Personal Data Management: The Users Perspective Appendix B - - PDF document
Personal Data Management: The Users Perspective Appendix B Detailed Research Survey Results Note: This report is based primarily on research commissioned by the International Institute of Communications from IPSOS UU between March-August
Note: This report is based primarily on research commissioned by the International Institute of Communications from IPSOS UU between March-August 2012, funded by the Microsoft Corporation.
Personal Data Management: The User’s Perspective 47
Research conducted and report prepared by Funded by Microsoft 2012
1
This study is part of research being conducted to identify issues for consideration in developing a global policy framework on personal data management. The key objective of this qualitative study is to gain insights into the mental model
Explore users’ boundaries regarding the application and integration of their
personal data, specifically:
Understand the risks/harms users associate with having their personal data
collected and used.
Identify which entities users trust with regard to the collection, usage, and
protection of their personal data (e.g., service providers, government, intermediaries).
Understand motivations for user self-management of their online data. Identify issues for further quantitative study.
2
Personal Data Management: The User’s Perspective 48
The hypothesis for a personal data management policy coming out of this research is:
management that:
harm.
context for sharing data.
number of variables that set the context for sharing data.
4
Personal Data Management: The User’s Perspective 49
Technology enables users to do more but also can make them feel powerless. Consequently, the perception of control becomes a critical factor and may be affected by data context variables.
efforts in the past
and the world
5
Four personal attributes uncovered in this research make up the dimensions of user types, including:
Toronto Shanghai Hamburg US
Personal data awareness
Low Low Mid Mid
Trust in government
High Low High Low
Perceptions of own accountability
High Low High High
Desire for control
High High High High
6
Personal Data Management: The User’s Perspective 50
DATA CONTEXT VARIABLES IMPACTING USER SENSITIVITY
User sensitivities to their data access/use is impacted by 7 key variables. These variables define the data context.
Type of Data Type of Entity Trust in Service Provider Collection Method Device Context Usage Application Value Exchange
7 Type of Data
What type
Unless it is considered a vital part of the service offered, banking data is most sensitive for all users followed by government identification, health information and peer contact information.
Type of Entity
Who is accessing it Most users say they do not want the government to access any private data. They are also concerned about unknown vendors accessing their personal data without their permission. Of all service vendors, users consistently have least trust in social network companies and most trust in banks.
Trust in Service Provider
What gives users confidence in service providers Although they report there is no guarantee or they may not have a choice, users say 3 elements impact their trust levels: (1) reputation – brand familiarity, word of mouth recommendations, a personal relationship, company size, (2) location – organizations with a local/national presence are more likely to abide regulations, and, (3) free vs. paid services – trade-off between user risk and free services, understanding that free services generate income by selling user data.
Collection Method
How is the data collected As collection methods (and awareness thereof) move from active to passive, users become more and more wary as they feel a lack of control of their data. Jurisdiction is a factor in acceptance of more passive methods as users do not feel the need to protect their information (e.g., image) when in the public domain (vs. at home).
Device Context
Which device is being used Users differ in their views of which device is safest to access data from - no one device is universally deemed as being “safest”, but the type of device is a relevant factor.
Data Usage
How the data is being used Users do not want their data to be used without their knowledge nor by an unknown vendor. They also have negative reactions to automated uses of data as they feel it lacks flexibility and control for the user.
Value Exchange
What is the user getting out
Users are willing to exchange personal data for an immediate personal benefit that reflects the value of their
DATA CONTEXT
DATA CONTEXT VARIABLES IMPACTING USER SENSITIVITY, CONT’D
8
Personal Data Management: The User’s Perspective 51
In interacting with a service, user-participants differentiate 3 different types of trust:
make up the entity, to protect their data.
platform, or the device.
“reposting” of their data into different contexts.
by other users and by the service provider, e.g., photos, tweets, news articles, etc. (primarily an issue in Shanghai).
9
User-participants consider 5 “worst case scenarios” resulting from the misuse of their personal data.
negative outcome, while “harm” represents that negative outcome becoming a reality.
Data sold to 3rd party /harassment
An annoyance from being targeted/ engaged by an unknown SP that has accessed their personal data.
Identitytheft/ fraud
Concerns about hackers
accessing users’ financial/ID information and stealing their money or identity.
Reputation among peers
Concerns about personal/ private data being shared with their friends and family resulting in public embarrassment or judgment.
Discrimination/ Penalization
Fear that personal data may be mis-interpreted resulting in user discrimination, penalization,or even persecution.
Physical/emotional Harm
Concern that data misuse may result in physical harm (e.g., child predators) or cause mental anguish (e.g., breaking into house).
Major concern Minor concern Not a concern Primary concern
10
Personal Data Management: The User’s Perspective 52
Most user-participants say that while concerned about their personal data, they have no means of protecting it. They are resigned to the risks associated with sharing personal data and feel they are currently doing everything they can to protect themselves.
personas.
transactions (e.g., banking, etc.) to ensure they have clear communications and transparency into their accounts with these services.
activities (e.g., gaming, forums, etc.) due to the lack of the trust in these service providers and/or the other users accessing the service and their data.
11
User-participants see an accountability role for all entities involved (to varying degrees in each market) with the greatest expectations for service providers and government.
User
Users feel they are accountable for the data choices and decisions they make (e.g., opting into Terms & Conditions agreements, what specific data they supply).
Intermediaries
An intermediary (3rd party acting as a data conduit between users and service providers with government certification) could safeguard and manage users’ data on their behalf.
Government
Government is expected to establish, administer, and enforce (via fines, etc.) personal data protection regulations. Trigger points for motivating users to be accountable for their data include fear of plausible risks. The amount or degree to which they think they can control their data also impacts their sense of accountability. They admit they do not take much responsibility over their data now (i.e., do not read T&Cs even of service providers they do not know) so primarily rely on service provider reputation. Users say they are willing to take additional steps to control their data (e.g., review the data service providers have about them) but question the amount of time and effort they would actually spend on this.
Vendors Employers
Service providers are expected to keep data safe, use data “properly”, be transparent with users, and abide personal data
the right of self-determination.
