When it comes to sharing data, blind faith isn’t enough.
Today’s consumers have a heightened awareness of the risks involved and are paying closer attention to how companies manage these risks. They also depend on governments and legal frameworks to help protect their privacy.
These were some of the key findings in Cisco’s 2024 Consumer Privacy Survey, which captured responses from more than 2,600 people across 12 countries. Their answers revealed some strong trends in consumers’ concerns about their data — and what companies must do to ensure their trust and loyalty.
To learn more, we spoke with Harvey Jang, Cisco vice president, deputy general counsel, and chief privacy officer.
Thank you, Harvey! First off, what were the overarching goals of this survey?
Thanks, Kevin! We've been doing the survey since 2019; this is our sixth one! The Consumer Survey provides a better understanding of people’s attitudes and trends regarding privacy. These insights can help organizations and policy makers see how privacy and trust are impacting consumer confidence, buying habits, and brand loyalty.
Privacy laws have been enacted in more than 160 countries around the world. How is awareness of these measures evolving?
Privacy laws have been percolating around the world for decades, and more so since the EU GDPR was enacted in 2016. These laws, with significant penalties if violated, have increased awareness about privacy. Headlines that showcase fines in the tens, even hundreds of millions of dollars, got everyone’s attention. At the same time, privacy regulators have been working hard to make people aware of their rights, helping companies comply, and highlighting the business benefits (beyond compliance) that come with properly managing personal data and respecting privacy.
So, consumers have a positive view of the laws?
Yes, 70 percent of all consumers we surveyed believe that privacy laws have a positive impact. What’s even more interesting is that people feel they have the law on their side and a clearer idea of what companies can do — or not do — with their data. Our survey also indicated that more than 80 percent of consumers who are aware of privacy laws in their jurisdictions feel that they can better protect their data. That number drops sharply, to 44 percent, when they are not aware of the laws.
Sometimes government regulations spark a backlash. Any sign of that happening?
Actually, quite the opposite. There's a push to have more privacy laws — so long as they are consistent and interoperable with existing laws. It becomes challenging when each jurisdiction writes their own laws with bespoke, and sometimes conflicting, requirements. We're seeing this happen in the U.S. We have 20 state privacy laws enacted and several more being drafted. That’s why there’s been a call for unifying federal legislation.
What is Cisco’s position on U.S. federal privacy legislation?
We’ve been supportive of the concept of federal legislation, especially in the age of AI. Our CEO Chuck Robbins has stated that we view privacy as a fundamental human right. As with any legislation, the details will matter, and we remain committed to continue the discussion with all stakeholders to make progress on a federal privacy law.
Generative AI could upend many online habits. How many people are already using it?
Of Cisco survey respondents who are regular users of Gen AI, it came in at about 12 percent last year. This year, it nearly doubled, to 23 percent. That’s regular users. A much higher number is dabbling and playing with GenAI to see what it can do. It's great that people are exploring what AI is, what it's capable of, and what it's not. But these are still early days, and new considerations seem to emerge almost daily. While the number of AI users doubled in our latest survey, that’s still only a quarter of respondents. So, we expect that number to grow as AI gets further embedded in our daily lives.
In Cisco’s survey, Gen AI is viewed in a mostly positive light, with 63 percent seeing it as useful in improving lives.
Yes, they do see the promise and hope in new technology, notably in healthcare. They are also becoming more aware of the risks. Unfortunately, very sophisticated threat actors are using AI to create deep fakes, scams, and engage in other nefarious activities. On the flip side, we are seeing companies, researchers, and governments investing more heavily in privacy enhancing technologies, cybersecurity, and online safety to combat these bad actors.
To what extent do consumers expect organizations to use AI responsibly?
It’s increasingly important, as 78 percent in our survey confirmed. At Cisco, we’re a leader in Responsible AI, and we take it very seriously. Our Responsible AI Framework is based on six foundational principles: transparency, fairness, accountability, security, privacy, and reliability. But it doesn’t stop there. We’re constantly challenging ourselves and our ideas are continuously evolving.
Does Cisco’s leadership on AI extend beyond the company?
Yes, we’re proud to contribute to the ongoing discussions around AI governance globally, regionally, and nationally. To name just a few examples, we’ve supported the work of the G7 on AI, and we’re proud signatories of the Vatican’s Rome Call for AI Ethics. We’re also leading the AI-enabled ICT Workforce Consortium. That’s an effort to connect leading companies to study the impact of AI on the ICT workforce, as a direct result of the EU-US Trade and Technology Council.
Is doing the right thing and being responsible with data privacy good for business?
Absolutely. As our survey showed, 75 percent of the respondents won’t buy from companies they don’t trust with their data. And companies have to maintain that trust — in our survey 51 percent of “Privacy Actives” have switched companies due to concerns over data privacy practices. Building and maintaining trust is a business imperative.
In the survey, companies weren’t the only ones singled out.
Yes, in terms of AI, data privacy, and responsibility overall, we're seeing a healthy trend towards shared responsibility. Companies need to be transparent, fair, and accountable to build trust. Governments should pass thoughtful legislation and enforce them to ensure a consistent base line of care is established and adhered to. And consumers need to take action — to be selective about whom they engage with, and aware of privacy risks and practices.
Any thoughts on future trends?
I think some of these same trends we’ve been tracking over the years will continue. We’re seeing more shared responsibility when it comes to protecting privacy; consumers taking action, organizational accountability, and regulatory enforcement will continue to rise. We’re also seeing a move towards data centricity — to understand data and its entire life cycle. That would include everything from where it came from and who it belongs to, to who gets to use it, where’s it going, and what benefits and risks it could pose. We’ve talked about this for decades, but now we’re beginning to see real traction towards treating data as an asset (and liability if not properly managed). So, overall, I'm encouraged at the very real progress we’re making, both in increased awareness and concrete action.