Privacy 26 July 2017

The Internet Society Survey on Policy Issues in Asia-Pacific 2017

Introduction

An initiative of the Asia-Pacific Regional Bureau, the Internet Society Survey on Policy Issues in Asia-Pacific is an annual study of the attitudes of Internet stakeholders towards topical Internet policy concerns. Now in its fourth instalment, this year’s survey aims to gain insights on Internet users’ sentiments towards online regulation. It also takes an in-depth look at how they perceive and deal with personal information online, and the extent to which various entities are trusted to protect people’s personal data and privacy rights. This report provides an overview of the survey’s findings, which are intended to contribute to informed policy debates and discussions—both in the region and globally.

Background and Methodology

The survey was conducted online using the Survey Monkey platform, and ran from 6 March to 19 April 2017. The link to the questionnaire was disseminated via e-mail to and through the 21 Internet Society Chapters, as well as to Internet Society individual members in the Asia-Pacific region. It was open to the general public to gain as much input as possible, and was promoted via various online channels, including social media sites.

The survey was administered in English and divided into three main sections. The first set of questions helped to determine the profile of the sample population, while the second aimed to identify the top Internet-related policy concerns in the region. The third section sought to gauge Internet users’ level of comfort at disclosing, and entrusting their personal information to the various entities with whom they interact online.

Some 2,072 individuals from 40 economies across the Asia-Pacific answered the survey. The majority (87%) were members of the Internet Society, and were male (79%). Respondents were scattered across all age groups, but leaned towards a younger demographic—53% were between 15-34 years old, 27% were aged 35-44, and the remaining 20% were 45 years or older. Twenty-three per cent were affiliated with the private sector, 21% with the technical community, 21% with academia, 18% with civil society and 16% with government. About 90% of the respondents completed higher education qualifications—49% had a postgraduate degree, 37% a bachelor’s degree, and 4% an associate or technical degree.

More than half of the participants self-identified as residing in or originating from South Asia (62%), with the rest coming from South-East Asia (18%); East Asia (7%); and Australia, New Zealand and the Pacific Islands (12%).


Figure 1. Summary of respondents’ profile

It should therefore be noted that the results of this survey are more weighted towards perspectives from South Asia, and a young, well-educated male population. Nevertheless, this report has looked at, and presents both the overall and disaggregated findings based on gender, age group and subregion.

Key Findings

Cybersecurity is the top Internet policy concern in the Asia-Pacific region.

Over the past year, Internet users across Asia-Pacific were monitoring cybersecurity, access, data protection, connectivity and privacy, above other policy-related concerns in the region. These have remained more or less constant since 2014 (see Figure 2). Cybersecurity, however, has risen to the top in this year’s survey.

Cloud computing and e-commerce continue to be within users’ top ten Internet policy-related issues, along with big data, consumer protection, cybercrime, freedom of expression and the Internet of Things (IoT).


Figure 2. Top five policy concerns from 2014 to 2017

Generally, women and men from different age groups had similar policy concerns.

Women comprised 21% of the overall respondents, and while their profile was similar to that of the overall sample population, women had Internet access as their top policy concern. Cybersecurity was ranked second, followed by data protection, privacy and connectivity.

When asked about issues that need urgent attention from policymakers, women, more of whom were from civil society and academia, included issues related to freedom of expression and government and commercial surveillance. While men, more of whom were from the private sector and technical community, prioritised issues related to e-commerce and IoT (see Figure 3).


Figure 3. Top ten issues that women and men believe need urgent attention from policymakers

In the Pacific Island countries[1] a significantly larger proportion of the respondents considered “access” as a key concern (83%) compared to the region’s average of 64%. Online child protection was likewise high on their radar, overtaking privacy. This may be a result of increased advocacy efforts on online child protection in the subregion. Thirty-eight per cent of the Pacific Island countries respondents indicated that new policies passed in 2016 sought to address online child protection issues.

Respondents felt that the Internet became a more regulated space in 2016, which affected their online behaviour in both positive and negative ways.

The year 2016 witnessed several dimensions of the online environment becoming subject to regulations in the region. Existing laws were revised and new ones established relating particularly to cybersecurity and data protection in response to rising cybercrime incidences.[2]

Sixty-three per cent of the women and 72% of the men strongly agreed or agreed that the Internet became a more regulated space last year. A number of respondents expressed concern for:

  • The need to regulate fake news
  • Increased surveillance that violates privacy rights
  • Increased censorship and blocking of sites that affects freedom of expression
  • The lack of online child protection

Over 60% of both female and male respondents were aware of Internet-related policies, regulations or laws enacted by their national government in the past year. According to survey participants, these mainly sought to address cybersecurity, cybercrime, access, privacy and data protection—the same issues that were top of mind for them.

