Privacy uncovered


Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Privacy uncovered

  1. 1. S P O N S O R E D b y :
  2. 2. Privacy uncovered Can private life exist in the digital age?1 © The Economist Intelligence Unit Limited 2013ContentsAbout the report 2Executive summary 3Introduction 5 The Atlantic divide 7An air of unease 8 Culture, privacy and trust 11The business implications 12 France, the UK and China 15 The Facebook experience 16Conclusion 17Appendix - Survey results 18
  3. 3. Privacy uncovered Can private life exist in the digital age?2 © The Economist Intelligence Unit Limited 2013About thereportPrivacy uncovered: Can private life exist in the digital age?is an Economist Intelligence Unit (EIU) report, sponsoredby Beazley. It examines consumer attitudes to thesharing and storage of personal data online as well as theimplications for companies.The report draws on two main sources for its researchand findings:l A global survey of 758 adult Internet users conducted inJanuary and February 2013. Almost all of the respondents(97%) use the Internet daily. Respondents come from acrossthe world, with 32% based in Western Europe, 30% in theAsia-Pacific region, 20% in North America and the remainderin Latin America, the Middle East, Africa and Eastern Europe.Respondents also have a range of ages. Nearly three-fifths(59%) are male and 41% female.l A series of in-depth interviews with experts and leaders frombusiness, government and the NGO community listed here:l Richard Allan, European director of policy, Facebookl Richard Baker, EMEA chairman, Aimial Alex Fowler, global privacy and public policy lead, Mozillal Michael Harte, chief information officer, CommonwealthBank of Australial Nellie Kroes, European commissioner, Digital Agenda forEuropel Ponnurangam Kumaraguru, professor, IndraprasthaInstitute of Information Technologyl Joe McNamee, executive director, EuropeanDigital RightsWe would like to thank all interviewees and survey respondentsfor their time and insight.The report was written by Dr Paul Kielstra and edited bySara Mosavi.
  4. 4. Privacy uncovered Can private life exist in the digital age?3 © The Economist Intelligence Unit Limited 2013ExecutivesummaryIn the world that George Orwell created in hisnovel 1984, every word and action is recordedand filmed by a tyrannical government led byBig Brother. The material is then used to indictrebellious citizens. In the fictional nation ofOceania, where 1984 is set, privacy has no place:“If you want to keep a secret, you must also hideit from yourself.”In the real world, we are far from the kindof personal infringement suffered in 1984,but individual privacy is increasingly at risk.Facebook profiles, Google searches and Amazonpurchases can be mined for information withever more sophisticated tools that help createincredibly detailed pictures of individual users.In Privacy uncovered, we examine the complexrelationship that consumers have with theirpersonal data. The research conducted for thereport discovers that while consumers havebecome more liberal in sharing data, they remainconcerned—and feel in the dark—about how theywill be used and by whom. This has significantimplications for how businesses collect anduse consumer data. The key findings of thisreport are:Consumers don’t know how their data is used,and think regulation and data protectionare weak. When asked about the security oftheir personal information held by a number ofentities, consumers only rarely said it was verysecure. This is particularly the case for onlineentities: only 3% say that their data is very securewith social networks and 11% say the same aboutonline retailers. Meanwhile, just 26% think thatbusinesses are transparent enough in how theyuse customers’ personal data, andthree-quarters of respondents believe thatregulation preventing the misuse of suchinformation is too weak.Although fears of potential abuse abound,they are not stopping consumers from sharingdata. Individuals are increasingly willing to shareinformation. Over four-fifths (84%) of surveyrespondents, for example, belong to socialnetworks, and 34% say that they are more willingto share basic personal information online thanthey were three years ago, compared with 23%who say the opposite. At the same time, however,well over eight in ten respondents are very orsomewhat concerned that such informationmight be hacked and used to steal their money,or that sharing data might lead to them beingtargeted by marketers.Companies’ revenues and reputation stand tosuffer because of privacy concerns. Sixty-sixpercent of respondents report sometimes notbuying a product or service because of concerns
  5. 5. Privacy uncovered Can private life exist in the digital age?4 © The Economist Intelligence Unit Limited 2013about the security and privacy of their personaldata. Of the 23% of respondents who havesuffered a data breach, 46% advised family andfriends to be careful when sharing informationwith the organisation. Moreover, the most activeInternet shoppers are also the least forgiving oftransgressions. Among those who shop onlineat least once a week and have experienced adata breach that compromised their personalinformation, 59% ceased to do business with theorganisation in question.Data security policies are not just aboutprotecting data, but also about buildingand maintaining customer relationships.Interviewees for this study stress the need todevelop trust with customers on data issues,not just for regulatory or ethical reasons,but also because it provides a competitiveadvantage as it can encourage customers toshare more information. A good relationshipinvolves showing respect for customer data. Thisstarts with good practice in areas such as dataminimisation. But equally important is regularcommunication with customers on how theirinformation is being used.Policies need to recognise cultural differenceson privacy issues. The understanding of privacy,and fears of its breach, can vary by country. TheEIU survey results indicate, for example, thatwhile Americans and Europeans have similarlevels of unease, the former are now less likelyto share information than before. Similarly,French respondents are more likely to havesuffered a data breach, which may have had animpact on their buying habits. Companies need tounderstand that what is sufficient in one countrymight not win trust in another.
