Most Americans Are Not That Concerned About Online Privacy

The latest survey from the Census Bureau shows that most Americans are not that concerned about online privacy…but the government agency that commissioned the research seems to be misinterpreting its own data.

Since 1994, the National Telecommunications and Information Administration (NTIA) has regularly commissioned the U.S. Census Bureau to conduct surveys on Internet use and adoption. The Census Bureau conducted its most recent survey in November 2017, when it interviewed more than 52,000 households and asked them questions about online privacy and security. According to NTIA, the top-line takeaway of the survey results is that “nearly three-quarters of Internet-using households had significant concerns about online privacy and security risks.” However, a closer look shows that these concerns are overstated.

There are two problems with NTIA’s conclusion from its data. First, the survey shows that privacy concerns are declining. Across the board, the NTIA found decreasing levels of concerns in its 2017 survey compared to its last one in 2015. Fears of data collection by online services dropped from 23 to 22 percent, concerns over loss of control of personal data fell from 22 to 21 percent, and fears of data collection by the government fell from 18 to 16 percent. And while some of these decreases are small, they are expected. As ITIF has noted in its description of the “Privacy Panic Cycle”—the usual outbreak of public fear that often accompanies new technologies—as consumers become familiar with technologies, their privacy fears tend to diminish.

Second, the top two so-called privacy concerns for more consumers are identity theft (57 percent) and credit card or bank fraud (45 percent). These are perfectly legitimate concerns, but they have little to do with the ongoing debates about the private sector’s collection and use of consumer data online that have led many to call for the United States to adopt federal privacy legislation in line with Europe.

NTIA needs to get this right because, as it notes itself, its analysis is used to “ensure policymakers have the best information possible.” In particular, NTIA is currently leading the Trump Administration’s efforts to develop and propose federal privacy legislation. If the goal of such legislation is to address consumer concerns about privacy, then it needs to clearly distinguish what it means by privacy when speaking to policymakers.

The reality is that most proposed privacy rules, such as requiring email marketers to keep more detailed records about their subscribers and mandating that website operators notify their visitors about the site’s use of cookies, will do little to stop identity theft or bank fraud. But such rules will harm consumer-friendly innovation as businesses divert resources to comply and find their hands tied, preventing them from using data efficiently. (If policymakers really want to stop identity theft and financial fraud, they should phase out the use of Social Security Numbers and replace it with a secure alternative.)

Some people might argue that regardless of consumer preference, policymakers should still adopt new privacy laws to boost digital adoption. Indeed, in its article about the most recent survey data, NTIA raises the idea that policymakers should “build trust and confidence among Internet users.” But as ITIF has written, the notion that more regulation leads to more trust and more digital adoption is a myth. NTIA’s data show that a decreasing number of households with Internet users were avoiding online activities due to privacy or security concerns. The percentage of households that avoided conducting financial transactions due to these concerns dropped from 29 percent in 2015 to 24 percent in 2017. Similarly, the households that avoided buying goods or services online due to these concerns dropped from 26 percent to 16 percent, and those that avoided using social networks dropped from 26 percent to just 14 percent.

Americans have made their opinion clear: their privacy concerns are decreasing even without additional privacy laws. The question remains: will policymakers listen?