Data privacy in the social sector – Who cares? What about?
Data has become ubiquitous. The world is rapidly digitising, and in our professional and private lives, more and more of our activities leave behind a trail of data.
For the social sector this means great opportunities – in the 2013 Trendreport we looked at the uses of "Big Data for Good". But the risks of data mining are also coming into sharper focus, not least since the Wikileaks revelations in 2013. It's clear that in the next few years, those working in the social sector all over the world will have to give a lot of thought to issues of data privacy and transparency.
What's less clear is what they think about these issues today. Does the need to protect beneficiaries' data even occur to an NGO in Brazil? How does a German foundation understand "transparency", and how does this differ from a Chinese foundation? Do Indonesian activists worry more about government surveillance or corporate data mining?
This 40-page report, produced by the betterplace lab and enabled by Mozilla, is based on research conducted during Lab Around the World in China, Brazil, India, Indonesia and Germany. There we conducted interviews with people working in the social sector about their attitudes and behaviour around matters of data privacy, transparency and trust.
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Privacy, Transparency and Trust in a Digital World
1. Privacy, Transparency and Trust
in a Digital World
A report into attitudes in the civil societies of five countries
Enabled by:
2. betterplace lab
gut.org gAG
Schlesische Str. 26
10997 Berlin
Germany
www.betterplace-lab.org
This report is published under a Creative Commons Attribution-ShareAlike 4.0 International License.
creativecommons.org/licenses/by-sa/4.0/
3. There is much to gain and
benefit from this massive
analysis of personal information
or 'big data'. But there are also
complex trade-offs.
– Alessandro Acquisti
TED Global Edinburgh, June 2013
4. 4
Ben Mason studied Philosophy and German at Oxford and joined the betterplace lab in
2013. He managed the project, analysed the interviews and survey, and authored the final
report text. Contact: ben.mason@betterplace.org
Our sincere thanks go to our partners at Mozilla, whose support made this research
possible. The betterplace lab then conducted the research and compiled the following
report with complete editorial independence.
Researchers
Ben was ably assisted by Jella Fink, who worked as a Researcher in the lab after
finishing her Masters in Anthropology and before setting off to Myanmar to begin
researching her PhD. She conducted a number of the interviews by Skype and in person,
transcribed many more, and contributed much of the background research.
Brazil Anja Adler is an Associate Researcher for the betterplace lab and is
currently completing her PhD in Political Science.
China Joana Breidenbach is an anthropologist and author of numerous
books and articles. She co-founded the betterplace lab in 2011.
Pál Nyíri is a Professor of Global History from an Anthropological
Perspective at Vrije University in Amsterdam and has co-authored several
publications with Joana. Helpfully, he also happens to be fluent in Mandarin.
Germany Kathleen Ziemann holds a Masters in Cultural Studies, and in 2012 –
the same year as joining the betterplace lab – she also trained as a Design
Thinker at HPI Potsdam.
India Medje Prahm has an MA in Philosophy and Economics from Bayreuth.
As an undergraduate she also studied Indology and speaks good Hindi.
Indonesia Dennis Buchmann has a background initially in biology, then in journalism,
followed some years later by a Masters in Public Policy. Dennis co-founded
the betterplace lab with Joana.
Author
5. 5
Contents
6 Foreword
7 Summary of Key Findings
Part I: Introduction
8 Data deluge
9 The aim of this report
10 A moving target
Part II: Country Profiles
11 Brazil
14 China
17 Germany
20 India
23 Indonesia
Part III: Comparative Analysis
26 How do people think about privacy?
How do they define privacy?
How much do they care?
What do they want to be protected from?
Which data do they want to protect and why?
Are their opinions changing?
30 How do people think about transparency?
31 How do people behave online?
What measures do they take?
Is your name really washingtonirving2000?
Does concern actually translate into action?
34 Who do people trust?
Which services do they trust?
On what grounds?
How trusted are NGOs, the government and others?
So who do people think should act?
37 Conclusion
38 Appendix Notes
6. 6
Foreword
T
he Web is here to stay – yet it still
divides opinion. There are optimists,
like the Mozilla community and like
the betterplace lab team, that believe the
Internet can be a powerful force for good
in our society – by making information and
services available to all, by letting citizens
speak, be heard, and hold the powerful to
account.
But this is not the full picture. Through-
out the Internet’s relatively short history, we
have had to contend with a series of men-
aces threatening to shackle or undermine
this public resource. At one time we were
suffocating under an avalanche of spam
emails and pop-ups. Today we’re asking
how we can protect individuals’ privacy
when every click may be monitored by data
mining corporations and state surveillance
agents.
Seeing the challenges arising from the
new abundance of digital data in this his-
torical context is enlightening. It shows that
keeping the Web in the hands of its users
is possible, but it requires ongoing work,
determination and vigilance. Mozilla has
played its part in this, for instance with the
“Do Not Track” and “Lightbeam” projects.
However, issues of data privacy are much
less straightforward and riddled with di-
lemmas than virus protection, for example.
Maintaining my private sphere might have
to be balanced against access to good
software, or personal or national security.
The social sector, which this report focus-
es on, throws up some particularly interest-
ing dilemmas to do with data. Increasingly
NGOs, foundations and governments are
realizing the potential benefit to their work
not just of using a range of digital tools,
which might act inappropriately with their
data, but also collecting, storing, analyz-
ing and disseminating data for themselves.
Data-centered approaches let social sector
organizations better understand the prob-
lems they seek to solve, work more effec-
tively, and demonstrate that effectiveness
to the outside world. But these opportuni-
ties come with risks attached.
What’s needed is global public discussion
about when and which kinds of privacy are
important for us to protect online, and how
we can do this. This is an important issue
for everybody and should not be left to a
small number of “experts”, so we also need
education so that people understand the
issues, risks and dilemmas involved.
This report is both a contributions to
this nascent discussion, and it shows the
current state of knowledge of, and current
opinions of, groups which will be absolutely
key participants.
Dr. Joana Breidenbach
Founder, betterplace lab
7. 7
Summary of Key Findings
• Everybody, when asked, will tell you privacy is important.
A significant result, but not a very enlightening one. Only by approaching the issue more
obliquely do you reach a differentiated understanding.
• German and Indian philosophers, Chinese and Indonesian pragmatists.
Everybody we spoke to in Germany (p.17), and almost everybody in India (p.20), felt
what we might call a “philosophical” attachment to privacy, as something inherently
worth protecting. To our surprise, this seemed less universally felt in Brazil (p.11). And at
the other end of the spectrum, the attitude in China (p.14) and Indonesia (p.23) seems
to be more pragmatic: people are concerned about protecting information when the
consequences of not doing so are tangible and direct, such as fraud or defamation.
• Some action … and a sense of guilt.
Most people take just simple steps to guard their privacy online. It’s rare for people
to make a principled shift to software that is more secure but less usable. And we
encountered a lot of self-criticism, people felt guilty about not doing more.
• Transparency is more opaque.
Or at least, much more so than privacy, the term means different things to different
people. In China, data transparency isn’t much bothered about. In Indonesia they
demand it from their government more than from their software. In Germany and Brazil
they want data policies that are not just public but clear and accessible. In India they
also want to know about motives: not just ‘what’ and ‘how’ but also ‘why’.
• Trust is personal.
The main criterion everywhere for trust was a personal connection or recommendation.
In China and Indonesia this runs deeper, with an underlying mistrust of automated
processes generally.
• Blurred concerns.
In the minds of many people these issues are strongly associated – perhaps even
conflated – with more familiar strands of cybersecurity: protection from viruses, hacking,
and fraudsters of various types. In China and India especially, these remain more
pressing concerns than data mining.
8. 8
D
ata has become ubiquitous. As our
lives become ever more digitized,
more and more of what we do is
leaving a digital trail. Perhaps this was once
a coincidental by-product of the way we
built our software. But companies, govern-
ments, and others soon realized the many
uses and the formidable power of “Big
Data”. Now, whether we welcome it or not,
how we want our data to be treated has
become a pressing question of our time.
It is a little over one year, at the time of writ-
ing, since the actions of Edward Snowden
caused global tumult by making the world
aware of mass government surveillance of
online activity. In the intervening months is-
sues of privacy, transparency and trust in
digital communications have gone from to
an esoteric concern of specialists to con-
tentious topics many people care about.
But levels of knowledge and concern are
not evenly distributed – they vary between
places and different groups.
This report aims to understand and com-
pare attitudes towards data privacy and
related issues among people working in the
social sector in Brazil, China, Germany, In-
dia and Indonesia.
Background
Since 2009, the betterplace lab has been
investigating the intersection of the digital
and the social. The dawning of the “digital
age” has caused huge changes for organ-
izations in every sector – the social sector
included. Many of these are positive, and
much of our work is involved with show-
ing the potential for digital tools to make
the social sector more effective. But this
change also requires new skills and raises
unfamiliar problems. We try to understand
these too, and help where we can.
Lab Around the World 2014
This year we abandoned our desks in
Berlin Kreuzberg and set off on our first
major research expedition. “Lab Around
the World 2014” saw our team of ten re-
searchers setting off to 14 countries across
five continents. We wanted to uncover pio-
neering new projects using digital technol-
ogy to address social problems. And we
wanted to talk to the people behind such
projects about their experiences, and get
a better understanding of which factors
are important in provoking and sustaining
innovation.
