Under
the European Commission’s request, the European Union Agency for Fundamental
Rights recently prepared a report about the Europeans’ perspective on their
online privacy and personal data (here). This
report is based on a survey where 35 000 Europeans were asked about their views
on privacy and about their awareness of the GDPR. The survey is from
pre-pandemic times (January-October 2019), but its conclusions are highly
relevant in a time where several European countries consider using technology
to track the spread of COVID-19. For example, the Netherlands will soon launch an
app that will keep track of who the app holder was in contact with, so as to
quickly notify them in case of a possible contact with a COVID-19 infected
person (see more about this here).
The report
showed some interesting results, particularly a difference between the level of
trust in private and public bodies. While 23% of respondents claimed that they
do not want to share any personal data with public bodies, 41% do not
want to share personal data with private companies. The results also
show that the willingness to share personal data depends on the specific data
to be shared: for example, while 63% of willing-to-share respondents would
share their home address with public bodies, a mere 7% would share their
political views.
The report also touched upon another well-known
issue: people do not read terms and conditions before agreeing to them.
Surprisingly, in this study, 22% of respondents claim to always read terms and
conditions (approx. one in five) and 44% claim to read them sometimes. This
means that in total 66% of respondents read at least sometimes the terms and
conditions of the products or services they acquire. While still far from
ideal, these numbers are higher than those reported in other similar studies (see,
for example, the study by the Behavioural Insights Team on which we reported here). More
worrying is the percentage of respondents who read the terms and conditions but
do not understand them (27%). There are, however, relevant differences between
Member States: for example, while in Belgium 47% of respondents do not read
terms and conditions, in Estonia that number drops to 22%.
Finally,
there is a high number of respondents who are aware of both the GDPR and of
their national data protection supervisory authority (around 70%). 60% of
respondents are aware that they are legally entitled to access their personal
data held by public administrations (although this number decreases to 51%
regarding private companies). Moreover, most respondents stated that they are
aware of privacy settings on their smartphones (72%), although the results are
not as positive regarding the privacy settings of specific apps (31%).
