The importance of online privacy in the US

• Online privacy is the most important digital security topic for Americans surveyed by the US Census Bureau. However, this might be due to the fact that the respondents believed that Internet privacy and crimes like identity theft and credit card fraud are essentially one and the same.
• About 33% of households said privacy concerns "stopped them from doing certain online activities" in 2017.
• According to a survey by Practice Lead, a staggering 90% of US internet users are "very concerned" about online privacy.
• Only 3% of Facebook users and 4% of Google users trusted the way in which the companies handled their data.
• Almost two-thirds of survey respondents believe that companies having access to their personal data does not improve their online experience.
• In fact, a Harvard Business School study found that US citizens respond better to ads when they do not know that he ads are targeted using their personal data.
• Even though people care deeply about online privacy, the overwhelming majority of them will not do anything to safeguard and enhance their privacy, especially if it requires a time commitment.
• The sale of personal data is on the rise in the US. An MSNBC survey found that only 33% of the top 90 websites in the US explicitly guarantee that they will not sell personal data to third parties.
• One study found that Americans were most concerned with hackers stealing their data, 51%, followed by companies sharing their personal data (26%), online surveillance by the US government (14%) and online surveillance by foreign governments (9%).

How concern about online privacy changed over time

• A study by a VPN company found that 43% of Americans were more concerned about their online privacy in 2018 than a year prior, while 50% were equally worried.
• The conclusion of the study was that only 7% of people were less worried about their Internet privacy in 2018 compared to 2017.
• Regarding the way companies use their data, 54% of respondents said that they’re not confident they understand what companies do with their data.
• The National Telecommunications and Information Administration found that about three-quarters of American households had "significant concerns" over online privacy in 2017.
• However, the proportion of concerned households dropped from 84% in 2015 to 73% in 2017.
• Indeed, concern over data collection by online services dropped from 23% to 22%, fears of losing personal data fell from 22% to 21% and concerns over data collection by the government fell from 18% to 16%.

Popular online privacy topics that attracted media attention

• Concerns over privacy increase when online privacy issues get media attention. In the past few years, media articles usually focused on security breaches and cases where companies sell data without users knowing about it.
• The Equifax breach that affected nearly 150 million American consumers was widely covered by the media, with several reputable outlets such as the Washington post, the New York Times and The Wall Street Journal reporting on the story for several weeks following the breach.
• Cambridge Analytica, a political data firm hired by Donald Trump’s 2016 election campaign, obtained data on 50 million Facebook users as a way to find American voters and influence their behavior. The event was covered by media across the world and it even sparked political debate on the issue of online privacy in many countries.

Impact of GDPR

• GDPR was implemented in May 2018 and as of March 2019 over 42,000 companies had complaints filed against them for GDPR breaches. In total, there were just under 60,000 breaches reported through January 2019, but only 91 fines were issued.
• In January 2019, France's regulatory authority, CNIL, announced a $57 million fine against Google, Italy fined Facebook $11.44 million, Ireland began investigating Twitter, and Dutch authorities were investigating Microsoft. These actions were all the result of various provisions of the GDPR dealing with consumer privacy.
• As a result of GDPR, Microsoft implemented a privacy dashboard to give customers direct control over their data. As of May 2019, the company reported 18 million people globally have utilized the tool to mange their personal data. About 6.7 million users are from the U.S., while about 4 million were from the EU. Overall, the top five countries using the privacy dashboard are the U.S., Japan, UK, France, and Canada.
• Subject action requests (SAR) are requests by employees of their employers that allow them to see what personal data employers are storing about them. In the 6-month period ending December 2018, there had been 19,000 SAR requests, compared to only 9,000 in a previous 6-month period prior to GDPR being implemented.
•  40% of surveyed companies indicated they spent more than $10 million to get in compliance with GDPR.
• Investment in European startups was down by over $3 million per week since GDPR was implemented. It is estimated this resulted in between 3,000 and 30,000 fewer jobs.

EU Country Reporting

• "From 25 May 2018 until the end of 2018, the Cyprus DPA received 281 complaints. It has been notified about 32 personal data breaches and issued four decisions with fines up to EUR 11,500."
• The Danish DPA announced in its 2018 annual report that there were 2,780 reported data breaches, with about 900 of them being closed. 55 cases were fast-tracked due to the serious nature of the reports.
• The French Data Protection Authority (CNIL) reported that complaints increased 32.5% since the GDPR went into effect. These complaints were related to data erasure and security of personal data.
• "Between 25 May and 31 December 2018, the DPC received 3,687 data-breach notifications, of which 3,542 cases (96%) were classified as valid data protection breaches: an increase of 27% compared with the number of breaches reported in 2017. The largest number of breaches (85%) were because of unauthorised disclosure." The DPC is the Irish Data Protection Commission.
• Spain saw an increase of 30% in the number of reports of data breaches since GDPR was implemented.
• Unfortunately, none of the countries reported data on the number of erasure requests.