Outline methodology
Our research brought us into contact with
people from a range of organizations in the
social sector, from more “traditional” NGOs
in civil society to digitally focused social
entrepreneurs, from academics to activist
bloggers. In the five countries selected for
this report, we conducted qualitative inter-
views with a broad range of these to try to
understand their attitudes and assumptions
around these issues. In addition we pro-
duced an online survey in four languages
and collected responses from others in the
sector to more concrete questions about
online behaviour. Our analysis in what fol-
lows is drawn from these two data sourc-
es, combined with desk research about
background context and conditions in each
country. (See appendix for more detailed
methodology.)
Data deluge
Part I: Introduction
9. 9
WHY CIVIL SOCIETY?
Our target group as described above,
which we will refer to collectively as the “civil
society”, is broad. But in their diversity, its
constituents share one central characteris-
tic: they belong to organizations committed
to addressing social problems. One way or
another, they aim to help people.
To those who are interested in data policy
and internet governance, the opinions of
this group matter. They are opinion leaders
whom people listen to. What’s more, their
values tend to be progressive, and their
priorities are primarily social rather than
commercial. You might ask who, if not this
group, will be concerned and vocal about
protecting individuals from those with ma-
lign intent – online as offline.
And to those interested in helping the
helpers, these are important issues. For
organizations that routinely deal with sen-
sitive information, questions about how to
handle it appropriately will get more urgent,
not less. Gauging will only get more urgent
levels of understanding and engagement
are a precondition for knowing how to edu-
cate and support.
Picking apart semantics
Discussions about personal data online
are awash with loosely defined terms such
as “privacy” and “cybersecurity”, “transpa-
rency” and “accountability”. Whilst in the
mouths of technology or policy experts the-
se words have a clearly defined meaning,
to many non-experts they summon only a
vague sense or feeling. Or mean different
things to different people.
This can quickly lead to people talking past
each other, and is a major obstacle for a con-
structive public discussion of these issues.
A central aim of this report is to discover
what members of particular groups mean
and understand by key terms, what defini-
tions and connotations come to mind. We
focused on three words in particular – pri-
vacy, transparency and trust – and sought
to find points of consensus or divergence in
the way people understand, think and talk
about these concepts.
Who cares? What about?
Beyond scratching away at what peop-
le know or understand by certain terms,
we sought to find out how seriously these
groups take such questions. Are they felt to
be important? Or an irritating distraction?
Or not worth bothering with at all? Which
aspects of these issues do people care
about?
People say actions speak louder than
words. We also tried to discover to what
extent professed engagement translated
into actual changes in behavior. How might
people’s perceptions about these issues in-
fluence their future choices?
Finally, we have tried, in both content and
presentation, to make this report as acces-
sible as possible – including to those with
little prior expertise around matters of digi-
tal data, or little prior knowledge about the
countries studied. This includes presenting
our findings within a broader context, by
drawing on other sources to give a fuller
picture. We hope the result is accessible
and engaging to anybody who also feels
these are issues worth thinking about.
The aim of this report
To maintain the
anonymity of our
interviewees,
we refer to them
only by initials in
what follows; the
online survey was
anonymous.
Part I: Introduction
10. 10
A moving target
interviews when the European Court of Ju-
stice upheld an individual’s “right to be for-
gotten” (see p. 18); the list could go on. Even
in the space of a few months, attitudes and
perceptions continue to develop.
That we’re trying to take a reading whilst
the ground is moving comes with the ter-
ritory. It’s therefore impossible to present
the objective and definitive situation in each
country (our limited resources and sample
size would also make such claims hubri-
stic). What we can do is offer an insight, a
snapshot of these influential groups’ per-
spectives at a certain moment. For this
group, these are valuable questions to ans-
wer for the reasons outlined above and, to
the best of our knowledge, this is the first
research trying to do so in a systematic way.
T
his subject matter is not standing
still. For one thing, digital technology
generally, and technologies for har-
vesting and analyzing data specifically, are
progressing and changing constantly. Mo-
reover, people’s perceptions of and attitudes
towards these topics – that is to say, the ob-
ject of study here – are arguably changing
even more rapidly, as public discourse tries
to catch up with the technology.
News stories play a significant role in sha-
ping these attitudes (exactly how significant
is among the questions we try to answer),
and fresh stories continue to emerge. Our
interviews in Brazil were already completed,
for example, by the time the NETmundial
conference took place in São Paulo (see
p. 12); as were almost all of our German
Part I: Introduction
11. 11
Brazil
Part II: Country Profiles
At the same time, though, Brazil is be-
coming a beacon in data privacy policy,
both internationally and domestically. In
September 2013, President Dilma Rousseff
gave a speech to the UN attacking spying
by US agencies 5
, and Brazil co-sponsored
a UN resolution on the “Right to Privacy in
the Internet Age”.6
In April 2014, São Paulo hosted NET-
mundia, a “global multi-stakeholder meet-
ing” on the future of internet governance.
This was the most concerted effort seen
so far to push the issue internationally. Ad-
mittedly, commentators such as Privacy In-
ternational and Index on Censorship were
disappointed with the results, which they
found to be watered-down and conserv-
ative.7
At the opening of the conference,
President Dilma signed into law Marco Civil
da Internet, the first national “Bill of Rights
for the Internet” anywhere in the world.
Our field research took place before the
conference, and whilst the details of the
Marco Civil were still being debated. In fact,
rather than its various measures on data
protection, it was the bill’s enshrining of the
principle of net neutrality that sparked the
most discussion and attention, because
this was opposed by telecommunication
companies.
These then-current political events were
rarely raised in our interviews. In fact, inter-
viewees were also in unanimous agreement
that they remained “elite topics”, and not
generally considered important beyond a
clique of political and civil society activists.
Brazil in 2014
Brazil is digitizing rapidly. The number of
broadband subscriptions has more than
doubled since 2009.1
It is also a startlingly
young country: of over 200m inhabitants,
more than half are aged 30 or below.2
A
combination of these two factors means
that a large portion of the population will to
some degree have grown up with the inter-
net – and specifically with web 2.0 services.
They are avid users of social media: only
the USA has more Facebook users than
Brazil.3
And on the whole, the users view
these products with enthusiasm and with-
out much (critical) media literacy.
Privacy
Brazilians have an established and
far-reaching culture of sharing. For instance,
in a time when many Brazilians lacked ac-
cess to basic services such as electricity
and water, improvised (and often illegal)
sharing of these between neighbors be-
came common. The name for this, “Gam-
biarra”, has come to denote such sharing
of services at the base of pyramid.4
And
there are reasons to suppose this mentality
of openness has flowed into people’ s atti-
tudes to privacy online.
Interviewees agreed that most don’t have
a problem with sharing personal informa-
tion such as their location and search data.
To put it differently, people when asked
would offer a fairly “conventional” definition
of privacy – along the lines of an individu-
al’s right to determine what information is
kept about them and how it is used. But
the way Brazilians use the internet does not
suggest it is a dominant priority.
12. 12
Part II: Country Profiles
Trust and transparency
Transparency was generally understood
to mean that a website or piece of software
makes it clear which data is being used and
how. Three interviewees went beyond this,
stipulating in addition that this information
must be presented in an accessible way.
P.M. suggests flowcharts which visualize
for the user what is happening to their data.
O.F. says: “Normally the important informa-
tion is there, but it is hidden behind a whole
load of less important information and so it
deliberately gets lost. The companies know
this and so do we. They should be more
open and direct.”
In practice, all interviewees agreed that
the public trusted companies much more
than they trust NGOs or the government.
Facebook and Google are not generally
seen as sinister or untrustworthy but rath-
er as innovative and inspirational brands.
(There are some exceptions: O.F. says: “I
don’t trust any company any more, and it
will take a lot of time to win that trust back.”)
More or less everybody we spoke to uses
at least some Google products.
This mistrust on NGOs and the govern-
ment is largely down to the fact that for
many decades the two have been work-
ing far too closely together and there have
been numerous scandals of corruption and
inefficiency. 8
In response, the government
seems to be cleaning up its act with regards
to transparency with a couple of pioneering
e-government projects. 9
CIVIL SOCIETY ORGANIZATIONS
Unfortunately, no such movement to-
wards transparency and encouraging par-
ticipation has been evident amongst the
bulk of Brazilian NGOs. Most local NGOs
are not particularly professionalized. They
lack expertise when it comes to privacy
protection and related issues. Even bigger
and more established organizations who
are more conscientious about such mat-
ters seem to lack a codified data handling
policy. The exceptions seem largely to be
the local branches of global organizations;
a large, predominantly internet-focused
campaigning organization we spoke to, for
instance, has its own national manager of
privacy and data protection issues.
There seems to be a growing awareness
amongst many in the social sector that the
nature of their work in civil society requires
an increasing level of transparency in their
digital activities. N.V. says: “Professional-
ly, everything I do is public. I work with so
many stakeholders and they need all the
information to do their work.” Similarly, O.F.
says: “We need to be open and collabora-
tive. Our work is based on building trust.”
Since 2011, all NGOs that receive gov-
ernment funding are required to actively
provide information about their finances,
organizational structure and the like. We
weren’t able to establish how well this
system is working, and to what extent it
is prompting organizations to be more ac-
countable. As noted, it does not yet seem
to have improved the general reputation of
NGOs.
Companies like Google
are much more trusted
than NGOs or the
government.
“We need to be open.
Our work is based on
building trust.”
– O.F.
13. 13
Part II: Country Profiles
What’s changed?
