Data Privacy: Consumers Are Well Aware Of The Risks, But Many May Be Overstating Their Worries

Data Privacy: Consumers Are Well Aware Of The Risks, But Many May Be Overstating Their Worries
Data Privacy: Consumers Are Well Aware Of The Risks, But Many May Be Overstating Their Worries

Data-sharing is both fuel and lubricant to the world’s economy. It powers online and offline business models, and it enables, in the form of cookies and browser history, greater ease of use for consumers. But with every year, as more data – in terms of volume, types, and richness – is shared, the potential for its misuse is rising. The 2021 Deloitte Digital Consumer Trends Survey, which polled around 33,150 respondents in 20 countries about their online activities and their views on data privacy, shows that many surveyed consumers are well aware of the risks – but are continuing to expand their online activity nonetheless.

Privacy Is Hard To Understand And Often Cumbersome To Manage

Thirty years ago, understanding personal digital data was relatively straightforward, as it was typically stored on physical media that could be touched, locked away, and, if needed, visibly destroyed. There were no smartphones capturing and emitting location data. There were no cameras in laptop lids, as computing was still predominantly desktop. Cars did not have GPS systems to track and capture journey data by default.

In stark contrast, the ways in which data is collected, shared, and analyzed in a world of cloud computing are increasingly perplexing to the average user, and the implications may not always be evident. It is hard enough for a consumer to understand how clicking on a link may trigger their personal data to be invisibly and noiselessly shared with hundreds of other sites, or how multiple instances of their browsing behavior may be stitched together in a remote data center. It may be more baffling still to understand why a robot vacuum cleaner may collect data on its owner’s home: The data may simply help the robot to do a better job of cleaning, but it could also be sold to carpet treatment companies to use for targeted advertising. And applications, such as facial recognition, can be utterly opaque to those without a technical background, as understanding them requires awareness of terminology such as “secure enclaves” (dedicated secure subsystems on a user’s device) or acronyms such as public key infrastructure (PKI).

For most of the world’s billions of digital users, understanding data privacy may prove to be too baffling and too much of a chore for them to make the effort. While many of those surveyed were aware that they should review terms and conditions and manage cookie settings, in the heat of the moment, actual behavior often lapses, and incaution may result. Reading a web page, buying a product, signing up to a service, or accessing a Wi-Fi hotspot quickly may take precedence over the tedious task of reading a long privacy disclosure or selecting which cookies to accept.

Consumers’ Privacy Concerns Belie Their Growing Adoption Of Digital Services

Consumers have several options on how to approach digital data sharing. A small minority will stay offline altogether; another minority will seek to be well informed about their digital behavior’s privacy implications. But the vast majority of consumers will largely simply trust, possibly out of apathy, that their data is in safe hands. They are unlikely to select devices, for example, primarily because of a vendor’s privacy approach. Indeed, on average, only 7% of respondents reported that data privacy and security were important considerations when deciding which smartphone to buy next.

Consumers may exhibit such trust even though a range of tools are available for them to manage data privacy. In markets governed by the General Data Protection Regulation (GDPR), which include most European countries, consumers are offered the ability to manage cookies. However, in these markets, the most common reported reaction among our respondents was to click on the default cookie settings, often denoted by the more colorful button offered of the two. Among the European countries surveyed, 75% of respondents stated that they accepted default cookie settings at least half of the time. In reality, the proportion may be much higher.

As another example, consumers have the capability to decline app permissions. Only around one quarter of respondents claim that they always refuse permission, and only 28% refuse it more than half of the time.

This is not because people do not know their data is out there. Our survey revealed that most consumers surveyed in multiple markets believe their data is being used “all of the time” or “most of the time.” Only 5% of our respondents thought that their data was not being used (figure 1).

Data Privacy
Data Privacy – Figure 1

What is more, a majority of consumers also responded that they are concerned about how companies they interact with online use their personal data. On average, two-thirds (66%) of our respondents stated that they had such concerns, although there was significant variation by country (figure 2). This proportion has remained more or less constant in every year in which the question has been asked.

Data Privacy
Data Privacy – Figure 2

But arguably, this concern may be superficial. It certainly has not slowed purchases of more devices or subscriptions to online services. For example, between 2020 and 2021, the adoption rate for subscription video-on-demand (SVOD) services increased by an average of 9 percentage points across a range of developed countries, representing hundreds of millions of people (figure 3). One survey of 22,000 people found that its respondents added an average of 15 accounts in the 12 months leading up to March 2021. All of these services are capturing subscribers’ viewing behaviors. This can enhance the consumer experience by helping providers better understand how content is watched and what should be recommissioned. But in the instances where a user is new to SVOD, or where a user has added a SVOD subscription, data is being captured that was previously not gathered and aggregated.

Data Privacy
Data Privacy – Figure 3

Indeed, thanks to the pandemic, a great deal of data that was not previously collected has been and will likely continue to be digitally captured. For example, as office work has gone online in the past two years, more meetings will likely have been recorded than before, as meetings that previously would have been conducted in person moved to video with recording available at the click of a button.

Every year brings expectations of behavioral shift due to concerns about privacy. Our survey found that 28% of this year’s respondents had stopped using a social media service temporarily or permanently over the prior 12 months, and of this group, 23% stated they had ceased usage because of data privacy concerns. At first glance, this data point may appear significant. However, data privacy was only the fourth most common factor for stopping using a social media service. The number-one reason was boredom with content, cited by 34% of respondents.

