Spurred by news stories and the May 2018 deadline for compliance with GDPR (General Data Protection Regulation), interest in data privacy reached a new peak this spring. As of 20 May 2018, search interest in the terms ’What is GDPR’ and ’data privacy’ were respectively fifty and ten times greater than six months prior.1
Awareness that personal data is being used and shared online also increased this year. According to Deloitte’s research, 82 per cent of respondents with smartphones believed that companies they interact with online use their personal data ‘most’ or ‘all’ of the time. This was four percentage points higher than in 2017. Three-quarters believed that these data were being shared with third parties, five percentage points higher than the prior year.
The majority of respondents (adults aged 16-75) were concerned about how their data is being used. When asked, in June-July this year, shortly after the deadline for GDPR compliance, whether they were worried about how companies use their personal data, share it, or store it, the vast majority were ‘very’ or ‘fairly’ concerned (see Figure 3). Over half of all respondents (55 per cent) were ‘very’ concerned about how companies shared their personal data with third parties.
Being concerned is one matter; changing behaviour is another. And it is likely that people will remain worried about how their data is used, while continuing to use a whole range of services that share their data. This is not just the data that a user has submitted to the site, but also data sourced from other online destinations. Some users may even be encouraged to share their friends’ personal data in exchange for a modest incentive.2
There are two major challenges with online data, and maintaining control of personal data.
One is that many people may struggle to understand how their data is used online, when it is out of their immediate sight. A second is the sheer scale of effort required to attempt to be in full control of personal data.
We live in an online, cloud-based era. But most people in the UK who are active online – those in their late 20s and older, that is the majority of the population – will have first been exposed to data storage in the form of local, physical storage such as memory cards, external drives, floppy disks and diskettes. This was the first, and in many cases enduring association they will have made with data being stored digitally. In this context, data privacy is relatively simple: if the physical data storage is in your possession, then no one else can access it. This is similar to how most would perceive a paper form or a filing cabinet being kept private.
And there is still plenty of digital data that is stored locally: smartphones, tablets and PCs on sale today all include, and are differentiated by, the volume of local storage they offer.
Forms and filing cabinets have migrated online and become seemingly invisible and intangible. Many people who are active online in the UK would likely understand that a copy of their data may be replicated online, much like a photocopier creates a single paper facsimile of a document.
But they may struggle to understand how the content of these individual facsimiles can be readily disassembled and then joined together online: how the e-commerce pages that they browse on multiple sites, from different machines and at varying times can be associated with the videos they watch, the products they buy, the places they have visited, or the contacts in their phone.
The ways in which personal data may be used are written in the terms and conditions that typically have to be accepted prior to use. However, most people admit to accepting terms and conditions without reading them. Just over half (52 per cent) ‘always’ or ‘almost always’ skip reading them; only 8 per cent always read them (see Figure 5). And we believe that users are over-reporting reading terms and conditions: the actual number who always or almost always skip is likely higher.
Terms and conditions exist so users are theoretically aware of the implications of their actions, particularly with regard to sharing of data. In the last year, stories about data privacy have reached a new peak, potentially prompting people to be more cautious. Yet, attitudes towards reading terms and conditions have barely shifted year on year.4
Each application downloaded may be accompanied by a set of terms and conditions. Each website browsed on may now include a set of terms and conditions in the form of information about how data collected may be used, and with whom it may be shared. It may take a proficient reader several minutes to read through each set of terms and conditions; someone not familiar with the specific lexicon relating to online data may need to research the terminology used prior to being able to accept terms.
Or, that user could just accept the terms and conditions without reading them. And this is the nub of the second challenge of data privacy. Most users will lack the time, inclination or the degree of literacy (including knowledge of legal terms) required to comprehend fully what is happening with the data they are submitting online.
Data privacy is a complicated topic. Every individual may have a different definition of what privacy is. A few guard their online footprint very carefully, and leave little digital trace. Others, most likely the majority, share, with limited or no constraints.
News stories about data privacy spike occasionally, such as happened with the GDPR in May this year. At these moments, the perception – among those who read these articles – may be that we are approaching an inflection point in the public’s relationship with personal data. But the general public may simply shrug, and carry on.
In the year to mid-2018, coverage of data privacy reached all-time highs, and a comprehensive new regulation was introduced. Over this period, the number of people searching on ‘data privacy’, and ‘GDPR’ surged. But both search terms were easily beaten by the search interest on ‘Love Island’, which had four times the relative search interest as GDPR.
Data collected from Google Trends uses non-real-time data which is a sample of historical Google search. Search results are proportionate to the time and location of a query. Each data point is divided by the total searches of the geography and time range it represents to compare relative popularity. The resulting numbers are then scaled on a range of 0 to 100 based on a topic’s proportion to all searches on all topics. Searches using Google represent about 83 per cent of all searches undertaken in the UK. For more information, see Market share held by the leading search engines in the United Kingdom (UK) as of July 2018, as accessed on 4 September 2018: link
Pizza over privacy? Stanford economist examines a paradox of the digital age, Stanford University, 3 August 2017: link
How your phone number became the only username that matters, Wired, 10 August 2017: link
There are numerous studies which show a similar reluctance to read terms and conditions. For example, see Click to agree with what? No one reads terms of service, studies confirm, The Guardian, 2 March 2017: link