This time its personal

Can new data protection regulations make the Internet more trustworthy?

Internet users are increasingly concerned about their personal data and how it is used, especially in the case of sensitive data such as medical information. They have high expectations about both data security and their ability to control how their data is used. Governments around the world are introducing new regulations which govern how that data can be used for commercial purposes and what privacy rights we have.
In early 2017 the US government passed a law that allows ISPs to sell on individuals’ personal data without the user’s permission. While regulation in the US is being relaxed, in Europe it is being strengthened.
The EU’s forthcoming General Data Protection Regulation (GDPR), due to enter into force in May 2018, is designed to consolidate citizens’ rights around personal data, including the right to be forgotten, the right to data portability, and the right to be removed from marketing campaigns. The regulation means any companies with data about EU citizens will have to establish adequate data protection systems, bringing their cybersecurity and data transparency policy into line with stringent new requirements. One of these requires that all data breaches must be reported to the national data protection authority within 72 hours of the incident being discovered.

Less negotiable data

In the 2016 KPMG survey Crossing the line – Staying on the right side of consumer privacy, social networks were revealed as the companies that provoke the most distrust in consumers. While use of social media shows no sign of declining, users are adopting a more circumspect and discerning approach to the management of their personal data. Facebook content is not as private as they might have thought, and without the right settings in place, what they posted could be seen by anyone, including work colleagues or managers. As a result, many users are activating privacy settings and posting less personal content. A report published by The Information revealed a 21 percent drop in personal updates and shares in 2016.
This may be due to what users consider to be too sensitive to share. Data on health, address, income and online purchase history was considered “non-negotiable” by 80 percent of users surveyed by KPMG. More than half surveyed said they would not make online purchases for fear of what might subsequently be done with their personal data. With less sensitive data, users report being happier to share under certain conditions and if there is a perceived benefit of sharing. Over half surveyed said they were willing to share information about TV shows they watch in exchange for a discount. The same goes for information on gender or education.
Willingness to share data also depends on the nature and quality of the company in question. Users trust banks and healthcare organizations more than telephone carriers, Internet service providers and manufacturers for example, with the latter three enjoying the confidence of only 30 percent of users surveyed in the KPMG ranking.
Feelings about data sharing also vary from one country to another. While three-quarters of Indians are happy for taxi companies to be able to geolocate them, three-quarters of Danes find the same practice too intrusive. According to KPMG’s survey of 24 countries, the Spanish are the most vigilant in this regard, followed by the French, 64% of whom have got into the habit of deleting cookies from their browser. And for good reason: two-thirds of Europeans have, at some point, faced a security problem with their data.

Users want greater control and security

Consumers want greater control over how their data is used, greater security and greater transparency from companies. Less than 10 percent of consumers believe they have control over how their personal data is used. This concerns information about their purchases, as well as data collected when they are browsing the internet. “What data is collected exactly? Who has access to it? How long is it kept for? How? We don’t know,” said one user at the “Digital Café” organized by Orange in 2016.
Online data security, particularly regarding threats to their bank details, continues to be the main concern of two-thirds of European consumers. Even when they take precautions with their passwords, they do not feel reassured (Médiamétrie 2016, France). It seems, however, that applications are not viewed with such suspicion. The study shows that French people believe that apps reinforce security. Among the reasons cited are the fact that apps often require only an email address and a username, and no personal information. Most users, however, accept the terms and conditions without realizing that they permit the application to access their personal content on the device (photos, contacts, geolocation, etc.).

The data sharing issue

However paradoxical it may seem, brands must now take account of their customers’ demands in terms of data protection and security. “For companies that wish to customize their marketing strategies and their services, build loyalty to their brand or improve their products by making use of data, it is vital to understand that, while opinion among consumers is still divided, there is a growing tendency for them to prioritize their privacy, despite the advantages that use of their data may provide,” explains KPMG partner Emmanuel Hembert.
Google offers a dashboard showing how its data is used, but since February 2017 has been threatening to delete millions of applications from the Android Play-Store if they do not conform to its privacy policy. It seems, then, that when it comes to personal data, ethics and transparency are no longer simply a “plus”, but an essential requirement for all brands and companies.

Learn about data protection in a cloud environment and introduction to the security requirements of GDPR

Learn more