Personal Data — The People’s Perspective

what do people really know, care about, and need when it comes to their personal data?

[2015 archive]

Amidst an era-defining debate about personal data, many studies have emerged to suggest that around the world, people are increasingly concerned about their privacy. One study even claims that privacy fears are on a par with global terrorism and economic recession. No surprise, perhaps, in the wake of Snowden’s revelations and high profile security breaches on everyday services like the iCloud. Commercial opportunity ensues: 50% of all Internet users claim they will pay for services to protect themselves.

Looking Closer
New research from Telefónica Innovation suggests a more complex situation, not least because alleged concern for privacy doesn’t appear to translate into action. People continue to share data liberally in exchange for value, convenience, and belonging, with apparent disregard for terms and conditions (a mere 26% admit to reading them). Only one-fifth of Internet users make use of private browsing - a simple and free option for privacy protection.

Rather than taking claimed privacy concerns from a plethora of studies at face value, let alone as an indicator of need around which to innovate, Telefónica set out to understand the tension between the desire for value, convenience and belonging and desire for privacy. How might they be able to co-exist? Furthermore, can data really be treated as a generic entity in research that aims to understand what people really need from their data-fuelled products and services?

To answer these questions, Telefónica conducted a new type of experimental study, designed to uncover what people really know, think and feel about their personal data — without mentioning ever mentioning it.

How To Ask Without Asking
To get a better understanding of people’s relationship with their personal data, the starting point for Telefonica’s research was simply to ask without asking. After all, how front of mind is data privacy during the alleged 1500+ times’ people reach for their mobile each week, or the nine hours they spend online each day?

Our methodology banned words and themes associated with the personal data debate, as we believed they carried too much baggage. Expressions like ‘personal data’, ‘privacy’, ‘surveillance’, and ‘anonymity’ were avoided, and there was no active probing around concerns or worries.

Instead, the study explored people’s relationship the Internet (the context in which data — or ‘information’ — is shared); how, where and why they believe they are sharing it; how this makes them feel; what this makes them do, and not do, and why; and what they perceive their needs to be.

4 Typologies of Data Sharers
Four attitudinal typologies of data sharers were created for this study: ‘Sceptics’, ‘Pragmatists’, ‘Laissez Faires’ and ‘Innocents’. There was a fifth — the ‘Guardian’ — but the chances of recruiting someone whose phone lives in a Faraday cage for a telco research project were obviously low. They remain a hypothetical niche.

What started as a hypothetical framework was taken apart and rebuilt throughout a rigorous qualitative research phase with a view to humanise the relationship people have with their data: something the endless bar and pie charts from other studies have so far failed to do to date.

The typologies were then quantified in Spain, UK, Germany and Brasil, and behaviors and needs were identified in relation to specific types of personal data.

5 Implications

1) Context Is Critical
Any approach to research and innovation related to personal data should take into account that the Internet is an integral and much-loved part of life. Its practical and emotional benefits outweigh the risks associated with sharing data. People generally do not want to have to think about the possible negative consequences. Nobody wants to do less online or face more complexity in return for security or privacy protection, not least when the need for this is often not felt. That is why Sceptics and Pragmatists, in spite of pessimistic or defeatist attitudes towards personal information in general, can enjoy and appreciate the functional and informative aspects of, for example, social platforms.

2) Uncertainty Is Universal
Telefónica’s study found that few people have an accurate idea of how data collection works, such as where data goes or what is done with it and why. When asked to make a guess, most admit they simply don’t know. Presumed marketing-related reasons are a close second. Many also think that it ends up in the ether or on hardware of some kind. While this unsettles Sceptics and Pragmatics, Lassiez Faires and Innocents refuse to let it concern them.

However, in the context of some specific data, people are more than able to link actions, such as browsing or ‘window shopping’ and frequent use of a service, to specific consequences — mainly around personalization of ads, service interfaces and content. Yet the frequency of these experiences has normalized them, and because people do not actively associate them with data collection, they are not seen as an abuse of their data or privacy.

