Skip to main content

To share or not to share

What consumers really think about sharing their personal information

How willing are consumers to give companies their information, and what concerns do they have about sharing and protecting it? Many, it turns out, are amenable to sharing at least some personal information—if they see value in it for them.

Vikram Rao
Kruttika Dwivedi

How willing are consumers to share their data?

IT'S no secret that many companies rely heavily on consumer-generated data to inform many activities, from product development and strategic planning to targeted marketing campaigns. When the information is used effectively, however, it is the consumer who may ultimately benefit, as it can enable companies to enhance the customer experience and provide innovative products and services. But how willing are consumers to provide their information, and what concerns do they have about sharing and protecting it? In partnership with SSI, a global provider of data solutions and technology for consumer and business-to-business survey research, we surveyed more than 8,500 consumers in six different countries1 on how they feel about sharing personal information with businesses, comparing their answers with equivalent data collected in 2012 and 2014.2 Here are the highlights of what we found.

Have consumer privacy concerns changed over the last decade?

Data security remains a hot-button issue, with a variety of well-known and respected companies reporting that the data of more than 250 million of their consumers were stolen or compromised in 2014 alone.3 As connected products become more common, many industry observers expect consumer concerns over data security to rise further. For example, emerging cyber risks—such as a hacker being able to control a heart monitor—continue to rattle the health care industry and make headlines.4

Given the ever-present threat that their information may fall into the wrong hands, it’s not surprising that 81 percent of our US respondents feel they have lost control over the way their personal data are collected and used (figure 1). What is surprising, though, is that—across the world—this sense of losing control has actually returned to a level close to what it was in 1999 after spiking in 2014. In fact, the latter seemed to be a watershed year for data hacking and cybersecurity breaches, close on the heels of Edward Snowden’s 2013 leak of classified National Security Agency (NSA) documents to the Guardian.

With developments such as the repeal of protections requiring Internet service providers to obtain permission from consumers before sharing personal data, concerns around the collection and use of personal data remain high. However, the reversion to 2014 levels suggests that some people’s level of concern can decrease instead of only going up—providing companies with an opportunity to build consumer trust.

What can companies do to reassure consumers?

Our study finds that while consumers state that they want more protection and security, the reality is that they may be more willing to provide their personal information if companies:

  • Are transparent about how they intend to use consumer data
  • Allow consumers to easily opt out of data sharing
  • Provide brief and readily understandable privacy policies and agreements

Age matters—and so does the perception of receiving value

Considering how many feel that they’ve lost control of their own data, one might think that some consumers prefer not to share information with anyone at all. However, most appear to be at least somewhat more open; for instance, more than two-thirds of our respondents were willing to share social media activity with family and friends. More interestingly for companies, US consumers’ willingness to share certain information—specifically, browsing history and social media activity—with companies with whom they do business has more than doubled since 2014 (figure 2).

A closer look shows that this willingness to share information with companies varies by age. While approximately half the consumers in each age group say they sometimes provided information online, younger consumers surveyed were more likely to provide fake information on websites than older consumers. Younger generations also take more protective actions, such as adjusting privacy settings on their mobile devices, than older generations (figure 3)—which could also explain why Gen Z expressed the greatest feeling of control over their data.

Across the board, consumers surveyed also appear more willing to share data when they feel they get some value in return. Seventy-nine percent of our respondents agreed that they would be willing to share their data if there was a clear benefit for them. This means that companies should consider thinking about giving consumers a return on data.5 Whether it is something that entertains, informs, or rewards the consumer, companies should understand that many consumers may provide information in exchange for something that benefits them.

What can companies do to encourage consumers to share data more freely?

The good news from these results is that the consumers surveyed appear increasingly willing to share data with companies—if there’s something in it for them. Here’s what organizations can do:

  • Make it easy for consumers to choose what they share or do not share
  • Offer valuable benefits to those consumers who choose to share data
  • Customize the organization’s data-gathering strategy to different age segments

Consumers don’t forgive and forget

While the consumers we surveyed are more willing to share data if they see some benefits, they won’t hesitate to take action against companies involved in a data breach, whether they’ve personally experienced a breach or heard about it in the media. On average, one in four consumers will take cautionary actions after hearing of a breach to digitally protect themselves and avoid future data breaches. While industry observers have long suspected as much, this survey is the first time we have heard this directly from consumers.

The actions that consumers take in these situations can range from cautionary, such as disabling cookies or not downloading certain apps, to more extreme punitive actions, such as not purchasing products (figure 4). While punitive actions may more directly affect companies, cautionary actions can also hinder companies from building consumer trust and offering better solutions.

What can companies do to help keep consumers’ trust?

