Do the constant messages of accepting privacy policy and cookies on websites make you feel uncomfortable? Well, you’re not alone. Although we are constantly asked to accept cookies and data protection settings, few of us have actually used the opportunity to withhold consent to our data being collected.
Researchers Lisbet Berg and Arne Dulsrud at Consumption Research Norway (SIFO) have worked on a new survey where consumers were asked how they have dealt with data protection and data collection following the entry into force of the new General Data Protection Regulation (GDPR) in July 2018 (see fact box).
Few people withhold consent
According to Dulsrud and Berg’s survey, only 13 per cent of Facebook users say that they have changed their settings to activate the option of Facebook not storing certain data about them.
“We can assume that at least two-thirds of the people on Facebook give their consent without knowing what they are consenting to,” states Berg.
The figure is even lower for Google, a mere five per cent say that they have changed the settings that enable Google to use their data.
The survey shows that 82 per cent have heard of the GDPR, and an even higher percentage have been asked to consent to a website using their personal data.
Most people (80 per cent) believe that it is difficult to find out what is being stored about them, and that the data protection settings are confusing and complicated (69 per cent).
A dilemma for users
“We have become dependent on our smart phones, Google, Facebook, travel planner apps and many other useful apps. Without knowing it, many people consent to the provider collecting information about our searches and purchases, what we like, our location, who we are and our contacts,” Berg explains.
She believes that consumers now face a dilemma.
“We are obliged to consent to the collection of personal data for the app to work as intended. In some cases, the terms and conditions are so well hidden that we have to read several pages to find out what we are actually consenting to. We are on so many different platforms that this has become an impossible task for most of us,” continues Berg.
“We should really be much more restrictive and take much better care of our personal data, to prevent their misuse. This challenge would not be as great if Facebook and Google were the only companies collecting our personal data, but every website we visit needs our consent, and the way in which many websites design their data protection declaration, this would simply be too time consuming for us.”
Legislation that doesn’t work
Our commercial impulses are driven more and more by algorithms. The GDPR is supposed to protect us from the commercial players who are interested in our data. This reality that the GDPR addresses is only a few years old, and the authorities are concerned. In the worst case, personal data could be used to influence democratic elections, and the consequences of this are unknown.
Researcher Arne Dulsrud believes that the figures from their survey show that the legislation is not working as intended.
“The entire body of legislation is based on users giving or withholding their consent. If the users do not understand how they can withhold or give their consent, the legislation cannot be said to be relevant,” he states.
“This is critical to legislation which is so dependent on the consumers’ reservation.”
Stricter rules needed
Lisbet Berg does not blame the consumers but says that stricter rules are needed for how websites present data protection information.
“Protecting your own data has to be made easier. It should be made clear what personal data you are sharing. However, this is not the case today,” she says.
When you start using an app or visit a new platform, the first page should clearly state what data the app needs from you, and what data you can choose not to share with the website without losing access to the service. It should also clearly state what data the website shares with third parties.
“The actual cost of using the app must be made clearer to the users. Whether you pay in euros and cents or by giving away your personal data,” Berg concludes.
Reference
Lisbet Berg and Arne Dulsrud: Tillit og sårbarhet på nett. Forbrukernes praksiser og vurderinger etter innføringen av den nye personvernforordningen (GDPR). SIFO assignment report no. 9-2018 (oda.oslomet.no - Norwegian).
The report was written on assignment for the Ministry of Children and Equality.
