The ICO have published their Annual Tracker, a survey looking at public perceptions of privacy and data protection. The main aim of this research was:
- To gauge public perceptions and awareness of how data is shared with and used within organisations and to monitor any change in the trust and confidence in how data is used and made available.
- Public awareness of GDPR
- Explore the public’s perceptions about technology and data protection
- Knowledge of FOI (Freedom of Information)
- Perception of the ICO
Overall, there’s no surprises:
- More people are worried about how their personal data is being used with concerns about how that data is shared without their permission
- Awareness of GDPR is down (probably because last time the survey was carried out GDPR was on everyones minds)
- More people aware of their data protection rights (e.g. right to be informed about how their data is being used)
But the stand out fact from the survey is that cyber security, children’s privacy, data sharing for marketing purposes and web browsing tracking for marketing purposes are the most commonly cited data protection concerns.
Cyber-security is probably no surprise given most of what gets reported in the mass media relates to a cyber-security/hack incident (e.g. the BA and Marriott fines) and there are so many fraudulent cold calls, spam, etc. about. For me, what’s interesting is the rest of what people are worrying about.
Children’s privacy ranked second in people’s first choice of concerns (15%). This is possibly indicative of ongoing concerns about access to online content, online harms and general use of technology which grown ups don’t always understand.
But children’s data is covered by the GDPR when it relates to online services, with children under 13 requiring parental consent if an online service requires the child’s consent. The ICO though also single out the protection of children’s data needing special care because of the nature of the data subjects and the potential misuse of trust. We know from working within the education sector that there are also challenges around pupil personal data within schools and academies, particularly in terms of parental access to their child’s data when the child is seen as the data subject.
Use of data for marketing purposes
Sharing of data and tracking web behaviour were cited as the third and fourth most popular concerns (14% and 10% respectively). Unfortunately there is little information in the survey report to indicate what specifically is causing these concerns, but we suspect it has something to do with the raised awareness of consent that came in with GDPR last year (remember all those “we need to renew your consent” emails?) and a general mistrust thanks to the Facebook/Cambridge Analytica scandal, plus if we look at the ICO enforcements over the last couple of year a lot of them are marketing related (so breaches of PECR rather than GDPR).
It seems only a matter of time till we’ll see some GDPR related enforcement in the marketing space…
What the ICO thinks
In her blog about the findings, the Information Commissioner comments:
It’s reassuring for us to see children’s privacy and data sharing also feature prominently among the public’s priorities. Both are priorities for us too, and the views expressed in the survey match what we heard in response to the consultation for our planned code of practice to protect children’s privacy online.
But she also talks about a paradox between the ICO’s enforcement and public trust. Whilst the enforcement aims to penalise those that bend the rules, it also highlights to the general public that organisations can’t be trusted. The Commissioner sees this supported by the drop in trust and confidence shown in the survey.