Data-sharing is both fuel and lubricant to the world’s economy. It powers online and offline business models and it enables, in the form of cookies and browser history, greater ease of use for consumers. But with every year, as more data—in terms of volume, types and richness—is shared, the potential for its misuse is rising. The 2021 Deloitte Digital Consumer Trends Survey,1 which polled around 33,150 respondents in 20 countries about their online activities and their views on data privacy, shows that many surveyed consumers are well aware of the risks—but are continuing to expand their online activity nonetheless.
Thirty years ago, understanding personal digital data was relatively straightforward, as it was typically stored on physical media that could be touched, locked away and, if needed, visibly destroyed. There were no smartphones capturing and emitting location data. There were no cameras in laptop lids, as computing was still predominantly desktop. Cars did not have GPS systems to track and capture journey data by default.
In stark contrast, the ways in which data is collected, shared and analysed in a world of cloud computing are increasingly perplexing to the average user and the implications may not always be evident. It is hard enough for a consumer to understand how clicking on a link may trigger their personal data to be invisibly and noiselessly shared with hundreds of other sites, or how multiple instances of their browsing behavior may be stitched together in a remote data centre.
It may be more baffling still to understand why a robot vacuum cleaner may collect data on its owner’s home: The data may simply help the robot to do a better job of cleaning, but it could also be sold to carpet treatment companies to use for targeted advertising. And applications, such as facial recognition, can be utterly opaque to those without a technical background, as understanding them requires awareness of terminology such as “secure enclaves” (dedicated secure subsystems on a user’s device)2 or acronyms such as public key infrastructure (PKI).
For most of the world’s billions of digital users, understanding data privacy may prove to be too baffling and too much of a chore for them to make the effort. While many of those surveyed were aware that they should review terms and conditions and manage cookie settings,3 in the heat of the moment, actual behaviour often lapses and incaution may result. Reading a web page, buying a product, signing up to a service, or accessing a Wi-Fi hotspot quickly may take precedence over the tedious task of reading a long privacy disclosure or selecting which cookies to accept.4
Consumers have several options on how to approach digital data sharing. A small minority will stay offline altogether; another minority will seek to be well informed about their digital behaviour’s privacy implications. But the vast majority of consumers will largely simply trust, possibly out of apathy, that their data is in safe hands. They are unlikely to select devices, for example, primarily because of a vendor’s privacy approach. Indeed, on average,5 only 7% of respondents reported that data privacy and security were important considerations when deciding which smartphone to buy next.
Consumers may exhibit such trust even though a range of tools are available for them to manage data privacy. In markets governed by the General Data Protection Regulation (GDPR), which include most European countries, consumers are offered the ability to manage cookies. However, in these markets, the most common reported reaction among our respondents was to click on the default cookie settings, often denoted by the more colorful button offered of the two. Among the European countries surveyed,6 75% of respondents stated that they accepted default cookie settings at least half of the time. In reality, the proportion may be much higher.
As another example, consumers have the capability to decline app permissions. Only around one quarter of respondents claim that they always refuse permission and only 28% refuse it more than half of the time.7
This is not because people do not know their data is out there. Our survey revealed that most consumers surveyed in multiple markets believe their data is being used “all of the time” or “most of the time.” Only 5% of our respondents thought that their data was not being used (figure 1).
What is more, a majority of consumers also responded that they are concerned about how companies they interact with online use their personal data. On average, two-thirds (66%) of our respondents stated that they had such concerns, although there was significant variation by country (figure 2). This proportion has remained more or less constant in every year in which the question has been asked.
But arguably, this concern may be superficial. It certainly has not slowed purchases of more devices or subscriptions to online services. For example, between 2020 and 2021, the adoption rate for subscription video-on-demand (SVOD) services increased by an average of 9 percentage points across a range of developed countries, representing hundreds of millions of people (figure 3). One survey of 22,000 people found that its respondents added an average of 15 accounts in the 12 months leading up to March 2021.8 All of these services are capturing subscribers’ viewing behaviors. This can enhance the consumer experience by helping providers better understand how content is watched and what should be recommissioned. But in the instances where a user is new to SVOD, or where a user has added a SVOD subscription, data is being captured that was previously not gathered and aggregated.
Indeed, thanks to the pandemic, a great deal of data that was not previously collected has been and will likely continue to be digitally captured. For example, as office work has gone online in the past two years, more meetings will likely have been recorded than before, as meetings that previously would have been conducted in person moved to video with recording available at the click of a button.
Every year brings expectations of behavioral shift due to concerns about privacy. Our survey found that 28% of this year’s respondents had stopped using a social media service temporarily or permanently over the prior 12 months9 and of this group, 23% stated they had ceased usage because of data privacy concerns. At first glance, this data point may appear significant. However, data privacy was only the fourth most common factor for stopping using a social media service. The number-one reason was boredom with content, cited by 34% of respondents.
Moreover, we believe the number of social media users is increasing overall. One report estimated that 400 million new social media users joined between 2020 and 2021, pushing the number of users to 4.5 billion in total.10 In September 2021, TikTok announced its billionth global user11 and Facebook reported 1.91 billion daily active users in June 2021, up 7% year over year.12
All this goes to show that stated concern and even reported actions, as indicated in surveys such as ours, may reflect over-claim by some respondents.
Appropriate regulation around data privacy will become more important as the pressures on consumers to share their personal data increase. One of the biggest of these pressures is that adapting to coexistence with COVID-19 will likely entail regular, reliable sharing of COVID-19 status. International travel already largely relies on this and in many major countries around the world, thousands of offices, universities and conference halls—in fact, many medium or large public venues—now require proof of vaccination or lack of infection as a condition of entry.13 Most consumers are comfortable with providing this information: In most markets we surveyed,14 the majority of respondents were willing to share vaccination status with travel companies (66%), employers (63%), event providers (63%) and entertainment facilities (60%). Only a small proportion, between 11% and 14%, strongly disagreed with sharing across the four different contexts.
The need for regulation will also become increasingly acute as popular applications become de facto essential services. A teenager may have to accept a degree of data-sharing that they are not comfortable with so they can participate in a peer group’s conversations, most of which may take place on a single social network. If they disagree with a specific digital service’s terms and conditions, they could opt out, but the consequences of that decision may be social exclusion. A similar predicament may face groups of parents, neighbours, or colleagues. It remains to be seen if and how behaviour will change as a result of users becoming more aware of the risks and regulators taking increased responsibility for data privacy.
The likelihood that most consumers will continue to leave the use of their personal data up to the organisations that collect it implies that the responsibility for maintaining the right level of data privacy and making control over personal data easy to manage, should fall ever more to businesses and their regulators. Politicians and business leaders alike should act in the knowledge that most consumers will increasingly rely on them to shape policies on their behalf. These policies should balance business needs with consumer rights, or data-sharing may become a negative influence on society instead of the benefit to consumer experience it can and should be.
Deloitte’s Technology, Media & Telecommunications (TMT) industry group brings together one of the world’s largest pools of deep industry experts—respected for helping shape some of the world’s most recognised TMT brands and helping companies of all shapes and sizes thrive in a digital world.