In the spirit of recent events surrounding the revelations about Cambridge Analytica and the breaches of trust regarding Facebook and personal data, ISOC UK and the Horizon Digital Economy Research institute held a panel discussion on “Multi Sided Trust for Multi Sided Platforms“. The panel brought together representatives from different sectors to discuss the topic of trust on the Internet, focusing on consumer to business trust; how users trust online services that are offered to them. Such services include, but are not limited to, online shopping, social media, online banking and search engines.
The panel was chaired by Ansgar Koene and consisted of:
- Catherine Miller – Director of Policy at Doteveryone, who have recently published a ‘Digital Attitudes Report’ ( http://attitudes.doteveryone.org.uk/ )
- Geoff Revill – Founder & Managing Director of Krowdthink Ltd, an SME/platform provider
- Kate Green – ISOC 25 Under 25 Awardee doing research on user experience and trust in online health communities
- Robin Wilton – Technical Outreach for Identity and Privacy at the Internet Society
Discussion points that were given to the panel included:
A recurring finding from research on user attitudes to privacy online has been the ‘privacy paradox’; people say are concerned about privacy, but their online behaviour does not appear to reflect this. What might be some of the contributing factors in this disconnect between values and behaviour?
While users are now more aware of some of the risks of ‘social’ privacy breaches online (e.g. potential employers seeing social media antics), there is very little understanding of what the concrete implications might be of ‘commercial’ privacy breaches — what kind of risks do users need to be aware of when deciding whether or not to entrust a company with their personal data?
Following the Cambridge Analytica controversy, users have been moving en mass to #deletefacebook, but — aside from the fact that users don’t seem to actually be deleting their accounts after all — experts have pointed out that this won’t be effective in excluding users from tracking. What kinds of practical action are users actually able to take within current infrastructure in response to feelings of mistrust or concern regarding a platform?
The General Data Protection Regulation, or the GDPR, is often discussed as a game changer in terms of protecting users, requiring responsible behavior by companies who as of yet have gone largely unregulated. What do you consider to be some of the successes and oversights of the GDPR? Is there a risk that some of the most powerful corporations will find ways to circumvent the legislation?
Platforms such as Facebook often claim that they cannot exhibit transparency regarding how they use personal data, because this would undermine their proprietary methods for delivering digital advertising. This practice asks users to simply trust that Facebook’s data practices are ethical, and businesses using their advertising services to trust that they are as sophisticated as claimed. How can this conflict between social and commercial interests be resolved?
Not all users access online services with good intent. Malicious actors may try to hack companies’ websites to gain access to internal servers, may try to use an online platform for phishing explorations against other users or seek to insert fake product ratings or fake news. How much of a threat do such malicious actors pose to the current internet business ecosystem? How is this effecting the trust between businesses and users? What can/should business and users do to mitigate these problems? Should governments play a (greater) role?”