Online Privacy & Identity Theft

of seven

Online Privacy - US

The importance of online privacy in the US

  • Online privacy is the most important digital security topic for Americans surveyed by the US Census Bureau. However, this might be due to the fact that the respondents believed that Internet privacy and crimes like identity theft and credit card fraud are essentially one and the same.
  • About 33% of households said privacy concerns "stopped them from doing certain online activities" in 2017.
  • According to a survey by Practice Lead, a staggering 90% of US internet users are "very concerned" about online privacy.
  • Only 3% of Facebook users and 4% of Google users trusted the way in which the companies handled their data.
  • Almost two-thirds of survey respondents believe that companies having access to their personal data does not improve their online experience.
  • In fact, a Harvard Business School study found that US citizens respond better to ads when they do not know that he ads are targeted using their personal data.
  • Even though people care deeply about online privacy, the overwhelming majority of them will not do anything to safeguard and enhance their privacy, especially if it requires a time commitment.
  • The sale of personal data is on the rise in the US. An MSNBC survey found that only 33% of the top 90 websites in the US explicitly guarantee that they will not sell personal data to third parties.
  • One study found that Americans were most concerned with hackers stealing their data, 51%, followed by companies sharing their personal data (26%), online surveillance by the US government (14%) and online surveillance by foreign governments (9%).

How concern about online privacy changed over time

  • A study by a VPN company found that 43% of Americans were more concerned about their online privacy in 2018 than a year prior, while 50% were equally worried.
  • The conclusion of the study was that only 7% of people were less worried about their Internet privacy in 2018 compared to 2017.
  • Regarding the way companies use their data, 54% of respondents said that they’re not confident they understand what companies do with their data.
  • The National Telecommunications and Information Administration found that about three-quarters of American households had "significant concerns" over online privacy in 2017.
  • However, the proportion of concerned households dropped from 84% in 2015 to 73% in 2017.
  • Indeed, concern over data collection by online services dropped from 23% to 22%, fears of losing personal data fell from 22% to 21% and concerns over data collection by the government fell from 18% to 16%.

Popular online privacy topics that attracted media attention

  • Concerns over privacy increase when online privacy issues get media attention. In the past few years, media articles usually focused on security breaches and cases where companies sell data without users knowing about it.
  • The Equifax breach that affected nearly 150 million American consumers was widely covered by the media, with several reputable outlets such as the Washington post, the New York Times and The Wall Street Journal reporting on the story for several weeks following the breach.
  • Cambridge Analytica, a political data firm hired by Donald Trump’s 2016 election campaign, obtained data on 50 million Facebook users as a way to find American voters and influence their behavior. The event was covered by media across the world and it even sparked political debate on the issue of online privacy in many countries.
of seven

Online Privacy - Impact of GDPR

The General Data Protection Regulation (GDPR) has had many impacts in Europe since it was implemented in May 2018. These include an increase in the number of reported data breaches, an increase in the number of subject action requests, and a decrease in venture capital investment in the EU.

Impact of GDPR

  • GDPR was implemented in May 2018 and as of March 2019 over 42,000 companies had complaints filed against them for GDPR breaches. In total, there were just under 60,000 breaches reported through January 2019, but only 91 fines were issued.
  • In January 2019, France's regulatory authority, CNIL, announced a $57 million fine against Google, Italy fined Facebook $11.44 million, Ireland began investigating Twitter, and Dutch authorities were investigating Microsoft. These actions were all the result of various provisions of the GDPR dealing with consumer privacy.
  • As a result of GDPR, Microsoft implemented a privacy dashboard to give customers direct control over their data. As of May 2019, the company reported 18 million people globally have utilized the tool to mange their personal data. About 6.7 million users are from the U.S., while about 4 million were from the EU. Overall, the top five countries using the privacy dashboard are the U.S., Japan, UK, France, and Canada.
  • Subject action requests (SAR) are requests by employees of their employers that allow them to see what personal data employers are storing about them. In the 6-month period ending December 2018, there had been 19,000 SAR requests, compared to only 9,000 in a previous 6-month period prior to GDPR being implemented.
  • 40% of surveyed companies indicated they spent more than $10 million to get in compliance with GDPR.
  • Investment in European startups was down by over $3 million per week since GDPR was implemented. It is estimated this resulted in between 3,000 and 30,000 fewer jobs.

