Views, thoughts, and opinions expressed in the text belong solely to the author, and do not represent the views of the Support Centre for Data Sharing or the European Commission.
Trust is becoming a sensitive issue, especially in regard to sharing data such as your personal information. It leads to questions like: do you trust the organisations you are sharing your data with? Do you know how your data is being used? Do you know what data is being collected and used by these organisations? Do you know who can access your data? In most cases, people will answer no, they don’t know.
Several studies, including one completed by Eldman’s “Trust Barometer” (an annual trust and credibility survey), have found that trust between consumers and public and private organisations is at an all-time low.1 There are numerous explanations as to why consumers are becoming more distrustful and wearier of what companies are doing with their data. Several of these explanations are rooted in events that happened in 2018 alone. One is the famous Facebook-Cambridge Analytica scandal. On 17 March 20182 broke the story of how the British political consulting firm Cambridge Analytica was harvesting the personal data of millions of Facebook users without their knowledge or explicit consent through the participation to an apparently innocuous personality quiz app. It was then revealed that this data was sold to political campaigns and used to target election messages at Facebook users in the 2016 presidential election campaign. Another event is the Marriott hotel data breach, one of many incidents of its kind in 2018.3
In November,4 it was revealed that the personal data of 500 million people who stayed at the Marriott hotels since 2014 were hacked, with the attackers retrieving data including their name, address, phone number, email address, passport number, date of birth, gender, arrival and departure information, payment card number and payment card expiration day.
These stories were widely documented in the news and shared across the world and gave people a valid reason to distrust, or at the very least to doubt, organisations in how exactly they are collecting, processing and using data describing their customers. In short, these stories forced people – individuals, organisations and regulators alike – to grapple with the very real-world consequences of how data is being used and shared. So, following these major breaches in security, privacy and trust, and consumers growing distrust, how can, or should, businesses respond? What can they do to gain people’s trust back?
One way to combat this surge of distrust is data protection regulation. Currently, there is a global increase in data protection regulations5 with the EU being one of the global leads in data protection standards closely followed by others such as California, Brazil and Japan. Examples of these data protection regulations that were introduced in the past three years are:
- The General Data Protection Regulation in the European Union (GDPR)6 that became applicable in the EU Member States as of 25 May 2018;
- The California Consumer Privacy Act (CCPA)7 that was passed in September 2018;
- The General Data Protection Law (LGPD) in Brazil8 that was approved in August 2018; and
- Amendments to the Act on the Protection of Personal Information (APPI) in Japan9 that went into effect in May 2017.
However, introducing and enforcing regulation is only a piece of the puzzle to build consumer trust in data sharing. Regulation alone will not magically clear the shroud of suspicion around Facebook on how they are managing and sharing users’ data, nor will it remediate the data breach from the Marriott hotel systems. Once the data is out, it is out, and law can only punish the ones who were responsible, not prevent all future malicious use of that confidential information or fully prevent a repeat occurrence. In the puzzle of gaining back consumer trust, another necessary piece is crucial to complete the image: transparency. Transparency is key to building trust and loyalty. If someone is open and explicit in what they are doing and clear on how they are going to achieve their goal, we as consumers are likelier to trust them. On the other hand, if we have a poor experience or see something sketchy from a business, NGO or politician, for example, then the odds are that we will stop trusting them and look to shop, donate or support someone else.
For more about transparency in building consumer trust around data sharing, keep an eye out on the SCDS’s opinion pieces!
- 1. https://www.edelman.com/trust-barometer
- 2. https://www.nytimes.com/2018/03/17/us/politics/cambridge-analytica-trump-campaign.html
- 3. https://blog.avast.com/biggest-data-breaches
- 4. https://www.nytimes.com/2018/11/30/business/marriott-data-breach.html
- 5. https://www.dlapiperdataprotection.com
- 6. https://gdpr-info.eu
- 7. https://www.caprivacy.org/
- 8. https://dataprivacy.com.br/protecao_de_dados_pessoais.docx
- 9. https://free.dataguidance.com/laws/japan-act-on-the-protection-of-personal-information-2/