Online privacy concerns and legal assurance: A user perspective

This post represents the summary of a research project conducted by Dr. Hanna Krasnova and Paula Kift. A full text version of this study can be obtained upon request.

With the emergence of the internet vast amounts of news and information became available to a broad and growing interconnected public. While the ever increasing access to knowledge is certainly a laudable achievement of the World Wide Web, the unprecedented amount of data exchange, sharing and storage also brought about a whole new set of legal challenges, particularly with regards to data protection.

In order to shed light upon the question in how far users are informed and concerned about their privacy when surfing the web, we conducted an online survey with 553 Humboldt University students and staff between August 9th and 10th 2012. Of this sample, 403 were Facebook users. We were particularly interested in (1) the nature of users’ privacy concerns when using the internet in general and Facebook in particular, (2) attitudes towards legal assurances and (3) the willingness to take an active role in privacy protection. In the following, we will present a brief synopsis of the results we obtained.

Do users care about privacy?

In order to assess what importance users assign to privacy concerns, we asked respondents to rank different policy options according to relevance. Surprisingly, users gave privacy concerns considerable weight in this survey, ranking second only after Education and outperforming major topics such as the Economy and EU Financial Crisis and Future of the Euro.

What privacy concerns do users have?

When it comes to the type of data, users seemed particularly concerned about the misuse of their personal data, such as name, address, phone number, gender, birth date and photos. In contrast, theft of passwords or bank data was mentioned less often.

When discussing different types of threats, participants were often vague about what exactly they were concerned about, with the generic category “data misuse” emerging as the highest in importance for the internet context (21,3%). Apparently, not only policy-makers and scholars have a hard time arriving at a comprehensive definition for privacy, but users themselves often have mixed ideas about what constitutes a specific threat to their privacy.

When it comes to specific sources of threats when using the internet, Marketing Companies emerged as the category of the highest importance (19,6%). They were followed by Hackers and Criminals (9,4%) and Third Parties (7,9%). Only few people mentioned the State / Government (4,9%) as particularly threatening to their privacy on the internet. On Facebook, Facebook itself and Marketing Companies were seen as the biggest sources of risk, with 17,2% and 11,0% of respondents mentioning these parties. Interestingly, only a meagre 0,7% of respondents mentioned the State / Government as a threat to their privacy on Facebook.

Issues related to the control over one’s information were frequently stated. Among them, respondents especially lamented a general loss of control (18,3%) and loss of privacy (9,1%). It appears that, when asked about a general use of the internet, respondents often lack concrete benchmarks upon which to base their concerns. Instead, a general vague feeling of anxiety is reported. For Facebook, respondents were able to come up with more specific answers, particularly resenting their inability to irrevocably delete data they provide on Facebook (8,3%) and the related longevity of information they share (9,0%).

Do legal assurances help?

Given that users express considerable privacy concerns in their internet and Facebook usage, we asked respondents in how far they believed in the effectiveness of existing legal assurances present in Germany, and why or why not. Overall, the level of reliance on legal assurances was low, with an overwhelming 82% and 72% arguing that the existing legal framework either offered absolutely no protection or hardly any protection for Facebook and internet users, respectively. We also found that the “inability of laws to cover everything” was mentioned as one of the key reasons for the ineffectiveness of legal frameworks applied to the internet (36% of respondents) and to Facebook (25% of respondents). This reason goes hand in hand with the fact that “technological advances outpace legal regulation” (17% / 8% of respondents for the internet and Facebook, respectively) and that laws are local (17% / 28% of respondents for the internet and Facebook, respectively). Interestingly, the reason that “Facebook has power” emerged as the third most mentioned code within the Facebook context. To our surprise the topic of lacking awareness (“I do not know which laws exist”) did not emerge as a salient factor, being mentioned by only 9% and 7% of internet and Facebook users respectively. Apparently, users (believe to) have a certain understanding of how their privacy is protected. We do not, however, preclude that these beliefs can be erroneous.

Do users respond to more effective legislation?

We finally asked respondents whether a stronger legal backing would affect their sharing behaviour on Facebook. An overwhelming share of respondents (83%) did not expect to alter their behaviour in response to positive changes. With Facebook and other social networking sites being on the market for over 8 years already, users appear to have developed individual strategies to manage and protect their privacy.

Conclusion

Our study, which was based on a sample of 553 respondents at a major German university, showed that while users certainly worry about their privacy when using the internet in general and Facebook in particular, they find it difficult to define the exact nature of their concerns and how to address them. Respondents in our survey did not believe that the existing legal framework in Germany offered sufficient protection of their data, given the local character of laws and the speed of technological advancement. At the same time, positive changes in the legal framework were unlikely to alter their sharing behaviour. Users seem to have developed their own individual self-disclosure strategies in order to manage and protect their privacy.

Limitations

Our preliminary findings are based on a sample of predominantly German students. In future studies, respondents of different educational and cultural backgrounds, and various ages, may be surveyed in order to obtain a more comprehensive picture.

This article is based on a working paper that was developed for the conference “Data Protection in the 21st Century”. The conference took place in Berlin on October 17 and 18, 2012. It was jointly organised by the German Ministry of Interior Affairs and the Humboldt Institute for Internet and Society.