Published on the 07/03/2019 | Written by Jonathan Cotton
Everyone gets the logic: More shared user data, cooler toys. So why are people so weird about privacy?…
thatWhat a time to be alive: Self-driving cars, talking fridges, free video calling etcetera. The possibilities seem endless and it’s all driven by data.
But about that.
As we plunge ever deeper into the digital age we sure seem to be developing an ambivalence towards our data, what’s collected, who gets to see it and what happens to it next. Yup, we want nice things and hyper-personalised service and we want it all cheap or preferably free as well.
“While most outfits are operating with good intentions and a sense of responsibility for managing data well, these are murky waters we’re entering.”
But while we’re merrily signing up to every new shiny thing, we expect all our personal data to remain private, offline and well out of harm’s way.
Life’s not like that of course. The cost of all that sweet new data-enabled tech usually includes making our user information available to greed-fuelled faceless corporations who happily pick up the tab for us.
What gives?
Back in 2016 a Privacy Commissioner survey found Kiwis broadly sceptical about the wisdom of B2B data sharing in general, with the majority (62 percent) saying at the time they felt businesses “should not share data as the risks to people’s privacy and security [outweigh] the benefits”.
That’s quite a statement, and completely the opposite of what has happened since with consumers now perceiving value in data sharing.
But still, both in Australia and New Zealand, supposed trustworthy requests for data access are often met with suspicion. Case in point: 2.5 million Australians have now opted out of the My Health Record system – that’s around one in ten. The (confusing and redundant) opt-out period for the program finally expired in January, following a three month extension that saw about 1.4 million ditch the scheme.
Today the program is pushing on regardless, but just how often are good intentions and worthy new tech scuttled by the consumer’s unwillingness to play ball?
“While Australians report a high level of support for the government to use and share data, there is less confidence that the government has the right safeguards in place or can be trusted with people’s data,” says Nicholas Biddle, associate professor, Australian National University (ANU).
The ANU has recently undertaken a survey of Australians to learn more about public attitudes towards data governance – how personal data is used, stored and shared.
More than 70 percent of respondents reported being ‘concerned or very concerned’ about the prospect of an accidental release of personal information by the government, deliberate hacking of government systems and scenarios around data being provided to private sector organisations who may misuse it.
That’s fair enough, but it also brings up the question: Who bears the responsibility here? Government? Business? Or the end consumer themselves?
Don’t put your faith in the latter: Last year’s report from the Australian Consumer Policy Research Centre makes eye-watering reading for those hoping to see any kind of security vigilance at the grassroots level. Of those surveyed who reported reading a privacy policy or T&Cs over the past 12 months, two-thirds said that ‘even though they did not feel comfortable’ with the agreement, they signed regardless. The most common reason for accepting problematic privacy policies? ‘It was the only way to access the product or service.’
So, unhappy with the agreement, we agree anyway, even when we don’t agree. Welcome to the post-consent age. We’ll pay the price just to find out if we think it’s worth it.
So who does the consumer think is in charge of data governance standards? Well 73 percent of those surveyed in the above report believe the government should ensure companies give consumers options to opt out of what data they provide, how that data can be used and if it can be shared.
And the Australian Government has so far proved itself eager to take up such a mantle. Already subject to the EU’s GDPR, the Notifiable Data Breach Scheme and the currently rolling out Consumer Data Right project both address consumer data security to different degrees.
As for New Zealand, such issues fall under the Privacy Act 1993 (yes, 1993), which controls how agencies collect, use, disclose, store and give access to personal information. As for open-data thinking, at a government level that’s the domain of the Open Government Data Programme, a cross-government initiative ‘that takes a collaborative approach to making government data available’. As for the a consumer data right, the New Zealand Government has taken a distinctly hands-off approach so far, trusting the banking sector self regulator Payments NZ to establish common standards that will serve customer needs over those of its shareholders, rather than the mandated data portability that exists in the electricity and telecommunications markets.
In the media at least, Facebook is the current avatar for all that’s wrong about the way we use consumer data. While behind much of the bad press is a pervasive misunderstanding about just what Facebook actually does (Facebook doesn’t ‘sell’ its user data assures Zuckerberg), suspicion is still warranted. Facebook has been extremely cavalier about what it does with user data and who it does it with. And the global social megalith’s business model seems to capture the tension of the moment in stark relief: Do you want a free product? Or privacy? Choose one, because you can’t have both.
What would it take to assuage consumer fears? Could it be that with a little more effort business could communicate not just terms and conditions, but also a sense of ownership over the issue, letting customers know that they value the trust consumers have put in them and assuring end-users that they take the responsibilities that come with data collection seriously?
Many organisations don’t communicate this well, and the My Health Record program certainly seems to have fallen into that trap. While most outfits are operating with good intentions and a sense of responsibility for managing data well, these are murky waters we’re entering and everybody knows it. How about communicating that fact and providing options that allow users control over their own data?
And a new report from the Privacy Commissioner might show that this is in fact a key issue: Although the sharing of personal information by B2B firms is still a key privacy concern for most (79 percent), the majority of New Zealanders are happy to share their data, as long as the right provisions are in place, such as the ability to opt-out should they so choose.
The GDPR shows that there is a collective will to reign in the excesses of the data-driven economy. Perhaps behind the headlines, the paranoia and the confusion, the average user is considerably more willing to share their data than industry realises.
Perhaps users just want it understood that they consider their data theirs.