grid-linegrid-line

Data Big Tech Companies Have On Us

by Josh Howarth
September 1, 2022

Aiming to discover just how much people are aware of the data big tech companies hold on us, we surveyed 1,617 Americans about their views on personal data, ownership of content and what surprising datapoints people wouldn’t want companies to know.

We also reviewed the privacy policies of the top 10 most profitable tech companies from 2000 to 2022 to understand how long they take to read on average.

Key findings

  • 47.9% would consider selling their personal data for profit
  • One in five, 19.5% don’t read the full terms and conditions before they agree to them, with 28.2% saying they do sometimes and 52.3% saying that they always read the t&cs before agreeing to them
  • Microsoft has the longest privacy policies containing an average of 11,806 words per policy, taking 59 minutes on average to read
  • If you read every Microsoft privacy policy since 2000 it would take 22 hours 37 minutes and 30 seconds to read the 271,538 words
  • Over 50% of people trust Apple the most with their data, the most trusted of all big tech companies

Contents

Protecting data online

With over 298 million Americans estimated to have been part of a data breach in 20211, we wanted to gain a better understanding of how Americans are protecting their data online, and what else they, and the companies they use, could do to protect their personal information further.

51.5% believe their data has been hacked

With data from Statista2 showing that there were 1,862 data compromises in the U.S. in 2021, impacting 298.08 million individuals, we asked our respondents if they thought that their data had ever been hacked. The majority, 51.5% answered yes. Over one in three (32.2%) were confident that they had not been hacked while the remaining 16.2% were unsure if their data had ever been leaked.

Has your data ever been hacked?
Answer Percentage of respondents
Yes 52.1%
No 30.9%
Unsure 16.9%

Hacked.webp

Of those who said their data had been hacked, the majority, 46%, were aged between 25 and 34 and 72.7% were parents. We found that over half (53.9%) of those who admitted to their details being hacked were female.

We asked what our respondents thought companies could do to prevent data breaches in the future. Two-step verification was shown to be the most common suggestion at 79%. Additional security was the second most popular answer at 10.1%, followed by more secure sites (7.6%) and improved data handling (2.8%).

31.9% use the same password across all accounts

Keen to understand how vigilant our respondents are in protecting their data online, we asked if they used the same passwords across all their online accounts. 31.9% said that they use the same passwords on all their accounts.

The majority, (52.8%) of the respondents who said they used the same password across all accounts were aged between 25 and 34. We found that 50.7% were male and 49.1% female, with 0.2% identifying as non-binary.

Do you use the same password across all of your online accounts?
Answer Percentage of respondents
Yes 31.9%
No 43.4%
Unsure 21.9%

Same password All.webp

41.2% of those who told us their data had been hacked in the past admitted to using the same password across all their online accounts. This highlights the need to mix up the passwords you use online to future protect your personal information online.

Were you hacked while using the same password across all of your online accounts?
Answer Percentage of respondents
Yes 41.2%
No 32.5%
Unsure 26.3%

hacked-while-using-same-password-expl...

42.6% don’t think big tech companies do enough to protect our personal data

We asked our respondents if they thought that big tech companies did enough to protect people’s personal data. 57.4% said they believed that companies were working hard to safeguard our data online, however, 42.6% disagreed.

Do you think big companies do enough to protect people's personal data?
Answer Percentage of respondents
Yes 57.4%
No 42.6%

Protect data.webp

Of those that don’t think big tech companies are working hard enough to protect their users online, 53.6% were parents, 37.2% were men and 60.7% were women, a further 1.9% identify as non-binary and 0.3% preferred not to disclose their gender. The majority, 39% of those with security concerns were aged between 25 and 34.

Our survey asked if our respondents would stop using a particular service if they found out that they were collecting data they weren’t comfortable with. The vast majority, 76.1% said that they would stop using the service, 14.6% said they were unsure, while the remaining 9.3% surprisingly said that they would continue to use the service even if they collected data that they were uncomfortable with. 74.3% of those who said they would stop using the service were parents and 47.1% are aged between 25 and 34.

Would you stop using a particular service if you found out they were collecting data you weren't comfortable with?
Answer Percentage of respondents
Yes 76.1%
No 9.3%
Not sure 14.6%

Stop using.webp

Most people, 61.1% believe companies use their device’s mic to record and listen to them

The majority of our survey respondents, 61.1%, told us that they thought companies used their device’s mic to record and listen to them without their knowledge. Meanwhile, 19.7% did not believe this and the remaining 19.2% said that they were unsure.