There was certainly a peak of public
and media attention last summer as the
Snowden revelations were unfolding (not
least when it was alleged that President Dil-
ma had had her personal phone tapped).
To look at the newspapers, it would seem
this interest has persisted: O Globo, Bra-
zil’s foremost paper, still contains fairly fre-
quent mentions of the terms “NSA” and
“Snowden”, and an exclusive interview with
Edward Snowden on the Fantastico current
affairs program in May generated consider-
able media excitement. 10
However, our in-
terviewees tell a different story, and describe
interest as short-lived, at least on the level of
the general public.
Within the social sector on the other hand,
there is some evidence, albeit anecdotal, of
increased awareness, specifically around
data security. We spoke to the founders of
a “School of Activism” who said they have
seen increasing concern on this issue.
Among the various courses they offer to
NGOs and activists, the workshops on data
security have been the most requested – so
much so that they had to organize five ad-
ditional courses last year to meet demand.
The interviewees typically did not adopt
new tools or change the software and
services they used due to privacy con-
siderations. Only two of them mentioned
encryption, for instance, and both were in
some way active in the area of digital priva-
cy. (Similarly in the online survey, only one
Brazilian respondent said they used email
encryption, the lowest rate of any country –
see p 32). Instead, people were more likely
to claim they had adapted their behavior so
as to use the same services as before but
in a more careful way. Several mentioned
habits such as not logging in when not nec-
essary, not using a Facebook-login to ac-
cess other sites, or being more reluctant to
upload photos and other data.
Summary
Whilst Brazilian politicians are leading the
world in terms of data privacy legislation,
the same engagement does not seem to
be reflected in other parts of the popula-
tion. In the social sector, and even more
so in the population at large, there is some
latent awareness of these issues, but it is
not a central topic of discussion and seems
to result in almost no practical action. The
attitude, in the words of D.M., is rather
“a mixture of resignation and not caring”.
Possible reasons for this include a young
population who are inclined to use online
services eagerly and uncritically, as well as
practices of sharing rooted in pre-internet
traditions.
14. 14
become extremely concerned about ac-
cusations of taking bribes or embezzling
funds. This is driven by the phenomenon of
Renrou Sousuo (literally: “search for human
flesh”), whereby an individual is publically
exposed online for violating social, legal
or moral norms, thanks to information ob-
tained digitally. The practice sits in a gray
area, both legally and morally, but has be-
come widespread. Hence this kind of per-
sonal information – for instance what kind
of watches or cars an individual owns – has
become socially explosive.
For ordinary members of the public and
people in civil society, protecting their pri-
vacy online simply isn’t an issue. On the
strength of our interviews, people mainly
seem to think in terms of protection from vi-
ruses, and perhaps to a much lesser extent
about data theft. When we asked about
special measures or software for safe-
guarding privacy, interviewees immediately
assumed we were talking about climbing
the wall (see box below).
There is unanimous acceptance in China
that the government will record and monitor
internet activity, to the point of resignation.
P.N. says: “Whatever the government wants
to know about you, they will find out [...] The
general attitude is that there’s nothing you
can do about data security, so let’s not be
China
“Everyone in China
knows their data
will be seen by the
government.” – L.F.
China in 2014
China’s status as an emerging super
-power, not only in the economic and polit-
ical but also the digital domain, is unques-
tionable. It has by far the highest number
of internet users of any country – an esti-
mated 621 million.11
The population’s re-
lationship with the internet is complex and
deeply rooted in socio-political tensions
and transformations.
China presents a real challenge to the idea
of the internet as a global, and globalizing
phenomenon. Firstly, because the internet
that most people have access to is strict-
ly policed by means of a state-imposed
firewall (see box below). And secondly,
because the way the internet is used – in
terms of the most popular sites and soft-
ware, and in terms of culture and behavioral
norms developing around it – are so far re-
moved from other parts of the world.
Privacy
The very concept of personal privacy in
China is different from the model found in
Western liberal democracies. Traditional
ascriptions of identity at a collective level,
such as the family, are evolving into a more
“individualized” understanding, according
to some scholars.12
However, individual
privacy as a value deserving of protection
remains a fairly new concept. The concept
has nevertheless become widely used and
refers to a person’s intimate sphere: family
information, address, where children go to
school, and financial information.
The latter has become an extremely sen-
sitive topic amongst economic and social
elites. Public officials in particular have
Part II: Country Profiles
15. 15
Part II: Country Profiles
formulas to financial scams and corrupt of-
ficials, is ubiquitous, trust in organizations
such as businesses, hotels, restaurants
etc, is very low. In response to this, mul-
tiple systems of government certification,
including brass plates put up outside the
establishment, provide some indication of
trustworthiness (despite some skepticism
about the process).
NGOs are widely mistrusted – see below.
General opinion of foreign companies
such as Google is not clear, although they
are generally more trusted than their do-
mestic counterparts. Google specifically
has gained a lot of fans within a niche user
group, where it has been seen as a hero
since refusing the government’s demands
to filter search results.
Immediacy in communication is extremely
important to users, and real-time commu-
nication is much more widely used than in
the West, both in personal and professional
settings. This is in large part a question of
trust: people are less trusting of automated
processes and services, believing that di-
rect personal contact is the best way to get
things done. People use email much less,
and trust its effectiveness much less – rightly
so because many people never respond.
Civil society organizations
Civil society organziations are widely
viewed with suspicion, after numerous
high-profile scandals.14
Many NGOs today
are attempting to (re)establish trust by pro-
viding highly detailed proof of their work and
how funds are being used. For example, all
donors to the charity Free Lunch receive a
daily text message detailing precisely how
many meals were provided and what was
served.
Most social enterprises, NGOs and
foundations seem to have formalized a
data handling policy. Larger organizations
and companies have very detailed and
too worried about it”. G.Y. says: “There is
no way to avoid the government looking in.
I will just say the same thing within private
and public.” Even in the hacker community,
although there might be more of a fighting
spirit, very few think they can really protect
themselves against surveillance or that it’s
worth the effort.
The question of personal data protec-
tion did arise in a spat between two of the
country’s digital giants in 2010. Qihu 360
accused QQ, one of the most popular in-
stant messaging platforms in China, of
collecting users’ private data and moni-
toring their computers. Qihu developed a
free patch which let users disable some of
QQ’s features, and QQ retaliated by mak-
ing their software incompatible with that of
Qihu 360, forcing users to choose between
them. Following government pressure, the
two companies stepped down from their
battle, but the flickering debate around pri-
vacy was left unresolved.13
Trust and transparency
When asked about transparency, our
interviewees talked exclusively about fi-
nancial transparency and not about a data
transparency policy. Why? There is simply
no public discourse about this topic.
As such, trust in a website is couched
not in terms of data transparency but rather
whether or not the site is real, in the sense of
offering real services and information rather
than a fake or scam. This is judged partly by
advice and recommendations from friends,
and partly by the level of usage. W.J., who
works for a donation platform says: “the
main criteria for trust is whether there are
a lot of people using it. That’s why it’s so
important that our site looks so full. Trust
is established not only by people donating,
but by people watching their friends do so.”
Since fear of being cheated in all sorts of
ways, from fake foods and poisonous baby
16. 16
Part II: Country Profiles
strictly guarded policies (so they say). But
all agreed that giving or selling data to third
parties isn’t good practice. We spoke to a
large crowdsourcing platform which sends
all users a statement about their data, con-
firming it will not be used by third parties.
What’s changed?
The Snowden/NSA stories were reported
in the Chinese media, but they fit in as just a
part of a much broader narrative of internet
politics. In the state media, the revelations
were treated as evidence of US hypocrisy
on cyber-theft and hacking (the general
tenor being that the US likes to complain
about Chinese hackers, but in reality every
body is at it).
Since then, the government has used
arguments of this kind to ratchet up a dis-
course of cyber-protection and vigilance –
with volume peaking when hackers linked
to the Chinese military were indicted by a
US court in May 2014.15
Many interpret this
as a ploy by the state to justify and extend
their practices of surveillance; others have
claimed it has more to do with protecting
Chinese business interests. In April 2014
the government held a “Cybersecurity Day”
Wall-Climbing
In 2003 the Chinese government first implemented the Golden Shield Project (金盾工
程), a censorship and surveillance project which restricts the internet sites accessible
from within the country. A primary purpose is to restrict access to information the
government deems threatening or inflammatory, such as about human rights activ-
ism and political dissidents. Perhaps unsurprisingly, it has become more commonly
known as “The Great Firewall of China”, or simply “the wall”.
It is public knowledge that the wall exists, and that strategies exist that let one “climb
the wall” and access the (truly) World Wide Web beyond, often involving the use of
proxy servers. Climbing the wall is fairly common amongst educated Chinese in-
ternet users, and in some circles is a kind of badge of honor. Admittedly, it seems
people may be climbing the wall less than they used to as more and more information
becomes available in Chinese. But certainly amongst university students and digital
professionals, wall-climbing is normal.
in Beijing, but this seems to have been
more a gesture than a genuine campaign
for awareness.
Summary
The framing of issues of online privacy
and transparency – and indeed of the in-
ternet more broadly – is fundamentally dif-
ferent in China than in other countries. In
in civil society as we encountered it, and
the wider population, it seems that issues
of government surveillance and commercial
data mining are not much thought about or
discussed. Instead, concern focuses on
protection either from viruses that cause
direct harm or activities that cause direct
financial loss such as theft of banking in-
formation, fake sites or scams. A notable
exception is personal information about
senior officials and people in positions of
power, which may be used against them
in online “human flesh searches” – on ei
ther side, people have become passionate
about respectively unearthing or suppress-
ing such data. Government surveillance
of the internet is universally accepted as
inevitable.
