Americans are increasingly worried about how companies use and protect their online data, according to a new study.
When TRUSTe and the National Cyber Security Alliance surveyed 1,000 adults in late December, they found that 92 percent of them were worried about how secure and private their online information was. That’s understandable. But fewer than a third (31 percent) of respondents understood the measures that companies took to protect that data.
The study, released Thursday to coincide with Data Privacy Day, provides fresh ammunition for privacy advocates who say that large corporations need to better clarify how they store, secure, and share customer data.
The emergence of the Internet of Things has turned everything from refrigerators to cars into repositories of personal information, and while these connected devices offer improvements over their predecessors, they also pose security risks. The years 2014 and 2015 saw a rush of data breaches that hit major shopping sites, banks, and government agencies, alarming security experts and consumer advocates alike.
A surprising 38 percent said that online privacy was more important than national security.
Americans’ understanding of privacy issues has also risen in the past few years. Nearly half (45 percent) of respondents to the TRUSTe/NCSA study told the researchers that they were more concerned about privacy now than they were a year ago, and nearly nine in 10 (89 percent) said that they avoided companies with bad data-protection reputations.
The respondents’ most pressing concern: companies sharing users’ personal information with other companies, which ranked as the top issue for nearly four in 10 respondents.
Slightly more than half (56 percent) of Americans trust companies enough to give them some personal information, but pluralities of consumers want to be able to limit what companies do with that data. Limiting employee access to private data, the types of data collected, and corporate use of the data—including outside sharing—were all popular proposals endorsed by more than 40 percent of respondents.
The study found disparate levels of awareness regarding simple privacy protections, with 60 percent of respondents aware that they could delete browser histories and cookies but only 33 percent aware that they could read companies’ privacy statements. Less than half of respondents knew that they could tweak how social networks and smartphones tracked and collected data on them.
“The research points to an awareness-action shortfall that belies a growing
confidence in Americans’ personal ability to protect their online data,” said Michael Kaiser, executive director of the National Cyber Security Alliance.
The issue of data privacy also has important geopolitical consequences. The United States and the European Union are negotiating a deal to restore the ability of American companies to bring E.U. citizens’ data to U.S. servers. Europe’s highest court struck down the previous deal after finding that American firms could not meet strict E.U. privacy standards because they were subject to U.S. mass surveillance.
Americans generally seem to support the European conception of data privacy as a human right—a right currently enshrined in a key European Union charter—with 64 percent of study participants endorsing this view. A surprising 38 percent said that online privacy was more important than national security—a startling finding given the widespread fear stirred by late 2015 terrorist attacks in Paris and San Bernardino, California.
Americans value privacy so much, in fact, that 60 percent of them support the idea of a “right to be forgotten.” This principle, currently the law in the European Union, requires Internet companies to delete certain online records of people’s pasts if those people request it.
Illustration via Max Fleishman