EU Country Reporting

lus Laboris, a global law firm, compiled data from 25 EU countries on how things had gone from the first year of GDPR. While not all countries published data, there are some interesting statistics from those that did.
  • "From 25 May 2018 until the end of 2018, the Cyprus DPA received 281 complaints. It has been notified about 32 personal data breaches and issued four decisions with fines up to EUR 11,500."
  • The Danish DPA announced in its 2018 annual report that there were 2,780 reported data breaches, with about 900 of them being closed. 55 cases were fast-tracked due to the serious nature of the reports.
  • The French Data Protection Authority (CNIL) reported that complaints increased 32.5% since the GDPR went into effect. These complaints were related to data erasure and security of personal data.
  • "Between 25 May and 31 December 2018, the DPC received 3,687 data-breach notifications, of which 3,542 cases (96%) were classified as valid data protection breaches: an increase of 27% compared with the number of breaches reported in 2017. The largest number of breaches (85%) were because of unauthorised disclosure." The DPC is the Irish Data Protection Commission.
  • Spain saw an increase of 30% in the number of reports of data breaches since GDPR was implemented.
  • Unfortunately, none of the countries reported data on the number of erasure requests.


  • The EU actually required companies to allow consumers the "right to be forgotten" starting in 2014. From the time of the law through early 2018, Google received 650,000 right to be forgotten requests. Although we examined Google's 2018 annual report, we were unable to locate any data since the implementation of the GDPR.

Research Strategy

To determine whether an impact was "major" we looked at both the dollar amount impact and whether the statistic had significantly changed since the GDPR was implemented. For purposes of this report, we considered any dollar cost of more than $1 million to be major, as well as any impacts that increased by 25% or more. However, in addition to including at least seven statistics that meet these criteria, we also included other reporting found in relation to the GDPR's impact.
of seven

Internet Privacy Market - Growth

A 2018 SAS survey showed that US internet users are becoming more concerned about their personal data privacy. The US market for online data privacy tools and products grew at a Cumulative Growth Rate (CAGR) of 5.2% over the last 12 months and is expected to grow at the same rate over the next 3 years.


  • According to an International Data Corporation (IDC) study, the US General Data Protection Regulations (GDPR) products and tools market generated $416 million in 2017. The market is forecast to grow from 2017 through 2022 to reach $537 million, at a Cumulative Annual Growth Rate (CAGR) of 5.2%.


  • The global privacy tools management market had a size of $600 million in 2018 and is projected to grow to 3.13 billion by the end of 2025, growing at a CAGR of 26.5% from 2019 through 2025.
  • The global internet security market is projected to grow from 2016, at a CAGR of 8.4% to reach $46.5 billion by 2021.
  • As depicted by the results of a 2018 survey by SAS, US internet users are becoming more concerned about the privacy and security of their personal data.
    • About 73% of the survey respondents said that their concerns over personal data privacy were increasing, while 38% reported cutting back their social media use due to privacy concerns.
    • Sixty-six percent of respondents said that they had taken steps to secure their data.
    • Of the respondents, 83% said that they would welcome the right to tell organizations to not sell or share their personal information, while 80% also wanted the right to know where and to whom their data is being sold. Also, 64% said that they would welcome the right to have their data erased or deleted.

of seven

Online Privacy - Europe

Online privacy is generally very important for Europeans and has been more so in recent years. A growing number of European citizens are becoming familiar with different options to protect their privacy and they are willing to change their online behavior in order to do so. Privacy discussions among Europeans tend to increase after a well-known company is publicly fined for data misuse and when new privacy regulations are announced.

