communication and constructive feedback can help platforms establish a loyal user base motivated to contribute to a safer online environment.

7.3.5. Collaborating with Regulatory Bodies for Stringent Oversight

Building consumer trust is just the beginning in the ever-changing world of digital commerce, where compliance with current regulations is essential. E-commerce platforms should adopt a proactive approach by complying with current data protection laws and anticipating future regulatory developments. This strategy involves closely monitoring legislative trends and emerging policies at both the national and international levels.
An effective strategy for staying ahead of regulatory changes involves e-commerce platforms actively engaging in pre-legislative consultations and discussions. Companies can significantly impact the rules that will govern their operations in the future by actively engaging with policymakers during the early stages of regulation drafting. By participating in the regulatory process, the unique challenges and opportunities faced by e-commerce businesses are considered, resulting in the development of more practical and effective laws.
To effectively manage the complexities of ongoing compliance and regulatory anticipation, it is recommended that e-commerce platforms establish a dedicated team specifically focused on regulatory compliance. An ideal team would include legal experts, data protection officers, and cybersecurity professionals who actively monitor the regulatory landscape, evaluate the potential impact of new laws, and maintain compliance with the platform’s practices. In addition, this team can act as a bridge between the platform and regulatory bodies, promoting communication and guaranteeing that the company consistently complies with legal requirements.
Setting and maintaining high-security standards across the e-commerce ecosystem requires collaboration with industry peers, regulatory bodies, and individual compliance efforts. By forming partnerships, companies can exchange knowledge, pool resources, and adopt best practices, resulting in a collective effort to combat shared challenges.
Collaboration on developing standardized security protocols is facilitated through joint initiatives, such as industry consortia or working groups. These initiatives can facilitate the creation of universally accepted guidelines for data protection, fraud prevention, and consumer privacy. By implementing these standardized protocols, companies can enhance their security measures while also elevating the overall security standard of the e-commerce industry.
Collaboration between e-commerce platforms and regulatory bodies can facilitate innovation while maintaining regulatory compliance. One way to achieve this is through the establishment of regulatory sandboxes. These sandboxes offer a controlled environment for testing new technologies and business models, free from the immediate burden of full regulatory compliance. Participating in these sandboxes allows companies to delve into inventive solutions for data protection and cybersecurity challenges, all while collaborating closely with regulators to ensure that these solutions adhere to legal and ethical standards.
One potential area for collaboration could be the development of industry-wide certification programs for data security and privacy. Establishing a benchmark for e-commerce platforms would enable them to showcase their dedication to upholding stringent data protection standards. One possible approach to awarding certifications is evaluating a platform’s commitment to strict security protocols, conducting regular audits, and maintaining transparent privacy practices. By prominently displaying these certifications on their websites, companies can give consumers a strong trust signal. This reassures them that their personal and financial data are handled carefully.
Maintaining an ongoing dialogue between e-commerce platforms and regulatory bodies is crucial to effectively address emerging issues and ensure that regulations can keep up with the rapid pace of technological advancements. Regular meetings, workshops, and conferences that bring together industry leaders, policymakers, and consumer advocates can facilitate the exchange of ideas and alignment of industry practices with regulatory expectations. This collaborative approach ensures compliance and fosters a cooperative relationship, benefiting the industry and consumers.
Collaboration with regulatory bodies goes beyond mere compliance. It is a strategic initiative that has the potential to greatly enhance consumer trust and industry resilience. By adopting an active stance towards regulatory compliance, fostering industry partnerships, and actively participating in joint initiatives and dialogues, e-commerce platforms have the potential to influence the regulatory landscape while establishing stringent standards for data protection and cybersecurity. Protecting consumers enhances the integrity and reputation of the entire e-commerce ecosystem and ensures their safety.

8. Future Work

Various areas for additional research are suggested to tackle the changing difficulties and possibilities in data protection. By delving into sophisticated privacy-enhancing technologies (PETs), it is possible to provide more robust safeguards for consumer data while maintaining functionality. This can establish a standard for future security measures in digital commerce settings. Performing longitudinal research to evaluate the progression of consumer behaviors related to online shopping and data sharing related to shifting privacy rules and technologies will yield significant observations on consumer trust fluctuation over time.
It would be advantageous to compare data protection laws and their efficacy in various cultural and regulatory contexts, particularly between EU nations subject to GDPR and those not under its jurisdiction. These studies would emphasize the worldwide influence of data protection standards and assist multinational e-commerce platforms in customizing their privacy policies more efficiently.
Measuring the explicit and implicit expenses of data breaches for e-commerce enterprises, which include effects on consumer confidence and customer loyalty, should emphasize the economic significance of investing in thorough cybersecurity measures. Examining the consequences of developing technologies like artificial intelligence and blockchain on the security of personal data in e-commerce is crucial, as these technologies are significantly changing the e-commerce industry.
Given the swift advancement of technology and changes in consumer behavior, it is crucial to examine and maybe revise current regulatory frameworks that oversee data protection. Creating and evaluating real-time monitoring and response systems for data breaches could significantly reduce the harm caused by these events, hence increasing consumer trust. These projects aim to enhance e-commerce data protection by improving our understanding of technological, behavioral, and regulatory aspects. They ensure that strategies address existing deficiencies and anticipate future difficulties in the digital commerce sector.

