2018/03 : Digital Transformation: Enabling Trust through Labels

N°2 - March 2018 - Signs of trust: What impact can labels have on the management of our personal data?

Issue editor:
Claire Levallois-Barth
Associate Professor of Laws at Télécom ParisTech (France), Coordinator of the Chair Values and Policies of Personal

freely downloadable in english in october 2018, with a print version and a freely downlaodable version in French language.

See the table of content [1]

In this report, The Chair Values and Policies of Personal Information tackles the issue of trust from 4 multidisciplinary perspectives: legal, technical, economical and philosophical. Trust, as the foundation of any society, underpins all institutional and commercial exchanges as well as the role these exchanges play in building a cohesive social body. Yet we are currently experiencing a crisis of trust most likely enabled by digital technologies, since the social ties preceding digital commercial exchanges are not old or strong enough and consumers are not always aware of the “quality” of digital goods, even after consumption.

What are different forms of trust, and how are they changing?

In economics, trust is often associated with the risk each consumer assigns to the compensation they receive in a transaction. Assessing this risk is essential and depends on the data available to consumers. Labels, in their capacity as markers of trust, should therefore reduce the information asymmetry between buyers and sellers.

Qualifying risk has evolved with new technologies, and computer science now grounds trust evaluations on risk assessments. Historically, computer scientists needed to certify IT security products and this approach was recently extended to trust service providers. This top-down process is regulated by public authorities and delivers different levels of certification. Technological change, in particular the increase of processing and storage capabilities, has paved the way for a second perspective: trust through big data analysis. This approach allows to score individuals and digital services, and is aimed at increasing trust between individuals and digital services (e.g. authentication ) or between a State and its citizens. The example of blockchain is particularly relevant because failures of trust are organisational rather than technical. The concentration of mining power among certain group, especially in China, is one of such organisational trust issues.

In law, trust is usually defined as believing in one’s good faith. Trust is first used to protect vulnerable parties, most importantly the person whose data is being collected. However, digital transformation has re-oriented the legal approach to ensuring the effective operation of markets by adding third parties to provide trust, for instance to deal with digital death or medical data. It is therefore necessary to update our understanding of how law implements the question of trust. No longer defined solely by constraining provisions ("hard" law), legal mechanisms now also aim at nudging the behaviour of both consumers and producers of digital goods and services ("soft" law). In this context, labels, as outward and visible markers of trust, are central as they are able to orient these behaviours.

Finally, from a socio-philosophical perspective, trust acts as one of the main uncertainty-reducing mechanisms in our increasingly complex modern society. To reduce complexity, a conceptual distinction is made between declared trust and assured trust (or confidence).

How can labels be designed as mechanisms towards trust?

Labels undoubtedly provide economic benefits both for consumers and companies. Clients need to be reassured on the efficiency of digital services before they engage in a trusted economic exchange. No business model for online trust has emerged however, because of contradictory incentives. For instance, when pricing the delivery of a label, that label should be expensive enough that it sends a clear message of commitment to potential clients, but not too expensive that companies would have no interest in participating.

Labels need to be considered as a support mechanism for companies to gradually increase their level of data protection; but the concrete details of such mechanism still need to be elaborated on. State intervention is necessary on at least three issues: establishing a reference framework, certifying companies that deliver labels and imposing deterrent sanctions in order to stabilise the market.

Necessary as it might be, State intervention, if too strict or too costly, can push economic actors towards private labels,  which can have a misleading effect as they offer an idealized picture of the actual levels of data protection. We consider this risk to be very tangible today, as the methods of label creation and delivery are under regulated.

Lastly, this report frames the issue of labels within a larger perspective, including three main questions.

First, what is and what should be the State’s role? Once solely managed by the legislative branch, labels are now handled to varying extents by the State, markets and consumers - as the rise of soft legal mechanisms shows. This evolution can be interpreted as either States giving up on their ability to regulate certain aspects of digital technologies, especially globally, or entering a constructive dialogue with non-State entities such as labelling and consumer organisations and professional associations.

Second, the current state of trust has an impact on individuals. On the one hand, labels provide consumers with information, but on the other hand, it is difficult for consumers to exercise their free will: is there a risk that labels become so omnipresent they disempower users by releasing them from critical analysis?

Finally, this book explores the relation between trust and design. Approaches such as “privacy by design“ and more recently “data protection by design” are becoming part of common speech. Over-using such notions could however make them meaningless. We therefore searched what “trust by design” could mean, along with the limits and contradictions that such a notion could bear.

Is the major risk not that of trying to formalise and nudge trust-based relationships, especially through the use and creation of labels?

_____________________________________________________________________

[1See table of content.

Table of Content: Signs of trust - what impact can labels have on the management of our personal data?

Introduction
Armen Khatchatourov

Chapter 1. Trusting digital technologies: outward signs towards the regulation of oneself
Armen Khatchatourov

Chapter 2. The use of trust in law
Claire Levallois-Barth

Chapter 3. The use of trust in economy
Patrick Waelbroeck and Antoine Dubus

Chapter 4. Trust in computer science: managing risks
Maryline Laurent and Armen Khatchatourov

Chapter 5. An international overview of labels related to personal data
Claire Levallois-Barth and Delphine Chauvet

Chapter 6. Labelling for compliance: implementing the policy framework and beyond
Claire Levallois-Barth and Delphine Chauvet

Chapter 7. Labelling for credibility: from current practices to quality improvement
Claire Levallois-Barth

Chapter 8. Labelling mechanisms in the General Data Protection Regulation (GDPR)
Claire Levallois-Barth

Chapter 9. Markers of trust: an economic analysis
Patrick Waelbroeck and Antoine Dubus

Chapter 10. The economic consequences of labels
Patrick Waelbroeck

Chapter 11. Is blockchain a trustworthy technology?
Maryline Laurent

Conclusion
Armen Khatchatourov, Claire Levallois-Barth, Maryline Laurent and Patrick Waelbroeck

 

Comments are closed.