The importance of online privacy to Europeans

  • According to data by the European Commission's statistical office, Eurostat, most Europeans (72%) provided some kind of personal information online. This statistic ranges from under 50% in Bulgaria to 92% in Luxembourg.
  • However, 46% of Europeans restricted the use of personal data for advertising, 40% refused to provide access to their social media profiles and 31% limited access to location data.
  • The percentage of people that changed their cookie settings is inversely correlated to the proportion of people that provided personal data in a given country. For example, in Luxembourg, where almost everyone shares some personal information online, there is the highest percentage of people that restrict cookies at 52%.
  • The European Comisssion's Eurobarometer poll conducted in 2017 showed that an overwhelming majority of Europeans value their privacy. 71% of respondents said that it was unacceptable for companies to be sharing information about them without their permission.
  • More than 70% of the 27,000 Europeans polled valued personal privacy over increased convenience. In fact, 72% wanted to keep their personal communications private and 89% said that browsers should keep personal data private by default.
  • The privacy concerns of Europeans affect their online behavior. Some 40% of respondents said that they avoided certain websites because they did not want to be tracked.
  • A survey conducted by GfK in 2017 found that citizens of Eastern European countries were more concerned with online privacy than citizens of Western European countries.
  • GfK also concluded that Europeans value their privacy, but that they are willing to share their data for free services. For example, 77% preferred free content that was not personalized over more personalized content that involves using their personal data. However, 69% of them said they would consent to having their browser data accessed in exchange for free services.
  • While 42% of respondents said that they would allow personalized ads for access to free content, only 20% of them said that they would be okay with sharing their data with third parties for advertising purposes.

Privacy is a growing concern for most Europeans

  • Online privacy is a hot topic in European countries. Most of the surveys on the attitudes of citizens toward privacy have been conducted in the past few years.
  • Europeans became much more aware of the issue of online privacy with the introduction of the General Data Protection Regulation (GDPR) act. Some 92% of Germans polled right after the announcement of GDPR said that they care deeply about online privacy.
  • The attitude about online privacy shifted a great deal since 2012. In 2018, 61% of those surveyed said that they are very careful about their data security, a huge increase compared to only 17% in 2012.
  • The topic of Internet privacy has often been discussed in the media in the past few years, with most major international outlets like the Guardian, the Financial Times, AFP and Die Welt often reporting on online privacy topics.
  • The events that drew the most media attention in Europe in the past few years have been fines issued to multinational corporations for breaking privacy laws and new legislation enacted by the bodies of the European Union to protect online privacy.
  • For example, the Guardian, reporting on a press release by the European Commission, said that the EU fined Google 1.49 billion euros for advertising violations.
  • The introduction of the GDPR has been the most popular issue around online privacy in European media in recent years. For example, the French newspaper Le Monde has a large number of articles covering the topic during the past three years.
of seven

Identity Theft - Europe

While an analysis of search interest in identity theft and the number of news articles covering identity theft does not suggest that identity theft is a growing concern among internet users in Europe, a survey commissioned by the European Commission reveals otherwise. This survey indicates that most Europeans are concerned about identity theft and that the percentage of Europeans who are concerned about identity theft has grown by several percentage points in the past few years. Of the various cyber issues, malicious software and identity theft are the issues Europeans are most concerned about.


  • On behalf of the European Commission, TNS Political & Social conducted a survey to gauge Europeans' awareness, perception, and experience of cyber security issues, including identity theft.
  • TNS Political & Social's survey of 22,236 Europeans reveals that, in June 2017, identity theft, along with malicious software, ranked first when Europeans were asked about the cyber issues they were concerned about.
  • Sixty-nine percent of Europeans were concerned about being a victim of identity theft or the cyber crime where somebody steals their personal data and impersonates them. The same percentage of Europeans were also concerned about discovering viruses or malicious software on their device.
  • Europeans were less concerned about the following: being a victim of online banking fraud (66%), seeing their social network or email account hacked (63%), getting fraudulent emails requesting for personal or account details (60%), purchasing products from online scammers (58%), losing access to online services due to cyber attacks (57%), being asked for ransom to regain control of device (55%), encountering child pornography (53%), and encountering content promoting racist or extremist behavior (51%).
  • Based on a separate pan-European study, 61.4% of Europeans express concern about computer viruses and theft of identity or financial data, but a larger percentage of Europeans express concern about child pornography (68.2%) and illegitimate use of personal information (62%).


  • Between October 2014 and June 2017, the percentage of Europeans who expressed concern about experiencing identity theft increased by 1% only. Compared to 69% in June 2017, 68% of Europeans in October 2014 were concerned about identity theft.
  • In May-June 2013, however, only 52% of Europeans expressed concern about identity theft. This means that, between May-June 2013 and October 2014, the percentage jumped by 16 percentage points.
  • The percentage of Europeans who are concerned or tend to be concerned that their "online personal information is not kept secure by websites" had grown from 70% in May-June 2013 to 73% in October 2014. In June 2017, however, the percentage remained at 73%.
  • The percentage of Europeans who are concerned or tend to be concerned that their "online personal information is not kept secure by public authorities" had grown from 64% in May-June 2013 to 67% in October 2014. In June 2017, however, the percentage dropped to 65%.
  • The percentage of Europeans who are concerned about somebody else misusing their personal information had grown from 37% in May-June 2013 to 43% in October 2014 and to 45% in June 2017.


