With the greater availability of online services and social media, individuals are increasingly providing personal information, sometimes unknowingly, to service providers and online platforms. The digitisation of information and enhanced network connectivity create new challenges for the protection of personal data, while attacks and fraudulent use take place on a regular basis.

In 2016, more than 70% of Internet users in the European Union provided personal information online, with many also performing actions to control access to these data. Young and highly educated individuals show the greatest propensity to share personal information online, but also take actions to control access to the information more often. Men tend to be slightly more willing than women to share private information online in over two-thirds of the countries surveyed. In the same year, 64% of individuals in the United States had an online account containing health, financial or other types of sensitive data (PEW, 2017).

In 2017, 46% of all Internet users in Europe refused to allow the use of personal information for advertising and 40% limited access to their profile or content on social networking sites. More than one-third of Internet users read privacy policy statements before providing personal information and restricted access to their geographical location (OECD, 2017). In 2013, 55% of Internet users in the United States reported that they had taken steps to avoid observation by specific people, organisations or the government (PEW, 2013).

Concerns about the protection and security of personal data are also frequently reported as a reason for not submitting official forms online. In 2018, 18% of the individuals in the EU28 chose not to submit forms to public authorities and, on average, 20% among those cited privacy and security concerns as a reason for not doing so. This was particularly the case in Hungary (40%), Switzerland (37%) and Germany (34%). Other reasons for not submitting official forms include lack of skills and service availability.

In 2015, around 3% of all Internet users across OECD countries for which data are available reported having experienced a privacy violation in the three months prior to being surveyed. This share was highest in Chile (8%), Korea and Italy (about 6%). In countries such as Norway, Portugal, Sweden and Turkey, there was a notable increase in privacy violations as reported by individuals between 2010 and 2015. In 2016, 64% of individuals in the United States experienced or had been notified of a significant data breach pertaining to their personal data or accounts (PEW, 2017).

Personal data breaches (i.e. breaches of personal data confidentiality as a result of malicious activities or accidental losses) are a major cause of privacy violations (see page 8.7). In addition, individuals’ privacy can be affected by the extraction of complementary information that can be derived, by “mining” available data for patterns and correlations, many of which do not need to be personal data. Regulatory measures such as the General Data Protection Regulation (GDPR) in the European Union allow giving control to individuals over their personal data.

Personal information refers to information that the user considers private and would not necessarily disclose to the public, such as personal, contact and payment details or other individual information.

Online submission of official forms refers to interactions through which individuals submit official forms to public authorities via the Internet. Data exclude manually typed e-mails.

Individuals having chosen not to submit official forms online are those who did not submit official forms, although they had to, due to reasons such as lack of skills or knowledge, concerns about data protection and security of personal data or another person’s involvement (e.g. consultant, tax advisor).

Privacy violations refer to the abuse of personal information that has been sent via the Internet and/or other violations such as the abuse of pictures, videos or personal data uploaded onto community websites.

Information on the disclosure and protection of personal information online is traditionally collected through surveys on ICT usage in households and by individuals. Both the European Community and OECD model surveys on ICT usage ask direct questions about security and privacy, including on the use of protection from IT threats, the frequency of security updates and security incidents.

The 2014 revision of the OECD Model Survey on ICT Access and Usage by Households and Individuals (OECD, 2015) includes a specific module on security and privacy, based on policy-relevant questions from the OECD Working Party on Security and Privacy in the Digital Economy.

Despite the high policy relevance of online privacy protection, data coverage remains scarce in the OECD countries where questions or modules on these issues are not administered in official ICT usage surveys on a yearly basis. In this respect, internationally comparable data collection from Privacy Enforcement Authorities and timely statistics from businesses represent potential alternative data sources to strengthen the evidence base for decision-making.