9. Conclusions

This study thoroughly investigates the relationship between more stringent data protection legislation and its perceived effects on consumer trust and shopping behaviors in Croatia’s e-commerce industry. The study employed an extensive survey to gather consumer opinions and actions, offering a thorough demographic overview and insights into understanding personal data security.
Our research indicates that although most people have a substantial degree of Internet usage and knowledge of information technology, there are still notable deficiencies in their comprehension and implementation of measures to safeguard personal data. Significantly, many participants demonstrated misunderstandings regarding the definition of personal data, highlighting the necessity for improved educational initiatives to address these gaps.
The implementation of the GDPR has significantly influenced how middle-aged Internet users, who are most knowledgeable about the rule, perceive and trust online platforms. However, the survey found that a substantial portion of the population does not consistently follow suggested Internet security practices, which might undermine the effectiveness of regulatory efforts.
From an economic standpoint, the research emphasized a careful attitude towards online transactions, as indicated by a widespread inclination to choose cash on delivery. This preference arises from a persistent lack of trust in digital payment systems. This highlights the essential requirement for e-commerce platforms to strengthen their security measures to enhance consumer trust and promote more secure online purchasing participation.
As we consider the future, regulatory agencies and e-commerce enterprises must maintain their collaboration to advance a more secure online buying environment. This entails complying with rigorous data privacy regulations and actively participating in consumer education to guarantee that individuals are adequately educated about their rights and the safeguards implemented to safeguard their personal information.
In conclusion, although the more stringent legislation has established a structure for enhanced security and confidence, the main obstacle is guaranteeing their successful execution and continuously educating the consumer population to achieve a genuinely secure and reliable e-commerce environment in Croatia.

Author Contributions

Conceptualization, Z.M. and D.D.; methodology, Z.M. and D.D.; validation, V.D. and D.R.; formal analysis, D.D. and D.R.; investigation, Z.M. and V.D.; resources, Z.M.; writing—original draft, Z.M. and D.D.; writing—review and editing, V.D. and Z.M.; supervision, V.D.; project administration, Z.M. and V.D. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

Data are contained within the article.

Conflicts of Interest

The authors declare no conflicts of interest.

