The recent Facebook and Cambridge Analytica scandal (https://www.theguardian.com/technology/2018/apr/04/facebook-cambridge-analytica-user-data-latest-more-than-thought) raised once again concerns about the never ending dilemma between the power that social media giants have gained thanks to consumers’ personal data and the risks that misuse of this data can generate.
Whether in this case the issue was caused by the lack of transparency on how Facebook data can be used or rather to the limited control of how third party developers might misuse those data, the overall situation showed once again how trust is at stake for social media platforms when consumer personal data is not managed properly.
As result, reputation damages and lack of trust undermine the foundations on which social media platform built their business model. They combine in just one place, both the elements that have fueled so far the Internet’s most profitable business model: the targeted advertisement.
In fact, by offering and exploiting a number of perks that keep people always engaged and tempted to share even more of their habits and preferences, social media successfully managed to capture a lot of users data, while maintaining high their users’ desire to spend time on the platform itself.
This constitutes a goldmine for advertisers, because they get both in one place: the data to identify their targets and the targets themselves. This resulted in a much simpler model which was easier to adopt than the traditional one, rendered possible by cookie tracking across the entire World Wide Web or through access to search engines.
While this model can hardly be expected to change in the short term, despite concrete expectations that better use of personal data and personalization will open new business models and opportunities, consumers nevertheless deserve to better understand the implications of this industry of which they are an integral part.
It is known that consumers don’t like to read long and legalese privacy policies (http://attitudes.doteveryone.org.uk), whether because of their length and complexity or the pressing individual need to access the offered service, no matter what.
To mitigate this information fatigue and fuel more informed decisions, the upcoming General Data Protection Regulation (aka GDPR), in force in the EU Member States from May 25th, is demanding for more concise, easy-to-understand Information Notice statements.
While a number of different examples started to emerge with companies, including Facebook and its total redesign of their Privacy Center (https://techcrunch.com/2018/04/17/facebook-gdpr-changes/amp/?__indieweb_impression=true) in an attempt to increase transparency on how customers data are used, a simple and concise way to do that is still a long way to go (http://www.digitalcatapultcentre.org.uk/wp-content/uploads/2018/04/Personal_Data_Receipts_r1.5.pdf). Transparency still struggles to become synonymous for accessibility.
To understand how to truly achieve transparency and accessibility, we need to answer a few questions:
In order to happen and be useful, this dialogue needs some coordination across a number of involved stakeholders. The TRUESSEC.EU project is a European initiative, funded under the EU’s Horizon 2020 framework programme. It aims to provide guidelines on how trust in digital services can be re-built by starting from a consumer perspective and by valuing first human rights more than business needs. Transparency and accessibility are at the core of this attempt of re-instantiating trust. However, it is clear that existing barriers for their adoption need to be understood and a way to overcome them co-created with all the interested stakeholders (consumer associations, service and technology providers, regulatory and standardisation bodies etc).
To do that, TRUESSEC.EU created the Stakeholder Online Platform (SHOP) to foster this and other debates and to subsequently translate the summary of these discussions into Recommendations for the European Commission . The result should be the creation of a scheme that will help businesses of all sizes and sectors to build, regain and measure the trust that will fuel the engagement of their customers.
If you want to contribute to this debate, follow the progress of the TRUESSEC.EU project and have your say on how the final Recommendations will develop, just join us at https://truessec.eu
On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.