Service Providers
12
Personal Data Management: The User’s Perspective 53
In order to mitigate their concerns about personal data collection and usage, users desire and expect 5 key data principles.
1. Control – user-participants desire access to a graduated level of control (e.g., initial opt-in/out decision, ongoing permissions for data access, automation approval, enabling data sharing and requesting that data be deleted when the relationship is over) but some question the amount of time/effort they would actually spend exercising this control. 2. Transparency – user-participants want clear and understandable insights into which entities have their data and how it is being used so that they can administer their control more effectively. However, they are unsure as to how these should be delivered or whether the information would be consumed. 3. Value Exchange – in exchange for their data, user-participants expect to receive a benefit (e.g., financial reward, enhanced service, convenience, accuracy) which they perceive to be of comparable value to their data. 4. Accountability – to varying degrees across markets, user-participants see an important role of accountability for each of the entities involved: government, service providers and users. In Hamburg and Shanghai (and Denver to a lesser extent) there is also a role for an intermediary. 5. Protection/Enforcement/Redress– user-participants want the assurance that any regulations that are placed by the government will be enforced in order to deter the abuse of their personal data by service providers.
13
Denver Toronto Hamburg Shanghai
Personaldata awareness
Most sensitive data types
children
children
contacts
contacts, and own image Greatest perceived risks
harassment
harassment Accountability
accountable for own data
accountable for own data
accountable for own data
for own data (SPs are) Trust in service providers
Employer rights to data
workplace
data Role for intermediary
Level of trust in government
to protect users
to protect users
to protect users
government to protect users Identity management
primary
and device as primary
primary
primary
Personal Data Management: The User’s Perspective 54
16
Personal Data Management: The User’s Perspective 55
Technology enables users to do more but also makes them feel powerless. Consequently, the perception of control becomes a critical factor and may be affected by data context variables.
POSITIVE ASSOCIATIONS NEGATIVE ASSOCIATIONS
with
technology, resulting in decreasing sense of control
more efficient, thus making life easier
were not previously possible or had required more effort
with others, the environment (e.g., news, weather), and the world
“It’s super that there’s technology. There are many new things that make things easier in both my professional and private life.” Hamburg “When it works, it works great. But everything is now dependent on technology.” Toronto “On the one hand it is very convenient. But our ability is fading. I cannot write a lot of Chinese characters now because I use the computer too much.” Shanghai “*In 2030+ I’m afraid that *technology+ might impact the family. Maybe the traditional attachment will be reduced.” Shanghai “I kind of feel like we’re children in a candy store. It’s so new and it’s so exciting – we’re so distracted by it. I don’t think we have yet matured. We’re still consuming as much as we can.” Denver
Today . . . In 2030 . . .
future changing from positive to negative or vice-versa.
enhance its impact today (e.g., even more convenient, even less face-to-face communications, etc.). 17
Within each of the markets, user-participants have mixed levels of awareness of how data is accessed and used today
Zero knowledge of ecosystem Limited knowledge, have seen data reflected in online ads Experience with data misusage (e.g. they sold my data) Fully aware of ecosystem (e.g. my data is exchanged for assets)
Most users in Toronto and Shanghai fall into this area as many see their data reflected by entities other than the service provider they were
While some have limited awareness, many users in Hamburg and Denver are aware of and understand the ecosystem and articulate what their personal data is used for. 18
Personal Data Management: The User’s Perspective 56
19
Type of Data Type of Entity Trust in Service Provider Collection Method Device Context Usage Application Value Exchange
User-participants’ sensitivities to their data access/use is impacted by 7 key
20
Personal Data Management: The User’s Perspective 57
What type
Unless it is considered a vital part of the service offered, banking data is most sensitive for all users followed by government identification, health information and peer contact information. Who is accessing it Most users say they do not want the government to access any private data. They are also concerned about unknown vendors accessing their personal data without their permission. Of all service vendors, users consistently have least trust in social network companies and most trust in banks. What gives users confidence in service providers Although they report there is no guarantee or they may not have a choice, users say 3 elements impact their trust levels: (1) reputation – brand familiarity, word of mouth recommendations, a personal relationship, company size, (2) location – organizations with a local/national presence are more likely to abide regulations, and, (3) free vs. paid services – trade-off between user risk and free services, understanding that free services generate income by selling user data. How is the data collected As collection methods (and awareness thereof) move from active to passive, users become more and more wary as they feel a lack of control of their data. Jurisdiction is a factor in acceptance of more passive methods as users do not feel the need to protect their information (e.g., image) when in the public domain (vs. at home). Which device is being used Users differ in their views of which device is safest to access data from - no one device is universally deemed as being “safest”, but the type of device is a relevant factor. How the data is being used Users do not want their data to be used without their knowledge nor by an unknown vendor. They also have negative reactions to automated uses of data as they feel it lacks flexibility and control for the user. What is the user getting out
Users are willing to exchange personal data for an immediate personal benefit that reflects the value of their
DATA CONTEXT
Type of Data Type of Entity Trust in Service Provider Collection Method Device Context Data Usage Value Exchange
1 2 3 4 5 6 7
21
There are specific types of data that user-participants are sensitive to sharing unless it is relevant to the service provided and yields a benefit to the user
Most Sensitive Data Types by Market
Banking Gov’t Issued ID Children Name/ Address Health User image Friends/ Family Contacts
Type of Data
1
22
Personal Data Management: The User’s Perspective 58
User-reported data service providers have access to
Social Media Shopping Gaming Banks Employer University
Name X X X X X User ID X Location/ address X X X X X Email X X X X X X Age/date of birth X X X X Demos/life stage X X Gov’t identification X X X Financial account data X X X X X Relevant user activity X X X X X X Friends/family X Photos/videos X
User-participants say service providers currently have access to both their contributed and observed data, although many cannot immediately recall the amount of data they provided to register for services
Type of Data
1
23
In all markets, user-participants say trusted vendors and employers can access/use relevant personal data while the government should not have access to any private data
“I will have a positive attitude because the store provides a discount. It’s a benefit for me. I would fill out this form and will fill in my real information.” Shanghai “The employers shouldn’t know about my lunch specials. It’s private I think.” Hamburg “Jobs are asking for people’s Facebook
invasion of privacy right? They can’t use it at the workplace.” Denver “I’m concerned that Revenue Canada will ask eBay for my information in order to collect additional taxes.” Toronto Moderator: Should the government have access to your personal information? “I don’t think that’s a question. They already do. Anything they want. They shouldn’t though; they shouldn’t.” Denver
Vendors
trustworthy and provide some benefit to the user in exchange.
trust in service providers.