References

  1. Arora, D. Data Privacy Issues with E-Commerce. Int. J. Soc. Sci. Econ. Res. 2023, 8, 1167–1174. [Google Scholar] [CrossRef]
  2. Muneer, A.; Razzaq, S.; Farooq, Z. Data Privacy Issues and Possible Solutions in E-commerce. J. Account. Mark. 2018, 7, 294. [Google Scholar] [CrossRef]
  3. Boritz, J.E.; No, W.G.; Sundarraj, R.P. Internet Privacy in E-Commerce: Framework, Review, and Opportunities for Future Research. In Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008), Waikoloa, HI, USA, 7–10 January 2008. [Google Scholar] [CrossRef]
  4. Ghani, N.A.; Sidek, Z.M. Personal Information Privacy Protection in E-Commerce. ACM DL Digital Library, WSES Transactions on Information Science and Applications, Volume 6, No. 3. Available online: https://dl.acm.org/doi/10.5555/1553642.1553649 (accessed on 17 July 2024).
  5. Salim, S.C.; Neltje, J. Analysis of Legal Protection Towards Personal Data in E-Commerce. In Proceedings of the 3rd Tarumanagara International Conference on the Applications of Social Sciences and Humanities (TICASH 2021), Online, 25 August 2021. [Google Scholar] [CrossRef]
  6. Moores, T.T.; Dhillon, G. Do Privacy Seals in E-Commerce Work? Commun. ACM 2003, 46, 265–271. [Google Scholar] [CrossRef]
  7. Zhong, G.; Wang, Z. Consumer Privacy Protection of E-Commerce. In Proceedings of the 2018 International Symposium on Social Science and Management Innovation (SSMI 2018), Chengdu, China, 22–23 June 2019. [Google Scholar] [CrossRef]
  8. Farah, B.N.; Higby, M.A. E-Commerce and Privacy: Conflict and Opportunity. J. Educ. Bus. 2001, 76, 303–307. [Google Scholar] [CrossRef]
  9. Antoniou, G.; Batten, L. E-Commerce: Protecting Purchaser Privacy to Enforce Trust. Electron. Commer. Res. 2011, 11, 421–456. [Google Scholar] [CrossRef]
  10. Bella, G.; Giustolisi, R.; Riccobene, S. Enforcing Privacy in E-Commerce by Balancing Anonymity and Trust. Comput. Secur. 2011, 30, 705–718. [Google Scholar] [CrossRef]
  11. Budiono, A.; Shaharani, Z.; Prakoso, A.L. Consumer Legal Protection Against Default in Buying and Selling E-Commerce. JUSTISI 2023, 9, 93–103. [Google Scholar] [CrossRef]
  12. Gadjong, A.A. The Agreement of Personal Shopping Service through E-Commerce Platforms: A Case Study of Consumer Protection. SIGn J. Huk. 2023, 4, 388–401. [Google Scholar] [CrossRef]
  13. Lu, R. Computer E-Commerce Security System Under the Background of Big Data. In Proceedings of the 2020 International Conference on Robots & Intelligent System (ICRIS), Sanya, China, 7–8 November 2020. [Google Scholar] [CrossRef]
  14. Saeed, S. A Customer-Centric View of E-Commerce Security and Privacy. Appl. Sci. 2023, 13, 1020. [Google Scholar] [CrossRef]
  15. Monsalve-Obreque, P.; Vargas-Villarroel, P.; Hormazabal-Astorga, Y.; Hochstetter-Diez, J.; Bustos-Gómez, J.; Diéguez-Rebolledo, M. Proposal to Improve the E-Commerce Platform Development Process with an Exploratory Case Study in Chile. Appl. Sci. 2023, 13, 8362. [Google Scholar] [CrossRef]
  16. Duarte, C.; Messias, I.; Oliveira, A. Technological Acceptance of E-Commerce by Generation Z in Portugal. Information 2024, 15, 383. [Google Scholar] [CrossRef]
  17. Chen, Y.; Feng, L.; Zhao, Q.; Tian, L.; Yang, L. ARS-Chain: A Blockchain-Based Anonymous Reputation-Sharing Framework for E-Commerce Platforms. Mathematics 2024, 12, 1480. [Google Scholar] [CrossRef]
  18. Burlacioiu, C. Online Commerce Pattern in European Union Countries between 2019 and 2020. Societies 2022, 13, 4. [Google Scholar] [CrossRef]
  19. Kim, S.S. Purchase Intention in the Online Open Market: Do Concerns for E-Commerce Really Matter? Sustainability 2020, 12, 773. [Google Scholar] [CrossRef]
  20. Marjerison, R.K.; Zhang, Y.; Zheng, H. AI in E-Commerce: Application of the Use and Gratification Model to The Acceptance of Chatbots. Sustainability 2022, 14, 14270. [Google Scholar] [CrossRef]
  21. European Ecommerce Report 2019 Edition, Ecommerce Europe. Available online: https://www.ecommerce-europe.eu/wp-content/uploads/2019/07/European_Ecommerce_report_2019_freeFinal-version.pdf (accessed on 18 July 2024).
Jcp 04 00034 g001
Figure 1. An online webshop data workflow example.
Figure 1. An online webshop data workflow example.
Jcp 04 00034 g001
Jcp 04 00034 g002
Figure 2. Many conveniences of online shopping for customers.
Figure 2. Many conveniences of online shopping for customers.
Jcp 04 00034 g002
Jcp 04 00034 g003
Figure 3. Structure of respondents by gender and age.
Figure 3. Structure of respondents by gender and age.
Jcp 04 00034 g003
Jcp 04 00034 g004
Figure 4. Frequency of online purchases.
Figure 4. Frequency of online purchases.
Jcp 04 00034 g004
Jcp 04 00034 g005
Figure 5. Concerns regarding online shopping.
Figure 5. Concerns regarding online shopping.
Jcp 04 00034 g005
Table 1. The summary table outlines each related work’s key contributions, strengths, and limitations.
Table 1. The summary table outlines each related work’s key contributions, strengths, and limitations.
StudyProsCons
Arora [1]Highlights significant privacy breaches and advocates for stringent government regulations.Does not propose specific solutions or discuss the role of evolving technologies.