Google

• The EU actually required companies to allow consumers the "right to be forgotten" starting in 2014. From the time of the law through early 2018, Google received 650,000 right to be forgotten requests. Although we examined Google's 2018 annual report, we were unable to locate any data since the implementation of the GDPR.

Research Strategy

Online DATA PROTECTION AND PRIVACY TOOLS MARKET

• According to an International Data Corporation (IDC) study, the US General Data Protection Regulations (GDPR) products and tools market generated $416 million in 2017. The market is forecast to grow from 2017 through 2022 to reach $537 million, at a Cumulative Annual Growth Rate (CAGR) of 5.2%.

ADDITIONAL FINDINGS

• The global privacy tools management market had a size of $600 million in 2018 and is projected to grow to 3.13 billion by the end of 2025, growing at a CAGR of 26.5% from 2019 through 2025.
• The global internet security market is projected to grow from 2016, at a CAGR of 8.4% to reach $46.5 billion by 2021.
• As depicted by the results of a 2018 survey by SAS, US internet users are becoming more concerned about the privacy and security of their personal data.
• About 73% of the survey respondents said that their concerns over personal data privacy were increasing, while 38% reported cutting back their social media use due to privacy concerns.
•  Sixty-six percent of respondents said that they had taken steps to secure their data.
• Of the respondents, 83% said that they would welcome the right to tell organizations to not sell or share their personal information, while 80% also wanted the right to know where and to whom their data is being sold. Also, 64% said that they would welcome the right to have their data erased or deleted.

The importance of online privacy to Europeans

• According to data by the European Commission's statistical office, Eurostat, most Europeans (72%) provided some kind of personal information online. This statistic ranges from under 50% in Bulgaria to 92% in Luxembourg.
• However, 46% of Europeans restricted the use of personal data for advertising, 40% refused to provide access to their social media profiles and 31% limited access to location data.
• The percentage of people that changed their cookie settings is inversely correlated to the proportion of people that provided personal data in a given country. For example, in Luxembourg, where almost everyone shares some personal information online, there is the highest percentage of people that restrict cookies at 52%.
• The European Comisssion's Eurobarometer poll conducted in 2017 showed that an overwhelming majority of Europeans value their privacy. 71% of respondents said that it was unacceptable for companies to be sharing information about them without their permission.
• More than 70% of the 27,000 Europeans polled valued personal privacy over increased convenience. In fact, 72% wanted to keep their personal communications private and 89% said that browsers should keep personal data private by default.
• The privacy concerns of Europeans affect their online behavior. Some 40% of respondents said that they avoided certain websites because they did not want to be tracked.
• A survey conducted by GfK in 2017 found that citizens of Eastern European countries were more concerned with online privacy than citizens of Western European countries.
• GfK also concluded that Europeans value their privacy, but that they are willing to share their data for free services. For example, 77% preferred free content that was not personalized over more personalized content that involves using their personal data. However, 69% of them said they would consent to having their browser data accessed in exchange for free services.
• While 42% of respondents said that they would allow personalized ads for access to free content, only 20% of them said that they would be okay with sharing their data with third parties for advertising purposes.

Privacy is a growing concern for most Europeans

• Online privacy is a hot topic in European countries. Most of the surveys on the attitudes of citizens toward privacy have been conducted in the past few years.
• Europeans became much more aware of the issue of online privacy with the introduction of the General Data Protection Regulation (GDPR) act. Some 92% of Germans polled right after the announcement of GDPR said that they care deeply about online privacy.
• The attitude about online privacy shifted a great deal since 2012. In 2018, 61% of those surveyed said that they are very careful about their data security, a huge increase compared to only 17% in 2012.
• The topic of Internet privacy has often been discussed in the media in the past few years, with most major international outlets like the Guardian, the Financial Times, AFP and Die Welt often reporting on online privacy topics.
• The events that drew the most media attention in Europe in the past few years have been fines issued to multinational corporations for breaking privacy laws and new legislation enacted by the bodies of the European Union to protect online privacy.
• For example, the Guardian, reporting on a press release by the European Commission, said that the EU fined Google 1.49 billion euros for advertising violations.
• The introduction of the GDPR has been the most popular issue around online privacy in European media in recent years. For example, the French newspaper Le Monde has a large number of articles covering the topic during the past three years.

