Skip to main content
Article
 • 
8-min read
 • 
08 December 2021

Are data privacy concerns driving consumer behavior? Not yet.

Rising digital activity suggests many may be overstating their worries

Paul Lee

United Kingdom

Roxana Corduneanu

United Kingdom

Joanna (Joey) Conway

United Kingdom

Suhas Raviprakash

India

Data-sharing is both fuel and lubricant to the world’s economy. It powers online and offline business models, and it enables, in the form of cookies and browser history, greater ease of use for consumers. But with every year, as more data—in terms of volume, types, and richness—is shared, the potential for its misuse is rising. The 2021 Deloitte Digital Consumer Trends Survey,1 which polled around 33,150 respondents in 20 countries about their online activities and their views on data privacy, shows that many surveyed consumers are well aware of the risks—but are continuing to expand their online activity nonetheless.

Privacy is hard to understand and often cumbersome to manage

Thirty years ago, understanding personal digital data was relatively straightforward, as it was typically stored on physical media that could be touched, locked away, and, if needed, visibly destroyed. There were no smartphones capturing and emitting location data. There were no cameras in laptop lids, as computing was still predominantly desktop. Cars did not have GPS systems to track and capture journey data by default.

In stark contrast, the ways in which data is collected, shared, and analyzed in a world of cloud computing are increasingly perplexing to the average user, and the implications may not always be evident. It is hard enough for a consumer to understand how clicking on a link may trigger their personal data to be invisibly and noiselessly shared with hundreds of other sites, or how multiple instances of their browsing behavior may be stitched together in a remote data center. It may be more baffling still to understand why a robot vacuum cleaner may collect data on its owner’s home: The data may simply help the robot to do a better job of cleaning, but it could also be sold to carpet treatment companies to use for targeted advertising. And applications, such as facial recognition, can be utterly opaque to those without a technical background, as understanding them requires awareness of terminology such as “secure enclaves” (dedicated secure subsystems on a user’s device)2 or acronyms such as public key infrastructure (PKI).

Table of contents

For most of the world’s billions of digital users, understanding data privacy may prove to be too baffling and too much of a chore for them to make the effort. While many of those surveyed were aware that they should review terms and conditions and manage cookie settings,3 in the heat of the moment, actual behavior often lapses, and incaution may result. Reading a web page, buying a product, signing up to a service, or accessing a Wi-Fi hotspot quickly may take precedence over the tedious task of reading a long privacy disclosure or selecting which cookies to accept.4