The majority, 48.4% of those who thought their mics were being monitored were aged between 25 and 34 and 74.3% are parents.

Do you believe companies use your device's mic to record and listen without you knowing?
Answer Percentage of respondents
Yes 61.1%
No 19.7%
Not sure 19.2%

Listening.webp

An investigation in 2018 by Vice3 showed that phone mics can be easily monitored. However, this is something that companies continue to deny.4 CNET have also reported on the role of smart speakers in the home and their ability to listen in to conversations to understand things like how many people live in the home and their everyday habits, travel plans, likes and dislikes.5

Without the right malware protection webcams can be vulnerable to hackers even when they are not in use. With that in mind, we asked our respondents if they cover their webcams when they aren’t using them. 51.5% said that they do, while 17.2% do so sometimes and 31.3% said that they don’t. The majority of those that said they cover their webcams are aged 25-34 (45.9%), and 50.73% were female.

Do you cover your webcam when it's not in use?
Answer Percentage of respondents
Yes 51.5%
No 31.3%
Sometimes 17.2%

Webcam.webp

Kavya Pearlman, CEO and co-founder of XR Safety Initiative recently told The Washington Post6 that “The cameras on our laptops, phones and tablets are now just a few of the many cameras capable of recording our activities. Soon, cameras on wearable devices like glasses could capture every moment of our days.”

In 2016 former FBI director James Comey was asked if he covered his laptop’s webcam with tape.7 His response was “Heck yeah, heck yeah. Also, I get mocked for a lot of things, and I am much mocked for that, but I hope people lock their cars … lock your doors at night. I have an alarm system, if you have an alarm system you should use it, I use mine.”8

47.9% would consider selling their personal data for profit

With personal data often sold on the dark web for profit, we wanted to know if we put the decision into the hands of the data’s owner if they would ever consider selling it.

The majority of respondents, 47.9% said that they would sell their data for financial gain, while 26.5% said they wouldn’t and 25.6% said they were unsure.

Would you ever sell your data to big tech companies for profit?
Answer Percentage of respondents
Yes

47.9%

No

26.5%

I'm not sure

25.6%

Data for profit.webp

What’s more, when asked if people should earn money automatically if big tech companies sell their data, the majority of our respondents (70.9%) said “yes”. 16.5% did not agree and 12.6% of respondents were undecided. Reports from Wired show how this has been done in the past.9

Do you think you should earn money automatically if big tech companies sell your data?
Answer Percentage of respondents
Yes

70.9%

No

16.5%

I'm not sure

12.6%

Earn automatically.webp

Ownership of content, once it goes online, has always been a big topic since the birth of the internet. So we wanted to know who our respondents thought owned their content once it was uploaded to social media.

Most people, 35.6%, said that the content would belong to them and the company they shared it on. 28.8% believed that the content would be solely owned by the site it was uploaded to, followed by 27.4% who said they still owned the content after adding it to social media. Of those that said that both they and the company own the content once uploaded to social media, 67.8% were parents.

Who do you think owns your content once it is uploaded to social media?
Response Percentage of respondents
Both me and the site I upload it to

35.6%

The site I upload them to

28.8%

Me

27.4%

Not sure

8.3%

Who owns.webp

When we asked people who they thought should own the content that they upload to social media, the answer was clear. Just over half of our respondents, 50.3% said that they should own the content. The 2nd most popular choice was both the person uploading the content and the site it was shared to (23.6%), followed by just the site the content it was uploaded to (20.5%).

Who do you think should own your content once it is uploaded to social media?
Response Percentage of respondents
Me

50.3%

Both me and the site I upload it to

23.6%

The site I upload them to

20.5%

Not sure

5.7%

Should own.webp

Research from Copyrightlaws.com10 states that you own the content you post to social media, but that you give each platform a license to use your media as stipulated in their individual terms and conditions in their privacy policy.

Privacy policies

Terms and conditions can vary in length but it’s important to ensure you read them in full so you know what you’re agreeing to, especially when it comes to use of your personal data.