17. 17
Part II: Country Profiles
Germany in 2014
As a highly developed and prosperous
European economy, uptake of digital tech-
nology is more established and widespread
than in the other countries in this study. A
large majority of the population – 84 percent
– uses the internet.16
But since the popula-
tion is older (meaning proportionally fewer
Digital Natives), we might expect them to
approach technology more cautiously or
critically.
Privacy
Our interviewees were clearly concerned
not only with the amount of information
about them that has been digitized, but
also feel vulnerable about its potential to be
used by others with questionable motives.
Half said they felt transparent or “glassy”
(“gläsern”) – an idiomatic German phrase
expressing that one can be seen through
by anybody who wants to know anything
about you.
It is clear that the majority feel they cur-
rently have unsatisfactory levels of privacy
online and that they would prefer to use the
internet anonymously or, as G.S. says, “be
left alone”.
Germans are comparatively sensitive
on matters of individual liberty and priva-
cy. This may be in part traceable to their
twentieth-century experience of oppressive
regimes. Until the 1990s, state surveillance
of citizens in what was then East Germany
was extensive, leaving greater awareness
of the dangers posed in the collective con-
sciousness even today.17
Certainly in the aftermath of the NSA
revelations in 2013, outrage was fiercer in
Germany than most other countries. This
sentiment was only exacerbated when it
was alleged that the phone of Chancellor
Merkel, a popular figure, had been tapped
by American security services.18
Even many
months after the first revelations, it contin-
ues to be a frequent topic in the German
press, and proves an ongoing point of ten-
sion in German-US relations. Prominent
journalist Holger Stark criticised the Ger-
man government for reacting to the crisis
so diplomatically, calling it a threat to the
foundations of democracy. 19
The Pirate Party (Piratenpartei), an inter-
national political movement campaigning
for individual privacy and rights online,
has had its greatest success in Germany,
winning seats in several regional elections,
though its popularity has declined and its
future is unclear. 20
The legal situation is in flux. Germany
has a Federal Data Protection Act, which
is drawn from clauses in the constitution
securing personal rights. But Germany is
also subject to regulation on a European
level, such as the European Commission’s
planned General Data Protection Regula-
tion (GDPR) 21
and the European Court of
Justice’s “right to be forgotten” ruling in
May 2014. 22
Germany
The majority of
interviewees feel
they currently have
unsatisfactory levels of
privacy online.
18. 18
Part II: Country Profiles
Several interviewees said they had to ac-
cept a trade-off of paying for services with
their data rather than money. However a re-
cent study showed that Germans, relative
to other nationalities, are unwilling to make
such a trade (see p. 21–22).
Most were critical of their own behavior
to some degree, saying that they could and
should do more to safeguard their own pri-
vacy. If this suggests people believe these
matters are the responsibility of the indi-
vidual, other statements point in the other
direction. J.P. sees data security as “a po-
litical-structural problem and not necessar-
ily based on the user’s responsibility”. F.R.
also feels that the government is not doing
enough on the issue.
Two interviewees say they have a feeling
of relative protection in Germany, and oth-
ers say they prefer German email providers
to American ones, believing them to be
more secure.
Trust and transparency
Trust and transparency are often men-
tioned in the same instance; S.P. says
“transparency is one component of trust”.
Transparency is also clearly related to per-
sonal data, S.P.’s contention that “transpar-
ency stands for being able to review things
that are related to me” reflects the general
view.
Nearly all interviewees felt that compa-
nies did not offer high enough levels of
transparency. S.S. accuses them of “trying
to maintain an image of trustworthiness
whilst not acting trustworthily”. A.I. sug-
gests that to be trustworthy, a company
would have to go beyond what is legally
required in terms of transparency.
The NSA scandal did considerable dam-
age to the trustworthiness of government
in the eyes of the interviewees (note the
interviews took place before further claims
of German cooperation with American
security services). 23
J.P. talks explicitly of
protection not just by but also from the
government.
Only a minority (two interviewees) were
less critical when it came to government
surveillance, saying that its purpose is to
prevent terrorism and they personally had
nothing to hide.
All of this leaves interviewees uncertain
which of the two – governments or corpo-
ration – they can trust more, seeing both as
unsatisfactory.
As a source of information about soft-
ware, interviewees clearly trust friends and
colleagues above all. Some mentioned oth-
er sources, such as the specialist magazine
Gründerszene.
civil society organizations
All interviewees were aware that their or-
ganization had a data handling policy in
place. Requests or questions by users or
beneficiaries regarding data handling were
not common, but all interviewees said they
would be willing to meet with such requests.
Interviewees generally agreed that it was
important for civil society organizations to
appear transparent, which M.S. and G.S.
both said “simply means being transparent.”
One of the organizations we spoke to
provides a service where users write their
own profile, meaning the user is in control
of what data is collected and what is made
public. Another organization uses data for
Interviewees were
unsure of who they
can trust more
between government
and corporations
– seeing both as
unsatisfactory.
19. 19
Part II: Country Profiles
research and analysis, but with a policy
of not saving IP-addresses to ensure that
data remains anonymous.
What’s changed?
All interviewees were well aware of the
NSA revelations and surrounding contro-
versies, although some said the revela-
tions had only confirmed what they already
suspected. All interviewees now assume
that their online communication is, or can
be made visible and adapt their behavior
accordingly.
J.P. uses TOR, Bitcoin, PGP, TextSecure,
Threema and DuckDuckGo, in an attempt
to leave as few traces as possible online.
Two other interviewees said they had un-
installed the Facebook app because it de-
manded too much data.
However, more common than switching
to different software, is a strategy of with-
holding personal information, providing
only the minimum amount. Every person
we interviewed claimed to do this.
At a certain point, such action runs up
against the convenience of these tools.
The sale of WhatsApp to Facebook was
a much-cited example in the interviews,
and many said that although they felt they
should stop using it, they had not done so
because their contacts had stayed with the
service.
Summary
On the whole the interviewees had a high
level of privacy awareness online. In terms
of how they acted on this knowledge, the
group divided roughly in half, with one set
of advanced users employing various tools
to protect their privacy as much as possi-
ble, and the other half either unsure what
action they should take or sticking with
the same tools and practices for the sake
of sheer convenience – albeit often with a
bad conscience. Many said they wished
for more protection from the government
or other institutions, but there was also a
clear sense that the individual bears some
responsibility for protecting him- or herself.
20. 20
Part II: Country Profiles
enshrines various kinds of freedom, but
there is no legislation specifically protecting
citizens’ privacy when it comes to digital
data. 25
This means the government was
able to introduce a Central Monitoring
System in 2013 which tracks all domestic
internet traffic and well as email content
and mobile phone activity. 26
It’s not yet
clear what this data will be used for, and
although some activists made vocal their
opposition, it received little attention in the
mass media and none of our interviewees
brought up the subject.
A.S. echoes several other interviewees
when she says “for me privacy is intrinsi-
cally tied to security”, implying that they see
more risk from external appropriation by
hackers for instance, than misuse by those
that collected the data. R.S. took a different
perspective, arguing that unjust appropria-
tion and selling of data was more a prob-
lem of corruption than security. R.J. cited
as an important requirement for trusting a
piece of software that it could not easily be
hacked.
Possible abuse of banking information was
the greatest cause for concern, not only due
to risks of fraud and theft but also because
of the sensitivity of the information.
A 2013 survey found people in India most
prepared of the 15 countries examined to
“trade privacy for convenience” (Germans
India
“Privacy is intrinsically
linked to security.”
– A.S.
India in 2014
Economically, and specifically in terms
of digital technology, India is much tout-
ed as a rising giant. The country’s “digital
elite” comfortably keeps pace with Western
counterparts, with the latest smartphones
and laptops, as well as world-class exper-
tise. However, this elite is increasingly re-
moved from the majority of the 1.2 billion
population, of which only 16 percent use
the internet. 24
In the coming years, this gap
may narrow as mass availability and uptake
of cheap smartphones drive up usage.
Privacy
Conceptions of privacy varied between
respondents. Most framed their answers in
terms of access to personal data, but some
felt it important to actively restrict who had
access to which data, while others adopted
the more passive stance of simply wanting
to know and have their permission asked.
R.J. defined privacy as follows: “that [data]
is not used in that sense for a commercial
gain, without the permission of the people
who are going to be involved.”
Our interviewees were essentially unani-
mous in claiming they held privacy to be very
important – only one said he was not con-
cerned about the privacy of his online data.
However, this abstract awareness of the
issue seems in large part not to translate
into users becoming better informed and
acting accordingly. Three interviewees de-
scribe themselves as “digitally illiterate” and
several say they should make more effort to
secure their data.
This ambivalence also plays out on a legal
level. In principle, the national constitution
21. 21
Part II: Country Profiles
were the least prepared to do so). 27
From
our interviews there was some reason to
believe that the same mindset is shared by
our sample group. Two interviewees gave
responses couched explicitly in terms of
a “trade-off” between privacy (in terms of
handing over data) and value.
Trust and transparency
Although Indian interviewees were cer-
tainly aware that their personal information
was frequently being passed on, most
stated that they do not understand the pro-
cesses or motives involved. Their under-
standing of transparency seems to come
down largely to this point: not only which
data is used and when, but also why.