Consumers’ privacy concerns belie their growing adoption of digital services

Consumers have several options on how to approach digital data sharing. A small minority will stay offline altogether; another minority will seek to be well informed about their digital behavior’s privacy implications. But the vast majority of consumers will largely simply trust, possibly out of apathy, that their data is in safe hands. They are unlikely to select devices, for example, primarily because of a vendor’s privacy approach. Indeed, on average,5 only 7% of respondents reported that data privacy and security were important considerations when deciding which smartphone to buy next.
Consumers may exhibit such trust even though a range of tools are available for them to manage data privacy. In markets governed by the General Data Protection Regulation (GDPR), which include most European countries, consumers are offered the ability to manage cookies. However, in these markets, the most common reported reaction among our respondents was to click on the default cookie settings, often denoted by the more colorful button offered of the two. Among the European countries surveyed,6 75% of respondents stated that they accepted default cookie settings at least half of the time. In reality, the proportion may be much higher.
As another example, consumers have the capability to decline app permissions. Only around one quarter of respondents claim that they always refuse permission, and only 28% refuse it more than half of the time.7
This is not because people do not know their data is out there. Our survey revealed that most consumers surveyed in multiple markets believe their data is being used “all of the time” or “most of the time.” Only 5% of our respondents thought that their data was not being used (figure 1).
What is more, a majority of consumers also responded that they are concerned about how companies they interact with online use their personal data. On average, two-thirds (66%) of our respondents stated that they had such concerns, although there was significant variation by country (figure 2). This proportion has remained more or less constant in every year in which the question has been asked.
But arguably, this concern may be superficial. It certainly has not slowed purchases of more devices or subscriptions to online services. For example, between 2020 and 2021, the adoption rate for subscription video-on-demand (SVOD) services increased by an average of 9 percentage points across a range of developed countries, representing hundreds of millions of people (figure 3). One survey of 22,000 people found that its respondents added an average of 15 accounts in the 12 months leading up to March 2021.8 All of these services are capturing subscribers’ viewing behaviors. This can enhance the consumer experience by helping providers better understand how content is watched and what should be recommissioned. But in the instances where a user is new to SVOD, or where a user has added a SVOD subscription, data is being captured that was previously not gathered and aggregated.
Indeed, thanks to the pandemic, a great deal of data that was not previously collected has been and will likely continue to be digitally captured. For example, as office work has gone online in the past two years, more meetings will likely have been recorded than before, as meetings that previously would have been conducted in person moved to video with recording available at the click of a button.
Every year brings expectations of behavioral shift due to concerns about privacy. Our survey found that 28% of this year’s respondents had stopped using a social media service temporarily or permanently over the prior 12 months,9 and of this group, 23% stated they had ceased usage because of data privacy concerns. At first glance, this data point may appear significant. However, data privacy was only the fourth most common factor for stopping using a social media service. The number-one reason was boredom with content, cited by 34% of respondents.
Moreover, we believe the number of social media users is increasing overall. One report estimated that 400 million new social media users joined between 2020 and 2021, pushing the number of users to 4.5 billion in total.10 In September 2021, TikTok announced its billionth global user,11 and Facebook reported 1.91 billion daily active users in June 2021, up 7% year over year.12
All this goes to show that stated concern and even reported actions, as indicated in surveys such as ours, may reflect over-claim by some respondents.

Pressures to share personal data are increasing, and regulation should follow suit

Appropriate regulation around data privacy will become more important as the pressures on consumers to share their personal data increase. One of the biggest of these pressures is that adapting to coexistence with COVID-19 will likely entail regular, reliable sharing of COVID-19 status. International travel already largely relies on this, and in many major countries around the world, thousands of offices, universities, and conference halls—in fact, many medium or large public venues—now require proof of vaccination or lack of infection as a condition of entry.13 Most consumers are comfortable with providing this information: In most markets we surveyed,14 the majority of respondents were willing to share vaccination status with travel companies (66%), employers (63%), event providers (63%), and entertainment facilities (60%). Only a small proportion, between 11% and 14%, strongly disagreed with sharing across the four different contexts.
The need for regulation will also become increasingly acute as popular applications become de facto essential services. A teenager may have to accept a degree of data-sharing that they are not comfortable with so they can participate in a peer group’s conversations, most of which may take place on a single social network. If they disagree with a specific digital service’s terms and conditions, they could opt out, but the consequences of that decision may be social exclusion. A similar predicament may face groups of parents, neighbors, or colleagues. It remains to be seen if and how behavior will change as a result of users becoming more aware of the risks and regulators taking increased responsibility for data privacy.
The likelihood that most consumers will continue to leave the use of their personal data up to the organizations that collect it implies that the responsibility for maintaining the right level of data privacy, and making control over personal data easy to manage, should fall ever more to businesses and their regulators. Politicians and business leaders alike should act in the knowledge that most consumers will increasingly rely on them to shape policies on their behalf. These policies should balance business needs with consumer rights, or data-sharing may become a negative influence on society instead of the benefit to consumer experience it can and should be.

