Cybersecurity, children’s privacy & marketing practices are main concerns according to ICO privacy tracker survey

Contact the Digital Compliance Hub

Share This Post

The ICO have published their Annual Tracker, a survey looking at public perceptions of privacy and data protection. The main aim of this research was:

  • To gauge public perceptions and awareness of how data is shared with and used within organisations and to monitor any change in the trust and confidence in how data is used and made available.
  • Public awareness of GDPR
  • Explore the public’s perceptions about technology and data protection
  • Knowledge of FOI (Freedom of Information)
  • Perception of the ICO

Overall, there’s no surprises:

  • More people are worried about how their personal data is being used with concerns about how that data is shared without their permission
  • Awareness of GDPR is down (probably because last time the survey was carried out GDPR was on everyones minds)
  • More people aware of their data protection rights (e.g. right to be informed about how their data is being used)

But the stand out fact from the survey is that cyber security, children’s privacy, data sharing for marketing purposes and web browsing tracking for marketing purposes are the most commonly cited data protection concerns.

Cyber-security is probably no surprise given most of what gets reported in the mass media relates to a cyber-security/hack incident (e.g. the BA and Marriott fines) and there are so many fraudulent cold calls, spam, etc. about. For me, what’s interesting is the rest of what people are worrying about.

Children’s data

Children’s privacy ranked second in people’s first choice of concerns (15%). This is possibly indicative of ongoing concerns about access to online content, online harms and general use of technology which grown ups don’t always understand.

But children’s data is covered by the GDPR when it relates to online services, with children under 13 requiring parental consent if an online service requires the child’s consent. The ICO though also single out the protection of children’s data needing special care because of the nature of the data subjects and the potential misuse of trust. We know from working within the education sector that there are also challenges around pupil personal data within schools and academies, particularly in terms of parental access to their child’s data when the child is seen as the data subject.

Use of data for marketing purposes

Sharing of data and tracking web behaviour were cited as the third and fourth most popular concerns (14% and 10% respectively). Unfortunately there is little information in the survey report to indicate what specifically is causing these concerns, but we suspect it has something to do with the raised awareness of consent that came in with GDPR last year (remember all those “we need to renew your consent” emails?) and a general mistrust thanks to the Facebook/Cambridge Analytica scandal, plus if we look at the ICO enforcements over the last couple of year a lot of them are marketing related (so breaches of PECR rather than GDPR).

It seems only a matter of time till we’ll see some GDPR related enforcement in the marketing space…

What the ICO thinks

In her blog about the findings, the Information Commissioner comments:

It’s reassuring for us to see children’s privacy and data sharing also feature prominently among the public’s priorities. Both are priorities for us too, and the views expressed in the survey match what we heard in response to the consultation for our planned code of practice to protect children’s privacy online.

But she also talks about a paradox between the ICO’s enforcement and public trust. Whilst the enforcement aims to penalise those that bend the rules, it also highlights to the general public that organisations can’t be trusted. The Commissioner sees this supported by the drop in trust and confidence shown in the survey.


More To Explore

Eat. Sleep. GDPR. Repeat.

We live and breathe GDPR and ePrivacy compliance, so you don’t have too. Our GDPR UNLIMITED helpline is all about offering you help and support, whenever you need it most. As well as the unlimited helpline, you get up to 4 hours “hands-on” help each month, which we can configure to help you in anyway you need such as a GDPR review, or acting as your DPO.

As well as the unlimited helpline and hands-on help you get GDPR and privacy updates, access to our GDPR knowledge centre and webinars.

Unlimited email & phone support

Unlimited email and phone support. Email or organise a voice call as often as you need each month.​

Up to 4 hours "hands-on" help per month

We use these "hands-on" hours to do the GDPR work for you, such as reviews, acting as your DPO, checking DPIA, dealing with breaches, training your staff, etc. (Additional hours: £100+VAT per hour)

Online resources

Our Knowledge Centre gives you access to information, guidance, topic related guides and other tools to support your GDPR and PECR compliance

Updates, alerts & briefings

We provide updates and alerts and a monthly compliance briefing. You can either sign into the Knowledge Centre or sign up via email to receive an email every time we add a new update or alert

DPO services

Whether mandated or not we can act as your Data Protection Officer (DPO) and manage your day to day compliance

Webinars, workshops & training

Whether updates on the latest issue, workshops or team training, it's all included in your monthly retainer.

LIKE WHAT YOU'RE READING? join our email list

Sign up for monthly briefings and the occasional emails about our webinars and services

Want to know more about how we use your data? Check out our privacy policy