Web users have ‘false sense of security’

The vast majority of internet users (83%) have never read or don’t remember ever reading the terms and conditions or privacy statements relating to the search engines they use despite the fact that their search data can be stored for up to 18 months and often not deleted or anonymised.

In the week that sees Google celebrate its 10 year anniversary, the YouGov research reveals that search engine users remain unconcerned about their privacy when browsing online.  

This is despite the fact that over one in ten (13%) have had experience of their private information being accessed or misused online. Internet users are equally casual when it comes to social networking sites.

Over half (57%) of internet users who regularly use sites like Facebook, Bebo and MySpace admit to having never read the terms and conditions or privacy statements of the site.

Whilst some have changed their default privacy settings since registering a significant proportion (39%) have yet to do so.

As 'phishing' and false social networking profile scams increase in sophistication, and social media advertising and behavioural targeting spreads, DLA Piper warns that the law may soon need updating to mandate an opt-out for the sharing of personal information.  

Google has itself recently conceded to pressure adding a link to its privacy statement on its home page⁽ⁱ⁾ and reducing its data retention time limit from 18 to 9 months⁽ⁱⁱ⁾ and other search engines and social networking sites could soon face similar scrutiny.

As is stands, there are no standard minimum default privacy settings which social networking sites or search engines are obliged to use.  Nor is there one global set of rules as to how website operators who process personal information should behave. 

In England, the website is obliged to let you know who they are and how it will use your personal information, including whether it uses cookies or other tracking systems to collect data. Privacy terms and conditions must also be prominently displayed at any point on the site where personal information is being collected and users have the opportunity to refuse for information to be collected.  As long as sites comply with these basic principles, the obligation is on the individual.  

Ruth Hoy, a digital media law specialist and partner within DLA Piper's Technology, Media and Commercial group commented: "Recent cases, such as that of businessman Mathew Firsht who successfully fought against a false Facebook profile, have highlighted the need for individuals to be careful about the personal information they make available online. 

“Some sites have settings which are automatically set to the most private level; others will allow all the information you post to be seen by all other users.  But, it’s up to you to check.  If you fail to do so, you are putting yourself at risk.  Until there is a unified set of privacy laws and global minimum standards to protect personal data online (and that time is most certainly coming) individual users need to be more savvy about the information they're making available and where it might end up."