Employers
degrees across all markets:
Government
government access to their private data with the concern that it may be used against them (although some users in Toronto say the government would not likely sell their data to a third party).
The employer should have access to both personal and professional data as the employee should be cognizant of their activities when in the workplace. The employer should
work-related data. The employer should
administrative data but that some professional data (e.g., client lists) remains the property of individual employees.
Type of Entity
2
24
Personal Data Management: The User’s Perspective 59
ELEMENTS OF TRUST IN SERVICE PROVIDERS
User-participants identify 3 elements they say drive their trust, and thereby their confidence, in service providers that collect and use their personal data
Reputation Location Free vs. Paid Services
provide more, or more sensitive information to a service provider simply because they trust it.
that the data shared is relevant to the service and they should receive a benefit in exchange.
transparent about the issue, fixes the problem, and compensates the user.
“What would make me 100% comfortable? If the risk is perceived to be low. If my friends are using it. And, if it is delivering value to me.” Toronto Moderator: So if you’re dealing with an entity that has a good reputation, would you be willing to give them more information? “It depends what kind of information they were looking for. Date of birth, I’d give them that.” Moderator: Social Security number? “No. That’s just an invitation to identity theft.” Moderator: What if it’s a company with a good reputation? “That’s why they wouldn’t ask for that in my opinion. Why would they need that? A company with a good reputation that is soliciting me to purchase a magazine subscription is not going to need my Social Security number.” Denver
Trust in Service Provider
3
25
satisfactorily
“I would not sign up if I don’t know who the company is. I’d *look on a search engine+ it.” Toronto “Even if it’s like weird, you’re going to do it because [your friends have] already accepted it. You know that they’ve already done it and they’re okay and they’re alive.” Toronto “For me, it’s sort of word of mouth. Like, if I hear from enough people that an app
and worth it, I’ll breeze through the sign up process; I’m going for it.” Denver “If I were a customer for 30 years, then it wouldn’t matter *what information about me they have] because they are my store.” Hamburg “In *online retailer+ I have trust. It’s a big
suspicious of. I might be wrong if it is reputable.” Hamburg
User-participants say they can trust a service brand with a good reputation which is built on four key pillars
Trust in Service Provider
3
26
Personal Data Management: The User’s Perspective 60
say they would be more comfortable knowing that a service provider accessing and using their data was based in Canada as they are more likely to obey local laws.
wary of service providers that are based in Asia and some parts of Eastern Europe.
Shanghai say they would prefer that the service provider be global (vs. China- based) as it is more likely to have a positive reputation and better technical capabilities.
want the service provider to have an
they know who to contact if there is a dispute.
say they are not as concerned about where service providers are located as long as they obey German personal data protection laws.
German companies are more likely to respect and be compliant with German laws.
Denver are fairly cognizant that large, global entities may store data anywhere in the world, they feel it would be more secure in the US or Canada.
are comfortable with entities located in Europe as they say data protection laws are stronger there.
User-participants in all markets state that they have more trust in entities with local ties or obey local laws
“*Companies outside Canada+ will have different laws governing what they can do with your personal information. Anything that’s outside of Canada, just naturally I’m more sceptical. I don’t even really know why.” Toronto “I think foreign companies are more
branches in China because you want to deal with Chinese people.” Shanghai “I would prefer that it was local or
important that they fulfil German laws and data protection.” Hamburg “We live in a virtual world, so as long as it’s the company that they say they are and where they are, that’s fine. I would say in any of the non terrorist countries, sure.” Denver “There’s more secure places in the world. This is virtual; that’s kind of different, so not in Mexico. I feel like it had better be in the United States or Canada.” Denver
Trust in Service Provider
3
27
Some identify a trade-off between paying for services and the amount of risk they accept in order to access them
“I used *social networking site+ for free. They don’t charge. If you want the privacy to be completely hidden, it is not
risk.” Shanghai “It’s like if something is free, you are the
them your information, whether it’s true
figure it out based on the emails you send and receive.” Denver “*Social networking site+ is only free because of advertising. If I don’t want advertising then I have to pay for it.” Hamburg “If I paid for the service, then I will fine
*a dispute+. If it is free, then I wouldn’t know what to do.” Shanghai
Some participants in Shanghai and Hamburg say they have more trust in service providers to which they pay a fee.
Free Services
exchange their data for the ability to access the free service.
their data to third parties in order to make revenue.
greater risk, which they feel they do have a choice to accept or not.
Paid Services
they expect their data to be used only by the service provider.
rights if there is a problem or dispute.
they are more likely to read the service’s terms and conditions so they are fully aware of these rights.
Trust in Service Provider
3
28
Personal Data Management: The User’s Perspective 61
User-participants are largely consistent across markets in their sensitivities towards the different data collection methods explored in the scenarios
Passively Collected Data
lack of user control over when/how it is collected and how it might be used.
− Were familiar with and trusted the service provider collecting the data. − Were able to negotiate the value exchanged for their data. − Were provided clarity about how the data is collected and what it is used for. − Had ability to choose which types of data and data sources can be accessed and forwarded on by the service provider. Autonomously Collected Data Data gathered (a) while user is actively involved in a transaction, but without user awareness (e.g., location data). (b) Automatically without user awareness of a transaction taking place (e.g., CCTV capture). Mixed reactions Inferred Data Derived from analytics that aggregate data collected with other available data sets. Some negative reactions as they feel it is too far out of their control.
Actively Collected Data
volunteered as they feel they have more control.