19.5% don’t read the full terms and conditions before they agree to them

We asked our respondents if they read the full terms and conditions from companies before they agreed to them. The majority, 52.3% said that they do, while 28.2% said they do sometimes and 19.5% admitted that they don’t read the full terms and conditions before agreeing to them.

Of those that said that they didn’t read the terms and conditions in full, 50.5% were parents and the majority, 53% were female.

Do you read the full terms and conditions from companies before you agree to them?
Answer Percentage of respondents
Yes 52.3%
No 19.5%
Sometimes 28.2%

Read T_Cs.webp

How long does it take to read privacy policies?

With our survey showing that one in five people, 19.5% aren’t reading privacy policies before agreeing to them we evaluated the number of words included in the privacy policies for the top 10 most profitable big tech companies11 each year.

We analyzed privacy policies throughout 2000-2022, where possible using Web Archive12. Some privacy policies weren’t digitized before 2005. We did not count these years in our data for those companies instead went from the first available privacy policy through to 2022.

For companies where only a partial privacy policy was available we used estimates based on data from the full privacy policies we collated13. We used Niram.org’s Read-O-Meter14 which meant we could then estimate the number of words in each policy and also the average number of words. This then showed us how long they would take to read individually, on average or in total.

Company Average number of words per policy Total number of words in all policies Average time to read a policy (h/m/s) Total time to read all policies (h/m/s)
Apple 2,433 55,951 0:12:09 4:39:32
Google 2,311 53,156 0:11:33 4:25:37
Microsoft 11,806 271,538 0:59:01 22:37:30
Samsung 3,032 69,744 0:15:09 5:48:34
Facebook 4,528 81,509 0:22:38 6:47:25
Tencent 16,834 31,987 0:08:25 2:39:48
Intel 1,993 45,841 0:09:57 3:48:58
TSMC 1,298 24,661 0:06:29 2:03:10
Amazon 2,560 58,887 0:12:48 4:54:15
Cisco 2,374 54,607 0:11:52 4:32:51

Time to read.webp

Microsoft has the longest privacy policies containing an average of 11,806 words and taking just under an hour on average, 0:59:01 to read. In fact if you read every Microsoft privacy policy since 2000 to this year it would take 22 hours 37 minutes and 30 seconds to read 271,538 words. This is based on the average reading time of 200 words per minute.15

In that time you could:

  • Watch one of the longest movies Gone With The Wind, at just under 4 hours, (03:58:00), five times16
  • Read Don Quixote, which would take nearly 22 hours, (21:43:12) to read 390.833 words.17
  • Take a 21-hour direct flight from London to Sydney, traveling almost 17,000 kilometers18

Most and least trusted big tech companies

Trust is easy to lose and hard to win back. With that in mind, we wanted to find out which big tech companies our respondents trusted the most and least with their personal data.

Over 50% of people trust Apple the most with their data

We asked our survey respondents which of the top 10 most profitable big tech companies19 they trust the most.

51.3% said that they trust Apple the most with their personal information, followed by Microsoft at 10%. Google took 3rd place as the most trusted big tech company at 9.7%. Samsung (4.7%) and Amazon (3.5%) took the remaining spots in the top 5 most-trusted companies.

Of those that chose Apple 46.2% were aged 25-34, and 53.7% were female.

Top 5 Most-Trusted Companies
Rank Company Percentage of respondents
1 Apple 51.3%
2 Microsoft 10%
3 Google 9.7%
4 Samsung 4.7%
5 Amazon 3.5%

Most trusted.webp

We asked our survey respondents why they trust these companies with their data. The most common answer was that they have their customer’s best interests at heart (36.4%). 25.7% said they trusted the companies because they had used them for years, whilst good reputation was the main reason for 13.1%. However, 17.9% of respondents told us that they didn’t trust any of these 10 companies.

TSMC is the least-trusted company

The tech giant Taiwan Semiconductor Manufacturing Company (TSMC) was shown to be the least trusted company with just 0.1% of respondents saying they trusted them with their data. 100% of those that chose TMSC were female and aged between 35-44. Tencent and Cisco came in joint 2nd place at 0.6%, followed by Intel in 4th place at 0.7%. In 5th place was Facebook with just 1.1% of respondents saying that they trust the social media company with their personal data, which isn’t surprising given the Cambridge Analytica fallout and ongoing discussions on data privacy.

