Data privacy – concern, confusion and apathy

Throughout 2014 the stream of stories about hacked, leaked or scraped personal details from the military, business and celebrities was almost daily. But how do the public now view data protection and privacy? Are there any signs that people’s concerns are changing how they behave, particularly online? What are the consistent themes that emerge from our research?

When we asked people what would be most likely to make them stop using a company, failing to keep personal information safe (72%) and selling on even anonymous data (63%) are right up there among the worst things a company can do, matched only by providing a poor service (also 72%).

Data protection and privacy are big worries

So far, so straightforward – data protection and privacy are big worries. But when we asked a similar question without providing a list of options the responses were quite different. In terms of spontaneous concerns, data usage is at best a mid-ranking issue, behind service, price and companies engaging in other illegal, dishonest and unethical behaviours. Just two per cent of people specifically mentioned either losing or selling personal information as the thing most likely to stop them using a company. People expect organisations to protect their personal data, but this is not a tangible enough issue to be at the forefront of people’s spontaneous concerns.

Another consistent theme is that people are very unclear about what happens to their data. As our report, Dialogue on Data,1 shows, people are aware in general terms that their personal information is collected, stored and used widely. They know data is asked of them all the time, for example when using companies’ services, interacting with the government, and making applications for jobs or courses, but they see the modern world as one in which providing data on a regular basis is ‘just part of life’, and that this will mean some loss of privacy.

But less so when you don’t prompt

But people are much less sure how their data is actually used. A good example is that many of us think our personal GP health records are already passed on in some way: either shared with academics for research purposes (41%); shared with private companies to help them develop better treatments (38%); or sold to private companies to make money for government (34%). Overall, more than half of us (52%) think at least one of these things goes on – but none of them currently does. Any data used for research should be depersonalised beforehand, and selling personal medical records should not be happening either.

So the picture that emerges from across our work is one of frustrated, low-level concern. People are worried about what happens to all the data they provide. They feel they have very limited control, and no real choice but to provide personal information in order to access services. But, because most people have not experienced significant problems as a direct result of something going wrong with their personal data, concern is often weak or resigned. It is very difficult for people to see what they can do to alleviate their worries about personal data privacy.

This seems to create a fatalism, reflected in the massive disconnect between what they say and how they act. For example, nearly half of people (45%) across the 20 countries in our Global Trends Survey say they are willing to pay for increased levels of privacy for their data. But at same time, in the same survey, only a quarter of the same people (23%) say they have taken any basic steps to increase the privacy settings on their internet browser. This means that three quarters of those who say they would pay for additional privacy haven’t even changed a simple setting on their computer. We also find massive overclaim when it comes to reading website terms and conditions before accepting them (hardly surprising when some rival the length of Hamlet!).

How should organisations respond to public concerns about data protection and privacy? Normally, we find that the more people know about a confusing or technical issue, the less concerned they become. Here, more than seven in ten people (71%) say they want to know what information government and private companies know about them. But transparency alone will not be enough – when it comes to our personal data, our research suggests that more information can lead to greater concern.

We say we would pay – but would we really?

Organisations will need to think carefully about how they can increase transparency, emphasise the potential benefits of data sharing, and ensure that the right safeguards are in place to reassure and protect the public. Above all, being clear and consistent will be vital.

References   [ + ]