Data Privacy Week is an internationally recognised time to raise awareness of data privacy, ending with Data Privacy Day on January 28. This date marks the anniversary of the signing of Convention 108 in 1981, which was the first legally binding international treaty on privacy and data protection.
For organisations, this year’s theme is ‘Respect Privacy’. We thought it would be interesting to look at how online data collection and individuals’ attitudes to privacy have changed over time.
1981 was a significant year for computing. Sony introduced the 3 ½ floppy disk, the BBC started broadcasting The Computer Programme and Acorn produced the BBC Microcomputer. People now had the tools and freedom to start learning computing on their own home machines. France Telecom offered free Minitel internet terminals to all telephone subscribers, opening up the first mass ‘web’. It was clear that a computer revolution was gaining pace.
The computer gave organisations the ability to collect and process more personal data than ever before. To prevent this, we would need new protections. The Council of Europe worked with the Organisation for Economic Co-operation and Development (OECD) to create the guiding principles in Convention 108. The aim was to encourage individual signatories to create their own domestic legislation.
In 1996, the Financial Times published the first article about cookies called ‘This bug in your PC is a smart cookie’. This piece explained what these cookies were doing and noted that people did not know it was happening or have any control over it. The article caused a huge stir, and shortly after its release Netscape published RFC 2109 – a document used by developers to agree rules on the development of the internet. It specified that third party cookies should either not be used at all or should at least not be enabled by default.
The 1990s also saw the start of international privacy law, with the Data Privacy Directive coming into force across the EU in 1995.
The 2000s brought the ePrivacy Directive, which regulates electronic marketing and telecommunications across the EU, and was known as the ‘European Cookie Law’. It resulted in the introduction of cookie banners on websites to explain what they are and to give people the chance to refuse them. They made online data collection and privacy much more visible.
The European Union introduced GDPR in 2018 and this was a key event in making data protection far more visible. Organisations rushed to update their marketing consents. People were far more aware of their choices. Journalists ran articles using the now-free right of access to discover how much personal data various organisations held about their customers. Which? published a report, ‘Control, Alt or Delete?’, that placed consumers into four different categories. It found that:
- 13% of people were ‘Liberal’ and unconcerned about how their personal data is used
- 35% were ‘Tolerant’ and generally comfortable with their data being used, but not with it being sold on to third parties
- 29% were ‘Concerned’ – they feel in control of their data but worry about how it might be used and what kinds of inferences might be made about them
- 23% were ‘Anxious’ and feel out of control of their data and uncomfortable about how it might be used.
The Global Data and Marketing Association (GDMA) has also carried out research into attitudes to privacy in 2018 and 2022 and found that:
- 31% of people are ‘Unconcerned’ about their data privacy, up from 28% in 2018
- 46% of people are happy to provide personal data to businesses, up from 40% in 2018
- 82% of people are prepared to engage with the digital economy
- 48% of consumers believe data exchange is essential to the running of modern society, up from 41% in 2018.
Where are we now?
Clearly the debate has moved a long way since the early days of cookies and digital information collection.
It seems likely that these findings reflect a growing confidence in organisations to keep personal data safe as part of the data exchange, as a result of increasing awareness of the GDPR. Data-driven innovations can be valuable to consumers and we see an expectation that digital experiences will process personal data to create a tailored experience.
There is an interesting difference between the Which? and GDMA findings in respect of Liberal/Unconcerned individuals. Which? finding that people became more concerned about how companies use their data when the process was explained to them may explain this contrast. This was particularly the case for the collection of personal data online for advertising profiles.
Data-driven innovation has the potential to help the world achieve big social and environmental goals, like reducing the impact of climate change, and also to provide a better day-to-day user experience for people. However, these benefits will only be realised for as long as people trust organisations with their personal data. We saw in the pandemic that people were only prepared to use Covid-tracking apps if they saw a net benefit to themselves in doing so. We know that attitudes can change quickly when compelling new information appears. Privacy activists are working hard to surface issues they think people should be concerned about, and to bring poor data privacy practices to light. This Data Privacy Week, we believe organisations should consider whether they Respect Privacy and whether their customers and employees would really trust their activities if they knew more about them.
Interested in our Data Protection Services?
If you would like to know more about our data protection work, or would like to speak with one of our experts, please complete this short form.