We use cookies to allow us and selected partners to improve your experience and our advertising. By continuing to browse you consent to our use of cookies as per our policy which also explains how to change your preferences.

People feel powerless to protect their personal data on Facebook

Only one in ten trust Facebook to put things right for its users. So make sure you know how to manage your Facebook data and targeted ads

Facebook users are deeply concerned with how their personal data is handled but feel powerless to protect it, a Which? survey has found.

A survey* of more than 2,000 people found that nine in ten had concerns following the Cambridge Analytica (CA)/Facebook scandal, which revealed millions of people’s personal information was compromised by the social network.

The research also found that, while 6% of Facebook users have deleted or deactivated their account in response to the reports, 73% hadn’t changed how often they use Facebook since the story broke.

Lack of trust in Facebook

Of those who answered that they are concerned about the issue but haven’t changed their behaviour, 13% believe there is nothing they can do to change what Facebook does with information taken from users, and 18% think it’s too late to take any action. Just 10% trusted Facebook to put things right for its users itself.

The results suggest that some users don’t feel like they have the power to act against tech giants such as Facebook.

This attitude may be explained by the fact that the harvesting of user data, as well the data of their friends, in the Cambridge Analytica case took place in 2014 but has only just come to light.


Quiz Maker – powered by Riddle

Is more regulation needed?

The survey results also suggest that there is a belief that in order to stop these scandals happening in the first place companies need to be more responsible and adopt higher moral standards when it comes to handling their data.

Almost two-thirds of people were concerned about how there seemed to be little effective regulation over what Facebook or Cambridge Analytica were doing with their information, while a further two thirds were also worried that Facebook didn’t check what the third party, who obtained user data, was going to do with that information.

Your new data rights

The General Data Protection Regulation (GDPR) will bring the biggest change for decades to data protection law in the UK.

The regulation will be in force from the 25 May and enshrined into UK law through the Data Protection Act 2018, and big companies will need to take their new responsibilities seriously.

Alongside these duties they must also act to improve the way they communicate to their users about what information they are providing access to when they sign up to an app, and must do so in a way that is easy to find and to understand.

Alex Neill, Which? managing director of home products and services, said: ‘Facebook users are clearly concerned that the site hasn’t been properly in control of their data, and worse, many feel powerless to act to protect their personal information.

‘With massive changes to the way companies must handle data just weeks away, Facebook must recognise that as the world’s biggest social network site it should lead the way as a responsible custodian of users’ data.

‘It should do more to educate users in an accessible way about how sharing their data could affect them, while regulators and the government should ensure that action can be taken against companies that break the rules.’

Man handing over file from filing cabinets to woman

Which? calls for collective compensation

Regulators, including the Information Commissioners Office, which is investigating whether Facebook data was illegally acquired and used, must stand ready to take enforcement action – starting with companies whose deliberate actions are harming consumer interests.

The government will need to continue to work on other areas, including action on confusing terms and conditions, as well as collective redress.

An amendment to the Data Protection Bill replicating this optional part of the GDPR would allow independent organisations acting in the public interest, such as Which?, to act as a representative on behalf of groups of affected consumers.

Collective redress would mean consumers wouldn’t need to sign up to an action to get quick, easy and cheap access to justice when they experience a financial loss following a data breach.

*Populus, on behalf of Which? surveyed 2,068 UK adults. Fieldwork took place between 26 and 27 March 2018. The data have been taken from nationally representative omnibus surveys and have been weighted to the demographic profile of the population.

Back to top
Back to top