Personal Data Management: The User’s Perspective Appendix B Detailed Research Survey Results Note: This report is based primarily on research commissioned by the International Institute of Communications from IPSOS UU between March-August 2012, funded by the Microsoft Corporation.
Personal Data Management: The User’s Perspective Personal Data Management Global Qualitative Study Research conducted and report prepared by Funded by Microsoft 1 2012 RESEARCH OBJECTIVES This study is part of research being conducted to identify issues for consideration in developing a global policy framework on personal data management. The key objective of this qualitative study is to gain insights into the mental model of how users think about personal data including: Explore users’ boundaries regarding the application and integration of their personal data, specifically: • The types of personal data collected; • The means of collecting personal data (i.e., active vs. passive); and, • The ways of using personal data. Understand the risks/harms users associate with having their personal data collected and used. Identify which entities users trust with regard to the collection, usage, and protection of their personal data (e.g., service providers, government, intermediaries). Understand motivations for user self-management of their online data. Identify issues for further quantitative study. 2 47
Personal Data Management: The User’s Perspective EXECUTIVE SUMMARY PERSONAL DATA POLICY HYPOTHESIS The hypothesis for a personal data management policy coming out of this research is: • There is a need for a more holistic and nuanced policy framework on personal data management that: • Is based on responsible and trusted data exchanges amongst stakeholders. • Respects a set of personal data principles that empower and protect users from harm. • Recognizes that users already take actions to actively manage and control the context for sharing data. • Acknowledges different data attract different levels of sensitivity, and there are a number of variables that set the context for sharing data. • Privacy is one aspect of a more holistic discussion on personal data management. 4 48
Personal Data Management: The User’s Perspective RELATIONSHIP WITH TECHNOLOGY Technology enables users to do more but also can make them feel powerless. Consequently, the perception of control becomes a critical factor and may be affected by data context variables. • Positive associations with technology include: • Makes things users currently do more efficient, thus making life easier • Enables users to do things that were not previously possible or had required more efforts in the past • Enables users to stay connected with others, the environment (e.g., news, weather), and the world • Is fun/entertaining. • Negative associations with technology include: • Changes quickly, is difficult to keep up with • Increases users’ dependence on technology, resulting in a decreasing sense of control • Decreases personal privacy 5 USER TYPE CHARACTERIZATION Four personal attributes uncovered in this research make up the dimensions of user types, including: Toronto Shanghai Hamburg US Personal data Low Low Mid Mid awareness Trust in government High Low High Low Perceptions of own High Low High High accountability Desire for control High High High High 6 49
Personal Data Management: The User’s Perspective DATA CONTEXT VARIABLES IMPACTING USER SENSITIVITY User sensitivities to their data access/use is impacted by 7 key variables. These variables define the data context. Data context Trust in Type of Type of Collection Device Usage Value Service Data Entity Method Context Application Exchange Provider 7 DATA CONTEXT VARIABLES IMPACTING USER SENSITIVITY, CONT’D Type of What type Unless it is considered a vital part of the service offered, banking data is most sensitive for all users followed by of data is it government identification, health information and peer contact information. Data Most users say they do not want the government to access any private data. They are also concerned about Type of Who is accessing it unknown vendors accessing their personal data without their permission. Of all service vendors, users Entity consistently have least trust in social network companies and most trust in banks. Although they report there is no guarantee or they may not have a choice, users say 3 elements impact their Trust in What gives DATA CONTEXT users trust levels: (1) reputation – brand familiarity, word of mouth recommendations, a personal relationship, Service company size, (2) location – organizations with a local/national presence are more likely to abide regulations, confidence Provider and, (3) free vs. paid services – trade-off between user risk and free services, understanding that free services in service generate income by selling user data. providers Collection How is the As collection methods (and awareness thereof) move from active to passive, users become more and more wary as they feel a lack of control of their data. Jurisdiction is a factor in acceptance of more passive methods as users Method data collected do not feel the need to protect their information (e.g., image) when in the public domain (vs. at home). Which Users differ in their views of which device is safest to access data from - no one device is universally deemed as Device device is being “safest”, but the type of device is a relevant factor. Context being used Data How the Users do not want their data to be used without their knowledge nor by an unknown vendor. They also have data is negative reactions to automated uses of data as they feel it lacks flexibility and control for the user. Usage being used Value What is the Users are willing to exchange personal data for an immediate personal benefit that reflects the value of their data. The most appealing benefits include discounts, better service/improved product, and convenience/time user Exchange savings. A benefit to the social good is not as motivating as a personal benefit, but can be a factor. getting out of it 8 50
Personal Data Management: The User’s Perspective DIFFERENT TYPES OF TRUST In interacting with a service, user-participants differentiate 3 different types of trust: • Service provider – how much they trust the entity, and separately, the individuals/employees that make up the entity, to protect their data. • There is no distinction between the service, the application, the service provider platform, or the device. • Other users of the service – how much they trust other users not to misuse their data, e.g., “reposting” of their data into different contexts. • Contents – how much they trust the integrity of the contents being shared as part of the service by other users and by the service provider, e.g., photos, tweets, news articles, etc. (primarily an issue in Shanghai). 9 PERCEIVED RISKS User- participants consider 5 “worst case scenarios” resulting from the misuse of their personal data. Data sold to 3 rd party Identitytheft/ fraud Reputation among Discrimination/ Physical/emotional /harassment peers Penalization Harm Concerns about hackers An annoyance from Concerns about Concern that data being targeted/ or rogue employees personal/ private data Fear that personal data misuse may result in accessing users’ engaged by an unknown being shared with their may be mis-interpreted physical harm (e.g., financial/ID information SP that has accessed friends and family resulting in user child predators) or their personal data. and stealing their discrimination, resulting in public cause mental anguish money or identity. embarrassment or penalization,or even (e.g., breaking into judgment. persecution. house). Primary concern Major concern Minor concern Not a concern • They have difficulty differentiating “risks” from “harms” and say that “risks” represent a potential negative outcome, while “harm” represents that negative outcome becoming a reality. 10 51
Recommend
More recommend