  6. 6. Privacy uncovered Can private life exist in the digital age?5 © The Economist Intelligence Unit Limited 2013IntroductionInternet and mobile connectivity has increasedexponentially over the past decade. While beingconnected has become more commonplace,individuals have also become more and morecomfortable with sharing personal data. In aglobal survey conducted for this study of over 750Internet users, 34% say that they are more likelyto share basic personal information online nowthan three years ago, compared with 23% whosay the opposite.These two trends are resulting in staggeringvolumes of new data. Already, 10bn texts are sentand more than 1bn posts are uploaded onlineeach day, according to the World Economic Forum(WEF). E-commerce volumes tell a similar story:5% of retail activity in the US and 10% in Britainis now online. By 2016, according to the BostonConsulting Group, online commerce will accountfor 7% and 23% of total retail activity in the USand the UK respectively.Source: International Telecommunication Union.(a) Estimate.Ever more connectedChart 101020304050607080901000510152025303540455033.941.7Percentage of individuals using the Internet; right scaleMobile-cellular subscription per 100 inhabitants; left scale2013(a)2012(a)20112010200920082007200620052004200320022001200011.815.218.322.027.150.620.617.615.814.
  7. 7. Privacy uncovered Can private life exist in the digital age?6 © The Economist Intelligence Unit Limited 2013But with greater sharing comes greater risks.The EIU survey finds a significant minority ofrespondents have suffered a data breach—aneven more common occurrence among frequentonline shoppers.In a digital age where more and more data iscreated and shared, privacy becomes a conceptthat is difficult to define and protect. The issueis not only the sheer volume of data available,but also the rapid evolution of tools used toextract information from the data. A recent studyof over 58,000 Facebook users by University ofCambridge academics is a case in point. Theydevised algorithms that in the great majorityof cases could accurately predict an individual’ssexual orientation, race and political leaning—information that was not explicitly available onthe user’s profile.The continued evolution of data-analysis toolshas changed the degree to which businessescan understand people. Richard Baker, EMEAchairman at Aimia, a loyalty programmecompany, explains how it is now possible to geta far more detailed understanding of customersand citizens: “Because you can put so manydatabases together, you can take the equivalentof a ten-megapixel picture of a customer in realtime, when a decade ago you could only do aone-megapixel picture that took a long time todevelop.”Individual privacy is therefore being redefinedas more and more interactions, commercialor social, become digital. As Richard Allan,European director of policy at Facebook, notes,“if a billion people are sharing informationonline, it is self-evident that something hasshifted. We clearly do have a social norm thatmost people feel comfortable sharing some dataonline within certain boundaries.” The issue ishow to understand and respect those boundariesor, as Joe McNamee, executive director ofEuropean Digital Rights—a privacy and civilrights umbrella group for the EU—puts it, tomaintain the “established principles of rightsover one’s own data” in a world where people are“communicating in ways they never did before”.