3) Character, Lifestage & Sensations Shape Attitudes
Contrary to the assumption that attitudes around personal data are informed by knowledge people acquire and hold, our research revealed they are informed by a blend of 3 things:
- Lifestage, and what is at stake in the real world if sensitive data (location, financial) was to be exploited (e.g. children, mortgage, finances, career — the more responsibility, the greater the )
- Stories shared by mainstream media or peers, sensationalising risks (e.g. media reports of security breaches on everyday services, like cloud storage or financial transactions). The Snowden leaks were occasionally recalled, yet their complexity and an attitude of ‘what do I have to hide?’ rendered them ineffectual in shaping attitudes and behaviours. However, Apple’s iCloud hack felt closer to home, and rendered personal photos and files as a sensitive data set that wants to be well protected.
- Character, and how people respond to the world around them at large. Someone will a suspicious disposition towards the world at large is most likely to be sceptical about sharing certain types of data with certain services, than someone who is open, carefree and trusting.

4) Sentiment Is Specific
An exercise that involved listing and grouping different forms of data that people know they are generating and sharing online helped us identify where perceived sensitivities lie.

For example, data that is shared when one is prompted by services to do so (like financial and personal details) are considered to be the most sensitive forms of data. This because of the severe real-world problems that can follow from data falling into the wrong hands, such as losing finances or being the victim of a physical crime.

On the other hand, data that is generated by default, by simply using the web, or volunteered, mainly on social platforms, was perceived to be less sensitive. The former is accepted as normal, while the latter is shared knowingly, in spite of imagined consequences of images or text falling into the wrong hands.

5) Cybercrime Trumps Privacy
While the data debate revolves around the right to privacy, this study shows that peoples’ needs are in fact more related to protect themselves from cybercrime than to the true definition of privacy. Security — the need for safety from interference, abuse, and theft — is the dominant need across all typologies. The theme repeated itself several times throughout the study: the most significant perceived risk is that the data people share may fall into the hands of criminals and hackers.

Corporate accountability and the safekeeping of data are also important needs. This suggests a desire for effortlessness: people do not want to go out of their way to look after data. Instead, they expect those who receive data to do so, but in a way that does not obstruct the use of and benefits from products and services, or the Internet in general.

Finally, the study identified a specific need for privacy around all forms of search, also reflecting a need for anonymity. It is critical to consider privacy as an enabler of free thought, an ideal condition for human curiosity to thrive. Although not a new perspective in the greater debate, this is important to remember when working to protect privacy.

The People’s Perspective In Summary
Numerous studies and news reports have us believe that it is the NSA or GCHQ that are top of mind every time someone logs into a social network, buys something, searches for information or sends and receives WhatsApp. Yet most people dismissed the notion of being ‘spied’ on as a major concern, believing that they are simply too insignificant to be of any interest to anyone, let alone to government agencies. Personalised advertising, whilst often deemed creepy, was easy to ignore and posed no perceived harm. Instead, people need to know that their data is safe, that it can’t lead to real-world harm, and that companies are held accountable if it is abused.

Market Context
The evolving privacy and security industry, anticipated to grow by almost 75% between now and 2018, is increasingly playing to perceived anxieties to stimulate fear and demand for products and services that promise privacy protection.

Apple CEO Tim Cook recently set the company apart from its Silicon Valley rivals by saying“…some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.”

Coming from an admired leader of one of the world’s most loved brands, it is not impossible to imagine how such prime-time rhetoric could help take the need for greater privacy mainstream, and set new benchmarks for people’s expectations of honesty and transparency from the other companies in their lives.

Implications for Innovation
The right to privacy undoubtedly remains a universal value that all citizens should uphold and all those at the receiving end of any data should honour. But amidst the noise and complex debate it is clear that from the people’s perspective, we shouldn’t confuse a belief in the right to privacy with a persistent, top of mind need for privacy. Instead, security and corporate accountability are a priority for people when it comes to the majority of their data. Innovation efforts should, therefore, be augmented accordingly
Collection, application and monetization of big data plays an integral role in the future of a digital telco’s business.

With automation on the horizon, and as the connections between people, services and objects increases, so will the quantity and richness of the data generated. It is impossible to imagine that people will refuse the lucrative benefits of value, convenience or belonging that data-driven innovations will offer. Organizations like Telefónica must, therefore, continue to ensure that when creating any form of value for customers from their data, it is securely generated and collected, linked transparently, and managed in an accountable way.