This is most concretely shown in regard
to advertisements. Interviewees sensed
that the targeted advertising they received
stood in some relation to personal data, but
the opaque process leading from one to the
other was identified as a case of intranspar-
ency by nearly all interviewees. Google is
viewed particularly negatively in this regard.
Whether or not interviewees trust a par-
ticular piece of software often seems to
have a large intuitive element. Many of them
recounted personal anecdotes of experi-
ences that caused them to lose trust. When
G.G. connected with somebody named
Sarah on LinkedIn and was suggested
other people with the same forename, his
first reaction was bemusement, finding it
“stupid”, but said the experience had also
diminished his trust in LinkedIn.
Interviewees above all said they trusted
their social network – friends, families and
colleagues – as sources of information on
the data credentials of different software
programs, with only two mentioning online
ratings services or forums: A.S. says “For
me, it depends on the trust in people who
recommended it [the software]”.
Civil society organizations
Interviewees generally took more care
with data protection when using other
people‘s data in their line of work than
their own – highlighting email addresses
and bank details as especially important to
protect.
All of them said their organizations had a
data handling policy and several cited spe-
cific technical measures such as software
that manages the bank details of donors
whilst preventing employees of the organ-
ization from accessing them. Nearly all of
them knew the location of the servers they
used for data storage.
Disclosure of the religious affiliation of an
organization’s beneficiaries was a major
worry amongst several interviewees. This
seems to be an extremely charged topic in
India with various forces (we weren’t able
to establish very clearly who) agitating for
or against preferential support for different
religious groups. Some went so far as to
say disclosure of this information would be
“dangerous”.
Regarding transparency, several inter-
viewees talked about the legal and moral
obligations of social organizations working
with public money to be more open and
transparent. R.J. said: “In the private sector
a lot of expenditure is incurred in trying to
ensure the privacy of the data remained,
and that it does not go into the public do-
main. That is not applicable when it comes
to organizations which use public money.“
Disclosing the
religious affiliation
of an organization’s
beneficiaries would be
“dangerous”.
22. 22
Part II: Country Profiles
What’s changed?
When asked about changes in their atti-
tude over the past two years, nearly all in-
terviewees agreed that they have become
more aware of potential dangers online, but
only four out of ten referred specifically to
media coverage of the NSA and Edward
Snowden.
Certainly these stories have been exten-
sively covered by the major Indian newspa-
pers. However, in general the media seems
to treat the subject of technology with a
certain tone of optimism.
The extent to which this increased
awareness has translated into changes in
behavior varies. Two interviewees use the
email encryption software TextSecure and
one uses SnapChat specifically to prevent
tracking. But adopting alternative software
does not seem to be a common strategy.
Although Google applications were most
frequently cited as services people were
cautious of, only one said they had adopt-
ed an alternative service (DuckDuckGo).
This might have to do not only with being
uninformed but also a kind of widespread
cynicism. K.J. recalls: “WhatsApp was
acquired by Facebook and a lot of people
said: ‘let’s move to Telegram’, and it turns
out Telegram’s promises were not true
either.” Two interviewees stopped using
Facebook, but in the absence of adequate
alternatives sooner or later started using it
again.
More common is choosing to withhold
certain information – particularly bank de-
tails – in digital activity, and refusing to in-
stall software which appears to demand
too much data intrusion.
Summary
Data privacy and transparency are re-
garded as important topics by almost all of
our Indian interviewees, and are taken all
the more seriously in the context of their
professional work. There is a moderate
awareness of data mining practices, which
tend to be viewed critically. But these rel-
atively new concerns are outweighed (and
perhaps to some degree mixed up with)
cybersecurity fears more broadly: hackers,
fraudsters, and parties who would seek to
use information about an organization to
discredit it on political grounds. Only a cou-
ple of interviewees with prior expertise on
these issues had developed a clear strate-
gy to protect their data; the majority might
behave slightly more discreetly online, but
seem more prepared to accept a “trade-
off” of privacy against receiving quality ser-
vices free of charge.
23. 23
Part II: Country Profiles
Indonesia in 2014
Since the fall of the authoritarian “New Or-
der Regime” under Suharto in 1998, Indone-
sia has been on a trajectory of rapid change.
On a political level, there has been a con-
certed shift towards democracy and greater
transparency. Economically there has been
strong growth. 28
This change has also in-
cluded society enthusiastically embracing
digital technology, smartphones, the internet
and – above all – social media. Indonesians,
at least in the major cities, tweet fanatically
and use WhatsApp incessantly.
INDONESIA’S ATYPICAL CIVIL
SOCIETY
Because the country was closed off until
so recently, a social sector and civil society
as such are now emerging for the first time,
and with a very different composition to the
model that has developed in other coun-
tries. Few Indonesian NGOs fit the mould
familiar in Western countries. More prevalent
are loose-knit and more or less informal net-
works of activists and individuals engaging
and campaigning around a particular issue.29
This structural variation, or at least the
extent of it, was a surprising finding of our
research. In the context of the current study
it poses some challenges for our analysis,
since not only is the group being examined
different from the other countries, it also
stands in a somewhat different relationship
to society at large. Just over half of our in-
terview partners belong to this new breed
of informal network organization, which
tend to be tech-savvy, with generally high
levels of awareness around the topics of
this report. (Although anonymous, the bulk
of survey responses appear to have come
from this group.) The interviewees were at
pains to point out that their views were not
the norm amongst the general population,
or indeed other parts of the social sector.
In what follows we try to counteract this
inadvertent selection bias and present a
more general picture of the sector and pop-
ulation as we perceive it to be.
Privacy
The enormous propensity in Indonesia to
share, noted above, doubtless has some
cultural roots. As in other Asian societies,
identity has traditionally been conferred
more strongly by family and ethnicity than in
more individualistic Western cultures. And
in part it’s the exuberance of being able to
speak so freely; D.B. says: “since the end
of the dictatorship, people just love to talk
– a lot!”
When it comes to the importance of pri-
vacy in online activities, our interviewees
gave the impression that Indonesians were
neither especially informed nor concerned.
“Yes, it’s important to us,” said D.S., “but
we don’t think about it a lot.” A.S. says: “
[Data] security is not a big issue for us now”.
Those that were themselves engaged with
the topic were clear that this put them in a
minority; in the words of one: “Indonesians
are simply not interested in a private sphere
online.”
Indonesia
“Data security is not a
big issue for us now.”
– A.S.
24. 24
Part II: Country Profiles
When using services such as Google and
Facebook, people seem to have very few
qualms about entering personal data, in-
stead enthusing about getting so many qual-
ity services free of charge. “I heard that some
people take this [privacy] quite seriously,”
says D.S., “but up until now me and a lot of
my friends just think that it’s useful for Google
to increase and improve their own services.”
Although government transparency is an
important issue in civil society (see below),
government surveillance was barely men-
tioned by interviewees as a potential danger.
Instead, M.R. mentioned a concern with
keeping their data private from journalists.
He said that as a public figure, he didn’t
want people talking about his private life.
We were assured by two of the activists who
are more familiar with these topics that the
great majority of Indonesians would be unwill-
ing to pay for a service on the grounds that it
offered greater privacy protection, not if there
were a free (but less private) version available.
Security, rather than personal privacy, is
an issue gradually gaining in importance,
particularly in online banking and com-
merce. B.R., who has worked advising
banks on this topic, says: “The demand for
more data security is growing, but not as
quickly as we were anticipating.”
Trust and transparency
Google in particular seems to enjoy a high
level of trust – people either believe or assume
that it must be taking care of data privacy in
a satisfactory way. P.S. says: “I use Gmail,
which handles all the privacy issues automat-
ically. We assume that popular services like
Drive and Dropbox handle privacy quite well.”
D.S. said he trusts Google because it sends
you a notification telling you whether there is
any unusual activity with the account. How
ever, the most frequently cited criterion for
trustworthiness is how widely used a service
is: “If many people use it, then I trust it,” says
P.S.. Several interviewees also mentioned as
a criteria of both transparency and trust that a
service has a clear disclaimer about data use.
Trust is also strongly connected with hav-
ing direct contact with a human, rather than
solely with automated processes. Many In-
donesians refuse to engage in (purely) online
shopping for fear that it is a scam, but will
instead browse goods online and then estab-
lish contact with a salesperson by telephone
or instant messaging to carry out the transac-
tion. Similarly, people place great importance
on personal recommendations and advice
from friends and colleagues when deciding
which software and services to use.
When it comes to the government, things
are different. Government accountability and
transparency is the single most dominant
topic of civil society. H.T. says: “The topic
which almost everybody engages with is the
fight against corruption”.
NGOs seem not to be very widely trusted
– to the extent that conventional NGOs exist
(see below).
civil society organizations
In terms of a data privacy policy, the few
large international NGOs – WWF, Greenpeace
and the like – bring one with them, drawn up
in the headquarters overseas.
Smaller groups do not have them. In many
cases, developing an official data privacy
policy had clearly not registered as a con-
cern – indeed the very concept seemed
to be an unfamiliar one. When asked why,
interviewees either said they had too little
time for such things, or simply stated it was
not an active concern, V.M. says: “We don’t
think about that [...] the concern is rather
producing the data.”