  • Eighty-one percent of Europeans view an attack against their personal information as a highly stressful experience.
  • Because of online privacy and security issues, the percentage of Europeans who have become less inclined to provide personal data on websites had grown from 38% in 2014 to 39% in 2017.
  • Also, the percentage of Europeans who have modified the security settings on their browser, search engines, and social network accounts had grown from 18% in 2014 to 20% in 2017, and the percentage of Europeans who have canceled online purchase transactions because of suspicious sellers or websites had grown from 7% in 2014 to 11% in 2017.



  • On, a news search engine and aggregator where news can be filtered by topic, publication year, and source region, there were 29 news articles with "identity theft" in the title that were published in 2018 by Europe-based media outlets. The news articles were published by the following Europe-based media outlets: The Next Web, The Guardian, Softpedia, Help Net Security, The Daily Mail, The Sun, ITV, TechRadar, Irish Independent, Express UK,, Deutsche Welle, Domaining, BBC, and Digital Spy.
  • On, there were 31 news articles with "identity theft" in the title that were published in 2017 by Europe-based media outlets. The news articles were published by the following Europe-based media outlets: The Times, The Daily Mail, Help Net Security, Sputnik International, France 24, The Next Web, The Telegraph, The Independent, International Business Times UK, The Guardian, ITV, BBC,, Irish Independent, The Scotsman,, The Daily Mirror, The Register, Express UK, and Domaining.
  • The headlines of these articles were mostly about cases of actual or possible identity theft, solutions to prevent identity theft, and how identity theft is a concern.
  • Sample headlines include the following:
of seven

Identity Theft - US

A large number of consumers said identity theft and banking fraud were their top concerns (41%) compared to the death of a loved one (22%) or being targeted in a terrorist attack (18%). Online users said they were more concerned about cybersecurity compared to 5 years ago (61%), but only a minority (37%) use an identity theft protection tool. We have outlined our key findings below.



  • Google Trends show a spike in user searches for identity theft in 2017 compared to other years from 2014 to 2019.
  • The top related queries to 'identity theft' that year were:
    • "where could an identity theft access your personal information?"
    • "lil kim identity theft"
    • "best identity theft protection 2017"
    • "which document puts you at the least risk of identity theft "
    • "identity theft statistics 2015"


of seven

Identity Protection Market - Growth

The US identity protection market has declined at a rate of -2.4 percent in the last 12 months, and it was projected to continue to decline in the next three years by about -4.9 percent. This is because consumers are opting for free identity protection alternatives.


  • In 2018, the identity protection market in the United States was worth about $2 billion.
  • Some of the players in the US identity protection market are Lifelock (Symantec), Equifax, and TransUnion.
  • The US identity protection market annualized market size growth (2014-2019) was -2.4%.
  • Therefore, the market declined at a rate of -2.4 percent in the last 12 months to 2019.
  • The size of the identity protection market in the US is expected to contract -4.9% in the next one year to 2020.
  • According to Market Research, the US identity protection market has contracted in the past five years and is expected to continue contracting over the next 3 years.
  • The growth rate of the market is expected to continue declining because consumers are opting for free alternatives options.
  • The size of the global identity protection market is expected to grow at a CAGR of 17.6% from $6.650 billion in 2019 to $17.6 billion in 2024.

Research Strategy:

Initially, we searched for precompiled reports analyzing the identity protection market in the United States from industry databases such as IBISWorld, Credence Research, Market Research, and Identity Watch among others. The reports we came across were paywalled but has enough information about the growth rate of this market in the last 12 months and the next 1 year. Unfortunately, the growth rate for the next 3 years was not directly mentioned.

Therefore, we searched through financial data, such as the annual reports, of a selected list of key players in the US identity protection market including Lifelock (Symantec), Equifax, and TransUnion for possible remarks about the growth rate forecast or a key metric (i.e. a player's predicted revenue in the next 3 years) to enable us to make an estimation. However, the approach proved futile as none of the companies examined disclosed either their revenue expectations for the next few years or any growth rate forecast for the whole industry.