The majority (87%) said that these policies were targeted at individuals, and more than half (57%) indicated that they were also directed at businesses and governments.

Thirty-eight per cent felt that these new provisions affected their use of the Internet in both positive and negative ways. More men (34%) than women (22%) said the effects on them were wholly positive. Twenty-six per cent of the women and 14% of the men felt that the policies, regulations or laws had no impact on their Internet use.

The 10% who were solely negatively affected were most conscious of new policies around censorship, freedom of expression, privacy, content filtering, and government and commercial surveillance.

When broken down by subregion, more of those from South-East Asia felt that the regulations affected their use of the Internet in a positive way—38%, compared with 26% in South Asia and 20% in Pacific Island countries. On the other hand, in the Pacific Island countries, a significantly larger percentage of the respondents felt that the regulations had no impact on their Internet use—37%, compared with 14% in both South Asia and South-East Asia.

It is worth noting that a higher percentage of the respondents from high-income economies[3] felt that regulations affected their Internet use in negative ways—24%, compared with the region’s average of 10%.

Building trust in the Internet is important: More than half (55%) of the respondents indicated that they were either highly unlikely or unlikely to use online services[4] if there were no guarantees that their personal information would be fully protected.

Without sufficient online data protection, 50% of the women and 40% of the men said that they were highly unlikely to use online banking and financial services, and about 40% of the women and men were highly unlikely to use e-commerce sites and online shops.

Similarly, over 40% respondents from high-income economies were highly unlikely to use any of the online services,[5] a higher percentage compared with lower-income economies.

Less than a third (ranging from 20% to 30% across different gender, age groups and subregions) reported that they were fairly likely to use online services even though their personal information was not fully protected, and about 10% of the respondents were highly likely to use online services (although the percentage was slightly lower for female respondents).

Online privacy concern did not match the ability to protect oneself online.

Over 70% of respondents felt that their personal information was not sufficiently protected online.[6]

Yet, close to 60% of the respondents believed that they did not have sufficient knowledge and tools to protect their privacy online.[7] This figure is slightly higher among women (68%) than men (54%). More than half (60%) of those from high-income economies had similar sentiments.

A majority of the Internet users (90%) were very uncomfortable or uncomfortable with providing bank and credit card details online.

When asked about the level of comfort in providing various types of personal information, both women (91%) and men (89%) were either very uncomfortable or uncomfortable with disclosing bank and credit card details online. Over 60% of women and men were likewise uneasy with revealing:

  • Identification numbers (e.g., social security, passport, driver’s license)
  • Salary and/or household income
  • Medical details (e.g., blood type, previous or current ailments/treatments, fitness/activity level, family medical history)
  • Current location and location history
  • Telephone and/or mobile numbers
  • Address (home and/or work)

Notably, quite a significantly higher percentage of female respondents (78%) were very uncomfortable or uncomfortable in revealing their current location and location history online, compared with male respondents (62%).

More than two-thirds of Internet users (80%) were very comfortable or comfortable with revealing their gender online.

The type of personal information that both female (80%) and male (85%) respondents were most comfortable in sharing online was their gender. Over 60% of women and men also did not mind disclosing:

  • Hobbies and interests
  • Full name
  • Religion
  • Ethnicity

A larger percentage of the population in the Asia-Pacific region trusted traditional services such as banks, public authorities and health institutions, and had less trust of online service providers.

Respondents placed varying degrees of confidence on the entities with which they tend to regularly interact with online: A larger percentage (between 20% and 30%) fully trusted traditional services, such as banks and financial services, national public authorities, and health and medical institutions with protecting their personal data. While less than 10% fully trusted Internet service providers, e-commerce sites and online shops, and online content service providers.

These firms and institutions hold a growing amount of personal data: 73% of respondents indicated that they have disclosed information about themselves to banks and financial services; 63% to national public authorities; 55% to e- commerce sites; and 51% to online content and service providers.

About half of the survey participants trusted the traditional services to some extent—this however, applied less (between 35% and 50%) to newer services that have emerged with the advent of the Internet.

Roughly 40–55% of the respondents did not trust the newer services, while less than 20% of the respondents did not trust the traditional services (see Figure 4).


Figure 4. Respondents’ level of trust that entities will protect their personal information

The vast majority of respondents would like companies/organisations to inform and seek consent from them—and to give them a degree of control—over the ways by which their personal information are being used.