Collection Method
4
29
PERCEPTIONS OF ACTIVELY COLLECTED DATA
“If I put information out there, I would expect others to access it. If it was a disadvantage, I wouldn’t put that information out there.” Hamburg “I would always prefer to register *versus being observed]. I believe that would be the most correct path to use.” Hamburg
User-participants are most comfortable with the idea of data that they themselves have inputted or volunteered as they feel they have more control over this
Generally, users prefer that service providers collect (and use) data as users can:
provider initially.
anonymous.
(e.g. through the usage of several online personas). Collection Method
4
30
Personal Data Management: The User’s Perspective 62
“If I am recorded in public places, I’m
there are other people who are hostile, maybe that person has done something.” Shanghai “That’s kind of a legal issue really. If they put something in your personal home without your knowledge. But the police do that all the time. I don’t know. They do it on TV. If it’s not community property and it’s your own personal space I don’t think it’s okay. I think you have a right to your privacy and that’s why we all have our own.” Denver “Knowing that someone knows where you are at all times is scary.” Toronto “I’m just a face in a huge crowd. It’s not like they’ve got specific information about me.” Toronto “What they do with the *camera footage] data, if you look at what the software can do like detecting face. I’m an analyzed algorithm and I have nothing to protect me.” Hamburg
Reactions to passively collected data differ based on where it is collected, who it benefits, and how it is analyzed
Where it is collected
(e.g., jurisdiction)
likely to be individualized.
rights to this data); not likely to be shared outside of the office.
personal; reputation and security concerns.
Who it benefits
convenience.
public security (e.g. locating, catching criminals).
monitored and data is used inappropriately or sold to a third party.
How it is analyzed
risk of users being analyzed and targeted individually; safety in numbers.
many details are provided to the service provider (e.g., facial recognition).
PERCEPTIONS OF PASSIVELY COLLECTED DATA
Collection Method
4
31
“There is access to so much information that they did not have before. It may hurt me.” Toronto “The more you reveal about myself, the more possibilities they have to search for stuff about me. I wouldn’t want them to know everything about me. ” Hamburg “I think there is a privacy line and that is maybe where technology is not good if they get too much information on a person and you don’t even know what they have on you.” Denver “I don’t think that is an issue because that is kind of an anonymous – you are not saying this person has a high body temperature and we need to turn up the air conditioning while she is in the room. The right data anonymously would be fine.” Denver
Some user-participants have negative reactions to the idea of inferred data as they feel as though it is too far out of their control
PERCEPTIONS OF INFERRED DATA
with so are initially ambiguous in their reactions.
can be collected by service providers, especially if collected without their knowledge.
collected, but worry where the data is going and how it is being used (although most agree that the usage of inferred data to benefit the user is okay).
the concept of inferred data as long as it is analyzed and used in aggregate with other users’ data. Collection Method
4
32
Personal Data Management: The User’s Perspective 63
Some users say both devices are equally safe because:
“I don’t have any privacy settings for my microblog currently because I always log in from my phone so I think it is safe.” Shanghai “I feel like if somebody’s going to access them, I’d rather have it on my phone
more personal information on the computer than I do over the phone.” Denver “It can suggest different things depending on what device I’m access the service from.” Toronto “I doesn’t make a difference, I do the same activities on both devices (mobile phone and PC). The only difference are the localization services on the mobile
don’t have that on the laptop at all.” Hamburg “Anything that I use is private whether it is my phone or my laptop.” Denver
Across each market, participants differ in their views of which of devices are safest to access data from
for specific services (but this is usually driven by usability/functionality reasons).
is strictly prohibited by the employer.
Safe because… Not Safe because...
Used everywhere Easy to lose Has all communication forms SPs can access users’ location via GPS Not shared with other users Not used to access public Wi-Fi Does not have personal files stored on it Has less data overall on it Only used at home Less likely to be lost Not all forms of communications (e.g., SMS) are conducted on it No localization/GPS services Shared with other users Used to access public Wi-Fi Has personal files (e.g., financial, photos) stored on it Has more data that smartphones
Device Context
5
33
User-participants want their data to be used . . .
experience; and
User-participants do not want their data to be used . . .
the user; and
“If it is accompanied with a good intention and keeps the information to itself and it wants to make the customer happy, then it’s okay. But, if it sends the data to someone else, it’s not funny anymore.” Hamburg “It’s good if *device uses my playing habit data] to improve the system and how it works. *The downside is if+ they’re using it without you wanting them to use it.” Toronto “If for environment protection purpose and they need to install a camera in my home, that’s why I am cooperating. But if they research a new product and use my data for business purposes, I’m not willing to let that information be collected.” Shanghai “I guess there is a part of me that also feels like ‘Alright, so if I give you all this information what are you really going to do with it?’ That’s kind of like the part of me that’s a little bit naïve as to what they are really going to do with the information.” Denver
Generally, participants are comfortable sharing data when used the way they expect or they receive benefits that they think are equivalent with the perceived value of their data
See section “Personal Data Risks” to explore risks that users are most concerned about
Data Usage
6
34
Personal Data Management: The User’s Perspective 64
concerned that that their data might be used incorrectly, resulting in mistakes and/or embarrassment (e.g. emails going to the wrong contacts).
protection measures in place:
“Paying bills is fine but making appointments is difficult due to the irregularity of my schedule.” Toronto “If it is so automatic, I have nothing to
Shanghai “This makes us totally dependent. In 10 years time you lose your dependency. You don’t know how things work
do things anymore. I needn’t live anymore.” Hamburg “It is not your business. I am a very private person and it is not your business if I go get my haircut or I am going for a walk today. I believe that there are still
are using this for marketing purposes
hidden agenda or it can be used some
intended for.” Denver
Overall, user-participants have negative responses to automated uses of data as they feel they lack flexibility and do not give users enough control
Hamburg and Shanghai users in particular have strong negative responses to automation as they feel it takes away their independent ability to make decisions. US users have negative reactions towards services acting autonomously as they say implicit actions seems suspicious and/or feel too aggressive (as found in a separate research study). Data Usage
6
35
explicitly state they are willing to provide more of their personal information for more benefit received, especially if they receive that benefit immediately.
information they are willing to share with an entity.
place and/or if they could get this benefit via some other channel (e.g., through an existing relationship or via their own efforts ) without having to share their data.
