Although the ubiquitous use of smartphones and social media poses serious risks to the privacy of users, research is sparse regarding how users perceive these risks. We present a study investigating the perception of e-privacy risks, assuming that risk perception depends on context and situation, and employing a facet theory approach to define and analyze privacy risk perceptions. Specifically, we define three facets that characterize situations involving an e-privacy risk: Facet A refers to the type of data disclosed, distinguishing three types: a person’s identity information, information about health, and information about private activities. Facet B refers to the type of actor misusing the information, distinguishing between commercial organizations, public authorities, social networks, and criminal actors. Facet C distinguishes three kinds of harm that might be experienced as a consequence: financial loss, physical harm, and negative psycho-social experiences. Questionnaire items were constructed by creating fictitious but realistic scenarios, each representing a combination of one element from each facet, yielding 36 (3 × 4 × 3) scenarios. For each scenario, respondents rated the likelihood and the negativity of experiencing that scenario. Following the facet theoretical paradigm, item intercorrelations were analyzed via ordinal multidimensional scaling. Results from a representative survey among 500 adult Norwegians yield a distinct partitioning with respect to Facets A and B, called a radex configuration. Facet B (actors) shows an angular partition. Facet C (type of harm) yields a contrast of financial versus psycho-social harm. In sum, we conclude that our three-faceted definition provides a satisfying first approximation to people’s perception of privacy risks on the Internet while remaining open for extensions with additional facets.