Understanding privacy perspectives following data breaches

Posted in: Digital, Research, Technology

January is “Debating Digital Detox” month on the Business and Society blog. An increasing number of people are choosing to give up their electronic devices in January, as a type of new year's resolution. We are exploring why people feel the need to do this - why we see our relationship with digital technology so negatively. Are we so addicted that we need a period to ‘cleanse’ ourselves?

Here, Joanne Hinds discusses her recent research on social media and privacy.  She suggests that people are reluctant to delete these apps, despite concerns about data breaches. Users justify this in the belief that the 'damage has been done' as that their data is out there already; that they are more resistant to online persuasion than other people; or that the risks are worth it in order to stay connected with friends. She advocates for better education - in lieu of switching off, or 'detoxing' - so users are better able to protect themselves. 

As society becomes increasingly digitized, individuals and organisations face constant challenges when it comes to protecting data and mitigating security threats. With cyberattacks and data leakages occurring across all sectors, it is unsurprising that such incidents are reported so frequently in the news. One such example was the Cambridge Analytica-Facebook scandal, whereby approximately 87 million individuals’ data were illicitly harvested without their consent. This data was used to create psychographically tailored advertisements that allegedly aimed to influence people’s voting preferences in the 2016 US presidential election. The scandal was one of the most heavily publicised data breaches in 2018, and the scale of the data-misuse, combined with such grand claims of mass-manipulation provoked global outrage and stimulated numerous protests calling for people to delete their accounts (e.g., ‘#DeleteFacebook’, and ‘#Faceblock’). The scandal also sparked debates about the ethical standards of individuals’ privacy online, alongside demands for artificial intelligence to be regulated.

In the aftermath of the scandal, we conducted a series of interviews that sought to explore people’s understanding of online privacy and targeted advertising more broadly. Our findings showed that contrary to many stories reported in the news, respondents did not delete their accounts, frantically change their privacy settings, or even express that much concern. Instead, individuals often consider themselves immune to psychographically tailored advertisements, and lack understanding of how automated approaches and algorithms work in relation to their (and their networks’) personal data.

The 'Privacy Paradox'

Such reactions mirrored those that are seen time and time again in response to data breaches or privacy issues more generally. For instance, individuals often convey mixed sentiments toward data breaches and privacy-related matters, expressing emotions ranging from “I’m not bothered” to “I’m extremely concerned”. Further it is often the case that individuals claim to be concerned about their privacy to subsequently behave in a way that contradicts with these views, for example expressing concern about online privacy, to later give away personal information quite freely (such as their address or date of birth) in an online shop. This is often referred to as the “privacy paradox”. Researchers also argue that individuals perform a “privacy calculus” in which they trade-off the costs and benefits of disclosing or sharing data. For instance, a person might consider the risk of giving away their personal data to be worthwhile if they have a chance of winning a competition.

Is the damage done?

Individuals in our study also described feeling helpless, and that the “damage is done”. This reflected a sense that third parties had already taken their data, and that it is too late to do anything about it. Simultaneously, individuals also reported feeling “trapped”, where, although concerned about how their data may be used, they feel that they cannot stop using social media because it keeps them connected with their family and friends. Such phenomena reflect the fact that online privacy is complex, and navigating the associated challenges is not always straightforward.

That sort of things happens to other people...

Overall, most people were aware of the Cambridge Analytica scandal and their supposed attempts to influence people’s political preferences. Across those we interviewed, individuals generally believed that they are resistant to persuasive communications, they lacked understanding of how targeted advertising works, and they did not realise that their privacy could be violated through such subtle, indirect ways.

Going forward, there is a clear need for improving awareness of privacy and educating people in how to protect themselves, particularly in relation to how information can be inferred from others within a person’s network. This is challenging because practitioners and organisations must be careful in order to avoid contributing to further fatigue/disengagement by overloading people with more information that they may struggle to understand or keep up with. Another challenge concerns responsibility, in terms of what a user is responsible for, and what organisations/platforms are responsible for. Placing responsibility in the hands of users for instance creates more pressure to read policies, accept terms and conditions, stay up-to-date with changes etc. at a time when such activities are already tiring and overwhelming. Similarly, placing responsibility entirely on organisations can arouse suspicion of their motives, and decrease individuals’ trust, which can make them feel like they lack control of their data.

Although there is not one definite solution to these issues, being mindful to such challenges and attempting to find ways of balancing them, will likely help organisations and individuals to become better equipped to manage and protect personal data.


Posted in: Digital, Research, Technology


  • (we won't publish this)

Write a response