Moreover, we believe the number of social media users is increasing overall. One report estimated that 400 million new social media users joined between 2020 and 2021, pushing the number of users to 4.5 billion in total. In September 2021, TikTok announced its billionth global user, and Facebook reported 1.91 billion daily active users in June 2021, up 7% year over year.

All this goes to show that stated concern and even reported actions, as indicated in surveys such as ours, may reflect over-claim by some respondents.

Pressures To Share Personal Data Are Increasing, And Regulation Should Follow Suit

Appropriate regulation around data privacy will become more important as the pressures on consumers to share their personal data increase. One of the biggest of these pressures is that adapting to coexistence with COVID-19 will likely entail regular, reliable sharing of COVID-19 status. International travel already largely relies on this, and in many major countries around the world, thousands of offices, universities, and conference halls – in fact, many medium or large public venues – now require proof of vaccination or lack of infection as a condition of entry. Most consumers are comfortable with providing this information: In most markets we surveyed, the majority of respondents were willing to share vaccination status with travel companies (66%), employers (63%), event providers (63%), and entertainment facilities (60%). Only a small proportion, between 11% and 14%, strongly disagreed with sharing across the four different contexts.

The need for regulation will also become increasingly acute as popular applications become de facto essential services. A teenager may have to accept a degree of data-sharing that they are not comfortable with so they can participate in a peer group’s conversations, most of which may take place on a single social network. If they disagree with a specific digital service’s terms and conditions, they could opt out, but the consequences of that decision may be social exclusion. A similar predicament may face groups of parents, neighbors, or colleagues. It remains to be seen if and how behavior will change as a result of users becoming more aware of the risks and regulators taking increased responsibility for data privacy.

The likelihood that most consumers will continue to leave the use of their personal data up to the organizations that collect it implies that the responsibility for maintaining the right level of data privacy, and making control over personal data easy to manage, should fall ever more to businesses and their regulators. Politicians and business leaders alike should act in the knowledge that most consumers will increasingly rely on them to shape policies on their behalf. These policies should balance business needs with consumer rights, or data-sharing may become a negative influence on society instead of the benefit to consumer experience it can and should be.

originally posted on by Paul Lee, Joanna (Joey) Conway, Suhas Raviprakash and Roxana Corduneanu

About Authors:
Paul Lee | Partner, Global Head of Research
Paul Lee is a UK Partner and the Global Head of Research for the technology, media, and telecommunications (TMT) industry at Deloitte. In his global role, Paul has authored over 80 TMT reports including Deloitte’s 15th annual Predictions for the Technology, Media and Telecommunications series. In 2016 Predictions launched in more than 50 countries and its points of view are featured in broadcast, online, and published media around the globe. Paul also leads the Deloitte Global Mobile Consumer Survey, now in its sixth year, which tracks usage of mobile around the world, based on a 53,000 user survey fielded in 31 countries. Paul comments regularly on the TV market, and has been invited to author the companion reports for the Royal Television Society’s Cambridge Conference, the IBC Leaders’ Summit, and the Guardian International Television Festival. He is a frequent commentator on television, radio, online, and press. Paul has published 32 columns in the Financial Times, specializing in analysis of current trends in the TMT sector from a numerical perspective. He is a frequent speaker at industry and closed door conferences and was on the organizing committees of the Royal Television Society’s Cambridge and London conferences. In addition to running the TMT research team globally, Paul manages the industry research team for Deloitte UK. He has written five books, including Convergence Conversations and Digital Dilemmas. Prior to his role with Deloitte Research, Paul was Director, Gartner Consulting, leading work in the telecommunications sector.

Joanna (Joey) Conway | Partner
Joey is a partner in Deloitte’s UK legal team. She has over 15 years experience advising clients in the tech sector. She is an expert in digital risks and internet law and regulation. She advises on cutting-edge issues (harmful and illegal content, rights to free speech, mis/dis-information, AI, deepfakes) and on digital content strategies and risks in light of new regulatory and legal developments. She assists clients to identify and mitigate digital risks, designing and advising on legally compliant content controls and process. She advises on the legal position with respect to content issues, on platform community standards and related content terms, notice and take-down process, moderation and on how to manage the related legal risks. She works with digital content companies, media, platforms, ISPs blending legal expertise in IP (brand, digital copyright and digital rights management and enforcement) with reputation risk (defamation), privacy, media & advertising, social media law and platform liability and regulation, all in the digital context.

Roxana Corduneanu | Manager
Roxana is a manager with Deloitte LLP’s Center for Integrated Research where she specializes in Trust and Future of Work thought leadership. Prior to joining Deloitte, she completed PhD in Management at the University of Glasgow and was a visiting researcher at the University of Sydney. Her work has been published in top-tier academic journals, covering themes such as rewards management, work motivation and public sector management. She is based in Glasgow, UK.

Suhas Raviprakash | Senior Analyst, Deloitte Support Services India Pvt. Ltd
Suhas Raviprakash is a senior analyst at Deloitte Support Services India Pvt. Ltd. and part of the UK TMT Insight team. His research focuses on consumers’ digital behavior and the impact of COVID-19 on various verticals such as media production, 5G, e-bikes, gaming, and misinformation.