  8. 8. Privacy uncovered Can private life exist in the digital age?7 © The Economist Intelligence Unit Limited 2013so at least once a week compared with just 5% ofthose in the US.This is the case even though Americans reportslightly higher trust levels in the security of dataheld by online retailers. More strikingly, unlikemost of the rest of the world, those surveyedin the US are becoming more reluctant to sharebasic personal data: 38% say they are less likelyto do so than three years ago compared with14% who are more likely; the comparable figuresfor Europe—20% and 31%—show the oppositetendency.Companies need to adjust strategies to takeaccount not only of regulatory differences onuse of consumer data across borders, but also ofhow worries about data safety may have differenteffects in different national contexts.Survey respondents from the US and Europeshare many common views on privacy. Roughlythe same proportion, for example, is veryor somewhat concerned about their privatedata stored online being hacked and used fortheft (over 90% in both cases) or for targetedmarketing (78% in Europe and 88% in the US).Large majorities in both locations also believethat regulations on the use of consumer databy businesses are not strong enough, and onlysmall minorities—15% in America and 24%in Europe—believe companies are sufficientlytransparent about how they use data.The impact of these similar concerns, however,seems to be different. According to the EIUsurvey at least, respondents in Europe aremuch more frequent online shoppers: 22% doThe Atlantic divide: similar worries, differentbehavioursUS EuropeHow often do you make an online purchase?(% respondents)Chart ?Source: The Economist Intelligence Unit.Chart 253%32%9% 5%1%48%22%22%2%At least once a week At least once a month At least once every six monthsAt least once a year Never5%
  9. 9. Privacy uncovered Can private life exist in the digital age?8 © The Economist Intelligence Unit Limited 2013Although respondents are comfortable sharingbasic personal information, the EIU survey findsthat they rarely think their data is particularlysafe in the hands of others. Only 3% say that theirdata is very secure with social networks and 11%say the same about online retailers. The mistrust,though, is far wider. Only 13%, for example, saythat personal information known to family andfriends is very secure.An air of unease1Source: The Economist Intelligence Unit.How secure do you believe your personal information is in the hands of the following?(% of respondents)Chart 3Social networksVery secureModerately secureNot secure at allDon’t know57%35%5%3%Online retailersVery secureModerately secureNot secure at allDon’t know58%26%11%Banks/financialinstitutionsVery secureModerately secureDon’t knowNot secureat all50%41%7%3%Family andfriendsDon’t know5%44%38%13%Very secureModerately secureNot secure at allDoctors’ offices/hospitalsDon’t knowVery secureModerately secureNot secure at all52%22%17%8%5%
  10. 10. Privacy uncovered Can private life exist in the digital age?9 © The Economist Intelligence Unit Limited 2013This insecurity about personal data is combinedwith widespread worry about its potential misuse:90% of respondents, for example, are very orsomewhat concerned that such informationmight be hacked and used to steal their money,and 82% are concerned that sharing data mightlead to them being targeted by marketers. Theworry that governments or employers mightdiscover secrets is also widespread. Alex Fowler,global privacy and public policy lead at Mozilla,echoes the EIU findings. “The conclusion wedraw from the consumer research that’s beenconducted over the past decade is that the publicis uneasy about all the information collected,used, bought and sold, and lost due to lapses insecurity or stolen by hackers,” he says.Consumer mistrust appears to be deep-rooted:70% of respondents believe that businesses donot have a great enough incentive to protectpersonal data, and only 26% think businessesare transparent enough in how they use suchThat the data may behacked and used tosteal money from meSource: The Economist Intelligence Unit.To what extent are you concerned about the following risks when sharing personalinformation online?(% of respondents)Chart 4That the governmentor governmentagencies may obtainaccess to my personaldataThat by sharing dataI may be targetedfor marketingcampaigns in thefutureThat current orfuture employersmay gain access topersonal data thatI would not wish toshare with themVery/somewhatconcernedNot at allconcernedDon’t know2% Don’t know Don’t knowDon’t know2%90% 82% 63%62%35% 33%16%8%4%3%Not at all concernedNot at all concerned Not at all concernedVery/somewhatconcernedVery/somewhatconcernedVery/somewhatconcerned
  11. 11. Privacy uncovered Can private life exist in the digital age?10 © The Economist Intelligence Unit Limited 2013information. “Many people have a strong reactionwhen they see their Collusion map for the firsttime,” Mr Fowler says. Collusion is a browser appthat creates a real-time map of trackers—the sitesthat receive information about users dependingon the websites they visit. “Often they don’trealise that there were so many trackers or thattracking was happening at all,” Mr Fowler adds.Michael Harte, chief information officer at theCommonwealth Bank of Australia, sees this issuegrowing in importance. “Customers increasinglywant more control of their data,” he says. “Theywant transparency on where it is, who has it andwith whom it will be shared. They want to knowwhat it will be used for.”Consumers also feel unprotected by theauthorities: 75% of respondents say thatregulation preventing the misuse of personaldata is not strong enough. Nellie Kroes, theEuropean commissioner for the Digital Agendafor Europe, is seeking to strengthen legislationin this area, but also recognises that popularconcerns are at the very least exacerbatedby a lack of knowledge. “It is clear that oneof the biggest problems is transparency andcomplexity,” she says. “People may even beprotected [legally], but may not know because[the regulations or contracts] are too complex.”This