“Why would I even want their services if I’m not going to get a whole lot out of it?” Denver “I would not give out my weight information normally. But if Wal-Mart gave me a 50% discount, then yes.” Toronto “I would give my household income information if I can get something right away, otherwise, it’s none of their business.” Toronto “The navigation service is free, it provides you a service so I think its okay that they get your personal information.” Shanghai “That’s how they pay for - they can’t do it that way, then they’ve got to charge us for the usage. A lot of network maintenance goes on in back.” Denver “It makes life easier but it wouldn’t be that much effort to do it yourself.” Hamburg
User-participants expect to get some sort of value when service providers access and use their personal data
Hamburg, Shanghai, and Denver users in particular articulate a clear understanding that users are required to share their data in
Fair Value Exchange
7
36
Personal Data Management: The User’s Perspective 65
discounts, convenience, connectivity) and so are willing to trust an unknown service provider and take the risk.
A few user-participants feel they must trust a service provider simply because they want to use the service
“I have to accept this passively, because I need it. You go to buy things in a supermarket and you apply for membership cards to get a discount and the supermarket records your consumption.” Shanghai “You need to keep contact with society so you need to shoulder the risk.” Shanghai “I feel like crap every time. I don’t want to do it but I know I have to. You’ll become a social outcast. You can’t not do it or how are you going to live?” Toronto “I think that’s just the part of how it is
Denver
In Shanghai and Toronto in particular, they discuss a lack of choice as they must trust the service provider in order to use a service. A few say that they feel pressured to adopt the service because they would feel like “a social outcast” otherwise. US participants describe a sentiment of feeling “resigned” to consenting to trust an entity. Often, they will trust an unknown service provider and share their information simply because they feel this data is already “out there”.
Fair Value Exchange
7
37
38
Personal Data Management: The User’s Perspective 66 User-participants across all markets have varying levels of concern about the key risks they associate with the misuse of their personal data
Major concern Minor concern Not a concern Primary concern
Data sold to 3rd party /harassment
An annoyance from being targeted/ engaged by an unknown SP that has accessed their personal data.
Identitytheft/ fraud
Concerns about hackers
accessing users’ financial/ID information and stealing their money or identity.
Reputation among peers
Concerns about personal/ private data being shared with their friends and family resulting in public embarrassment or judgment.
Discrimination/ Penalization
Fear that personal data may be mis-interpreted resulting in user discrimination, penalization,or even persecution.
Physical/emotional Harm
Concern that data misuse may result in physical harm (e.g., child predators) or cause mental anguish (e.g., breaking into house).
39
being targeted and engaged by a service provider with which they do not have a connection.
advertising (e.g. online or mail).
unknown service providers calling them or showing up at their door.
“I think what is uncomfortable is that there are companies out there now that know certain things about you that you didn’t expect. So, it’s a surprise. It kind of seems like manipulation because they know all of these things.” Toronto “After I delivered my baby, there were nanny services calling me. I think my information was leaked by the hospital. That’s negligence.” Shanghai “I imagine that third parties would annoy me with advertising or too many
harmless, when it comes to my physical health and wellbeing but I simply wouldn’t want to be annoyed with advertising.” Hamburg “If I didn’t fill anything out, but I just showed up and got a discount, I wouldn’t see anything wrong with that.” Denver
As this is something many users experience, it is the most top-of-mind concern as a primary or major annoyance
Some Hamburg and Toronto users feel that it is creepy to have a unknown provider know them somewhat intimately and prefer to be marketed to more anonymously. They also say that they feel as though they are being manipulated to buy products or services that they would not otherwise spend their money on. That said, they do not feel as though they are at risk of any real pain or harm. A few users in Denver say they would not mind their data being sold to a third party if they received a financial benefit (e.g., a discount) as a result. 40
Personal Data Management: The User’s Perspective 67
employees accessing their financial information and stealing their money.
information because:
fraud.
“My bank account information cannot be known. Criminals have a lot of technology and can guess my password and my financial is at risk.” Shanghai “Bank account information causes a direct loss. Other information does not have as big of an impact on me.” Shanghai “Somebody I know, today, was telling me that they had no mortgage on their property and someone had stolen their identity and mortgaged their home.” Toronto “Identity theft. That’d be the worst. Because it’s really hard to recover.” Denver
Identity theft or fraud is a key concern as it causes potential significant financial harm; most report having has first- or second-hand experience with identity theft
This risk is particularly top of mind for users in Shanghai as there is a lot of first- and second-hand experiences of social media accounts and user identities being stolen and used to con their friends and family out of money. A few users in Shanghai, Denver, and Toronto also the potential for their identity to be stolen (via their government identification) and used for criminal purposes. Identify theft is a major concern for users in Denver as most either have first- or second-hand experience with a credit card or debit card information being stolen.
41
and peers (especially spouses).
service provider share their private information with friends or family, e.g.:
providers (i.e. whether or not they have constructed an accurate profile of the user).
“I don’t want people to find out information about me that I don’t want to be known.” Toronto “I don’t want my girlfriend to know that I went shopping there. It’s not dramatic but it is something private.” Hamburg “I don’t want other people seeing the current situation of my home because it is messy. It would affect my image.” Shanghai “They might send something to your school address. It might affect my
weird and people might point at me.” Shanghai “I feel like if it’s your reputation on*social networking site]. People steal passwords and click on these crazy videos. And then they’ve got a girl with no clothes on their
posting all this stuff?’ They’re like, ‘Oh my God my password’s been stolen.’ You go to get a job later, and they’re like ‘Oh, a few years ago, you posted a bunch of pictures of all these girls.’” Denver
In Shanghai in particular, participants worry about their reputation among their friends and family being impacted as a result of their data being exposed
The worst case scenario for Shanghai users is a ‘flesh search’ which has the purpose of identifying and exposing individuals to public humiliation.