Top 5 Least-Trusted Companies
Rank Company Percentage of respondents
1 TSMC (Taiwan Semiconductor Manufacturing Company)

0.1%

2 = Tencent

0.6%

Cisco

0.6%

4 Intel

0.7%

5 Facebook

1.1%

top-5-least-trustred-companies-explod...

Which companies do parents trust the most and least with their children’s data?

71.4% of our respondents told us that they had children or were expecting their first child. We were keen to see how they felt about the use of personal data when it came to their children.

Apple was the most popular choice for the company that parents trust the most with their children’s data at 53.2%. 55.1% of those that chose Apple as their most trusted company were female, with a further 44.5% being male, 0.3% non-binary and 0.2% preferring not to disclose their gender. The majority. 46.9% of those that told us they would trust Apple with their children’s data were aged between 25 and 34.

Parent’s Top 5 Most-Trusted Companies
Rank Company Percentage of respondents
1 Apple

53.2%

2 Microsoft

9.8%

3 Alphabet (Google)

8.4%

4 Samsung

5.7%

5 Amazon

3.5%

Parents most trusted.webp

However, it’s worth noting that 15.3% told us that they don’t trust any of the above companies with their children’s data.

Parent’s Top 5 Least-Trusted Companies
Rank Company Percentage of respondents
1 Cisco

0.3%

2 = Intel

0.4%

Tencent

0.4%

TSMC

0.4%

5 Facebook

1.7%

parents-top-5-least-trusted-companies...

Cisco was shown to be the company that parents trusted the least with their children’s personal data. 66.7% of those that picked Cisco were aged between 25-34 with the remaining 33.3% stating they were aged between 35-44. Research from Osano shows that the California Privacy Rights Act (CPRA) increases fines for breaches of children’s data threefold.20

Data Big Tech companies hold on us

An analysis of privacy policies from Google, Facebook, Apple, Twitter, Amazon and Microsoft by Security.org21 highlights the data big tech companies are collecting on us. Using the fields they investigated we asked our respondents which data they would prefer wasn’t collated on them. We then compared this to Security.org’s analysis and noted the data that they confirmed at least one of the big tech companies they looked into captured.

Personal information

We wanted to establish which personal information our respondents wouldn’t want big tech companies to collect on them. The vast majority, 41.3% said they don’t want companies collecting their name, followed by 15,7% who don’t want their passwords stored by big tech companies. We have included the most common personal data our respondents were concerned about below.

Personal data Don't want data collated Is data collated?
Name 41.3%
Username 14.9%
Phone Number 6.7%
Password 15.7%
Payment Information 7.4%
Address 2.1%
Email Address 1.1%
Social Security Number 5.5%

Personal data.webp

Data from Security.org22 suggests that all the above personal information is collected on users by at least one of the big tech companies they analyzed.

Unique identifiers

We went on to ask which unique identifiers our respondents would prefer companies didn’t collect on them. The vast majority of people, 60.6% would prefer that companies don’t track their IP address, followed by 18.6% who didn’t want data on their system activity recorded. You see further information on the most commonly selected unique identifiers by our respondents below.

Unique identifiers Don't want data collated Is data collated?
IP address

60.6%

System Activity

18.6%

Date, time and referrer URL of requests

9.4%

Browser type

4%

Data about interactions between apps

6.3%

Device type

1.1%

Unique identifiers.webp

Research from Security.org23 suggests that all the above unique identifiers are collated by at least one big tech company.

Activity information

Our survey asked people which activity information respondents didn’t want companies to collate. Search terms was the most common response at 45.5%, followed by messages at 24.6%. You can see the most common activity information that people would prefer not to be collated and then if it is collated below.

Activity information Don't want data collated Is data collated?
Search Terms

45.5%

Messages

24.6%

Content

6.7%

Videos Watched

5.2%

Views and Interactions with Content and Ads

3.9%

Time, Frequency and Duration of Activity

1.7%

Activity information.webp

Again, the study from Security.org24 suggests that all the above activity information is captured regularly by at least one big tech company on their users.

Location information

Location information is something we have become used to sharing online in order to access tools like GPS for travel and leisure.

Our survey asked which location information our respondents didn’t want companies to collate on them. Time Zone came up as the most common response at 52.9%, followed by 33.6% who chose GPS.

