As people are connecting with each other in cyberspace, we are increasingly becoming vulnerable to data threats. Predictive algorithms and big data foretelling the actions of users better than humans is a reality now. These algorithms are also being used to monitor and influence our behaviour.

The recent Facebook-Cambridge Analytica data breach scandal has made us realise that we are unaware about how companies use personal data surreptitiously for purposes which none of us have signed up for.

Today companies use AI for numerous task. There are vast datasets constantly being added to, which are frequently made up of personal data. Apart from basic user information and demographics, organisations — both private and public — may have access to huge quantities of personal and sensitive information. And individuals have little or no control over the data which is stored about them and how it is used.

Companies start by collecting data which you entrust them with, then they collect data from your daily use of communication networks. They can also buy data about your education, ethnicity and job history or fish for information about the topics you talk about online. These online players are largely self-regulated by their terms of service and privacy policies, which are designed to make users give consent to the usage of their data as these companies wish.

About The Survey

Analytics India Magazine conducted an online survey this May about privacy concerns regarding data. Our objective was to understand users’ attitude towards data privacy and the awareness level for the same in daily scenarios. We asked millennials and people from various backgrounds – freshers, professionals and decision-makers – about policies of websites, the sale of data to third parties, and trust issues regarding the same.

The responses we gathered were insightful, yet not unexpected — most users who use internet intensively do not read the privacy policies before they ‘agree’ or ‘disagree’ to any web portal’s terms. They are more protective about their banking data, passwords and government-authorised documents. More than 50 percent respondents admitted to falsifying personal information to get around the process.

How Browsing Habits Affect Data Pilferage:

• Selling Data To Third Parties: 79% of the respondents said they were not comfortable with their data being sold to third parties, even in exchange for the speed, convenience, product range, home delivery and price comparison that online shopping offers.

• Terms & Conditions: 77% respondents said that they did not read privacy policies of web portals. Only 23% people claimed that they read the T&C quite carefully before agreeing or disagreeing to the terms.

• Incognito Mode: To keep web browsing activities private 66% respondents claimed they sometimes surf the web in private window. 24.7% admitted that they do not use incognito window. Only 9.4% respondents said they always view pages in incognito tabs.

How Users Get Around The System:

• Wary Of Giving Out Real Data: Many users have now become aware of the data collection behaviour of websites. 54.1% of the respondents admitted to falsifying personal data for signing up for products and services online.

• 49% said they have falsified mobile number and 40% falsified address. Surprisingly, most of them are millennials (31.7%) who falsified their mobile number, email address and address.
• Not many people falsify their education and gender, only 15.9% people said they falsified their education and 9.8% said they falsified gender.

Why To Give Out False Information:

• Avoiding Spam: 28.4% of respondents who falsified data did so to avoid unsolicited communication
• Privacy: 7% people want to avoid handing data over to companies who have been selling or marketing data without their consent. 14% of respondents did so to limit the amount of personal information they put online or share with companies.
• Security: 10% of the respondents falsified information due to security concerns.

Data Which Respondents Feel Most Protective About

• 92% people listed banking data as the top concern.
• 79% respondents listed password and 66 percent people listed government authorised documents like PAN, Aadhar etc as areas of concern
• 52% people claim they feel protective about their location data
• About 48% respondents feel protective about their phone numbers.

Trust-Factor Of Respondents Across Various Channels

Methodology

We asked respondents to rank – banks, government departments, e-commerce companies, social media platforms, online streaming companies and search websites – on a scale of 1-10, with 1 to 4 is totally trustworthy, 5 & 6 is neutral and 7 to 10 is not trustworthy.

50.6% of the respondents said they trust banks most with their personal data — more than the government, e-commerce companies, social media websites or online media companies.

• Breaking it down further, 51.8% millennials and 68% decision-makers trust banks with their data. However, 46.1% professionals said they do not trust banks with their personal data.

• Overall, 33% respondents said they trust government departments with their data. 27% are neutral and 40% of respondents admitted that they do not trust them with their data.

• However, 40.7% millennials are still comfortable in sharing their data with government departments. 55.5% of freshers claimed that they do not trust the government.

• On the e-commerce front, 42.4% respondents said that they do not trust e-tailers. 28.2% gave a neutral response. Only 29.4% respondents believed that they can trust e-commerce firms with their personal data.

• Surprisingly, 55.5% freshers admitted that they can trust them with their personal data.

• After the data breach fiasco, 56.6% believe that social media is not safe when it comes to data sharing. And 24.8% said they can still trust social media platforms.

• Breaking down the numbers further, 59.2% millennials claim that they limit the amount of personal information they put on social media platforms. 72.7% decision-makers and 46.1% professionals said they do not trust social media either. However, 44.4% freshers still feel social media companies are safe.  

• But when it comes to providing personal information, the majority (84%) said they can trust government over social media. Only 16% respondents still think that social media is more secure than the government portals.

• The rise of online streaming websites like Netflix, Hotstar and Amazon Prime have dramatically altered the media habits of urban youth but when it comes to data sharing, 53% people said they cannot trust online streaming websites with their personal information.

• Interestingly, most of them are millennials. About 70% claimed that online streaming companies are not safe.

• Search engines have become a necessary part of our lives, but every time you type a query on Google, Yahoo or Bing, you reveal a tremendous amount of personal information that is valuable to the marketers, governments, cybercriminals and all of them love to use your data for their gain. Surprisingly, for 25.9% respondents search engines are safe. However, 58.9% respondent in the survey feels their personal data is vulnerable on the search websites.

• If we further break the number down, we can see that 63% decision-makers do not trust search websites. 66% millennials and 53.8% professionals believe the same. However, 44.4% freshers said they can trust search websites with their data.

• 67% respondents claimed that they would boycott a company which repeatedly demonstrated that it had no regard for protecting customer data.

Who Would You Blame If Personal Data Is Compromised?

• Interestingly, if personal data is compromised, 40% respondent said they would blame social media and 33% would blame themselves over hackers and banks.

Findings

Data protection and privacy are major concerns of the millennial generation, as demonstrated in this survey. They are protective about their financial data and security information, but not many read the basic privacy policies before clicking on the ‘I agree to the terms and condition’ button. Personal data should not be trusted in the hands of third-parties, where they love to use your data for their own gain and sometimes tend to misuse it. Users must not just give away their data, they should own and control their data without compromising security or limiting authorities and companies ability to provide personalised services to them.

Legislation

Every major country like US, China, Australia and UK, among others have some form of legislation in place. This month, the new General Data Protection Regulation (GDPR) goes in to effect today, focusing on how companies should design their data privacy and protection and adding digital rights for European citizens. It will lay down a new set of rules regarding the processing of personal data and with regards to the free movement of this data. The new set of rules also aim to ensure a high-level of data protection. And when it comes to data breach, GDPR says that organisations will need to inform regulators within 72 hours. The new rules will give EU citizens more control over their data, but it also has implications beyond EU.

Conclusion

This may force India to follow European lead in regulating online service provider. Currently, data protection laws in India are too narrow. The IT Act, 2000 do not address the need for a stringent data protection law being in place. It only contains a provision regarding cyber and related IT laws in India, and delineates the scope of access that a party may have. The IT Act and the Personal Data Protection Bill, which were introduced in Parliament in 2006, are yet to see the light of day.