The networked campaigning organiza-
tions with, as discussed, a greater aware-
ness of potential dangers of data gave
different answers. Their work is, they said,
outward-facing: their aim is to connect and
25. 25
Part II: Country Profiles
mobilize. Their activities, combined with
their structures of decentralized networks
often operating through social media,
means that at no stage do they end up ac-
cumulating data which might be sensitive
– so the question of safe internal processes
doesn’t arise in the same way.
One notable example we spoke to was a
group campaigning for minority rights, who
collected sensitive data, for instance about
the identities of activists, and went to some
lengths to protect it. This is consistent with
a very pragmatic interpretation of people’s
attitudes: they are not engaged because
they cannot see the relevance for them in
issues of data privacy; in the cases that the
relevance becomes more acute, people’s
reaction is to inform themselves and modify
their behavior.
What’s changed?
A search through online archives of na-
tional English-language newspapers turns
up no shortage of articles reporting on the
NSA/Snowden story. However, although
most people are vaguely aware of the story,
the majority seems indifferent. D.S. says: “I
didn’t really read about it, but I heard peo-
ple talking about Microsoft working with
the CIA and things like that…but it doesn’t
impact us now.”
B.R. said that in recent months Indo-
nesians have been more aware and con-
cerned about issues of privacy, but cited
more apprehension of aggressive adver-
tising rather than data’s influence on news
stories or public discourse. One such inter-
viewee said this had caused him to “sig-
nificantly reduce” the amount that he used
Facebook.
Summary
There is a divide, unique to Indonesia,
within our working definition of civil soci-
ety. On the one side there are NGOs and
“conventional” civil society organizations,
and these are much less established than
elsewhere. On the other side is this phe-
nomenon of networked, decentralized
groups campaigning and mobilizing around
particular issues. The latter group is often
considerably better informed and more
engaged with data privacy and transparen-
cy, but universally report that these remain
niche topics, in which the vast majority of
the population has little or no interest. They
share this with the former group of conven-
tional CSOs. These seem to know little and
care little about questions of data privacy,
showing concern only when perceived
threats are immediate and direct, such as
a personal criticism from journalists. Trans-
parency tends to be understood in terms of
political accountability, and in this sense it
is something most people care passionate-
ly about. By contrast, transparency seems
not to be talked about in terms of the in-
ternet or digital data. When using the inter-
net, people have no problem with handing
over data to service providers (to the extent
that they really considered that this was
taking place): indeed in the case of Google
in particular, users welcomed the fact that
the company was trying to optimize their
services and offer them free of charge. Big-
name brands such as Google, Facebook
and Twitter enjoy a very positive reputation,
both in general and on questions of data
specifically, where majority opinion seems
to be that they take these issues seriously
and (presumably) act appropriately.
“I didn’t really read about
it, but I heard people talking
about Microsoft working
with the CIA and things
like that… but it doesn’t
impact us now.” – D.S.
26. 26
How do they define privacy?
Our interviews began by posing a simple
question: “How do you understand privacy
in an online context?” It was clear that the
majority of people did not have a concise
understanding to hand – it wasn’t a question
they had really asked themselves. Answers
were given broadly along similar lines, with
little variation between countries. Almost
everybody answered that it was a question
of who had access to their personal infor-
mation (a few immediately began to speak in
terms of “data”) or could see their online ac-
tivity. The most commonly given criterion for
achieving or securing privacy was restricting
(forcibly if necessary) who had such access,
but several people formulated it more mildly,
instead talking about the user being made
aware at all times who had access to what.
Taken as a whole, our interviews support
the conclusion that a basic understanding
of privacy is shared across different groups
and nationalities. As noted above, this indi-
vidualized conception of privacy has taken
hold much more recently in China and Indo-
nesia than, say, Germany; and the fact that
a fundamental understanding exists in the
different cultures of course doesn’t mean
everyone attaches the same importance to
the concept.
How much do they care?
Asked how important they felt privacy on-
line to be, not a single survey responded
with “Not at all important”. Two thirds said
it was very important, and one third some-
what important.
Whilst this clear result is worth noting,
we gained a more nuanced understanding
from our interviews. In China and Indone-
sia, for example, our research suggests
that with the exception of a small engaged
minority, the social sector and the popula-
tion at large is not actively concerned with
protecting their privacy online. Germany,
and to a lesser extent India, represent the
opposite: the desire to protect personal
privacy and awareness of possible threats
to it are fairly high among those we spoke
to. Finally, Brazil seems to fall somewhere
between these two camps, with privacy
campaigning still considered a minority or
“elite” concern. This came as a surprise,
given that on an international political level,
Brazil is a leading light for tighter internet
governance. 30
What do they want to be
protected from?
In our questions we asked about protect-
ing data and privacy, purposely leaving open
the question of protection from whom.
Resisting data mining by big companies
and large-scale government surveillance
seems to be a broadly held concern in Ger-
many, with nearly all answers couched in
such terms. In India concern is also broad
but perhaps slightly less keenly felt. How
ever, in Indonesia and Brazil, such concern
seems to be limited to niche interest groups.
Targeted advertising was the most com-
monly named factor making people aware
that their data was being used (and most
seemed to find it objectionable with some
perceiving it as “aggressive”). A non-negligi-
ble minority, though, were unconcerned and
thought it good that Google et al improve
their services through data analysis.
How do people think
about privacy?
Part III: Comparative Analysis
27. 27
But perceived threats do not stop at data
miners and state spies. Often people re-
sponded in terms of protection from vari-
ous malicious hackers and fraudsters. This
was the main thrust in China, where sur-
veillance is accepted as a given, but these
themes cropped up in India and Indonesia
too. Indeed, interviewees fairly regularly
started talking about anti-virus software
and malware, suggesting that all issues
which might fall under the umbrella “cyber-
security” – data privacy alongside hacking
and viruses – are closely connected or even
conflated in people’s minds.
Which data do they want to
protect and why?
In addition to general concerns outlined
above, in some circumstances, people feel
vulnerable to particular threats and certain
kinds of data become extremely sensitive.
A striking example is the Chinese officials at
risk of “human flesh searches” (see p. 14),
who closely guard information about their
wealth or indicators of it, such as where
their children go to school, the cars and
watches they own, and so on.
Some people we spoke to felt a duty to
protect sensitive data collected by their or-
ganization in the context of their work. In
some cases the sensitivity is obvious, such
as the Indonesian group campaigning for
minority rights. Other instances came as
surprises, such as the fact that in India the
religious affiliation of the beneficiaries of
a program can become highly politically
charged and can be used to criticize or dis-
credit the organization’s work.
Where the objection was not so directly
pragmatic and more principled – that is,
based on a general sense that one’s per-
sonal data should not be monitored and
stored – the conclusion was unsurprising:
the more personal and more detailed the
information, the more people cared about
protecting it.
For example, protection of banking data
was mentioned repeatedly in all countries,
not only for the obvious reason of prevent-
ing fraud but also because how a person
spends their money is felt to be highly per-
sonal information.
Survey respondents were asked how
much they cared about different kinds of
information being visible only to them. Their
responses are shown in chart 1.
Part III: Comparative Analysis
20
%
40
60
80
100
Chart 1: How important is it that this data is available only to you?
Browsing
history
Your location Searches you
perform
Content of
your e-mail
Content of
your chat
Not at all
Somewhat
Very
See note on charts below
28. 28
Privacy in email content is most cherished
with 94 percent calling it very important, fol-
lowed by chat content, ranked very import-
ant by 82 percent. Respondents were less
concerned about the other three categories,
with just under half marking them very im-
portant.
There was minimal variation between
countries in the responses, with the coun-
try averages very close together. The small
number of relatively blasé individuals – that
is, people who said they were less con-
cerned – were scattered evenly between
countries. The converse – that is, individu-
als who answered “very important” to every
question, about one fifth of all respondents
– were also present in all countries, but most
concentrated in China. (This came as a sur-
prise, given that we concluded from our in-
terviews people in China accept surveillance
as inevitable – see p. 16.)
When asked a corresponding question
about data from mobile phones, the ans-
wers followed the same pattern: the content
of the calls was the most important, data
such as location less so (although by no
means unimportant).
Are their opinions changing?
By a margin of two to one, people said
that there had been a change in their attitu-
de over the past two years.
%
20
40
60
80
100
Chart 2: Has there been a change in your attitude in the past two years?
Brazil China Germany India Indonesia Total
No Change
Change
Part III: Comparative Analysis
See note on charts below
29. 29
People who gave an affirmative answer
were asked what had caused this chan-
ge – see chart 3. Personal experience was
the most commonly cited reason for this
(and from our interviews we interpret this to
be primarily awareness of targeted adver-
tising). In close second place were media
reports.
Interestingly, Germans were much more
swayed than all other nationalities by media
reports – these were cited as a reason by
every German respondent.
Chart 3: What caused the change in attitude?
Personal experience
Media reports
Friends and Family
Company
Part III: Comparative Analysis
See note on charts below
30. 30
U
nlike “privacy”, asking people about
“transparency” highlighted differenc-
es even on the level of initial and fun-
damental understanding. In China for ex-
ample, interviewees tended to start talking
about financial transparency: it seems that
the concept of data transparency is simply
absent from the popular discourse in that
country.
Brazil and Germany shared a broad un-
derstanding of what it meant to be trans-
parent: disclosing to the user of a service
which information about them will be used
for what. Interviewees in those countries
generally felt the topic to be important. In
both countries an additional caveat was
raised several times: it is not enough, many
people insisted, to merely disclose a pol
icy in an incomprehensible or inaccessible
way, e.g. tucked away in a long “Conditions
of Use” agreement; genuine transparency
also entails presenting this information in
an legible way and making it accessible
to users. German interviewees felt most
strongly that many service providers today
offered inadequate transparency, which for
them was an important factor in mistrusting
these providers.