HOW IMPORTANT IDENTITY THEFT IS

• On behalf of the European Commission, TNS Political & Social conducted a survey to gauge Europeans' awareness, perception, and experience of cyber security issues, including identity theft.
• TNS Political & Social's survey of 22,236 Europeans reveals that, in June 2017, identity theft, along with malicious software, ranked first when Europeans were asked about the cyber issues they were concerned about.
•  Sixty-nine percent of Europeans were concerned about being a victim of identity theft or the cyber crime where somebody steals their personal data and impersonates them. The same percentage of Europeans were also concerned about discovering viruses or malicious software on their device.
• Europeans were less concerned about the following: being a victim of online banking fraud (66%), seeing their social network or email account hacked (63%), getting fraudulent emails requesting for personal or account details (60%), purchasing products from online scammers (58%), losing access to online services due to cyber attacks (57%), being asked for ransom to regain control of device (55%), encountering child pornography (53%), and encountering content promoting racist or extremist behavior (51%).
• Based on a separate pan-European study, 61.4% of Europeans express concern about computer viruses and theft of identity or financial data, but a larger percentage of Europeans express concern about child pornography (68.2%) and illegitimate use of personal information (62%).

HOW CONCERN ABOUT IDENTITY THEFT HAS GROWN

• Between October 2014 and June 2017, the percentage of Europeans who expressed concern about experiencing identity theft increased by 1% only. Compared to 69% in June 2017, 68% of Europeans in October 2014 were concerned about identity theft.
• In May-June 2013, however, only 52% of Europeans expressed concern about identity theft. This means that, between May-June 2013 and October 2014, the percentage jumped by 16 percentage points.
• The percentage of Europeans who are concerned or tend to be concerned that their "online personal information is not kept secure by websites" had grown from 70% in May-June 2013 to 73% in October 2014. In June 2017, however, the percentage remained at 73%.
• The percentage of Europeans who are concerned or tend to be concerned that their "online personal information is not kept secure by public authorities" had grown from 64% in May-June 2013 to 67% in October 2014. In June 2017, however, the percentage dropped to 65%.
• The percentage of Europeans who are concerned about somebody else misusing their personal information had grown from 37% in May-June 2013 to 43% in October 2014 and to 45% in June 2017.

THE ROLE AND IMPACT OF IDENTITY THEFT

•  Eighty-one percent of Europeans view an attack against their personal information as a highly stressful experience.
• Because of online privacy and security issues, the percentage of Europeans who have become less inclined to provide personal data on websites had grown from 38% in 2014 to 39% in 2017.
• Also, the percentage of Europeans who have modified the security settings on their browser, search engines, and social network accounts had grown from 18% in 2014 to 20% in 2017, and the percentage of Europeans who have canceled online purchase transactions because of suspicious sellers or websites had grown from 7% in 2014 to 11% in 2017.

SEARCH INTEREST IN IDENTITY THEFT

• On Google Trends, there is no indication that search interest in identity theft in Europe has significantly increased in the past three years. No noticeable pattern can be observed. The Google Trends site only reveals that search interest in "identity theft" as a search term peaked in the week of October 1-7, 2017 in the United Kingdom, the week of December 9-15, 2018 in Germany, and the week of July 10-16, 2016 in France.
• In the United Kingdom, "identity theft protection stamp" has been a breakout query (i.e., a new query that has seen a tremendous increase in searches).
• Search interest in "identity theft" as a topic peaked in the week of October 1-7, 2017 in the United Kingdom, the week of December 9-15, 2018 in Germany, and the week of August 27 - September 2, 2017 in France.