Location information Don't want data collated Is data collated?
Time Zone

52.9%

GPS

33.6%

Information About Things Near Device (i.e Wi-Fi Access Points, Cell Towers, Bluetooth-enabled Devices, etc.)

13.5%

Location information.webp

All of the above location information has been reported as being collected by at least one big tech company, of those analyzed by Security.org.25

Publicly accessible sources of data

Our survey asked people which publicly accessible sources of data they wouldn’t want companies to collect on them. Data on the local newspapers they read was the top choice at 52.6%.

Publicly accessible sources Don't want data collated Is data collated?
Local Newspapers

52.6%

Advertisers

22.7%

Credit History From Credit Bureaus

24.7%

Public.webp

All of the above publicly accessible sources of data are believed to be captured by at least one big tech company according to Security.org.26

Methodology and sources

The survey was conducted via Amazon’s Mechanical Turk platform collecting responses from 1,617 Americans from a range of backgrounds between July 21st and August 1st, 2022.

The demographic breakdown of our respondents is as follows:

Gender Percent
Female 54.1%
Male 44.8%
Non-binary 0.8%
Prefer not to say 0.3%
Age Percent
18-24 8.7%
25-34 45.9%
35-44 23.9%
45-54 11.3%
55-64 8.1%
65 and over 2%
Prefer not to say 0.1%

To establish how people are safeguarding their data, we asked a number of questions in the survey related to predicting their data online, ownership of data and their understanding and trust of big tech companies. We reviewed the data from Security.org on what information is captured by big tech companies and noted any that did collate the data in question and marked this as a yet overall.

We analyzed the number of words included in the privacy policies for the top 10 most profitable big tech companies27 each year, taking the first available privacy policy for each company.

We reviewed privacy policies throughout 2000-2022 where possible using Web Archive28. In some instances, the company didn’t have an online privacy policy in place before 2005 either because the company wasn’t founded as yet or the policy hadn’t been digitized. We did not count these years in our data for some companies and used data from the first available privacy policy through to 2022.

For companies that only had part of their privacy policy available we have used estimates based on data from the full privacy policies we obtained. We based our calculations on the average reading time of 200 words per minute using Niram.org’s Read-O-Meter29 to estimate both the number of words and time to read.

Sources

  1. https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/
  2. https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/
  3. https://www.vice.com/en/article/wjbzzy/your-phone-is-listening-and-its-not-paranoia
  4. https://www.cnet.com/tech/computing/our-devices-are-listening-to-us-all-the-time-but-do-we-care/
  5. https://www.varonis.com/blog/us-privacy-laws
  6. https://www.wired.com/story/i-sold-my-data-for-crypto/?GuidesLearnMore
  7. https://www.washingtonpost.com/technology/2021/11/30/webcam-cover-privacy/
  8. https://www.theguardian.com/commentisfree/2018/apr/06/phone-camera-microphone-spying
  9. https://thehill.com/policy/national-security/295933-fbi-director-cover-up-your-webcam/
  10. https://www.copyrightlaws.com/who-owns-your-social-media-content/
  11. https://companiesmarketcap.com/tech/most-profitable-tech-companies/
  12. https://web.archive.org/
  13. https://web.archive.org/
  14. https://niram.org/read/
  15. https://niram.org/read/
  16. https://www.newsweek.com/longest-movies-all-time-hollywood-english-running-time-1628851
  17. http://www.personalcreations.com/blog/how-long-does-it-take-to-read-popular-books
  18. https://www.weforum.org/agenda/2019/05/planes-can-now-fly-for-21-hours-non-stop-but-are-humans-ready/
  19. https://companiesmarketcap.com/tech/most-profitable-tech-companies/
  20. https://www.osano.com/articles/data-privacy-laws
  21. https://www.security.org/resources/data-tech-companies-have/
  22. https://www.digitalinformationworld.com/2018/12/here-is-what-the-big-tech-companies-know-about-you.html
  23. https://www.security.org/resources/data-tech-companies-have/
  24. https://www.security.org/resources/data-tech-companies-have/
  25. https://www.security.org/resources/data-tech-companies-have/
  26. https://www.security.org/resources/data-tech-companies-have/
  27. https://companiesmarketcap.com/tech/most-profitable-tech-companies/
  28. https://web.archive.org/
  29. https://niram.org/read/