October 2008 – September 2011
Identity and privacy have recently rarely been out of the headlines. Government has justified the need to identify citizens and track behaviour or security reasons, and promoted data sharing with the promise of the benefits of transformational government. Business argues that it needs to track customer behaviour both in the real world and the Internet to deliver personalised services that offer more targeted information and identify new business opportunities. The public is generally portrayed as unconcerned about privacy: based on opinion poll data, government argues that the majority of citizens support identification and surveillance, and commercial companies argue that customers are happy to volunteer detailed information about themselves in return for discounts or entry in a prize draw. In a recent report, the UK Information Commissioner characterised the situation as Sleepwalking into a Surveillance Society.
Do citizens and customers really not care? Previous research has shown that in many situations, people opt for immediate benefits (or promises thereof), and are less concerned about future possible risks (or not aware of them). However, once people experience negative consequences, or discover risks they were unaware of, they tend to respond strongly – often abandoning services and technologies involved altogether.
Examples of data sharing and leakage have raised awareness how data can be used and abused. Increasingly, people try to defend against the collection of sensitive or inappropriate data by refusing to register, or giving false information. Such responses can cause significant economic damage, or – in case of large numbers opting out or providing “fake” information – lead to a collection of data that has little or no value. The cost and benefit of collecting and storing data about individuals has not been properly examined, and the value of holding information about individuals for specific purposes is not understood.
The project will help government and business to understand the value of personal data, as well as the value and risks for other stakeholders. The Home Office estimates that identity theft costs the UK 1.7bn each year, but without a proper cost-benefit analysis, it is impossible for data-collectors to understand how, or indeed whether, to reduce the amount of data that they collect.
Research into privacy has both benefitted and suffered from its multidisciplinary nature. The multitude of perspectives and methods has led to many detailed findings, but there is still a lack of clarity of what privacy is and what it means to different stakeholders in different contexts/scenarios of use. There has been no attempt to measure the cost and benefits to the stakeholders involved in comparable units. Most studies are one-off surveys, ‘feeling the temperature’ to general questions about privacy. There has been no study of how stakeholders’ perception evolves over time, in response to experiences of benefits and drawback of data held about them. There is a lack of quality, empirical data on these issues, and how to collect it. The problem of collecting reliable data on people’s perceptions surrounding sensitive data about them is akin to Schrodinger’s Cat – to discuss privacy, you have to reveal things you want to keep private. The goal of the Privacy Value Networks project is to develop new methodologies that enable us to break this paradox.
PVNets project, EPSRC grant EP/G002606/1