  • Enforce privacy measures to prevent breaches in the first place:
    • Encrypt data at rest
    • Destroy consumer data when not needed
  • Systematically control the damage after a breach has occurred by identifying causes and implementing remedies that hasten recovery:6
    • Identify affected systems and isolate them
    • Gather all available evidence, and analyze it to determine cause, severity, and impact
    • Document how the incident came to light—who reported it and how he or she discovered the problem—and report findings to relevant stakeholders
    • Assess the possibility of insider involvement
    • Strengthen network security and improve protocols
    • Enhance monitoring to mitigate the risk of future breaches
  • Develop an integrated, enterprise-level approach to data governance, and ensure the leader of this initiative is a C-level executive

Consumers are less likely than ever to complete feedback surveys—thanks to privacy concerns

Consumer surveys are typically an important, time-tested practice for companies seeking opinions on current products, potential line extensions, other new offerings, and overall brand awareness. That’s why it’s not great news for companies that many consumers are increasingly rejecting market research survey requests: Fifty-five percent of our US respondents said they declined to take a survey over the past year.

Yet, at the same time, many consumers continue to say that companies should be soliciting their feedback, with 75 percent of our respondents saying companies should do so twice a year. If the majority of consumers are open to companies asking for their opinion, why is the survey rejection rate so high?

Privacy concerns were the most common reason—by a considerable margin—that our US respondents gave for declining to participate in a survey (figure 5). Among consumers for whom privacy was not the main reason, motives for deciding not to take a survey again differed by age group. Younger consumers tended to survey requests more often than older consumers because they weren’t interested in the topic or didn’t have the time, while older consumers were more likely than younger ones to be put off by a request to download an app or software.

Another possible reason for the higher survey rejection rate is that consumers may be suffering from “survey fatigue,” partly because of the exponential rise in survey requests in the Internet era. One survey firm conducts about a million surveys per month, while another conducts 60 million surveys every year—a mind-boggling 175,000 per day.7 This possibility can make it all the more important for consumer businesses to craft their surveys carefully, offer respondents something of value in return, and explore alternative ways of gathering information from consumers. That said, with privacy being the main sticking point, nothing can replace the need to reassure consumers that their information will be protected and used appropriately when companies ask them to take surveys.

What can companies do to encourage consumers to take surveys?

  • Improve survey design:
    • Limit the number of surveys you ask your consumers to take
    • Limit the number of questions to 20 or fewer
    • Keep questions easy to understand and quick to answer
    • Ensure that the survey can run on any device
  • Modify survey content:
    • Focus questions more on the transaction rather than the consumer’s personal details
    • Request feedback on how to improve data privacy
  • Offer survey incentives:
    • Give a token award to consumers who complete the survey
    • Communicate potential outcomes—such as ways the survey data are used to improve offerings—to consumers

Don’t be complacent

While our results indicate that younger generations are currently less concerned about data privacy and more willing to share data, that doesn’t mean that privacy concerns will become less of an issue for companies as younger consumers enter the job market, build financial equity, and make more financial transactions online. If consumer-related data breaches continue or increase, younger consumers may take even greater measures to protect their personal information—making the efforts of companies to build a relationship with them that much harder.

The bottom line: An important way companies can build and maintain consumer trust is to both put in place proactive data security and privacy measures and to engage in a transparent, ongoing dialogue with consumers on data privacy.

Learn more about Deloitte's Center for Industry Insights


The authors would like to thank:

Stephen Rogers, managing director, Deloitte Consumer Industry Center

Nithya Swaminathan, senior manager, Deloitte Consumer Industry Center

John Forster, manager, Deloitte Services LP

Richa Khanna, senior analyst, Deloitte Support Services India Pvt. Ltd.

Richa Anand, senior consultant, Deloitte Consulting India Pvt. Ltd.

Ankur Jain, senior consultant, Deloitte Consulting India Pvt. Ltd.

Kavita Saini, manager, Deloitte Support Services India Pvt. Ltd.

Cover image by: Lucie Rice

  1. China, Germany, the United States, Japan, the Netherlands, and Australia.

    View in Article
  2. Unless otherwise specified, all survey results described in this report apply to US respondents only.

    View in Article
  3. Bill Hardekopf, “The big data breaches of 2014,” Forbes, January 13, 2015,, accessed January 13, 2015.

    View in Article
  4. “US warns of security flaw that could allow hackers control of heart devices,” CBS News, January 10, 2017,

    View in Article
  5. A relatively new metric, return on data (ROD) is a percentage derived by first assessing the gain to the consumer from the data, then subtracting the cost of the data, and then dividing this difference by the cost of the data. ROD gives researchers the ability to assess the potential investment in data analytics. To learn more, see Dorin Selz, “Return on data—ROD,” January 20, 2016,

    View in Article
  6. Deloitte, Cyber crisis management: Readiness, response, and recovery, 2016,

    View in Article
  7. David Wheeler, “The rising revolt against customer surveys,” The Week, September 30, 2015,

    View in Article

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey

Related content