42
Personal Data Management: The User’s Perspective 68
RISK: DISCRIMINATION/PENALIZATION/PERSECUTION
worry that a service provider might publicly share out their activities or behavioral patterns.
such as:
with missed opportunities.
them for a lack of productivity.
drinking on the weekend resulting in a lost opportunity.
and persecuted based on demographic data (e.g., race, religion, etc.).
“News articles. It gives a strong insight into my political interests. Something could be detected. In other countries, they could potentially have pressure put
“The employer might use the information to the disadvantage of the employee if she spends too much time in the kitchen or the copier room.” Hamburg? “It also depends on what you believe humanity is capable of. When they rounded up the Japanese in the US, that wasn’t very long ago, and that was done through the census. So that was people having to put out their information. This is in a sense like a census, but not like your race and all that stuff, but it’s like down to your profile. Like, are you homosexual or not? What’s your religious background?” Denver “Another big one *private data+ would be religion. What happens if the Holocaust happens again?” Toronto
A concern of some participants is that their personal data might be misinterpreted and they may be discriminated against or persecuted as a result
43
“I’m concerned about perverts calling my daughter.” Toronto “I wouldn’t want anyone to know when I’m not home. It’s nobody’s business when I’m on holiday. The door will be wide open for burglars.” Hamburg “Some criminal mind could be tracking this woman, knowing when her apartment is vacant in case she has millions of dollars worth of jewelry they can go in and steal. They know where she works. They can cause her all kinds
routine which if it is not used in a good manner is purely evil.” Denver “I feel a bit concerned if my address is known by other people. If someone comes to my door, something bad will happen.” Shanghai
In each market, a few participants convey concerns that the use of certain types of personal data may result in physical or emotional harm
about their children with service providers with concerns that predators may gain access (either via hacking or a rogue employee) and target their family.
location information that criminals may access so as to determine when they are not at home.
parties (to which their data has been sold) showing up at their home. While they do not specifically articulate concerns about being physically harmed, they say that this situation would ‘terrify’ or ‘frighten’ them.
44
Personal Data Management: The User’s Perspective 69
Toronto participants say they generally feel safe
concerned about risks as they have not personally been the victim of data abuse
are a target (e.g. they do not have anything to steal or hide).
safe and protected because of where they live, with a few
privacy commissioner. Shanghai participants tend to worry more about data security
Shanghai indicate that the subject of personal information risk is not something they consider often, if at all, so do not feel they are personally at risk.
change their information (e.g. phone number, address) frequently enough that they have nothing to worry about. Hamburg participants seem more aware of risks
their privacy into consideration every time they interact with an online service provider (e.g. carefully considering what data to share).
might not think of it unless a personal data issue is brought up in the media.
current privacy regulations in Germany. Denver participants are generally concerned
good chance that their financial data will be at risk despite the security measures banks take.
physical or emotional harm is less likely, they are cautious.
indicate that the research discussion was the first time they gave the subject significant thought. “They would leave me alone. I’m 50 years old and I’ve been good so far.” Toronto “I think that we’re lucky that we live in Canada, so we don’t really know what the effects are of people knowing too much information about us. And, we have a privacy commissioner.” Toronto “I feel okay sharing my information. I’m not concerned because my information is always changing and I haven’t had trouble for years.” Shanghai “As soon as we get a discount, we forget about [our privacy concerns] except if we read about [social networking site] right before that. Then we are alert.” Hamburg “I feel like *identity theft is+ a reality.” Denver, Focus Group “Definitely the worse case scenario *is data] used against me in a court of law. *But+ it is unlikely because I don’t do things that would cause that.” Denver
In considering the risks associated with their personal data, user-participants consider the likelihood of whether or not they would actually experience harm
45
“Once the information is out there, it’s
“I’m helpless. I’m in their hands and they can simply do what they want.” Hamburg “It’s not like I bought a thing and it was
the government can’t help me. There’s nowhere to complain. They are too arrogant, they won’t serve me. I don’t think I have a lot of rights.” Shanghai “Life is full of risks. If you get in the car there is a risk. If you walk there is a risk. And this is our life now. This is the risk we take for all the benefits. I’m not a real big user, but I can see huge benefits to stuff.” Denver
In each market, most participants say that while concerned about their personal data, they have no means of protecting it
“All my information is out there anyway.” “If I didn’t want to share my information, I wouldn’t use the service.” “It’s out of my control.” “Corporations are getting more information about people everyday.” “I’m doing everything that I can be doing.” “If something bad happens, there’s nothing I can do about it.” “That’s the way the world is and I just have to live with it.”
46
Personal Data Management: The User’s Perspective 70
important services and others for more specific purposes (e.g., spam, financial, work, gaming, shopping, friends).
kept private from others.
government id’s, financial info) and setting/re-setting privacy settings on social media sites
“If you use one pseudonym everywhere, it’s easier to abuse it if someone finds
“Hotmail has the most junk. I guess I look at it the most frequently and can’t get rid of everything. My [email account]
that’s it.” Denver “I don’t know my husband’s password because he prioritizes privacy and personal space.” Shanghai “I don’t put a lot of my information out
“The news says it’s not safe *to share credit card information+ so I don’t do things that are not safe.” Toronto “Reading something about identity theft; you shouldn’t do this or you should do
am matching what they say you should do.” Denver
Participants report that they do take some measures to mitigate the perceived risks
Shanghai participants discuss additional measures that are more specific to the security of their devices or
complex passwords.
47
48
Personal Data Management: The User’s Perspective 71 User-participants see an accountability role for all entities involved (to varying degrees in each market) with the greatest expectations for service providers and government.
Users feel they are accountable for the data choices and decisions they make (e.g., opting into Terms & Conditions agreements, what specific data they supply). An intermediary (3rd party acting as a data conduit between users and service providers with government certification) could safeguard and manage users’ data on their behalf. Government is expected to establish, administer, and enforce (via fines, etc.) personal data protection regulations. Service providers are expected to keep data safe, use data “properly”, be transparent with users, and abide personal data
the right of self-determination.
