Authors’ note: Product teams at Facebook rely on research along with other external factors to design and build products. This article discusses research conducted by Facebook's Privacy Research Team to better understand people's privacy concerns.
Abstract
Privacy is an ambiguous term that can refer to many things. To effectively address users’ privacy concerns, companies must know what specific topics they’re concerned about.
In a large-scale survey, respondents described their privacy concerns in their own words for Facebook, Instagram, Messenger, and WhatsApp. We identified 16 distinct privacy concerns that we grouped into 3 categories.
Report
When someone says they’re concerned about privacy, it’s not always clear what that means. After all, “privacy” is an umbrella term. It can refer to who sees photos you’ve shared online, the information apps collect about you, the way your ads are personalized, whether strangers can send you direct messages, and a variety of other topics.
To effectively address users’ privacy concerns, companies like Facebook need to have a clear and comprehensive understanding of what users mean when they say they’re concerned about privacy. To help develop that understanding, Facebook’s Privacy Research Team surveyed 40,873 users of Facebook, Instagram, Messenger, and WhatsApp in 10 countries. Using the following survey questions, we had respondents describe their privacy concerns for our products in their own words.
Question 1. Please describe any concerns you have about privacy on [app], and briefly explain why you're concerned about those things.
Question 2. Please describe any concerns you have about the way [app] uses the data it collects, and briefly explain why you're concerned about those things.
The term “[app]” was replaced with “Facebook”, “Instagram”, “Messenger”, or “WhatsApp”, depending on which app respondents were taking the survey about. We identified themes in respondents' answers to create a taxonomy of the privacy concerns that are top-of-mind for people who use Facebook products. For additional information on our research methods, see the Research Methods appendix at the end of this article.
Results
Survey respondents expressed 16 top-of-mind privacy concerns, which we’ve grouped into three categories: (1) Concerns related to actions that other people might take toward someone in the app, (2) concerns related to how apps are assumed to collect and use data, and (3) concerns related to who has access to information the app is assumed to know about people. The full list of concerns is presented below, along with a brief description of why topics in each category were concerning to respondents. Interestingly, the concerns included a mix of actual app practices, potential personal experiences, and common myths about privacy. Concerns didn’t differ across the apps we explored in this research, so results are reported in aggregate.
Implications
Simply knowing that users are concerned about privacy isn’t particularly actionable. Because privacy concerns can reflect a wide range of topics, it’s not possible to know how to address users’ concerns without knowing more specific details. Therefore, organizations should strive to collect feedback about specific privacy topics rather than the ambiguous concept of “privacy”. This research provides a framework for doing that.
There are multiple types of privacy concerns, and they require different solutions. Consider the following two concerns: (a) Others send you unwanted messages, and (b) App monitors physical location. These are qualitatively different concerns, and a solution that addresses one is unlikely to address the other. Yet both topics came to mind when we asked respondents to describe their privacy concerns. Because privacy concern topics can be so distinct, fully addressing privacy concerns across Facebooks’ products (or any company’s products and services) will require distinct, tailored solutions that span the entire range of topics we identified.
Privacy concerns include a mix of actual practices, potential personal experiences, and myths. When considering the list of 16 privacy concerns in relation to Facebook, some concerns reflect actual practices (e.g., using data to personalize ads), some reflect potential personal experiences (e.g., receiving unwanted messages), and some reflect myths (e.g., eavesdropping on offline conversations). Different strategies might be required to address concerns across these categories. For example, while improved transparency and control might help address concerns related to actual practices or potential personal experiences, it may be insufficient to address myths that reflect an inaccurate understanding of how an app works. In contrast, user education might help address myths, but it might be insufficient by itself to address other types of concerns.
Privacy features and communications should focus on specific topics. If someone sees a feature in an app labeled as a “privacy feature”, what should they expect the feature to do? Based on this research, different users may expect very different functionality, ranging from data collection controls to data access controls to interpersonal controls. Therefore, labeling individual features with more specific descriptions related to the topics we identified in this research has the potential to improve app navigation and findability for specific privacy features. Similarly, in-product education and external marketing might more effectively reach the right audiences by clearly specifying what privacy topic(s) they’re meant to address.
Open questions
How complete should we consider this taxonomy to be? Importantly, this research identified users’ top-of-mind privacy concerns. It’s possible that if we direct users’ attention to additional privacy topics that they might also be concerned about those topics when prompted to think about them. Additionally, this research was done with people who actively use Facebook products, and people who don’t use Facebook products may have qualitatively distinct concerns beyond those we identified here. Further, this research focused on concerns about software, and people may have additional concerns for hardware products (e.g., Portal, Oculus). Therefore, this taxonomy should not be thought of as a comprehensive list of all privacy concerns that exist, but rather a thorough list of top-of-mind concerns among people who use Facebook’s apps.
Which specific privacy concerns are most common? Now that we know which privacy concerns are top-of-mind, an important next step is to quantify how prevalent those concerns are among app users. This would allow us to compare and prioritize concerns based on how common they are. In a future report, we’ll share an overview of our efforts to quantify and compare different privacy concerns.