    BY

    Paul Lee

    United Kingdom

    Roxana Corduneanu

    United Kingdom

    Joanna (Joey) Conway

    United Kingdom

    Suhas Raviprakash

    India

    Endnotes

    1. oitte’s Digital Consumer Trends is a multicountry study of mobile phone users around the world. The 2021 study comprises approximately 33,150 respondents across 20 countries and 5 continents. Data cited in this report is based on findings from 14 countries spanning 25,015 respondents whose results were available at the time of writing. The sample follows a country-specific quota on age, gender, region, and socioeconomic status. Fieldwork for the countries mentioned was carried out between June and August 2021 online by Ipsos MORI, an independent research firm, based on a question set provided by Deloitte.The 14 countries are: Australia, Austria, Belgium, Denmark, Germany, Ireland, Italy, Japan, Netherlands, Norway, Poland, Sweden, Turkey, and United Kingdom.

    2. le, “Secure Enclave ,” accessed November 21, 2021.

    3. ording to Deloitte’s research, more than 8 in 10 respondents believe that companies use their personal data; two-thirds of those who think their data is being used by companies they interact with online report being concerned about it. This is based on responses by 15,724 respondents across Australia, Austria, Belgium, Germany, Ireland, Italy, Japan, Netherlands, Poland, and United Kingdom.

    4. ording to Deloitte’s research, more than 7 in 10 agree to accepting default cookie settings when prompted by a website; real-world figures are likely to be even higher. This is based on responses by 23,054 respondents across Australia, Austria, Belgium, Denmark, Germany, Ireland, Italy, Japan, Netherlands, Norway, Poland, Sweden, and United Kingdom.

    5. ntries included were Australia, Austria, Belgium, Denmark, Germany, Ireland, Italy, Japan, Netherlands, Norway, Poland, Sweden, Turkey, and United Kingdom.

    6. ntries included were Austria, Belgium, Denmark, Germany, Ireland, Italy, Netherlands, Norway, Poland, Sweden, and United Kingdom.

    7. ording to Deloitte’s research, 26% of all phone owners said they always refused app permissions, and 28% said they almost always refused app permissions. This is based on responses by 23,054 respondents in Australia, Austria, Belgium, Denmark, Germany, Ireland, Italy, Japan, Netherlands, Norway, Poland, Sweden, and United Kingdom.

    8. , “IBM survey: Pandemic-induced digital reliance creates lingering security side effects ,” press release, June 15, 2021.

    9. ntries included were Australia, Austria, Belgium, Denmark, Germany,  Ireland, Italy, Japan, Netherlands, Norway, Poland, Sweden, Turkey, and United Kingdom.

    10. on Kemp, “TikTok hits 1 billion users—faster than Facebook (and more new stats) ,” Hootsuite, October 21, 2021.

    11. Tok, “Thanks a billion! ,” September 27, 2021.

    12. Securities and Exchange Commission, Facebook, Inc. Form 10-Q for quarterly period ended June 30, 2021 .

    13. ey Messenger, “From McDonald’s to Goldman Sachs, here are the companies mandating vaccines for all or some employees ,” NBC News, August 3, 2021; Chris Burt, “State-by-state look at colleges requiring COVID-19 vaccines ,” University Business, updated November 18, 2021; Peter Wells et al., “Coronavirus: California becomes first state to mandate vaccination or regular testing for teachers – as it happened ,” Financial Times , August 11, 2021; SchengenVisaInfo News , “France requires tourists to hold vaccination passport to access certain activities & services ,” August 10, 2021; Jonathan Franklin and Sylvia Poggioli, “Italy is making COVID-19 health passes mandatory for all workers ,” NPR, September 17, 2021; Jonathan Tirone, “Austria enforces lockdown on unvaccinated people ,” Bloomberg , November 15, 2021. 

    14. ntries included were Australia, Austria, Belgium, Germany, Ireland, Italy, Japan, Netherlands, Poland, Turkey, and United Kingdom.

    Acknowledgement

    The authors would like to thank Nick Seeber from Deloitte UK and Kirti Khattri from Deloitte Support Services India for their contributions to this article.