Thanks to a number of surveys in recent months, we are gaining a deeper understanding of people’s attitudes to data: its protection and people’s rights to privacy and control, their levels of trust in organisations that hold their data, and what they want those companies to do to improve their understanding and trust. For example, Doteveryone found that 95% of people say it’s important to know their data is secure and 94% say it’s important to know how their data is used.
But, on the subject of what the new GDPR rights mean for individuals, there has been little testing of attitudes and a notable gap in public engagement by the Information Commissioner’s Office (ICO). This is starting to change, with the imminent launch of the “Your Data Matters” campaign. Yet this period of radio silence has been at a time when public awareness of data protection, privacy and ownership has been heightened by recent events involving Facebook and Cambridge Analytica.
So that’s where the Corsham Institute (Ci) Your Data, Your Rights project comes in. You can read more about our project and the findings from our survey here, and, as the clock ticks down to GDPR, it’s worth reflecting on a couple of the key insights. We carried out our survey shortly after the news about Cambridge Analytica and Facebook broke and asked our respondents a few questions about its impact on their attitudes: 80% said that these events had made them think more about their data and what they share online; and 40% said it had changed the way they feel about organisations having access to their data ‘a lot’.
Yet, when asked questions about what counts as personal data and how it is used, there was a striking lack of certainty: less than half of our respondents picked the accepted ICO definition of personal data, and only 18% said they knew a lot about the collection of their data. But, crucially, the collection of this data is important to Corsham residents: 60% of respondents said they care a lot about what organisations might use their data for (rising to a staggering 87% among over-65s), while only 3% said they didn’t care at all and 4% said they hadn’t thought about it before.
GDPR gives people a means by which to act on these concerns: to find out what data is held on them, to rectify changes if it is wrong and to move it elsewhere if they wish. And it is also a huge opportunity for businesses to demonstrate that they understand the importance of this to individuals and to build a trusted, transparent relationship with their customers.
So, in the next stage of our project, we will be working directly with groups in the Corsham community to delve more deeply into the survey findings and to co-produce the information they need to help them better understand what their data is used for, their new rights, and how and when they can use them. Ci will also use the insight and evidence gathered via our work with the Corsham community to feed into our Digital Trust project, where we are working with partners to influence a regional and national debate, involving policymakers, businesses and other influencers. Get in touch via firstname.lastname@example.org to find out more.
A longer version of this article appeared on the Corsham Institute and RAND Europe Observatory for a Connected Society, the first mobile and web platform bringing together all the latest research, insight and comment on digital policy and tech developments.