Thales Blog

Consumers have their Say about Protection of Personal Data – Call for More Stringent Controls

October 18, 2022

Carsten Maple Carsten Maple | University of Warwick More About This Author >

We live in a digital world in which we engage with significant social, government, retail, business and entertainment services now delivered without any direct human service management. These services require various information from the user, such as username, password and payment information, and retain details of our interactions with the service. This information has such value that it has become the currency for service providers such as search engines and social media providers. Unfortunately the value of this information also means that it is targeted by those without legitimate or legal authority. Breaches of data are no longer the big news items they once were; they happen so often that it they are no longer deemed newsworthy.

The Thales Consumer Digital Trust Index shines a light on user trust in online service providers. The global study that informs the Index involved more than 21,000 participants across 11 countries. The report provides novel and important insights for businesses, governments, academics and citizens. In this blog post I will discuss just a few of these insights.



Social Media Organisations have trust issues

The report highlights that the least trusted of all types of service providers are social media organisations. Earlier this year Facebook settled a lawsuit that sought damages for allowing Cambridge Analytica1 access to private data. In addition to a multibillion dollar fine, and a drop in share value of $100 billion, the incident tarnished the reputation of the company and a Pew Research Center2 study revealed that a quarter of Americans surveyed quit the service four years ago when the event occurred. Cyberattacks have also hit social media companies and both Facebook and LinkedIn have suffered breaches in recent years where the information of 500 million users was exposed. In 2020, a dataset was discovered by researchers at Comparitech that contained information on approximately 100 million Instagram, 42 million TikTok and 4 million YouTube users.

Given this, it is hardly surprising that respondents to the Thales survey did not trust social media companies. Statista3 released a report recently that detailed the number of monthly active Facebook users worldwide. Covering 14 years from Q3 2008 to Q2 2022, the figures show that in the last quarter the number of monthly active users dropped for the first time. Whether this is an impact of the lack of trust is not known, but it is certainly a concern for the executives and shareholders of the company. Social media companies will need to think seriously about how they can repair their image. Thankfully the survey reveals some methods that respondents would like to see, including multi-factor authentication.

Governments need to take action

Governments around the world are fervently pushing digitally-led society and commerce: Australia has its Digital Government Strategy aiming to “deliver personalised experience” to its citizens; the USA launched a “comprehensive Digital Government Strategy aimed at delivering better digital services to the American people” ten years ago and Mexico launched its own National Digital Strategy in the same year. The UK and Singapore not only have their own digital strategies, but also signed a Digital Identities Cooperation Memorandum of Understanding4 that “lays the foundation for a roadmap towards mutual recognition of digital identities between the UK and Singapore.

While digital government is at the heart of future societal and economic growth for all of the countries involved in the survey, significant government data breaches have occurred. In the US, the Office for Personnel Management suffered a breach back in 2015, which exposed the personal information of over 21 million people. Unfortunately in the same year, the personal information of 190 million US voters, including names, addresses, contact information and party affiliation was exposed for all to see due to poor server configuration. In July of this year data breaches were reported at Mexico’s two state-owned energy firms, Pemex and CFE exposing 14.6 million customer records. In 2018, SingHealth – the Singapore Government-owned public healthcare organisation, was attacked and resulted in the personal information of 1.5 million people being compromised. These attacks, and many more on governments across the world, have clearly impacted on the trust of respondents using government digital services.

Given the strategic importance of digital services that can offer personalised, cost-effective and efficient government services to its citizens, the survey findings will make difficult reading for the governments concerned.

Users are prepared to act to protect their data

A key question that has been raised in a climate of increasing data breaches has been whether citizens are becoming desensitised to data breaches and accept them as part of using digital services. I think the survey makes it clear that many people that have suffered a data breach want organisations to take clear steps to minimise the risk of future breaches. This includes forcing service providers to utilise encryption and multi factor authentication (MFA).

This is interesting as it contrasts with the wisdom that users want frictionless digital interaction. Many organisations believe that introducing MFA makes service access a slower and more awkward process. However, such is the concern for data breaches, this is something that users are willing to do.

This should be heeded by digital service providers as it will increase user trust as well as improve security. From my perspective this is probably the most important learning that readers should take away from reading the report.

Beyond the three new and interesting insights discussed above, there are many more I could have discussed if I had the space. I encourage businesses, governments, academics and citizens to read, and learn from, the full Thales Consumer Digital Trust report.