GDPR's impact on privacy rights - the good, the bad and the downright complacent

Profile picture for user slauchlan By Stuart Lauchlan June 13, 2019
Summary:
GDPR awareness needs to grow and that's going to take time.
Vera Jourová
Jourová

GDPR is a baby that is growing fast and is doing well, but which needs to continue to be nurtured.

That’s the colorful analogy used by Věra Jourová, European Commissioner for Justice, Consumers and Gender Equality, at the launch of the findings of a pan-European Union study into awareness among citizens of their privacy rights under the regulation.

Based on the views of 27,000 Europeans, the Eurobarometer results show that there is general awareness of GDPR among 67% of respondents, while  73% of respondents have heard of at least one of the six tested GDPR rights. Highest awareness is for the right to access your own data (65%), the right to correct the data if they are wrong (61%), the right to object to receiving direct marketing (59%) and the right to have their own data deleted (57%).

Managers are most likely to have heard of GDOR - 82% of respondents - and people aged 25-54 are the most likely demographic to be up to speed - 75% of that grouping. Men are more likely to be aware of GDPR rights than women - for example, 61% v 55% awareness around data deletion and the Right to be Forgotten.

That’s all quite impressive just over a year after GDPR come into effect. But the ‘glass half empty’ reading would be that this means that nearly a third of EU citizens don’t know about GDPR.  Actually it’s even worse than that reading. Of the 67% who have heard of GDPR, only 36% reckon to know what it means, while 31% have heard the term but haven’t a clue what it is or how it impacts on them.

Or as Andrus Ansip, Vice-President for the Digital Single Market puts it:

European citizens have become more aware of their digital rights and this is encouraging news. However, only three in ten Europeans have heard of all their new data rights. For companies, their customers’ trust is hard currency and this trust starts with the customers’ understanding of, and confidence in, privacy settings. Being aware is a precondition to being able to exercise your rights. Both sides can only win from clearer and simpler application of data protection rules.

There are more positive findings. Almost two-thirds of respondents (65%) who provide personal information now feel that they have “at least some control” over that data, although again only 14% are totally confident with over half (51%) only registering partial control.  Of that latter group, 62% of those respondents say they are concerned by that, a percentage that’s down on the 67% asked the same question four years ago.

Complacent?

More bad news - is it possible that despite the data privacy scandals of recent times, that GDPR has made people more complacent? Overall, respondents are less likely in 2019 to read privacy policy statements than they were four years ago - down 7%. Of those who do read them - some 60% of respondents who said they use online services - only 13% say that they read them in full.

Given the revelations of the past year or so, it might have been expected that people would be more keen to read the Ts and Cs before handing over data. So why is it the reverse position? Two-thirds of respondents who don’t read the full policy say that it’s because they’re too long, while a third (31%) say they’re too difficult to understand. That’s pretty problematic. Vendors are clearly going to have their legal and compliance teams ticking every box to cover themselves. There may even be some who regard the impenetrability of privacy policy statements as expedient - you should have read the small print, sir!

More positively, over half (56%) of social network users say they have tried to change the default privacy settings on their profile. Less positively is the inclusion there of ‘tried’.  Over a quarter (27%) say they don’t know how to make this work. Staggeringly in this day and age, 29% say that they trust the social platforms to provide default settings that are for the best.

That’s downbeat enough for Commissioner Jourová: 

I once again urge all online companies to provide privacy statements that are concise, transparent and easily understandable by all users. I also encourage all Europeans to use their data protection rights and to optimise their privacy settings.

You just can't help some people...

My take

Usage of online social platforms has not been hurt by the various privacy scandals. Some 82% of respondents who use the internet have used a social network. More than half (56%) use them daily, an increase of 22% on four years ago. That makes some of the findings in this study depressing in the main. If you still trust Facebook to handle your data responsibly by default, then I’d suggest that you may not have been paying attention.  GDPR is a good start - and at least the EU has done something, while the US still vacillates - but there’s clearly a long way to go.