  • About 85% would like to be notified when information is being collected about them and their activities online.
  • About 85% would like to know the types of information that is being collected about them and their activities online.
  • Over 90% would like to be asked before personal data is shared with other entities.
  • Almost 90% would like to have the option to delete their online information upon request.
  • About 65% would like the option to use the Internet anonymously.

Respondents were divided about allowing companies/organisations to reveal their personal information and online activities to government authorities.

Forty per cent of men, and 34% of women would agree to companies/organisations making information about them and their online activities available to government authorities should they request for it. A similar proportion of respondents from South Asia (46%) would agree—higher than those in other subregions (less than 30%). Figure 5 shows the regional average.


Figure 5. Results of regional responses to whether respondents would agree to making their personal information available to government authorities

Respondents viewed the protection of personal data as a collective responsibility.

Over half to three-fourths of respondents felt that more than one entity is responsible for keeping their personal information secure:

  • Organisations that collect data (specifically 77%)
  • Government (74%)
  • Organisations that hold/store data (72%)
  • Respondents’ own responsibility (66%)
  • Organisations that process/analyse data (64%)
  • Third-party service providers that may be providing the above services to an organisation (56%)

The percentages indicated above are the regional average. In South Asia, only 58% of the respondents felt that they should be responsible for protecting their own personal data—much lower than those in other subregions (close to 80%).

Conclusion

This year’s Asia-Pacific Internet Policy Survey finds cybersecurity taking the top spot in the list of Internet users’ priority concerns. Overall, however, respondents’ have continued to find roughly the same issues significant over the last four years: access, data protection, connectivity and privacy, along with cybersecurity.

The study yields several findings that are significant for the development of data protection guidelines in the region: Most Internet users do not feel that their personal information is protected online—this translates to their hesitance in using services that do not have privacy guarantees, and in providing what they perceive as sensitive information to the institutions with which they interact with on the Internet. These have important implications on the rollout and use of not only commercial, but also public and social services online.

At the same time, users want to be informed, and desire to have a certain level of control over the collection and use of their personal information. Public and private organisations that collect and share user information need to take this into account when formulating or updating privacy frameworks. It is likewise relevant for governments in the region as they start to consider new provisions such as the “right to be forgotten”, as well as pursue digital transformation initiatives.

Internet users recognise that the protection of personal information online is a shared responsibility among stakeholders. Both the public and the private sectors, and especially the platforms through which users transact financially online, not only need to build robust and secure networks and systems, but also develop tools that would equip users with the knowledge and skills to use these services safely online. This will improve their confidence in using online services, and their trust in the overall Internet ecosystem.

Endnotes

[1] There were 146 respondents from the Pacific Island countries, and 46% of the respondents were from Papua New Guinea.
[2] See Noelle Francesca De Guzman, “2016 Regional Highlights: Mobile Internet, Amendments to Cybersecurity and Privacy Laws, and New Regulations for New Business Models,” in APAC Connections of the Internet Society, January 2017, http://myemail.constantcontact.com/APAC-Connections— January-2017–News-from-the-Asia-Pacific-Bureau–Internet-Society-.html?soid=1110239358049&aid=QPVOMugUdJw.
[3] The high-income economies include Australia, Hong Kong, Japan, Republic of Korea, Macao, New Zealand, Singapore and Taiwan, with 249 respondents.
[4] These included: online banking and financial services; e-commerce sites and online shops; online content and service providers (e.g., search engines, email/messaging providers, social networks, audio/video streaming providers, apps); public and government services; and health and medical services.
[5] These included: online banking and financial services; e-commerce sites and online shops; online content and service providers (e.g., search engines, email/messaging providers, social networks, audio/video streaming providers, apps); public and government services; and health and medical services.
[6] Only about 15% felt sufficiently protected and the remaining were undecided.
[7]  About 30% of the respondents felt that they had enough knowledge and tools to protect their privacy online, and about 10% of the respondents did not know or were undecided.

Related Resources

Privacy 24 September 2019

2019 Online Trust Audit Methodology 

The 2019 Online Trust Audit will represent the 11th independent analysis and benchmark report of the adoption of security standards and responsible...

Internet of Things (IoT) 19 September 2019

Policy Brief: IoT Privacy for Policymakers

Introduction The Internet of Things, or IoT, is the latest wave of integration of technology into our lives and...

Building Trust 16 September 2019

Are Organizations Ready for New Privacy Regulations?

Based on 1,200 privacy statements, many are not prepared for coming regulations.