Next, we combed through credible media sites such as BusinessWire, Market Research, MarketWatch, and more, which track and provide news concerning various industries, including the identity protection market. A report by Market Research not only supported our earlier findings that the size of the US identity protection market has been declining but also provided us with a key metric that guided our triangulation that the industry is expected to contract/decline in the next three years to 2022.
  • 2014-2019 — The US identity protection market contracted annually at -2.4 percent.
  • 2019-2020 — IBISWorld anticipates the market to decline about -4.9 percent.
Therefore, if the industry is expected to continue contracting in the next three years, we assume that it will maintain an annual growth rate of about -4.9 percent for the same reasons it maintained the annual growth rate of -2.4 percent (2014-2019), in which consumers are opting for free alternatives.

From Part 02
  • "Because it is a regulation and not a directive, it is binding on all 28 EU member states. The GDPR requires that every company that offers products or services to EU residents within the various EU states comply with a strict set of data privacy and security measures. Therefore, it extends beyond the EU to all companies who process and store personal data of EU citizens, whether such companies have locations in the EU or not."
  • "From video game sellers to various news outlets including the Los Angeles Times, some companies found the costs too high to continue doing business in Europe, and removed themselves from the EU. For others that chose to remain, things remain uncertain."
  • "In a company "transparency report" and research paper released this week, Google said most of those requests were to remove five or fewer URLs from its search results. In all, Google says it received requests to remove more than 2.43 million URLs since the end of May 2014, and it has removed about 43 percent of them."
From Part 03
From Part 06
  • "Identity theft and banking fraud were their No. 1 concerns. Forty-four percent of those surveyed rated those as their primary fear, compared to 22 percent, who listed the death of themselves or a loved one, and 18 percent, who selected being a terrorist attack victim."
  • "The FICO survey, released in July, surveyed 1,000 U.S. consumers over the age of 17. Consumers in the FICO survey were primarily worried about three areas:"
  • "86 percent of consumers said they were fearful that somebody would steal their Social Security number;"
  • "76 percent worried the wrong person would get access to their bank account; and 58 percent were anxious somebody would take their credit card information."
  • "However, even though consumers are concerned about their personal information and identity, only 37% of individuals use an identity theft protection solution, and 28% have no plans to sign up for an ID theft protection solution. "
  • "This is all in spite of the fact that 61% of respondents are more concerned about cybersecurity than they were 5 years ago."
  • "In 2018, the Federal Trade Commission collected reports of 3 million scams, including financial fraud and identity theft."
  • "1. Imposter scams Total loss: $34 million Median loss: $900"
  • "Overwhelmingly the most costly and most prevalent type of scam reported by American consumers — imposter scams — involve a fraudster pretending to be someone you trust in order to trick you into handing over money or information, like a password, or your Social Security number."
  • "Related queries: 1) where could an identity theft access your personal information? 2) lil kim identity theft 3) best identity theft protection 2017 4) which document puts you at the least risk of identity theft 5) identity theft statistics 2015"
  • "Related queries: 1) identity theft pin irs 2) what activities might require you to provide your social security number? 3) irs identity theft number 4) geico identity theft 5) you may have been a victim of identity theft if"
  • "In 2017, there were 16.7 million victims of identity fraud, a record high that followed a previous record the year before."
  • "The categories of fraud are listed below from least to most serious: Existing card accounts: This category includes both the account numbers and/or the actual cards for existing credit and card-linked debit accounts. "
  • "Existing non-card accounts: This category includes existing checking and savings accounts, and existing loans and insurance, telephone, and utilities accounts."
  • "New accounts and other frauds: This category includes new accounts or loans for committing theft, fraud, or other crimes using the victim's personal information."
  • "2018 was a year of mixed success for consumers. After three years of successive increases in fraud rates, the overall fraud incidence rate fell notably from 2017, ultimately affecting 2 million fewer victims. "
  • "As fraudsters’ primary targets have strengthened their defenses, the criminal economy is repurposing well-honed schemes to focus on new types of organizations. With comparatively limited experience with fighting fraud, these organizations have had little reason to invest in the tools, tactics, and personnel to effectively prevent, detect, and resolve fraud. "
  • "For victims, this means a long, strenuous, and frequently expensive path to regaining control of their identity."