Global Attitudes Towards Data Privacy
In our article “How safe is your data really?”, we talked about how shockingly frequent data hacks and leaks occur, why they occur and why current solutions are not sufficient enough to protect consumer data. But what about consumer perceptions? Do citizens realise what is happening with their data and are they worried? What are their attitudes towards data privacy?
Generally speaking, they differ greatly on a global scale, no matter if societal, corporate or governmental. Depending on the region or country, it is visible that either a top-down (imposed by government) or a bottom-up approach (demanded by society) is being undertaken when it comes to the implementation of data protection regulations (including e-transaction, cybercrime and/or consumer protection laws). Many countries already are currently acting in favour for more privacy: The UNCTAD’s (United Nations Conference on Trade and Development) tracker of worldwide legislations shows that 66% of countries possess one of the above mentioned regulations, 10% are drafting one, 19% do not possess one, on 5% no data exist. But the strictness and prosecution of data breaches, loss and mishandlings vary significantly.
Let's look at three regions in more detail where stricter data protection regulations have been introduced: The EU with the GDPR, the USA with the Californian CCPA, and Brazil with the recently introduced LGPD. How do citizens in these different regions vary in attitudes?
In the EU, GDPR was introduced in 2018 due to societal pressure and demand for more privacy (bottom-up). Consumers have gotten their will and GDPR has already been rigorously enforced with fines in the millions and innumerous consumer claims. Varonis conducted a GDPR effect review showing that in the first year alone, 144,000 complaints were filed, 89,000 data breaches were recorded and $63 million in fines were issued ($57 million were directed at Google, however, this shows that even smaller breaches are being traced, 37% of opened cases are still pending). Governments adapted their local policies, while businesses are adapting their data governance and protection schemes at a rapid pace (in 2019, $9 billion were spent on GDPR preparations and 500,000 data protection officers employed). Overall, data protection authorities have gained a stronger position and the regulation itself serves as a precedent and reference for global efforts in the field.
These developments have led to over 63% of EU consumers to believe that GDPR had a positive impact on privacy and fewer think that companies are not acting according to regulations. Nevertheless, a joint research project between Hubspot and the University of Virginia showed that 45% of citizens are still concerned about their data’s safety, although EU companies on average have already spent $1.3 million on adaptations to GDPR and are expected to spend another $1.8 million over the next years. Despite these expenditures, still less than 50% of companies are currently compliant and some are actually choosing noncompliance due to the effort which has to be taken to become compliant.
In the USA, the demand for data privacy is on the rise (bottom-up). A survey shows that 94% of US citizens agree that it should be companies’ duty to protect consumer data, more than the government’s, third parties’ or watchdog groups’. 53% rank this higher than the quality of products and services provided by the company. Close to 70% of the population believe that companies share their data with third parties and the same percentage would be more willing to share their personal information if companies were able to show how they are using personal data and if they could fully claim back and revoke the data given to a third party. Besides that, 58% of US citizens either suffered themselves from a personal data incident or know somebody who has.
Furthermore, a research from PWC shows that 69% of citizens believe that companies are vulnerable to data breaches and cyber-attacks, 45% believe their email or social media accounts will be hacked within the next year. A whopping 75% think that companies are not handling their data responsibly and 85% would not do any business with a company if they were concerned about their data’s security. This is underlined by 69% of CEOs admitting the difficulty of earning and keeping consumer trust.
Surprisingly though, 46% of consumers of a different survey ran by Akamai show that consumers would be willing to forgive brands a data breach if they were informed about the attack, how they were affected and how the company is responding to it. 7% would not be willing to do so. Additionally, 71% of respondents are already using a software to block ads, protect their privacy or help control their web experiences, which indicates the necessity to act on a judicial and corporate side. This is reinforced by 66% of consumers demanding a GDPR-like rule in the USA.
Compared to citizens of the EU and the USA, Brazilians are less worried when it comes to data privacy and the introduction of the LGPD, pendant to the EU-GDPR, came rather top-down from a judicial perspective as a response to globally introduced regulations. As soon as Brazilians trust a company, they are more likely to share sensitive information, according to a global study Brazil ranks lowest related to the wish of staying anonymous online and providing personal data to providers. That this reflects negatively on the amount of people having suffered a cyber-attack (75% of a Unisys study’s respondents) is apparent. On the other hand, the demand of Brazilians for more privacy is increasing faster on a yearly basis than in other countries. Just 29% feel confident that companies and authorities keep their data safe and 85% would cut relations with a company if they mistreated their information. Sharing financial data is consumers’ biggest worry, 71% feel nervous when they do so, but 50% of respondents said they would be happy to share them if they benefited from it, reflecting Brazilians’ different purchasing behaviour. LGPD will definitely bring about necessary change and mirrors Brazilians’ changing attitude towards privacy over the last years. Companies will have to act quickly with fines under the new regulation kicking in in August 2021.
Considering all these facts, the introduction of data protection laws and regulations are showing successes in just one year. However, a lot still has to be done and regulations alone are not enough, in the end it is a company’s responsibility to adjust accordingly. Worldwide it is expected that more data privacy regulations will come into effect, the data security budgets of companies and governments will rise significantly, the policy enforcement by authorities will increase in efficiency, marketing will change to be more compliant and even the revenue streams of online product and service providers will change due to new data governance and handling schemes.
We believe that this will open many opportunities for an already increasing solution field within the sector of data security, but we will yet have to observe which solutions are strong enough to keep their promises.