The Special Eurobarometer 487a report on GDPR conducted by survey and data insight consultancy Kantar at the request of the European Commission has been published this month. Where relevant, the report’s findings are compared to findings from the Special Eurobarometer 431 on Data Protection conducted in 2015.
The salient finding is that two-thirds of Europeans have heard of the General Data Protection Regulation (GDPR). Moreover, a clear majority are aware of most of the rights guaranteed by GDPR and nearly six out of ten Europeans know of a national authority tasked with protecting their data and responding to breaches.
The level of general awareness of GDPR varies across the EU, ranging from nine in ten respondents in Sweden to just over four in ten in France (44%).
The sixty-eight page report contains detailed comparative data on European attitudes toward the Internet, social media, online purchasing, data security and other GDPR-related phenomena.
Despite a general increase in data awareness, the majority of social network users in Europe who responded affirmatively to the question, ‘have you ever tried to change the privacy settings of your personal profile from the default settings on an online social network?’ has decreased by 4% (from 60% in 2015 to 56% in 2019). Trust in social media giants among Europeans, therefore, seems to remain stable.
Interestingly, while UK internet-users are by some way the most likely in Europe to regularly purchase online (64%, followed by the Dutch and Swedish on 50%), they are also among the most likely to ‘never’ use social networks (one in five), following only the Czech Republic (21%) and France (28%). Might this not place under scrutiny the common assumption of a significantly positive correlation between marketing on social media and online sales? While online purchasing has remained stable since 2015, use of social media has expanded significantly, by 15%.
For anyone working on privacy statements or considering reworking the ones they have, the report’s findings on this subject may be useful. Your average EU28 internet-user is only 13% likely to ‘fully read’ a privacy statement. 47% of respondents said they would read them ‘partially,’ while 37% would not read them at all. These figures are also fairly consistent across all demographics and member states.
Perhaps unsurprisingly, it is the length of privacy statements that is the main reason respondents give for not fully reading them (at 66% of respondents, who could choose multiple reasons in the survey). In the UK this is higher than average at 75%, in line with the finding that high rates of internet usage correlate with people finding things too long to read.
Length of privacy statement is followed by finding them unclear or difficult to understand (31%), the sufficiency of a privacy statement existing on the website at all (17%), the belief that the law will protect them in any case (15%), the statement ‘isn’t important’ (11%), distrust in the website honouring the statement (10%, although this has fallen by 5% since 2015), and finally ‘other’ and ‘not knowing where the find them’ (5% each).
Websites do seem to have improved the clarity or wording of their privacy statements slightly over the last four years, given the mild reduction (7%) in Europeans claiming the statements are difficult to read. Respondents in the UK are among the least likely in Europe (at 19%) to find privacy statements unclear, on a par with Croatians and just below Latvians (at 15%).
Concern over control of data
The report shows there is still more that can be done by organisations and even data protection authorities wanting to build confidence among people providing information online. More than six in ten Europeans are concerned about not having complete control over the information they provide online. Indeed, 16% responded that they were ‘very concerned’. The British and the Irish are among the most concerned, either ‘very’ or ‘fairly’, at 73% and 75% respectively.
Overall, there has been a mild decrease across Europe of respondents expressing concern over control of their data, with significant decreases of up to 20% in Eastern Europe. Five countries show minor increases of concern, the highest being France and Cyprus with 5%.
Respondents are not only broadly aware of the rights guaranteed under GDPR, but many have begun to exercise them. Nearly a quarter of Europeans (24%) have cited the right to not receive direct marketing in taking action against this infringement. While awareness of the right to have a say when decisions are automated remains relatively low (41%), this proportion is likely to increase.
As the report states, ‘the GDPR regulation is now more important than ever – almost all respondents use the Internet (84%), with three quarters doing so daily.’ Organisations have the opportunity to pave the way for greater confidence and trust in online activities involving consumers’ data.
Harry Smithson, 28th June 2019