is one of the reasons why the proposedGeneral Data Protection Regulation (GDPR)seeks to provide a single law for the EU whichwould make the rights and protections of citizensclearer.It does not help that the only form of companycommunication on transparency and privacyprotection—the privacy statement—isnotoriously inefficient. A 2008 academic studyfound that if the average American were to readthe privacy statements from all the websites theyused during a year, it would take 201 hours—orfive work weeks—and would cost the economy$781bn.1Consumers, however, are far from universallynegative about sharing data. Despite expressingconcerns about the security of data held by socialnetworks, 84% of those surveyed say that theybelong to at least one. Similarly, despite the largemajority worried about targeted advertising,Mr Baker’s experience at Nectar, a loyalty cardowned by Aimia, paints a different picture. “AtNectar, our point collectors understand thevalue exchange in providing their data and aretherefore comfortable with receiving targetedadverts,” he says. “In fact we are more likely toget complaints if they are not being providedwith relevant offers.” And Mr Harte adds: “I amsure there are plenty of examples of marketingcampaigns that have spooked people, butcustomers also like it when organisations ‘intuit’what they may need. They see this as excellentcustomer service. The challenge is to keepthe balance right.” Mr McNamee agrees thatconsumers are often willing to share information,especially in return for some benefit, but addsthat they are only truly comfortable when theyunderstand and approve of the way in which it isbeing used.In short, consumers as a whole are uneasy abouthow their data might be misused, but seemhappy, or even want, to have it used in ways theyunderstand and from which they can benefit. Howdoes their attitude impact their behaviour andhow can businesses respond?1Aleecia McDonald andLorrie Cranor, “The Cost ofReading Privacy Policies”,I/S: A Journal of Law andPolicy for the InformationSociety, 4(2008).
  12. 12. Privacy uncovered Can private life exist in the digital age?11 © The Economist Intelligence Unit Limited 2013online behaviour. Although this makes settingglobal privacy and data policies more complexfor companies, in India it brings some goodnews as well. Internet users there exhibit asubstantial level of public trust around privacy.Even though 77% of Indians in Mr Kumaraguru’sstudy believed that consumers had lost allcontrol over how information about them wasused and circulated by companies, 59% stillagreed that most businesses use such data in aproper and confidential way, against just 14%who disagreed.Culture, however, is not immutable. Whencomparing the latest survey with a similar oneconducted in 2005, Mr Kumaraguru sees “Indiabecoming more privacy aware and concerned”.The two surveys already indicate a noticeableincrease in distrust of government in this area.Mr Kumaraguru believes that trust in businessescould also drop, especially if highly publiciseddata breaches occur.Differing attitudes towards privacy worldwideare not the result of happenstance. Instead,they are closely connected to a range ofcultural assumptions about what is normal toshare and how important it is to guard personalinformation. Ponnurangam Kumaraguru,professor at the Indraprastha Institute ofInformation Technology in Delhi, helped leada recently completed 10,427-person survey inIndia. He found that despite well-publicisedgovernment efforts to improve online privacyprotection, the understanding of privacy issueswas noticeably lower, and trust in governmentsand other organisations on such mattershigher, than in developed countries. Thisreflects, Mr Kumaraguru says, the “differencebetween a collectivist and an individualisticsociety. The concept of privacy has been widelydiscussed and understood for a long timein Europe and America, but not much in theculture in India. The concept is unclear andsome aspects of privacy awareness are verylow.”These differing attitudes have an impact ononline behaviour and expectations aboutCulture, privacy and trust: an Indian view
  13. 13. Privacy uncovered Can private life exist in the digital age?12 © The Economist Intelligence Unit Limited 2013This air of uncertainty among consumerscould dampen business activity. Two-thirds ofrespondents sometimes opt not to buy a productor service because of concerns about the securityand privacy of their personal data. And of thosein the survey who have experienced a databreach (23% of respondents), 38% no longer dobusiness with the organisation involved and 46%advise friends and family to be careful sharingdata with it.More broadly, the survey suggests a correlationbetween the level of trust in how data isprotected and willingness to engage in onlinecommerce. The most frequent Internet shoppersare more likely to agree that businesses aresufficiently transparent in how they usedata—37% compared with 23% for less-frequentshoppers. They are also the only group wherethe respondents who believe businesses aretransparent enough outnumber those taking theopposite view.These shoppers maintain these views eventhough they are more likely to have suffered adata breach in the past two years (37% comparedwith 23% on average). They are also, however,harsher in their reactions: 59% of frequentshoppers hit by a breach have ceased to dobusiness with the organisation in question andonly 10% have continued to do so. Rather thanputting these high-volume shoppers off onlinecommerce as a whole, such incidents seem toshake trust in individual sites.The business implications223%Which of the following statements describes the consequences of your data breach?Select all that apply(% respondents who have suffered a data breach)Chart 5I have advisedfriends and familyto be careful of sharingdata with the organisationI no longer dobusiness with theorganisation becauseof the data breachI still do businesswith the organisationdespite the data breach38%%46%9%4%Note. Overlap percentages represent respondents that ticked both statements.Source: The Economist Intelligence Unit.
