Americans Want More Say in the Privacy of Personal Data
CR's second Consumer Voices Survey reveals deep concerns about how info is collected and used
It didn't take a global ransomware scare to convince Americans that their data is vulnerable.
The latest CR Consumer Voices survey reveals that people have been increasingly worried about the issue in 2017. Seventy percent of Americans lack confidence that their personal data is private and safe from distribution without their knowledge, according to the nationally representative survey of 1,007 adults conducted in April.
That number climbed from 65 percent since we first asked about the topic in January.
Respondents to the April survey also said they want more control over what data is collected. Ninety-two percent said that internet service providers, such as Comcast and Verizon, should be required to secure permission from users before selling or sharing their data.
The same proportion thinks consumers should have the right to request a complete list of the data an internet service provider or website has collected about them.
Finally, respondents spoke out about how such data may be used to charge online shoppers different prices for the same goods and services—without consumers knowing about it. This kind of dynamic pricing can be based on factors from age to browsing history to home address. Sixty-five percent of respondents oppose the practice.
Though consumers say they want stronger privacy protections, federal actions are moving the rules in the opposite direction.
On April 3, shortly before the survey responses were collected, President Donald Trump signed a congressional resolution that rolled back privacy protections put in place during the previous administration and scheduled to take effect later this year.
These rules, formulated by the Federal Communications Commission, would have required ISPs to get consumers’ permission before using or selling many kinds of personal data, including their web-browsing history.
Jonathan Schwantes, senior policy counsel for Consumers Union, the policy and mobilization arm of Consumer Reports, sees a direct line between actions like that and the worries that Americans report about how their personal data is treated.
“Why would they feel otherwise when in a matter of four legislative days in late March, Congress wiped out the FCC's groundbreaking privacy rules, which were intended to empower consumers and protect their privacy?" he asks.
Even before that regulatory change, data collected by websites and mobile apps enjoyed few protections, according to Jonathan Couch, vice president of strategy for the cybersecurity firm ThreatQuotient. “There are no current regulations or laws that govern the collection, storage, or use of browsing and shopping habits, what music you listen to, or any IoT [internet of things, or connected devices] information,” he says, though it's worth noting that the Children's Online Privacy Protection Act does safeguard kids younger than 13. And, he adds, “there is no requirement for companies to encrypt or otherwise protect the information they collect,” potentially making it vulnerable to hackers.
But consumers can take steps to help themselves, both by limiting the amount of data collected by companies and by safeguarding sensitive information from hackers.
How to Get More Control
- Learn what data is being collected. If you're curious about the scale of the data being collected about you, you can get a taste through services set up by some of the world’s biggest tech companies. Use Google Takeout to request a zip file documenting everything Google has on you, including search histories (even on YouTube), Gmail exchanges, contacts, and location history. It can be startling to see details of videos you watched and day trips you made using Google Maps years ago and that you’ve long since forgotten. You can get a similar archive from Facebook, and Amazon lets users of its Alexa-enabled voice-activated assistant devices view, listen to, and delete their voice recordings via its mobile app. (Amazon notes that deleting voice data will make the device less personalized.)
- Tighten your mobile app settings. Most mobile apps collect data on their users, ranging from location information to who’s in your contact list. You can restrict what data each app collects by going to your phone's settings menu. The details vary depending on what type of phone you have, but you may be surprised by the range of information, including contact lists and location data, being accessed by apps. When in doubt, turn permissions off—you can always turn them back on if the app no longer seems to work well. And delete apps you don’t actively use. The fewer apps you have on your phone, the fewer companies with access to your data.
- Tighten social media privacy settings. Social media services such as Facebook give users a degree of control over what data is collected by the company and, especially, what can be seen by other people. It’s useful to go through the settings with some care, ratcheting up the privacy protections. For instance, by using the “Who can look me up?” section of the Facebook Privacy Settings and Tools menu, you can determine whether people can search for you using your email address or phone number, and whether search engines can link to your profile. The Privacy Checkup tool will show you what information, such as your email address and birthday, is visible to friends and to the public. (Note: It's not available on all devices.) And you can go to the ads section of the settings menu to stop Facebook from using you to promote products you like in your friends’ feeds.
- Consider using an ad blocker. Many ads embedded in web pages transmit information about what you read, watch, and scroll through to companies you may never have heard of. Even website developers often don’t know about all the tracking software on their own sites. One way to limit such snooping is by installing web browser extensions (or helper programs) such as Adblock Plus, Disconnect, Ghostery, Privacy Badger, and uBlock. They all have slightly different approaches, but in general they try to either either ads or the associated tracking software that accompanies them. Most of these extensions work with a variety of web browsers, and they will let you add URLs to a “white list” of sites they won’t check. You can do that if a favorite website stops loading properly.
- Follow good "security hygiene." This term refers broadly to a number of actions that can cut down on identity theft and other internet crimes. For instance, use a different, strong password for every online account, perhaps with the help of a password manager. Avoid providing truthful answers when setting up security questions such as "What street did you grow up on?" because this information can often be gleaned from social media or even stolen in a data breach. Be sure to use a screen lock on your smartphone so that your email account and other accounts aren't vulnerable if the phone is lost or stolen.