In India the emphasis was slightly differ-
ent. Several interviewees expressed puz-
zlement about the motives of those collect-
ing and using their data. For these people,
transparency involves disclosing not just
the “who” and “which” questions of data
collection and use, but also the “how” and
“why”.
In Indonesia, attitudes among those in-
terviewed are rather bipolar. In terms of
government accountability and exposing
corruption, transparency is a massive issue
which everyone seems to feel passionate
about. However, this zealous demand for
transparency seems not to extend to on-
line service providers. Instead, most peo-
ple seem content to accept or assume that
companies such as Google take these is-
sues seriously and do the right thing.
How do people think
about transparency?
Part III: Comparative Analysis
31. 31
F
rom our interviews we drew a detailed
impression of how much the people
we spoke to cared about privacy and
transparency, and what issues were of parti-
cular concern. But actions are supposed to
speak louder than words. So were people’s
concerns reflected in their online behavior?
What measures do they take?
Our interviews produced plenty of an-
ecdotal evidence about measures people
take to protect their privacy. The survey also
asked about specific measures.
Starting with the most basic measures,
more than 85 percent of respondents across
all countries delete cookies from their brows-
er. Use of the “private mode” in the browser is
also fairly widespread in all countries; nearly
half of respondents claim to do this.
On email encryption, a more varied pic-
ture emerges. Indonesian respondents
were way ahead with half saying they en-
crypt their communication, 31
compared to
around a quarter in other countries. Ho-
wever, there is more appetite: many peo-
ple selected the option “no, but I would if
encryption services were easily available”.
Overall two-thirds of respondents either
do encrypt or would like to. This is hig-
hest in Germany and Indonesia, at over 80
percent; Indians were more indifferent with
more than half uninterested.
With anonymous browsing a similar pic-
ture: 69 percent of Indonesian respon-
dents said they had used a proxy server
or Tor, compared with only 16 percent of
Indians; the other countries polled around
30 percent.
It’s worth reiterating a recurring lesson
from our interviews, namely that some be-
havioral change – quite possibly most of it
– is of a more subtle kind and not picked up
by this sort of question. Many interviewees
described how they had started using a ser-
How do people behave
online?
%
20
40
60
80
100
Chart 4: Measures individuals take to protect their privacy online.
Delete Cookies
Encrypt emails,
or would if easy
Browse anonymously
Brazil China Germany India Indonesia
Part III: Comparative Analysis
See note on charts below
32. 32
vice like Facebook more discreetly, by being
more sparing with the data they uploaded,
or refusing to use Google or Facebook to
log in to other sites. A handful of respon-
dents even said that for truly sensitive infor-
mation they would now prefer communica-
ting face-to-face or over the phone.
Is your name really
washingtonirving2000?
Using a fake name when posting com-
ments online may not be a very sophisti-
cated strategy, but is effective at protecting
some (not all) kinds of privacy, and, mo-
reover, demonstrates a personal attitude
towards whether an individual wants to be
anonymous when they are online.
The majority of survey respondents do not
use a pseudonym, and most post under
their own name (and of those who do use
a pseudonym, many do not always do so).
However, our survey showed a wide vari-
ance between the countries, which does not
correspond with our other conclusions about
general attitudes in those countries. This sug-
gests that pseudonym use may not in fact be
a strong indicator of engagement, and more
dependent on extraneous cultural factors.
Does concern actually
translate into action?
During our interviews we sometimes had
the feeling that, to varying degrees, people’s
professed concerns often did not translate
into changes in their behavior. Our survey
data gives us a chance to test whether this
was actually the case.
By combining answers to several questions
about attitude, we gave each respondent
what we will call an “Engagement Score”, re-
flecting how much they claim to care about
personal privacy. Similarly, we awarded an
“Action Score” based on a points system no-
ting which active measures respondents took
to protect their privacy: anonymous brows-
ing, email encryption, deleting cookies, etc.
Such ratings are unavoidably imprecise,
but serve our purposes by letting us com-
pare different respondents. (See appendix 2
for detailed methodology.) Chart 6 shows all
respondents plotted by Engagement Score
and Action Score.
Chart 5: Do you post comments online under your own name or a fake name?
Real name only
Pseudonym only
Neither
Both
Part III: Comparative Analysis
See note on charts below
33. 33
There is essentially no correlation. Even
when countries are taken individually or plot-
ted against each other, no coherent picture
emerges. Professed opinion seems to have
little or no observable effect on behavior – at
least within our sample.
In our interviews we found a number of
possible reasons for this pessimistic conclu-
sion: pragmatic convenience outweighing
abstract worries, lack of knowledge about
what countermeasures are available, or else
merely resignation.
Open Source
The open source movement has strong links with campaigners for online privacy and
transparency. The extent to which people know about, and support, the open source
movement, is thus one indicator of their engagement with these issues.
Our findings were mixed. Certainly both awareness and use is fairly widespread – but
this use tends to be more pragmatically than ideologically motivated.
When we asked our interviewees about open source, the terms which came up time
and again in their answers were piracy (apparently widespread in all countries researched
except for Germany) and cost. The biggest attraction of open source software certainly
seems to be that it is free to use. For a small minority this dimension comprises their
entire understanding of what open source means; however most are aware as well of
the openly accessible code dimension. The conclusion which emerged clearly from all
four of these countries was, in the words of Chinese interviewee C.M.: “Most people only
use open source when they don’t want to spend money and don’t want to use pirated
versions.” A smaller number also said they thought, in the words of G.G. in India, “that
these are the good guys.”
So much for motives, what about usage? Just under half of our survey respondents
said that they used some sort of open source software: 41 who did versus 45 who did
not. Usage was somewhat higher in Indonesia and lower in China. When invited to name
which software they used, OpenOffice and Libre Office were mentioned repeatedly (sup-
porting the idea that not having to buy licences is a strong motivating factor), as were
Firefox and WordPress.
0 5 10 15 20 25 30
0
1
2
3
4
5
6
Chart 6: Plotting “Engagement” (0= totally indifferent, 25+ = care very deeply)
against “Action” (0 = do nothing, 6 = take a wide range of measures)
ActionScore
Engagement Score
Part III: Comparative Analysis
See note on charts below
34. 34
T
he question of trust came up in our
findings in different respects: firstly
the more simple question of which
online tools people trust or distrust and on
what grounds, and secondly who is trus-
ted, in their conduct or as sources of in-
formation. This latter question is important
for putting the former into a societal cont-
ext, and is a question not just for, but also
about, social sector organizations.
Which services do they trust?
We asked our survey respondents to rank
different programs on a scale from 1 to 8
based on their privacy protection (exclu-
ding China – see below). On Chart 7 the
light green represents a rating of 1 or 2, i.e.
the highest protection; the dark green re-
presents the lowest ratings of 7 or 8.
The first thing to note is that there are not
extreme differences, with some programs
unanimously seen as far better than others.
Who do people trust?
Chart 7: Ranking various programs for the privacy protection they offer.
Twitter Facebook Instagram Google + WhatsApp Skype
20
%
40
60
80
100
High protection Medium protection Low protection
Part III: Comparative Analysis
See note on charts below
35. 35
Indeed, when average scores were cal-
culated, there was a gap of just 1.3 bet-
ween highest and lowest. Facebook and
Google+ scoring lowest. WhatsApp polari-
zed opinion with lots of very positive and
very negative ratings. Twitter did consider-
ably better than the other social media gi-
ants. And way out ahead was Skype, the
only one to have more positive than nega-
tive feedback.
When subjected to the same ranking, va-
rious web browsers fared much better than
these programs. Not a single respondent
gave a score of 7 or 8 (very low protecti-
on) to any browser. Firefox scored the best
for protection, followed by Google Chrome,
with Internet Explorer faring worst.
Chinese respondents were asked cor-
responding questions reflecting the most
commonly used programs and browsers,
mostly native Chinese ones. Nevertheless,
the same answers emerged: Skype scored
more highly than all other messaging plat-
forms, followed by 人人. Firefox was the
best-rated browser and Internet Explorer
the worst, with all Chinese browsers ran-
king somewhere between the two.
On what grounds?
In all countries, recommendations and
advice from family and friends seem to be
not only the most trusted (hardly surpri-
sing), but also the most common source of
information about which software to use.
This finding was confirmed both by the in-
terviews and the survey.
In China and Indonesia we found a strong
strain of “following the crowd”, whereby a
service is assumed to be trustworthy if and
because it is widely used. It’s important to
note that in those countries, arguably peo-
ple’s primary worry is fake sites and scams,
and against this threat, corroboration by
following the crowd may well be an effec-
tive strategy.
How trusted are NGOs, the
government and others?
This question is very important for any-
body with an interest in campaigning or
alliance-building on these issues.
NGOs in Brazil and in China are viewed
with deep-rooted suspicion due to past
corruption scandals, inefficiency, and mal-
practice – real or perceived – which persists
today.