  14. 14. Privacy uncovered Can private life exist in the digital age?13 © The Economist Intelligence Unit Limited 2013The importance of being trustworthy“There is a risk of people sharing incorrect orless data than they would have done as a resultof a lack of trust,” Mr McNamee notes. “That isnot helping the amount or quality of the data.Businesses and citizens end up no better off.”More broadly, Ms Kroes adds that it is “not asustainable business approach to trick users intogiving data away”. Instead, she says, companiesneed to earn trust.Corporate and technology leaders interviewedfor this study are in complete agreement with MsKroes. “We all have to continue our efforts—bothbig and small—to create a more trustworthyenvironment of online products that seamlesslyintegrates ease of use, transparency and userchoice,” says Mr Fowler. In an atmosphere ofconsumer unease, maintaining trust is critical.Mr Baker says: “Nectar’s business model dependson customers being willing for us to managedata that is attributable to them. We would failif we violated basic common sense about what isreasonable to do.”This goes beyond ethical behaviour; it makesexcellent business sense too. “There is definitelya competitive advantage in having the trust ofyour customers,” Mr Harte says. Risk reductionis an important element of this. Mr Baker notesthat “well-run companies understand that if theymisuse or lose data in an unprofessional manner,there is a serious downside risk”. Similarly, MrHarte notes that “customer trust is incrediblyfragile and once lost, can be hard to regain”.The bigger advantage in the long term, however,is on the profit side. “If our customers trust usto be the guardians of their data, they will inturn give us more to look after,” Mr Harte adds.“This will enable us, with their permission, todeliver more value to them by offering thembetter analytics and insight and, on the back ofthis, more innovative and tailored products.”Trust on data, especially where it is a competitivedifferentiator, is at the core of mutually beneficialrelationships.First stepsAlthough the details of how best to buildtrust can vary by industry and geography, ourinterviewees point to several universal steps. It isessential to build into business and data storageprocesses elements such as data minimisation(collecting and retaining only what is needed),the right to be forgotten (deleting what is nolonger required), consumer rights to access and,where incorrect, to rectify their information, andportability (the ability to move data around).Crucially, Mr Baker explains that while clear rulesand regulations are important, in a fast-changingworld value-based guidelines are also essential.“Every day people come up with new ideas on howto use data,” he says. “The most important thingis to educate our employees as to the right andwrong of what to do.”Such an attitude will also help to insure thatcompanies value the data they receive. MrMcNamee explains that “because it has been soeasy [to collect], businesses can think data isfree and that the data subject can be ignored.Citizens, though, will ask if they are gettingan appropriate deal if they are paying withtheir data.” Mr Harte agrees. “Customers mustbelieve they are getting some value from therelationship,” he says, which he believes meansfocussing on how to use customer information tocreate value for them without abusing their trust.However, the most important starting point,according to many interviewees, is to recognisethe need for enhanced interaction, in particular,going beyond ineffective one-off online privacystatements. As Mr Allan explains, becauseof private statements’ ubiquity and length,“companies are technically being transparent,but the cost of reading the information [in termsof time] is too high for individuals”. Mr Hartealso says that businesses should consider movingtowards better and more comprehensible initialstatements, and “continuous disclosure, whichis about maintaining a dialogue with customersto seek their permission whenever their datais about to be put to a new use”. Trust comes
  15. 15. Privacy uncovered Can private life exist in the digital age?14 © The Economist Intelligence Unit Limited 2013from a relationship and relationships requirecommunication, not one-off statements.Ahead of the curveImproved transparency also better preparescompanies for the regulatory changes thatwill accompany the evolution of technology.The most prominent, and controversial, at themoment is the EU’s proposed GDPR. Many opposeits implementation, including Silicon Valleytechnology companies, as it would significantlystrengthen consumer protection againsttracking and targeted advertising. Companiesfailing to comply could face fines of up to 2% oftheir global annual revenues. The core debatessurrounding this legislation—in particular onwhat constitutes personal data in an age whereindividual snippets can be aggregated into ahighly revealing picture—reflect the difficultyin constructing regulation that addressesboth current technology and its unpredictableevolution. This leads to, in Ms Kroes’ words, a“complex, situational approach” as the price ofgreater clarity may be complexity.The final shape of the regulation remainsunclear, and corporations, just like consumersand regulators, are wise to fight for their owninterests as the process continues. Nevertheless,companies should not lose sight of the biggerpicture. In an atmosphere of widespread concern,tighter regulation can help provide reassurance.Moreover, as Mr Harte explains, legal complianceis just the ticket to play. Real competitiveadvantage comes not only from meetingregulatory obligations, but also from beingrecognised by customers as fully meeting theirexpectations regarding their privacy concernsand their relationship with the company. MrBaker adds that “new rules will have to be createdfor a new world”. The form they will take is hardto predict. Well-run businesses are anticipatingthese changes in how they behave.
