A survey of European views on basic privacy and data protection issues indicates the challenges countries may encounter as they wrestle with surveillance-based approaches to the coronavirus pandemic, or seek to bring in identity cards.
Some findings from an annual survey on fundamental rights by the EU’s Agency for Fundamental Rights (FRA) are released on Friday by FRA, ahead of the EU’s second annual review of the General Data Protection Regulation.
The survey took in the views of 35,000 people in every EU state, plus Macedonia and the UK (the almost-Brexiting UK is socially distanced off to the side with Macedonia in the survey's bar graphs).
Responses are broken down by country and, sometimes, by gender. The survey shows a varying, but significant degree of concern about sharing private information – including basics such as date of birth and address, and more sensitive data such as facial images, fingerprint scans, citizenship, or political beliefs – with public administrations. There’s an even higher degree of concern about letting private companies have access to such detail.
In the EU-27, more than one in five (23 per cent) do not want to share any such data with public administrations, nor 41 per cent, with private companies.
However, more than half would be willing to share basic information with public administrations, including their home address (63 per cent), date of birth (62 per cent) and citizenship (58 per cent). Just a third are willing to share with private companies.
Yet such responses indicate a lack of awareness as to what is easily and routinely gathered by online companies. Precise details such as date of birth are often gleaned from interactions with customers, who may offer their date of birth to online services ranging from fitness trackers to clothing shops.
Only 6 per cent are willing to share their facial image with a private company, and fewer than one in five with public administrations, with considerable variation across countries.
Ireland falls about in the middle, with only about one in 20 willing to share with private companies and one in five with public administrations.
This is interesting, given the widespread rollout of the controversial Public Services Card by the Government, which contains a biometric facial scan that’s even more revealing than a “facial image”.
These findings from more than 1,000 Irish people sit at odds with the Government’s continuing insistence that most people are happy to be issued a PSC. Either the Government’s surveys are wrong, or people do not realise the PSC contains a surveillance-based facial image.
Crime and fraud
The survey also found the majority of EU-27 citizens – 55 per cent – are concerned about criminals and fraudsters gaining access to personal information shared online, and about a third, that such detail might go to advertisers and businesses, and a fourth, to secret service or intelligence agencies.
As for awareness of privacy and location settings on smartphones, a notable gender gap emerges, with 46 per cent of men saying they are aware of these on all apps and 81 per cent, for location data, compared to 36 per cent and 74 per cent of women, respectively.
In Ireland, far more people are familiar with managing all location sittings (81 per cent) than all apps (48 per cent). Ireland is in the top five states for such awareness.
The survey notes that “only” one in five EU respondents said they “always read the terms and conditions when using online services” but this seems impossibly unlikely. Doing so – as some amusing studies have demonstrated – amounts to hours and hours of reading 50-plus pages of T&Cs. Some 16 per cent of Irish people said they read them all, and 70 per cent, amazingly, said they understood them all as well. Come on, now, Ireland: if that’s true, I’ll eat my iPad for dinner.
Not too surprisingly given international focus on same, some 84 per cent of Irish people said they were aware of their data protection authority (the Data Protection Commissioner’s office here). Contrast that with only 44 per cent of Belgians saying they’ve heard of their own authority.
Facial recognition
FRA hopes the data can contribute to ongoing policy debates and analyses linked to data protection and technology, says FRA spokesperson Nicole Romain. "EU institutions as well as EU member states should use these results in their work involving use or regulation of new technologies."
She also notes that “given the fast development of facial recognition technologies and contact-tracing apps, it is very important to note that most Europeans are very concerned about the use of their data – especially when it comes to the use by private companies”.
Even though the survey was done before the pandemic, FRA caution that states proceed carefully with all surveillance-based technologies for addressing the virus, and has called “for clear conditions for the roll-out of coronavirus contact-tracing apps”.
She adds: “It is crucial that EU/EU member states take this into account and ensure people’s rights to privacy and data protection are respected.”