In the relatively new democracy of Indo-
nesia, citizens keep a very close eye on
government activities and guard fastidious-
ly against corruption – this suggests a low
level of latent trust in government. It is clear
that in Germany, the NSA inflicted serious
damage on citizens’ trust in government ac-
tivity, particularly on the issue of online sur-
veillance. There is reason to believe many
people are skeptical of the government in
Brazil and India too, but our research nei-
ther confirmed nor refuted this. In the case
of China, the relationship between citizens
and state is deeply complex and far beyond
the current scope of this report; it’s interest-
ing for present purposes just to point out
the growing phenomenon of holding public
officials to account through “human flesh
searches” (see p. 11).
As for the big technology companies
themselves – Google, Facebook and oth-
ers – they seem to enjoy a high level of trust
in Brazil and Indonesia, with the exception
of a small activist minority. In China the sit-
uation is reversed, with a small minority be-
longing to the Google fan club, applauding
the company’s resistance to filtering search
results. In Germany and India people seem
on the whole to be more skeptical of such
corporations.
Part III: Comparative Analysis
36. 36
So who do people think should
act?
In all countries we found people vocal in
the opinion that current levels of transpar-
eny and privacy available to internet users
are inadequate (the proportions of course
varied by country from large majority to
slim minority). But what do the critics think
should be done? And by whom?
Few of these concerned people seemed
to believe companies would cease what
they felt were objectionable practices of
their own accord – driven, as it were, by
a principled stance or perhaps market
pressure. Certainly, some were in favor of
stricter internet governance, either by the
state or, as suggested by some Indian and
German interviewees, an independent reg-
ulatory body.
An opinion widely shared amongst peo-
ple with an interest in these topics was that
the individual carries a lot of the responsibil-
ity for protecting him- or herself, rather than
expecting the government or others to find
solutions. We were surprised at the level of
self-criticism amongst the people we spoke
to; very many said they knew it was impor-
tant and felt that they should do more – and
that they felt guilty about compromising
principles for convenience.
Part III: Comparative Analysis
Note on charts
These charts have been produced using data from an online survey with 94 responses.
This allows us an insight into broad trends, but the sample size is too small to give a sta-
tistically sound representation of precise ratios and relations. Anybody reproducing this
data elsewhere should take care to make this clear.
37. 37
W
hen it comes to privacy and ac-
countability,” writes scientist and
author David Brin, “people always
demand the former for themselves and the
latter for everyone else.” There’s undoubted-
ly some truth in this rather glib assessment,
but in this report we hope to have contribu-
ted to a subtler understanding.
Yes, people might “always” desire privacy,
but probe a little further and you found out
that for Indian NGOs the most sensitive in-
formation is the religious affiliation of those
they help, and the Chinese public official is
passionate that the model of car he drives
does not become public knowledge. And
how people understand and value accoun-
tability is more splintered still: many Indone-
sians for instance will hold their government
to the most stringent standards, whilst un-
questioningly handing over a wealth of data
to software manufacturers.
Appreciating distinctions like this is crucial
for anybody who believes the increasing di-
gitization of our everyday lives, and the ope-
rations of the social sector, raise questions
about data privacy and transparency that
we should be seriously discussing.
It bears emphasizing that we are clear-si-
ghted about the scope of our research so
far. This report draws its conclusions from 58
qualitative interviews and 94 online survey
responses (a per country average of 11.6
and 18.8 respectively). This gives a solid
basis for an insight into our target group(s),
but we do not overstate our claim to defini-
tive objective answers – if such a thing were
possible.
We hope that this report will be just the
first stage of more extensive research into
what the new abundance of digital data me-
ans for civil society organizations worldwide.
Conclusion
38. 38
Selecting interview partners
We wanted as far as possible to talk to a
broad cross-section of civil society. To do
this, we developed five categories, each
with defining criteria, of different kinds of
actor within the sector: social entrepreneur,
activist, expert perspective (this included,
for example, academics whose research
focused on the sector), and also employ-
ees of NGOs and multipliers (including, for
example, networking organisations in the
sector and grant-awarding foundations).
Armed with these categories as a guide,
who we interviewed was dictated in part
who our research for Lab Around the World
brought us into contact with – a combina-
tion of the make-up of the sectors in each
country, and an unavoidable degree of
happenstance. Below the breakdown of
interviewees:
The majority of the interviews took place
during “Lab Around the World” (see p5) in
the countries in January-March 2014, how-
ever in the time available we weren’t able to
complete our desired quota of 10-15 per
country and so conducted further inter-
views by Skype in March-April 2014.
Online survey
We produced an online survey in English,
Brazilian Portuguese and Mandarin, and
spread it through our networks and connec-
tions in the various countries, promoted it in
blog posts, and through some cold acquisi-
tion. We collected a total of 94 responses,
with at least 15 from each country.
“Engagement” and “Action”
scores (PP. 32–33)
Survey respondents were asked:
(1) How important they considered privacy
protection
(2) How much they worry about their per-
sonal information being accessible
online
(3) For different kinds of information, how
much they cared about it being kept
private
All question were answered on a 3-point
scale (very/somewhat/not at all). These rat-
ings were translated into numerical values,
with 3 denoting most concern. For the third
point – that is, (3) – an average was taken of
the answers; so each respondent had three
numbers between 1 and 3, and the “En-
gagement Score” was calculated by mul-
tiplying these together, for no reason other
than to achieve a visible and manageable
spread of data points – hence scores range
from 1 to 27.
The “Action Score” was a simple points
system based on the responses to a num-
ber of questions: email encryption, pseu-
donym use, open source use, deleting
cookies, anonymous browsing, with uses
of such strategies tallied up to give a score
between 1 and 6.
Appendix
Brazil China Germany India Indonesia
NGO 3 2 2 2 2
Social
Entrepreneur
2 2 2 4 2
Activist 2 3 2 1 5
Expert
Perspective
1 5 1 1 2
Multiplier 2 3 3 3 1
Total 10 15 10 11 12
39. 39
1 http://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx
2 https://www.cia.gov/library/publications/the-world-factbook/geos/br.html
3 https://www.quintly.com/blog/2013/02/facebook-country-stats-february-2013-top-10-countries-lose-users/
4 http://pt.wikipedia.org/wiki/Gambiarra
5 http://www.democracynow.org/blog/2013/9/24/video_at_un_brazilian_president_dilma
6 http://www.un.org/en/ga/search/view_doc.asp?symbol=A/RES/68/167
7 https://www.privacyinternational.org/blog/netmundial-a-long-way-to-go-to-combat-mass-surveillance
http://www.indexoncensorship.org/2014/04/netmundial-disappointed-expectations-delayed-decisions
8 http://socs.civicus.org/?p=3748
9 http://link.springer.com/chapter/10.1007%2F978-3-642-29958-2_26
10 http://g1.globo.com/fantastico/noticia/2014/06/se-o-brasil-me-oferecer-asilo-aceito-diz-edward-snowden.html
11 Rate of internet use (source: http://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx?) by estimated population (source:
https://www.cia.gov/library/publications/the-world-factbook/geos/ch.html)
12 Yuan et al. 2013
13 https://www.privacyinternational.org/reports/china/i-legal-framework
14 The Chinese Red Cross in particular has been dogged by a series of scandals of cronyism, embezzlement and inefficiency, (source:
http://blogs.wsj.com/chinarealtime/2013/04/30/chinas-red-cross-tries-to-rebuild-after-self-inflicted-disaster/)
15 http://www.bbc.com/news/world-us-canada-27475324
16 http://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx?
17 This is a speculative thesis, and one which some of my colleagues disagree on. I stand by the thesis, despite the fact that they are
German and I am from England (but have lived in Germany for some time and studied German culture at university level). By its
nature, it’s difficult to corroborate, let alone prove. What is beyond doubt is that the Stasi has given Germans a common referen-
ce point, and this is cited frequently in current discussions about the NSA, even if it is not made into a central point. To give two
examples: http://www.faz.net/aktuell/feuilleton/debatten/mathias-doepfner-s-open-letter-to-eric-schmidt-12900860.html?printPage-
dArticle=true#pageIndex_2 || http://www.theguardian.com/world/2013/dec/17/merkel-compares-nsa-stasi-obama
18 http://www.bbc.com/news/world-europe-27695634
19 http://www.spiegel.de/kultur/gesellschaft/journalistenpreis-fuer-spiegel-redakteure-stark-und-rosenbach-a-940297.html
20 http://www.guernicamag.com/daily/ben-mason-pirates-of-the-parliament/
21 http://www.zeit.de/digital/datenschutz/2014-01/datenschutzreform-nicht-mehr-vor-europawahl
22 http://www.handelsblatt.com/unternehmen/it-medien/nach-eugh-urteil-google-wird-mit-loeschantraegen-ueberhaeuft-/9896598.html
23 http://www.spiegel.de/international/germany/the-german-bnd-and-american-nsa-cooperate-more-closely-than-thought-a-975445.html
24 http://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx?
25 https://www.privacyinternational.org/reports/india/iv-privacy-issues.
26 http://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system
27 http://www.emc.com/campaign/privacy-index/global.htm
28 http://data.worldbank.org/indicator/NY.GDP.MKTP.KD.ZG
29 For more detailed analysis see Nugroho, Y. “Citizens in @ction: Mapping contemporary civic activism and the use of new social
media in Indonesia” (2011)
30 The survey data did not correspond to this relative appraisal, in terms of ratio of responses given “very important” vs, “somewhat
important”. We’re inclined to give precedence to our interview findings, which are of richer quality.
31 Recall that we have reason to suspect selection bias here, and that these respondents are disproportionately likely to take such
measures relative to their countrymen.
Notes
In the case of URLs: accessed between May and July 2014.