  16. 16. Privacy uncovered Can private life exist in the digital age?15 © The Economist Intelligence Unit Limited 2013in the past two years. Nevertheless, they havebecome more open: 58% of Chinese respondentssay that they are more willing to share basicpersonal information now than three years ago,compared with only 12% who are less so. Thismay arise from a lack of consumer choice asChinese retail markets tend to be under-served,especially in tier three and tier four cities whichare seeing faster Internet sales growth thantheir larger counterparts. Underlying attitudesto what is acceptable may also be an issue.Chinese respondents have slightly lower levelsof concern than French ones about hackers andcompanies misusing their personal information,even though the Chinese have much moreexperience of data breaches. Similarly, 46% ofChinese respondents agree that companies aretransparent enough in their use of customers’personal data, compared with just 14% of Frenchrespondents.Despite geographic proximity, French andBritish respondents have had differentexperiences of information security. Nearlyone-quarter (24%) of the former reportsuffering a data breach in the past two years,involving the loss or theft of personal data,compared with just 10% of those in theUK. This probably accounts for why Frenchrespondents show less confidence in thesecurity of their data in the hands of everytype of holder covered in the survey. It mayalso explain why they shop online slightlyless frequently overall than their Britishcounterparts, and why they are so much lesslikely to share personal data online than threeyears ago compared with respondents in theUK and the rest of Europe.A look at China, however, shows thatthe impact of insecurity is far fromstraightforward. An alarming 58% of Chineserespondents have experienced a data breachFrance, the UK and China: insecurity and itsvarying costsFrance UKHow often do you make an online purchase?(% respondents by country of origin)Chart ?Source: The Economist Intelligence Unit.Chart 62%2%39%28%24%10%56%22%18%At least once a week At least once a month At least once every six monthsAt least once a year Never
  17. 17. Privacy uncovered Can private life exist in the digital age?16 © The Economist Intelligence Unit Limited 20132Fred Stutzman et al.,“Silent Listeners: TheEvolution of Privacy andDisclosure on Facebook”,Journal of Privacy andConfidentiality, 4(2012).surprise the people using your service,” Mr Allansays. “When designing updates, think hardabout whether you are going to cause surprisesand a backlash. We have launched hundreds ofupdates—most have met these criteria but a fewhave failed.”Another important element of avoidingsurprises is finding more meaningful ways tocommunicate with users. Privacy statementsand terms of service remain important, says MrAllan, but these often go unread. Accordingly,Facebook has adopted a policy of usingdialogue-box warnings to explain to membersusing certain features for the first time exactlywho will be able to see any informationtransmitted.The most important change Facebook hasmade, says Mr Allan, is incorporating privacy bydesign into new features. “Social networks aredesigned for sharing, but this approach [privacyby design] means that when we create a featurewe ask, ‘Will the privacy settings work in the waypeople anticipate?’” This, he believes, ratherthan guaranteeing complete privacy, is theproper role for the provider of a social network.“If you share a photo with 150 people, absolutesecurity is unlikely” he says. “Our job is to makesure it is shared only with the people you wantto share it with. It is for the individual then toconsider, ‘If I am sharing with all my friendswhat are the implications of that?’”Facebook, the social networking site, is nostranger to privacy-related controversies.Most recently, a string of concerns has led tomajor revisions of the site’s privacy policies andthe enhancement of user control over privacysettings.The biggest issue for the company has beenunderstanding consumer demands. RichardAllan, the company’s European policy director,notes that the vast majority of data put onFacebook by users is supposed to be sharedwith other individuals. Here, he adds, privacyquestions revolve around “whether that serviceis behaving in the way you anticipated”.Because the medium of the social network isstill relatively young, however, meeting theseexpectations—or even understanding what theyare—is still a matter of network companies andcustomers learning what the latter want.This has not always been a smooth process.Mark Zuckerberg, chief executive officer ofFacebook, has more than once publicly admittedto making mistakes relating to privacy, but theend result seems to have been successful. Arecent academic study found that changes toprivacy settings and policies led to an increasein the willingness of users to share certain dataon the site.2Facebook’s experience holds a number oflessons for companies dealing with onlinecustomer data. “The critical issue is not toThe Facebook experience
