Too much information? Tech giants must do more to address consumer concerns about data

A new survey by Which? reveals that Facebook users are very concerned about how their personal data is handled but feel powerless to protect it, following the revelation that millions of people’s personal information was compromised by the social network.

A survey of more than 2000 people found that 89% of people have concerns about the issues raised by the Cambridge Analytica (CA)/Facebook scandal.

The research found that, while 6% of users have deleted or deactivated their account in response to the reports, 73% haven’t changed how often they use Facebook since the story broke.

Of those who answered that they are concerned about the issue but haven’t changed their behaviour, 13% believe there is nothing they can do to change what Facebook does with information taken from users, and 18% think it’s too late to take any action. Just 10% trusted Facebook to make things right for its users itself.

The results suggest that some users don’t feel like they have the power to act against tech giants such as Facebook.

This attitude may be explained by the fact that the harvesting of user data, as well the data of their friends, in the Cambridge Analytica case took place in 2014 but has only just come to light.

The survey results also suggest that there is a belief that in order to stop these scandals happening in the first place companies need to be more responsible and adopt higher moral standards when it comes to handling their data.

60% of people are concerned about how there seemed to be little effective regulation over what Facebook or Cambridge Analytica were doing with their information, while 64% of people are worried that Facebook did not check what the third party who obtained user data was going to do with that information .

With the General Data Protection Regulation (GDPR), the biggest change for decades in data protection law, being introduced in May, big companies need to take their new responsibilities seriously.

Alongside these duties they must also act to improve the way they communicate to their users about what information they are providing access to when they sign up to an app, and must do so in a way that is easy to find and easy to understand.

Regulators, including the Information Commissioners Office, which is investigating whether Facebook data was illegally acquired and used, must stand ready to take enforcement action, starting with companies whose deliberate actions are harming consumer interests.

The Government will need to continue to work on other areas including action on confusing terms and conditions and collective redress, where an amendment to the Data Protection Bill replicating an optional part of the GDPR would allow independent organisations acting in the public interest, such as Which?, to act as a representative on behalf of groups of affected consumers without them needing to sign up to an action to get quick, easy and cheap access to justice when they experience a financial loss following a data breach.

Alex Neill, Which? Managing Director of Home Products and Services, said:

“Facebook users are clearly concerned that the site hasn’t been properly in control of their data, and worse, many feel powerless to act to protect their personal information. With massive changes to the way companies must handle data just weeks away, Facebook must recognise that as the world’s biggest social network it should lead the way as a responsible custodian of users’ data.

“It should do more to educate users in an accessible way about how sharing their data could affect them, while regulators and the Government should ensure that action can be taken against companies that break the rules.”

Notes to eds

  1. Populus, on behalf of Which? surveyed 2,068 UK adults. Fieldwork took place between 26th and 27th March 2018. The data have been taken from nationally representative omnibus surveys and have been weighted to the demographic profile of the population.
  2. How to manage your Facebook data and manage targeted ads:
  3. General Data Protection Regulation (GDPR):


Press Release