Assessing the Public Perception of Security and Privacy

Project Overview

Information privacy design concept with globe, lock, and data

Photo by cherezoff/Fotolia

Authorities in different spheres, from travel to child protection to counter-terrorism, may have to make difficult decisions while implementing security and surveillance measures to mitigate likely risks arising from a variety of threats. However, they often do so in the face of extensive uncertainty regarding public reactions to these measures.

Moreover, in everyday life, data is increasingly being transferred through digital interactions; the advent of cloud computing, for example, raises many issues relating to data ownership and access. While the actual and potential benefits to society from Internet use and the availability of “big data” in fields such as healthcare should not be underestimated, the implications for individuals’ privacy and security also need to be taken into account.

Goals

PACT (Public Perception of Security and Privacy: Assessing Knowledge, Collecting Evidence, Translating Research into Action) was a European Commission 7th Framework Programme (FP7) project. It was a 3-year collaborative project involving 11 project partners across the Europe. RAND Europe led the empirical work of PACT, which aimed to:

  1. assess existing knowledge about the relationship between security and privacy and the role played by trust and concern;
  2. collect empirical evidence through a pan-European survey on the public perception of the relation between privacy, fundamental rights, and security;
  3. analyse the main factors that affect public assessment of the security and privacy implications of given security intervention.

Methodology

RAND Europe led the design and analysis of a large-scale survey in which responses were collected from over 26,000 participants across 27 EU Member States (Croatia joined the EU after the project inception) using face-to-face interviews and Internet surveys. The survey questionnaire covered three pertinent real-life situations where different factors related to privacy and security may arise, namely:

  1. Travel on metro or train (Travel)
  2. Choice of an Internet service provider (Internet), and
  3. Choice to purchase a device or service for storing health information (Health).

The design of the scenarios in these three contexts was based on a stated preference approach, so that the choices participants were faced with in the survey, reflected those they might encounter in real life. For each, respondents were asked to choose between two alternatives and a third “none of these” alternative. The first two alternatives were described using a number of different attributes (factors) including, the amount of data stored (on CCTV cameras, online, on a health device), duration of storage and access to the data. Some attributes were context specific: security personnel and security checks for Travel; services to improve online privacy for Internet; and, for Health, viewing of data by different actors, such as academics and pharmaceutical firms.

Example of a Survey Question

Example of PACT survey question and options

 
Hence, from the analysis of the stated preference data, the importance of different factors for individuals' preferences related to security, surveillance, and privacy could then be examined and quantified for the citizens of EU27. The difference in preferences in individual countries and due to age, gender, education and income were also taken into account. Further, the effect of attitudes related to security, surveillance and privacy on these preferences were also analysed.

Key Findings

Clear differences in preferences for attributes are found in the Travel, Internet and Health contexts as respondents make trade-offs between their needs for privacy, security and surveillance in each setting.

Type of data matters

Most respondents across the EU are found to prefer some level of data storage on CCTV camera or on a health device. However, they dislike any storage of information on Internet usage and prefer that their Internet Service Provider offers some services to improve online privacy.

Sharing data outside the country of residence is generally disliked

Most respondents across the EU are found to dislike access to CCTV or Internet usage data by police outside their home country. In the Health context, respondents are found to prefer access to health device data across the EU rather than only in their home country. However, they dislike that their health information is viewed by groups other than medical practitioners.

Preferences for security and privacy are surprisingly consistent across the EU

These results are quite consistent across the 27 EU Member States surveyed, although there are some country specific effects. These particularly concern the presence of security personnel and security checks in the Travel context and viewing of data by different groups other than medical practitioners in the Health setting.

Socio-economic effects were also found to play a role. In terms of surveillance, older people (65+) are generally less averse to the presence of CCTV cameras or Internet surveillance and had stronger preferences for services to improve online privacy. Younger people (18-24), on the other hand are more open to storage of their Internet and health data, but are more averse to physical security checks.

Trust and concern for privacy are important

Respondents’ attitudes significantly affect their preferences in relation to privacy, security and surveillance. Moreover, these attitudes are influenced by age, gender and income, as well as context specific factors, such as travel frequency; time spent on the Internet and current health condition.

Overall, the results indicate that respondents’ preferences related to security and privacy are much more nuanced than the simplistic inverse relationship between security and privacy that is often assumed; an important finding from a policy making perspective.

Publications

Research Team

Neil Robinson, Co-Principal Investigator
Dimitris Potoglou, Co-Principal Investigator
Sunil Patil, Project Manager
Charlene Rohr, QA
Matt Bassford, QA
Bhanu Patruni
Hui Lu
Fay Dunkerley
James Fox
Andrew Daly
Peter Burge
Tess Hellgren
Svitlana Kobzar
Gavin Cochrane


RAND Europe Cyber Research