User
Intermediaries Government
Vendors Employers
Service Providers
49
Users/Self Vendors Employers Intermediary Government
None
Markets vary in perceptions of entity accountability
USER PERCEPTIONS OF ACCOUNTABILITY, CONT’D
High Accountability Low Accountability Some Accountability
50
Personal Data Management: The User’s Perspective 72
service provider’s Terms & Conditions agreement without reading it first.
agreement is often too long and complicated for them to read or understand.
agreement if they are adamant about using the service – the alternative is to opt out from using the service.
that by opting into the service, they are making a choice to take the risk of accepting the agreement without reviewing it first.
wrong, the user would be the only accountable party.
“They all use legal jargon that the public does not understand. It’s a deterrent to reading it.” Toronto “You always have to accept the general
will be alright.” Hamburg “Sometimes its my own fault. I didn’t read the agreement. You make the decision, you have the responsibility.” Shanghai “You’re the reason why it’s not getting managed correctly. You gave them the right to take [the information], and responsibility.” Denver
There is a sentiment that today, users are accountable for their personal data when they accept the conditions (and risk) of the service, even if they acknowledge that they rarely read the Terms & Conditions
A few users in Shanghai and Hamburg feel that this agreement serves the interest of the service provider, and does not address their
like to have a two-way contract in place that outlines the service provider’s obligations and the user’s rights. 51
experience of.
choices (e.g. what data to contribute, what devices to access services
activities, especially if they feel the government should be regulating the use
“I’m of full age. It’s my fault. Unlucky you if it’s not clear what you sign.” Hamburg “We should be less carefree with our
looking at it.” Toronto “I would review the information companies have one me initially, and then only again if there is any issue.” Toronto “I don’t feel like investing my time to look at these things. I fully trust that someone has verified the legal character.” Hamburg “They are accountable for keeping it safe, but you are responsible for giving it to them.” Denver “*Do you have responsibility?+ (Laughing) No, I didn’t leak the data.” Shanghai
Participants in all markets (except for Shanghai) feel they are responsible for making sure their data is used appropriately
Beyond their current security measures, users in Shanghai are not motivated to be accountable for the protection of their own personal data.
User Intermediaries Government Vendors Employers Service Providers52
Personal Data Management: The User’s Perspective 73
a lack of trust in the vendor and limited negotiating abilities) include:
Vendor should be transparent with users. Vendor should be registered/certified to access/use data. Vendor should control/regulate employees interacting with user data. Vendor should take security measures to protect user data from hackers. Vendor should not share user data without the user’s consent. Vendor should notify users of data compromises. Vendor should be monitored or regulated by the government.
Participants say vendors are ultimately responsible for making sure their personal data is used the way users want it to be used and to keep their data secured
“If *the service provider+ wishes me to use the software, then I would expect him to deal with it in a trustful way.” Hamburg “The enterprise should have regulations to control their working staff.” Shanghai “The people who collect the information should be responsible for it not being managed properly.” Toronto “You trust the bank. They had credit card information stolen; it’s a huge entity. You’d think this would never happen to *bank+, but it happened, so you can’t blame them because they went through all their security precautions, and someone just smart enough just kept working at the code and working at the
Some users in Denver feel that service providers should not be held accountable if they are doing everything in their power to keep user data safe and it is still stolen.
53
Employer should limit access to data to users’ immediate manager. Employer should not share user data outside of the company. Employer should take security measures to protect user data from hackers. Employer should delete user data (particularly personal data relating to the users themselves) when the relationship is severed.
they are in a position to negotiate or would leave if trust was absent.
Expectations of employers are somewhat different as participants say the relationship between the employer and the user is a special one
“They probably would have the
she has a list of favorite restaurants. I just don’t think it needs to go beyond – they should not be able to sell your information.” Denver “The employer should have a firewall that simply cannot be overcome. I can imagine a company collecting data and selling it to others who then try to sell me something I don’t want.” Hamburg “If I am still in the company it’s okay but if I quit my job, the company should delete my information.” Shanghai “You have a choice here. Either you take the job or you don’t take the job. If it’s not acceptable, you don’t have to take it.” Toronto “The company collecting the data, if they are doing it legally, should sign a declaration stating the purpose that the user would have to approve.” Hamburg
Given Toronto users ’ attitude that the employer has rights to all data in the workplace, they feel that the user must be cognizant and responsible for data relating to personal activities in the workplace (e.g., using the work PC for personal email). Users in Hamburg add that there should be some transparency for users as employers should clearly communicate how user data is being used (e.g. monitoring productivity, monitoring energy usage, etc.).
Intermediaries Government Vendors Employers Service Providers User54
Personal Data Management: The User’s Perspective 74
the lack of trust in government or service providers to have access to all personal data.
government, as well as the perceived technical capabilities of the service providers.
Intermediary should store all of the user data in a central location. Intermediary should take security measures to protect user data from hackers. Intermediary should provide service providers service-relevant data only. Intermediary should provide user with a means (e.g. a portal and code) by which they can access, view, and edit their personal data. Intermediary should be monitored or regulated by the government.
their behalf, but instead feel this ought to be subsidized by the service provider and/or the government.
“I want a third party to manage the
for a safe data center. Your information is saved at the center, not the store. It has a powerful defense against hackers and won’t disclose information to third parties.” Shanghai “Someone in-between wouldn’t be interested in how much time I spend in a specific room.” Hamburg “I don’t think that they’re necessarily going to manage your profiles and stuff like that, but I think that they are going to make you aware of how businesses are using your information.” Denver “I think the *service provider+ should pay for it. I don’t want to pay.” Shanghai “ I would not pay a third party … it doesn’t concern me enough.” Toronto
Many participants in Shanghai, some in Hamburg, and a few in Denver see a role for an intermediary to safeguard and manage users’ data on their behalf
Participants in Toronto do not see the need or purpose for a intermediary to manage their data.
Intermediaries Government Vendors Employers Service Providers User55
these in place, they feel any available services should be safe to use.
State should establish regulations/laws to protect users and their personal data. State should license or certify service providers to collect and use personal data. State should monitor the collection/usage of personal data by service providers. State should enforce regulations with punishment.
