With GDPR in Europe and California's CCPA regulations on the books, a new survey suggests U.S. consumers want a federal consumer data privacy law.
- Of nearly 400 U.S. consumers polled, 87% told researchers they felt data privacy should be covered by federal law.
- Just 24% of respondents were aware of the California Consumer Privacy Act (CCPA), and 29% had heard of the General Data Protection Regulation (GDPR).
- If they could delete their data down the line, 90% of American consumers would be willing to share personal data, according to the survey.
Having a presence online means having to be at least somewhat comfortable with ceding control of your personal data. No matter the services you use or the websites you browse, you're constantly being tracked – sometimes with your consent and other times without. As major data breaches have exposed people's personal information over the years, a groundswell of support for privacy and data protection initiatives have resulted in a discussion over whether the federal government should step in.
According to a recent survey, the answer to that question for most U.S. consumers is a resounding yes. Last month, GetApp commissioned a survey of 390 American consumers about their online habits and their thoughts on the importance of data protection. What researchers found was that people are not only more conscious of their privacy on the web, but willing to bring in outside regulation to ensure their digital safety.
Governmental regulation of the internet is nothing new. In May 2018, the European Union implemented its General Data Protection Regulation (GDPR), resulting in websites asking for permission to store cookies in an effort to avoid running afoul of the rule. The European example has led other governmental agencies to consider their approach to online data privacy and protections, including California with its June 2018 passage of the California Consumer Privacy Act (CCPA).
While the U.S. government hasn't yet implemented its own version of the GDPR, Chris Warnock, specialist analyst at GetApp, said there's a growing sentiment among polled consumers that there may be a need for such a blanket measure.
"Data privacy is a hot topic for consumers, with awareness around the massive amounts of personal data being mined from internet browsing habits on the rise," he said. "Our survey reveals just how popular the idea of privacy as a right is, with consumers expressing overwhelming support for regulation from the federal government."
While some of their needs are addressed in the GDPR and the CCPA, researchers found that most people were unaware of those regulations. Just 29% of respondents knew what GDPR was, and even fewer (24%) had heard of CCPA.
Federal data privacy rules are heavily favored
For the longest time, the idea of governmental oversight of the internet was considered a slippery slope to further regulation. According to researchers, however, 87% of respondents said they would welcome governmental oversight with open arms, stating that they felt their data should be protected by federal law.
Such protections would likely be implemented through the regulation of businesses that buy and sell consumer information. Furthermore, people want to be able to control when, how, and for how long their data is collected and stored. Respondents told researchers that they also want to be able to "opt out of data collection" whenever they feel like it.
Without proper regulation, consumers say they've been left in a wild west where they feel they have to give up their information to access content. In fact, 81% of respondents said they felt forced to provide sensitive data to keep using a website. Similarly, 82% said they felt forced to accept cookies. To get around that issue, 71% said they provided fake personal information to keep their actual identifying data secure.
Businesses can do more to build trust
At the center of the data privacy and protection discussion is the underlying worry that a business's mishandling of sensitive consumer data will result in a data breach. With such incidents making major headlines over the years, people are wary of sharing their data with businesses.
Researchers found that many companies need to raise their data privacy bar. Even though some large companies like Microsoft and Mozilla are taking steps to secure data for their users, there are scores of others that aren't. The CCPA and GDPR only cover specific regions of the world, so there's little incentive to extend those protections to everyone.
Still, researchers said small and midsize businesses should consider investments into data privacy policies as a "long-term strategy for building customer trust." When asked for reasons why they would accept cookie requests from a business, 71% of respondents said they did so because they were familiar with the business or brand they were interacting with, while 67% said they simply wanted to view content on a website. [Read related article: Cyberattacks and Your Small Business: A Primer for Cybersecurity]
Another way to engender trust with your consumers is to give them some data privacy autonomy. According to the survey, 85% said they would be "more willing to share their personal data if they were able to see everything that was collected about them." Furthermore, 90% said they would be willing to share their data if they could delete it at any time.