  18. 18. Privacy uncovered Can private life exist in the digital age?17 © The Economist Intelligence Unit Limited 2013Conclusionright to be forgotten and to rectify errors, and other elementsof best practice not only improve the relevance and accuracyof the information companies hold on customers, but are alsotestimony to a company’s trustworthiness.l Educate employees on how to treat consumer data: As thetools for data analysis continue to evolve in unforeseen ways,employees at all levels must be clear about the limitations inthe uses of consumer data. This will help companies to buildrelationships with consumers and avoid reputation-damagingdata-breach scandals.l Pay fairly: If consumer data is such an economicallyimportant asset, it should be fairly priced. Compensation neednot be monetary, but may involve a free or enhanced service,or even superior customer service. Skimping on this in a data-driven economy could mean losing your competitive edge torivals.l Communicate properly on privacy: Website privacystatements are frequently a legal requirement and can helpto answer the questions of interested individuals, but as acommunication tool with the vast majority they are nearlyworthless. Because customers are wary about privacy,finding ways to communicate relevant elements of privacypolicies effectively will be a key element in building trust andrelationships.The amount of data, including personalised information, inthe world is continuing to grow exponentially and improvedtechnology is making it ever easier to draw from it increasinglydetailed pictures of individuals. This is causing unease amongconsumers about how their information will be used and bywhom.If a company is unable to engender confidence—or has losttrust through negligence—its business inevitably suffers. Onthe other hand, consumers also reward firms that use dataabout them to provide personalised services in a way withwhich they feel comfortable. Companies therefore need totreat customer data as a building block in their relationshipswith consumers rather than as a purely low-cost asset. This isnot just an exercise in ethical behaviour, but also a propeller ofcompetitiveness. To this end, several steps can be taken.l Legislative compliance and strong security are essential,but are only the beginning: Obeying the law on data providesa ticket to play and in the long term customers simply willnot maintain ties with businesses that are constantly leakywith their data or that misuse it. As almost every firm will,or should, be covering the basics, though, this will not be adifferentiating factor.l Treat customers with respect in the use and storage of theirdata: Data minimisation, customers’ access to their data, the
  19. 19. Privacy uncovered Can private life exist in the digital age?18 © The Economist Intelligence Unit Limited 2013Appendix :Survey resultsThe EIU conducted a global survey of 758 adultInternet users in January and February 2013. Oursincere thanks go to all those who took part inthe survey.Access the Internet via fixed devices (eg, PCs, game consoles, etc)Send text messages/instant messages via mobile phonesAccess the Internet via mobile devices (eg, smartphones, tablet computers)908176(% respondents)Do you do any of the following? Please select all that apply.Please note that not all answers add up to100%, either owing to rounding up or becauserespondents were able to provide multipleanswers to some questions.
  20. 20. Privacy uncovered Can private life exist in the digital age?19 © The Economist Intelligence Unit Limited 2013United States of AmericaCanadaFranceJapanSingaporeChinaHong KongUnited KingdomGermanyItalySpainBrazilMexicoIndiaSouth AfricaChileUnited Arab EmiratesArgentinaColombiaFinlandBulgariaOther14777777111111376665333(% respondents)In which country/region are you personally based?
  21. 21. Privacy uncovered Can private life exist in the digital age?20 © The Economist Intelligence Unit Limited 2013Western EuropeAsia-PacificNorth AmericaLatin AmericaMiddle East and AfricaEastern Europe3230201242(% respondents)In which region are you personally located?Board memberCEO/President/Managing directorCFO/Treasurer/ComptrollerCIO/Technology directorOther C-level executiveSVP/VP/DirectorHead of business unitHead of departmentManagerStudentHome-makerUnemployedOther1712534101487533(% respondents)What is your job?
  22. 22. Privacy uncovered Can private life exist in the digital age?21 © The Economist Intelligence Unit Limited 201318 – 24 years25 – 34 years35 – 44 years45 – 54 years55 – 64 years65+ years102526171310(% respondents)How old are you?MaleFemale5941(% respondents)Are you male or female?DailyWeeklyMonthly9721(% respondents)How often do you use the Internet, using either fixed or mobile devices?FacebookGoogle+LinkedInTwitterWeiboInstagramPathOtherNone54877500317(% respondents)Which of the following social networking sites do you use the most?