“The government can make sure that my information is not being shared.” Toronto “The country should give some regulations in this field. The government has administrative power. If they make the law, the those people might be criminal.” Shanghai “I would be nice if the government verifies [the usage of my data]. Something like “state examined” so you see that someone’s really looked at it. Like and independent foundation testing consumer products.” Hamburg “I think they have more power or more strength behind or it can impose more stricter punishment versus me.” Denver “I don’t trust them to regulate. I think because they always take it a step
we’re going to pass this law because it’ll help something’, but then they’ll realize they can push it further.” Denver
Participants expect government to establish, administer and enforce personal data protection regulations, but not monitor or control personal data
Some participants in Hamburg feel there might also be a role for a not-for-profit consumer protection agency (like TUV) to certify service providers who collect/use consumers’ personal information.
User Intermediaries Government Vendors Employers Service ProvidersParticipants in Denver are divided in their expectations of the government – some feel it is the only entity powerful enough to protect user data, while others feel it would abuse this position. 56
Personal Data Management: The User’s Perspective 75
57
Participants discuss 5 key data principle expectations
Control
Transparency
Fair Value Exchange
Accountability
Protection/Enforcement
58
Personal Data Management: The User’s Perspective 76
Opting in/out of service (choice)
Giving service provider permission to access data for a specific purpose Negotiating value in exchange for data
Approving automations Giving permission for data sharing with others
personal data is accessed and used throughout their relationship with a service provider.
this control once they consider the amount of personal data there would be to manage.
“Allow me to pick and choose what information I want you to have.” Denver “I *should+ have the possibilities of controlling that I don’t have today.” Hamburg “You should have the choice from the get go. Go back and pick what you want them to do with the data.” Toronto “If they ask for my permission and I agree, then the card center can transfer my information to another party. It’s
Shanghai “I want the controls to be there but I will not necessarily read everything.” Toronto “But it comes down to time, how much time do I have? Do I really have the time to sit there and go back through all that data and decide – ‘I don’t want them to have it, but that’s okay for these guys to have it.’?” Denver
Participants say control is a key requirement even if they do not take any measure to control their data today, and question the amount of time and efforts required
59
the relationship has ended would be out of their control and might be sold to a third party.
“The information might get leaked to
they would do with it. They might call or send you advertisements.” Shanghai “Information that is still important for the company should still be kept but personal information should be deleted.” Hamburg “I think it somehow needs to be deleted and removed from the system. There are certain things from an employer standpoint that you have to keep as far as personnel records but it does not really do them any good to keep what temperature she likes.” Denver “If I leave the company, maybe this information is still there. I will require the company to delete the information. But you don’t know if they will. You don’t know if they have a back-up so I need a third party to keep the information.” Shanghai
As an aspect of control, participants expect that their data be deleted once their relationship with an employer has been severed
In Shanghai, users saw a need for an intermediary to
Some in Hamburg and Denver specify expectations that personal data relating to an employee should be deleted while data relating to the corporation could be kept.
60
Personal Data Management: The User’s Perspective 77
the Terms & Conditions agreement) is too difficult to read and internalize.
following information: Who has my data? How is it being used? Who is my data being sold to and when? If there is a dispute, who can I complain to?
“Normally they make everything so legal so when you read it, it’s not straight
problem if they can make everything straight forward where it’s like, this is what we’re going to do here.” Denver “It’s important that it’s very open. Make plans transparent. [Show why the service provider] wants the data, what it will do, the purpose of collection, the
who is receiving the data.” Hamburg “Tell me if you want to sell *my data+. Then I should get a cut of it.” Toronto “If I tell them about my information, I need to sign a contract with regulations about information leaks.” Shanghai
Greater transparency and insight on how their data is being used is desired, even if users have no clear idea of how such information should be shared or consumed
Many participants in Shanghai and a few in Hamburg, mention that the provision of a two-way contract would give them with greater insight into the service provider’s
61
“I would not give out my weight information normally. But if [retail
yes.” Toronto “Even if they didn’t pay you, if it made it more convenient for you, I would do that.” Denver “Only safety, that’s the only reason for cameras.” Hamburg “It depends on what they want it for. If they’re environmentally trying to take in information about my energy usage, sure they can track me. If it will help in the future. I think the social benefit is for the good of all.” Denver “It makes sense down the line for an ecological and economical point of view.” Hamburg
User-participants are willing to exchange personal data for immediate personal benefit, but few consider social good
While participants in Toronto and Denver are willing to exchange their data to benefit the social good (e.g., environmental protection, public safety, etc.) this is motivating for only a few users elsewhere. Only one participant each in Shanghai and Hamburg say they would share their data to benefit the environment. A few in Hamburg say they would be willing to be videotaped in public places in order to aid security measures (which ultimately is a personal benefit).
62
Personal Data Management: The User’s Perspective 78
group suggestions, restaurant suggestions) given their personal data accessed would be annoying to the user, especially if it requires their time and effort to remedy.
greater precision from services for which they pay a charge.
“They’ve got to be pretty accurate to be
benefit to you.” Denver “If they make suggestions, it should be precise or it will be annoying.” Hamburg “Precision is important. If I need a device to do such management for me, it’s because I’m busy. If it’s not precise, it will make me busier.” Shanghai “The more you pay *for the service+, the more accurate the service would have to be.” Toronto “Accuracy is important if the information is being sent out.” Toronto
As a dimension of value exchange they say accuracy is vital, otherwise users receive no benefit
63
and should be penalized if they do not.
service providers should be.
“Fines don’t work. They should imprison the CEO.” Toronto “I guess it would be fines. There are always some type of way of punish it whether it is fines or whatever – again that is beyond my expertise. Possibly fines and erasing whatever information that they gather.” Denver “There’s nothing you can do if your privacy is breached. I would want economic compensation. Pay me back exactly what I have lost.” Shanghai “I think obviously financially they should be held accountable. If it is neglect I think there could be some criminal – there probably are not statues enacted now that would hold them criminally liable other than civilly. I think the consumer – us as consumers should hold them accountable.” Denver
User-participants that want the government to protect personal information expect it to establish regulations as well as a clear due process for dispute re solution
Some in Denver say it is individuals, and not the government, who should hold service providers accountable via civil action suits when their personal data is misused.
64