Nearly a year ago we commissioned a study by the Economist to help better understand people’s view of privacy in particular with the proliferation of connected things or IoT. Our premise was people across the world don’t really appreciate the magnitude of things that they connect to, knowingly or unknowingly, and in particular don’t understand what data about them is being collected, analyzed and monetized. As a supplier of software that helps identify people, places and things we have a profound responsibility to deliver great technology. But just as or more importantly, we need to provide our technology in a way that allows our customers to engage with their customers in a trustful and consent-based way. That is: to only collect, track and use this identity data as is both understood by the end consumer, and with full transparency and agreement. No more data about you without you.
The recent news about Facebook and Cambridge Analytica has brought the issues of data privacy and online personal security into the public eye like never before. Just in my own personal orbit with friends and family on social media, I can tell that for many casual users of social media, a giant lightbulb has gone off. It’s not just that a lot of people are realizing that they don’t really have control over their personal data online, but that they’re realizing their personal data is actually getting used in ways that they wouldn’t consent to if they had a say.
I’ve personally witnessed more than a few “wait, what? I didn’t sign up for this!” moments on the web over the past couple of weeks. So I’ve seen first-hand that there’s a lot of strong sentiments out there about how social media sites and other commercial entities handle personal data. But it’s not just my social circle, the strong feelings – heck, let’s call it angry feelings – are real, and we have the numbers to prove it.
Earlier today the Economist Intelligence Unit published “What the Internet of Things Means for Consumer Privacy” a global survey report sponsored by ForgeRock that measured consumer attitudes toward how their personal data gets collected, stored and managed online. The context of the study was the emergence of the internet of things. To quote the introduction to the report:
Many consumers have become adept at exercising control over how their data are used, for example through consent forms and opt-outs. However, the IoT—the rapidly expanding network of devices, physical objects, services and applications that communicate over the internet—poses a new set of privacy challenges, as it changes the relationship between individuals and their personal data.
When we kicked off this project back in mid-2017, we were anticipating that the privacy discussion in 2018 would be dominated not just by the IoT, but also the implementation of Open Banking and the GDPR. And that has been the case, but the Facebook news has reset the discussion in ways we couldn’t have anticipated.
A Strong Desire for More Control Over Private Data
On that note, we’re excited to share the results. For me the most impactful findings were that strong, nearly unanimous, majorities of consumers say they want to control what personal information is automatically collected (92%), and cite discomfort with the ability of third parties to access personal data without their consent (89%). Another number to consider: 92% said they’d like to see increased punishments for companies that violate consumers’ privacy. Keep in mind that the survey was fielded late in 2017, well before the #deletefacebook movement became Zuckerberg’s own private dumpster fire nightmare. I’d argue the numbers could be even more stark were we to conduct the same survey right now. Regardless, the report speaks for itself. Download your own copy of the survey report and our infographic to get the full picture. Many thanks to the EIU and ForgeRock marketing for bringing these findings to light.
But even more to the point, we all must change. As consumers, we must take responsibility for data about us. We must read the privacy and consent policies of any sites we provide information to. We must take care in selecting our level of comfort in allowing our data to be collected and used.
As vendors of technology that either helps companies provide enhanced personalization or in fact collects such data, we must ensure we offer the ability for individuals to consent to any use of their data. Period. It’s not enough to just offer opt in or opt out capabilities. Each piece of data about a person belongs to that person. I may be ok with Google knowing where I am and offering me discounts at a local shop. But hey Google, ask me first. And make it easy for me to change my mind. No more data about me without me. It’s not a tagline. It’s the right thing to do.