Muneer et al. [2]Emphasizes the need for technical solutions to mitigate privacy and security threats in e-commerce.Lacks detailed exploration of innovative privacy protection techniques and consumer awareness strategies.
Boritz and No [3]Reviews the trade-off between data disclosure and privacy risks, noting outdated research and gaps.Fails to consider the impact of recent technological advancements on privacy.
Ghani and Sidek [4]Advocates for stricter control measures and the development of advanced encryption methods.Does not provide practical examples of comprehensive privacy policies or their effectiveness.
Salim and Neltje [5]Analyzes legal gaps in personal data protection in Indonesia and calls for comprehensive legislation.Limited to a single jurisdiction, lacking broader applicability.
Moores and Dhillon [6]Questions the efficacy of privacy seals and suggests exploring mandatory privacy legislation.Overlooks the effectiveness of self-regulation in different contexts.
Zhong and Wang [7]Proposes technological and legal solutions for consumer privacy leakage.Lacks empirical evaluation of the proposed solutions.
Farah and Higby [8]Discusses the conflict between data collection and consumer privacy, advocating for legislative action.It focuses primarily on legislative solutions, ignoring technical and self-regulatory approaches.
Antoniou and Batten [9]Proposes new models to enhance consumer trust through improved data protection.Does not compare these models against traditional protocols in diverse settings.
Bella et al. [10]Introduces a paradigm balancing anonymity and trust, proposing a differential privacy-preserving function.The practical implementation of this new paradigm remains untested.
Budiono et al. [11]Explores legal protections against defaults in e-commerce, highlighting gaps in the legal framework.It is limited to the Indonesian context, unlike other jurisdictions.
Gadjong [12]Examines legal relationships in personal shopping services, emphasizing accountability and legal obligations.It does not address how these protections can be applied universally.
Lu [13]Identifies critical security threats and vulnerabilities in e-commerce, advocating for comprehensive security measures.Lacks specific solutions for implementing advanced security technologies.
Saeed [14]Investigates customer perceptions of security and privacy in e-commerce, offering insights into policy development.It relies heavily on self-reported data, which may not accurately reflect actual behavior.
Monsalve-Obreque et al. [15]Proposes a microenterprise solution to standardize processes and improve competitiveness in e-commerce.The proposed solution is specific to a niche market and may not broadly apply.
Duarte et al. [16]Examines Generation Z’s receptiveness to e-commerce, providing insights into future consumer trends.Limited geographical focus (Portugal), which may not reflect global trends.
Chen et al. [17]Proposes ARS-Chain, a blockchain-based framework to improve user privacy on e-commerce platforms.The study does not explore the broader applicability of blockchain solutions across different e-commerce environments.
Burlacioiu [18]Analyzes e-commerce in the EU during the pandemic, revealing distinct online commerce patterns.It focuses primarily on Romania, limiting broader generalizability.
Kim [19]Investigates factors motivating online shopping, identifying critical privacy and security concerns.The study is geographically limited to Korea and does not explore cultural differences in consumer behavior.
Marjerison et al. [20]Investigates the acceptance of AI-based chatbots, providing insights into consumer trust issues.The study is limited to Chinese consumers, with potential cultural biases affecting the results.
Table 2. Personal data perception.
Table 2. Personal data perception.
Personal DataYes
First and last name86%
Physical address89%
E-mail address72%
Citizen identification number91%
Company identification number66%
Bank account63%
IP address78%
Company financial data58%
Student grades60%
Personal ID number87%
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Morić, Z.; Dakic, V.; Djekic, D.; Regvart, D. Protection of Personal Data in the Context of E-Commerce. J. Cybersecur. Priv. 2024, 4, 731-761. https://doi.org/10.3390/jcp4030034

AMA Style

Morić Z, Dakic V, Djekic D, Regvart D. Protection of Personal Data in the Context of E-Commerce. Journal of Cybersecurity and Privacy. 2024; 4(3):731-761. https://doi.org/10.3390/jcp4030034

Chicago/Turabian Style

Morić, Zlatan, Vedran Dakic, Daniela Djekic, and Damir Regvart. 2024. "Protection of Personal Data in the Context of E-Commerce" Journal of Cybersecurity and Privacy 4, no. 3: 731-761. https://doi.org/10.3390/jcp4030034

APA Style

Morić, Z., Dakic, V., Djekic, D., & Regvart, D. (2024). Protection of Personal Data in the Context of E-Commerce. Journal of Cybersecurity and Privacy, 4(3), 731-761. https://doi.org/10.3390/jcp4030034

Article Metrics

Back to TopTop