PRESS COVERAGE OF IDENTITY THEFT

• On Newslookup.com, a news search engine and aggregator where news can be filtered by topic, publication year, and source region, there were 29 news articles with "identity theft" in the title that were published in 2018 by Europe-based media outlets. The news articles were published by the following Europe-based media outlets: The Next Web, The Guardian, Softpedia, Help Net Security, The Daily Mail, The Sun, ITV, TechRadar, Irish Independent, Express UK, Bitcoinist.com, Deutsche Welle, Domaining, BBC, and Digital Spy.
• On Newslookup.com, there were 31 news articles with "identity theft" in the title that were published in 2017 by Europe-based media outlets. The news articles were published by the following Europe-based media outlets: The Times, The Daily Mail, Help Net Security, Sputnik International, France 24, The Next Web, The Telegraph, The Independent, International Business Times UK, The Guardian, ITV, BBC, Metro.co.uk, Irish Independent, The Scotsman, RT.com, The Daily Mirror, The Register, Express UK, and Domaining.
• The headlines of these articles were mostly about cases of actual or possible identity theft, solutions to prevent identity theft, and how identity theft is a concern.
• Sample headlines include the following:
• "'Identity theft'? It's daylight robbery by the banks." by The Guardian
• "Swansea star Martin Olsson claims he is a victim of identity theft" by The Sun
• "Identity theft warning after major data breach at Ticketmaster" by The Guardian
• "Want to cut out identity theft? Smile" by Irish Independent
• "Scots parents risk identity theft by social media over-sharing" by Express UK
• "Identity theft is on the rise" by The Times
• "James Trethewie becomes victim of identity theft" by The Daily Mail
• "Identity theft cases soar to 'epidemic' levels" by ITV

IMPORTANCE OF IDENTITY FRAUD

• In 2017, a FICO survey reported that identity theft and banking fraud were No. 1 concerns of consumers.
• Majority of surveyed consumers (41%) said identity theft and banking fraud were their primary fears compared to death of a loved one (22%) and being targeted in a terrorist attack (18%).
• Of surveyed consumers, 86% said they were afraid that their Social Security number would be stolen.
• A majority of surveyed consumers (76%) said someone else might access their bank accounts.
• Most of the surveyed consumers (58%) also said they were worried someone would steal their credit card information.
• In 2018, a McAfee survey reported that 61% of surveyed online users said they were more concerned about cybersecurity than 5 years ago but only 37% use an identity theft protection tool.
• In 2019, Marketplace reported that impostor scams around identity theft involving information, passwords or Social Security number was the top financial scam in 2018. This was followed by lottery scams, business scams, and counterfeit check scams among others.

SEARCH TRENDS and PRESS COVERAGE ON IDENTITY THEFT

•  Google Trends show a spike in user searches for identity theft in 2017 compared to other years from 2014 to 2019.
• The top related queries to 'identity theft' that year were:
• "where could an identity theft access your personal information?"
• "lil kim identity theft"
• "best identity theft protection 2017"
• "which document puts you at the least risk of identity theft "
• "identity theft statistics 2015"

• However, user searches for "identity theft" have remained steady for the past 6 months.
• Based on Google News, the recent top news headlines around identity theft centered on medical identity theft and medical data breaches.
• Paid news trend analysis tool Social Animal shows ithat identity theft among hacked federal employees was the top headline in 2018 regarding identity theft.

RESEARCH STUDY FINDINGS

• Javelin's 2018 Identity Fraud: Fraud Enters a New Era of Complexity report listed the top areas of fraudster focus in 2017 as: Account takeover, New Accounts and Card-Not-Present.
• Identity fraud victims increased by 8% to reach 16.7 million consumers in 2017.
• In Javelin's 2019 Identity Fraud Study: Fraudsters Seek New Targets and Victims Bear the Brunt, the top areas of fraud focus were Existing card accounts, Existing non-card accounts and new accounts and other frauds.
• Identity fraud victims slightly fell to affect 14.4 million consumers in 2018 compared to 16.7 million consumers in 2017.

FINDINGS

• In 2018, the identity protection market in the United States was worth about $2 billion.
• Some of the players in the US identity protection market are Lifelock (Symantec), Equifax, and TransUnion.
• The US identity protection market annualized market size growth (2014-2019) was -2.4%.
• Therefore, the market declined at a rate of -2.4 percent in the last 12 months to 2019.
• The size of the identity protection market in the US is expected to contract -4.9% in the next one year to 2020.
• According to Market Research, the US identity protection market has contracted in the past five years and is expected to continue contracting over the next 3 years.
• The growth rate of the market is expected to continue declining because consumers are opting for free alternatives options.
• The size of the global identity protection market is expected to grow at a CAGR of 17.6% from $6.650 billion in 2019 to $17.6 billion in 2024.

Research Strategy:

• 2014-2019 — The US identity protection market contracted annually at -2.4 percent.
• 2019-2020 — IBISWorld anticipates the market to decline about -4.9 percent.