  23. 23. Privacy uncovered Can private life exist in the digital age?22 © The Economist Intelligence Unit Limited 2013At least once a weekAt least once a monthAt least once every six monthsAt least once a yearNever19472283(% respondents)How often do you make an online purchase?More likelyAs likelyLess likely344423(% respondents)Are you more or less likely than three years ago to share basic personal data online (eg, date of birth, home address,employment status)?Very concerned Somewhat concerned Not at all concerned Don’t knowThat the data may be hacked and used to steal money from meThat by sharing data I may be targeted for marketing campaigns in the futureThat the government or government agencies may obtain access to my personal dataThat current or future employers may gain access to personal data that I would not wish to share with them284421650473233543339412223(% respondents)To what extent are you concerned about the following risks when sharing personal information online?Very secure Moderately secure Not secure at all Don’t knowSocial networksOnline retailersBanks/financial institutionsCharitiesDoctors’ offices/hospitalsFamily and friendsEmployerGovernment/government agencies5557353265837504116364382252538441121538225311617131618(% respondents)How secure do you believe your personal information is in the hands of the following?
  24. 24. Privacy uncovered Can private life exist in the digital age?23 © The Economist Intelligence Unit Limited 2013YesNo6634(% respondents)Do you ever opt not to buy from a product or service provider out of concerns for the security and privacy of your personal data?Strongly agree Somewhat agree Neutral Somewhat disagree Strongly disagree Don’t knowRegulation preventing misuse of consumers personal data is not strict/strong enoughThere is not a great enough incentive for businesses to protect my personal dataI wouldn’t know what steps to take should a business misuse my personal dataBusinesses are transparent enough in their use of consumers personal dataIf an organisation experiences a data breach, they should notify meShould an organisation experience a breach of my personal data, I would not continue to do business with them31319403532620442624121938254152828206212122064316273132(% respondents)Do you agree or disagree with the following statements?Avoid using a shared computerDelete internet browsing historyDelete cookies from personal computerRefuse to save credit/debit card details onlineAvoid using WiFi wireless access in public spacesShred documents like receiptsElect for electronic bank statementsChange passwords at least once a monthCheck credit score (if available)Other, please specifyNothing62535245444433262535(% respondents)Which of the following do you use to safeguard your privacy? Select all that apply.
  25. 25. Privacy uncovered Can private life exist in the digital age?24 © The Economist Intelligence Unit Limited 2013More secureLess secureThe sameDon’t know10313227(% respondents)Do you believe that personal information held in the “cloud” is more secure or less secure than information held on the localsystems of service providers?Yes, onlineYes, offlineYes, bothNo, not that Im aware of135577(% respondents)Has your privacy been breached in the last two years, involving the loss or theft of your personal data?I have advised friends and family to be careful of sharing data with the organisationI no longer do business with the organisation because of the data breachI still do business with the organisation despite the data breachOther, please specify4638238(% respondents who have suffered a data breach)Which of the following statements best describes the consequences of your data breach? Select all that apply.(% respondents)Which of the following categories of information have you knowingly supplied to a product or service provider, online oroffline, or shared with a social network over the past year. Select all that apply.Provided onlineto product/serviceproviderProvided offlineto product/serviceproviderShared onlinethrough socialnetworkAll of theaboveDont know/Not applicableContact details (includingaddress, phone number, email)Date of birthCredit/debit card detailsBank account detailsPersonal photosSalary/incomeShopping habits/preferencesInternet search historyMedical recordsBody measurementsTravel historyPolitical leaning/voting record68525221131627114714638332816612104765516253336395231351011547474345491218312636273943403141
  26. 26. While every effort has been taken to verify the accuracyof this information, neither The Economist IntelligenceUnit Ltd. nor the sponsor of this report can accept anyresponsibility or liability for reliance by any person onthis white paper or any of the information, opinions orconclusions set out in this white paper.
  27. 27. LONDON20 Cabot SquareLondonE14 4QWUnited KingdomTel: (44.20) 7576 8000Fax: (44.20) 7576 8500E-mail: london@eiu.comNEW YORK750 Third Avenue5th FloorNew York, NY 10017United StatesTel: (1.212) 554 0600Fax: (1.212) 586 1181/2E-mail: newyork@eiu.comHONG KONG6001, Central Plaza18 Harbour RoadWanchaiHong KongTel: (852) 2585 3888Fax: (852) 2802 7638E-mail: hongkong@eiu.comGENEVARue de l’Athénée 321206 GenevaSwitzerlandTel: (41) 22 566 2470Fax: (41) 22 346 93 47E-mail: