Skip to main content
Skip to secondary navigation
Menu
Australian Government - Office of the Australian Information Commissioner - Home

University of Queensland Privacy Survey Seminar

Presentation by Timothy Pilgrim, Privacy Commissioner, at the University of Queensland, Brisbane, 26 April 2012

This presentation was given at the launch of new research undertaken by Mark Andrejevic of the University of Queensland’s Centre for Critical and Cultural studies into the use of personal information for commercial purposes. The research was funded by the Australian Research Council.

Introduction

Firstly, I would like to acknowledge the traditional owners of the land where we gather, and pay my respects to Elders, past and present.

It’s a pleasure to be here this evening and I’d like to congratulate Mark Andrejevic and the University of Queensland on this research into the collection and use of personal information for commercial purposes.

It’s an area that is both topical and of great interest to me as Australia’s Privacy Commissioner.

Personal information online

There’s no doubt that most of the things we do online today involve the collection or sharing of some kind of personal information. It’s one thing to share information on social networking sites with your friends, contacts, followers, but those who have not adjusted their privacy settings may be publicly sharing a lot more information than they realise.

This animation is just one of the resources we’ve developed for Privacy Awareness Week and I’ll talk about this campaign a little later. (And by the way if you like it you can you can share it by going to the OAIC’s YouTube channel).

In addition to the amount of unchecked personal information shared on social media sites, we also have the issue of ‘Big Data’.

‘Big Data’ refers to the tracking and aggregation of personal data from search engine history, email content and other personal transactions like app downloads. This kind of information capture often occurs without people understanding it is happening as they accept terms and conditions they have not read with the click of a download button.

The collection and use of personal information for commercial purposes is becoming ever more complex.

Recently both Facebook and Google have sparked privacy concerns around the world arising from their use of personal information.

Earlier this year I was inundated with media inquiries after Google announced that it was changing its privacy policy to allow it to combine user information collected from across the many different services it operates, including its search engine, email service and YouTube. I wrote to Google on behalf of the Technology Working Group of the Asia Pacific Privacy Authorities forum expressing concern about the changes and asking a series of questions about how users would be affected.

Last year the World Economic Forum described personal information as a new asset class or the ‘new oil’, and it’s easy to see why.

The vast amount of personal information we reveal as we transact online has taken the relationship between customer profiling and marketing to a whole new level.

Big Data tracks our interests, movements and preferences with uncanny accuracy.

And the more access a business has to this kind of information, the better it can target us with advertising that matches our areas of interest.

But as journalist Alex Krotoski put it so aptly in The Guardian last weekend, exploiting Big Data's opportunities needs a delicate balance between the right to knowledge and the right of the individual.

In an article entitled ‘Big Data age puts privacy in question as information becomes currency’, Krotoski reports that US chain Walmart has bought the startup Social Calendar, one of the most popular calendar apps on Facebook, which lets users record special events, birthdays and anniversaries.

More than 15 million registered users have posted over 110 million personal notifications, and users receive email reminders totalling over 10 million a month.

Of course, as Krotoski points out, when a Social Calendar user listed a friend's birthday or details of a holiday to Malaga, she or he probably had no idea the information would end up in the hands of a US supermarket.

But now it will be cross-referenced with Walmart's own data, plus any other databases that are available, to generate a compelling profile of individual Social Calendar users and their non-Social Calendar-using friends.

Krotoski describes a host of similar practices that are being used by both the public and private sectors to identify what people want before they are even aware they want it.

Obviously all this sharing of information creates very real and serious privacy risks.

And of real concern is that people often don’t understand how their online information is used and where it may end up.

So what do we think about all this?

While we no doubt benefit from the myriad of free online experiences available to us like internet searches, e-commerce and social networking, how much do we really understand how our information is being used? And do we even care?

Well, the UQ research we are launching tonight provides us with some answers.

Office of the Privacy Comissioner’s historical research results

Before I go on, I’d like to briefly mention a past research finding from our Office that I think illustrates just how much times have changed.

In 2001, the vast majority of survey respondents to our Community Attitudes to Privacy Research considered the following four situations to be an invasion of privacy:

  1. A business that you don't know gets hold of your personal information (94%);
  2. A business monitors your activities on the internet, recording information on the sites you visit without your knowledge (93%);
  3. You supply your information to a business for a specific purpose and the business uses it for another purpose (93%);
  4. A business asks you for personal information that doesn't seem relevant to the purpose of the transaction (94%); and

89% of people surveyed also reported being concerned about supplying any type of personal information to an organisation.

Jump forward to 2012 and we’re playing a whole new ball game.

But I’m pleased to say that community attitudes to privacy have not changed that much.

Mark’s findings are consistent with what we have found out through our own Community Attitudes to Privacy Research over the years. And that is that people do care about privacy.

Our last survey was in 2007 and we are set to undertake more research that we hope to release early next year, but turning now to the research we are launching tonight…

2012 UQ research

The main finding is that people across all demographics remain very concerned about privacy.

It’s not surprising that in an era where we are constantly asked for our information and where online tracking and data aggregation has become a routine practice, people surveyed want to know more about how their information is collected.

Indeed, the majority of survey respondents think that too much information is being collected by websites – and this mirrors our 2007 findings.

It’s also interesting to note that the vast majority – more than 90 per cent of survey respondents – support regulations that would allow them to control the capture and use of their personal information online. They also expressed a desire that companies notified them at the time when people’s personal information is being collected.

The fact that people want to be able to opt out of having their information collected and request that their personal information be deleted is also consistent with our findings from more than 5 years ago.

More than half of the respondents – 56 per cent – do not approve of having advertising targeted to them based on their personal information.

A larger majority — 64 per cent — do not want news stories tailored to them based on their personal information. In fact, to avoid the collection of their information, 69 per cent of those surveyed say they have refused to use an application or website because it collected too much personal information, with 79 per cent simply refusing to provide personal information.

This last finding is something that I would strongly urge the growing number of marketers who use online behavioural advertising to note.

Further, it suggests that people are even more annoyed about this issue than they were more than five years ago, when 61% of those surveyed told us that they felt either angry and annoyed, or concerned when they received unsolicited marketing material, and 36% told us that they had decided not to deal with an organisation because of concerns about how their personal information would be handled.

Interesting.

Reading privacy policies and engaging with privacy settings

I’ll just finish up with a few words about engagement with privacy policies and privacy settings.

This survey identifies that more than 60 per cent of respondents rarely or never read website privacy policies. That means we only have 40 per cent of people actually reading them.

This is consistent with what we found in an international survey about social networking that we conducted last year as part of our annual Privacy Awareness Week campaign - nearly 62 per cent of respondents did not read the privacy policies or terms and conditions on social networking sites.

Now this finding does concern me a lot.

Back in 2007, two thirds (67 per cent) of survey respondents reported that they had at some point read the privacy policy attached to an internet site – and this was up from 55 per cent in 2001. And 14 per cent of those who had read a policy reported feeling felt more confident and secure about using the site as a result.

So engagement with privacy policies today is significantly lower than previously, and we have to ask why this is so. It could be because there are so many different parties associated with each online transaction, and we make so many in the course of a normal day, that it is simply impossible to keep up with them all.

It could also be that privacy policies are notoriously hard to read – they are typically long, complex documents that are often buried in places where you can’t even see them.

Those of us who work in the area of privacy have been calling on organisations to make privacy policies more user-friendly and also to be placed prominently on websites so that people are more inclined to engage with them.

It’s an ongoing concern that people are not reading privacy policies and as such have no idea about what they are agreeing to when they use online services.

The fact that online privacy policies are often subject to change without warning and have limited options that allow people to make choices about how their information is used further complicates matters.

When it comes to people actively engaging with privacy settings, a third of respondents to our social networking survey told us last year that they weren’t sure how to use their privacy settings.

This suggests that social networking sites aren’t making it as easy as they should for people to understand how to choose who sees the information they post. Constant changes to privacy settings don’t help. People also told us that they worry about what social networking companies might be using their information for.

Nearly 68 per cent of people said they would stop using a site that used its information in a way they hadn’t expected. In addition, around 46 per cent said they were very uncomfortable, or quite strongly uncomfortable, about sites tracking their activities in order to target marketing to them. All this is consistent with Mark’s research.

I’m under no illusion that getting more people to engage with privacy settings will solve the issue of online privacy, but I do think that a greater level of awareness about how people’s personal information is collected and used is critical.

And this brings me to Privacy Awareness Week, an annual campaign run by privacy regulators across the Asia Pacific each year.

Privacy Awareness Week

Privacy Awareness Week 2012 kicks off this Sunday and is an important way that we raise awareness about privacy issues in the community.

This year I’m pleased to say that we have over 140 committed partners from government agencies, the not for profit sector and businesses who are joining with us on this campaign.

I’d encourage everyone here tonight to visit our website at www.privacyawarenessweek.org and take a look at the resources we’ve developed. Please use them and share them with your networks.

It’s not too late to become a Partner either so please consider participating in this important campaign.

Thanks again to Mark and UQ for inviting me to speak to you tonight and again, congratulations on this terrific and timely research. I’m looking forward to hearing more about it.

Thank you.