Data Ethics Facilitates Trust - BSAN718-M4 PDF
Document Details
Tags
Summary
This document explores how data ethics facilitates trust within the context of the data-saturated modern environment. The document discusses various case studies of companies and examples such as Churchdesk and Lego. These discussions further analyze the importance of digital trust and privacy in business settings.
Full Transcript
CHAPTER 4 DATA ETHICS FACILITATES TRUST When you walk into a grocery store, you have all the tools necessary to choose between the wide range products for sale. Quite literally, you can pick whatever you want to buy and read through its ingredients and nutritional f...
CHAPTER 4 DATA ETHICS FACILITATES TRUST When you walk into a grocery store, you have all the tools necessary to choose between the wide range products for sale. Quite literally, you can pick whatever you want to buy and read through its ingredients and nutritional facts. You trust that the milk you're buying won't make you sick. Rarely do we stop and think about the machine behind the system of trust indicators that surround us when we decide what to put in our grocery basket: legal requirements regarding ingredients, glob- ally-negotiated health standards, etc., all embedded in the item's pro- duction chain. We trust there is a formal system in place to manage the risks. We delegate trust, so to speak. In today's data era we are seeing the creation of a new trust system to manage the risks of a data-saturated environment. New require- ments regarding businesses' treatment of personal data are embedded in laws, global ethical standards are created, verification systems for customers are emerging. Cutting-edge companies are already respond- ing to this ongoing global negotiation of standards, roles, rights and responsibilities. They're building their customers' digital trust. Churchdesk. When Churchdesk wanted to export its platform for churches to Germany, they were asked where they stored their data. Like so many others, they had chosen Amazon Web Services (AWS), which is functional as well as cheap. But the 55 DATA ETHICS – THE NEW COMPETITIVE ADVANTAGE Germans wouldn't accept that. And the argument that it was Amazon Ireland, in Europe, didn't help. No, the data needed to be stored in Europe by a company with European headquarters if the Germans were to buy the platform, which contained sensitive data of a religious nature on citizens. So Denmark- based Churchdesk moved their data from Amazon Ireland to a more expensive German cloud service, T-Systems. At the same time, they had to certify their workflow concerning data and they ended up with a large bill in order to meet the German demands on data protection. It turned out to be worth every penny, they say45, for data protection quickly became a competitive parameter for Churchdesk in Germany and later in the UK. LEGO. Over 50 million children play in LEGO's online universes. When they log on to services that require parental consent, they use LEGO ID. At first LEGO considered using social media connect buttons because many children already were on social media platforms, but in the end the toymaker chose not to as it was unable to get assurances from such platforms as to what type of data would be reaped from its sites. LEGO says it has a corporate responsibility as to how subcontractors and partners use data of its customers, just like the company is accountable for its physical suppliers' environmental and social behaviour. As a result, there are no third party cookies on LEGO websites aimed at children under 13 years. LEGO says it wants to be in control of what happens to its customers' data. Free third party analytics tools are not used and all data is stored in Taulov, Denmark (with the exception of the data pertaining to Russians, because of legal requirements to store their data in Russia). With a mix of users that also includes minors below the age of 13, LEGO adheres to 45. CEO and founder Christian Steffensen, March, 2016, personal interview. 56 DATA ETHICS FACILITATES TRUST the US COPPA regulation aimed at protecting children (similar rules on age limitation are introduced in the GDPR from 2018). They also encourage children to use pseudonyms as an additional way to protect their identities. TomTom. Location data or GPS data is personal data. The Dutch company TomTom, which sells GPS hardware and software for self tracking (e.g., for fitness watches) and for cars is differentiating itself from its competitors by building privacy protection into its products. For example, TomTom promises to delete all data that would make it possible to identify you or your device from the location data they receive within 24 hours after your device is powered off. In its privacy policy the company claims to not know where the user has been and to be unable to tell anyone else this, even if forced to.46 Churchdesk, LEGO and TomTom are examples of companies that have taken an extra step to cultivate their customers' trust around the treatment of their personal data. They are reflective of dataflows and restrict it to stay in control, even informing their customers about it. Rather than an obstacle, data protection and privacy are seen as com- petitive factors by these companies. "We can see that data protection is more and more sought after, so it's a competitive advantage," said Dieter Carstensen47, head of digital child safety at LEGO. "Our top management has decided and fully support our restrictive rules on the use of personal data – even if in the short term it may have an economic impact on LEGO." Other players in the field have gained experience the hard way. In September 2016 Viacom, Mattel, Hasbro and JumpStart agreed to pay a total of $8 35,000 in violation of the Children's Online Privacy 46. Privacy Policy, TomTom.com, 2016. 47. Head of Digital Child Safety, Dieter Carstensen, January, 2016, personal interview. 57 DATA ETHICS – THE NEW COMPETITIVE ADVANTAGE Protection Act for tracking the activity of and collecting personal infor- mation on children under the age of 13.48 DIGITAL TRUST “Trust is beautiful", according to Neil Richards and Woodrow Hartzog.49 Trust is the foundation of our relationships in a digital soci- ety and the treatment of privacy is the balance established between companies and people. The problem is, they argue, that we do not understand privacy as an issue of trust, only as a matter of protection, compliance and administrative burden. Rather than being 'privacy pessimists', we should be 'privacy optimists' and see privacy as a way to build trust. The way we approach and handle personal data and pri- vacy is a core trust indicator. Trust is a prerequisite for the establishment of a digital relationship be it two people communicating with each other, between a publisher of information and their readers, or between a business and a con- sumer. The Internet has made our world smaller; we can interact with several different companies, institutions and people, and establish rela- tionships across great spatial distances. It's a phenomenon that, in 1990, geographer David Harvey called 'Time-Space Compression'50: the result of a technological development that reduces spatial and tem- poral distances and, so to speak, compresses the space we move around in. Distance is also what has made trust a key prerequisite for online interactions where determining authenticity is a core issue. One simple example is online shopping. You, as a customer, do not have the same opportunity to confirm a service's authenticity as when you step into a physical store, where you can see and 'feel' the people and organisation you are dealing with. Studies show that consumers' digit- al trust is at its lowest when it comes to online shopping. 48. Popular websites fined $835,000 for tracking kids online, CNET, 2016. 49. Taking Trust Seriously in Privacy Law, Stanford Technology Law Review, 2015. 50. The Condition of Postmodernity, Blackwell Publishers Ltd, 1990. 58 DATA ETHICS FACILITATES TRUST THE SNOWDEN EFFECT The term 'Snowden Effect' has been used to describe the large scale political, cultural and economic fallout after American whistle-blower Edward Snowden's mass surveillance revelations in June 2013. Although not in agreement on its concrete manifestations, there is one thing politicians and industry representatives around the globe agree on: The revelations on programmes such as PRISM, which illustrated US intelligence's access to American social media services, caused a digital trust crisis. Tech monoliths Facebook, Apple and Google saw this immedi- ately and were the first to attempt to reassure their users in order to restore trust in their services. They immediately denied all knowledge of the PRISM programme. Google founder Larry Page responded quickly with a surprised blog post titled 'What the...?', and later with a more official statement that emphasised a very personal style of cus- tomer relations: '"Google cares deeply about the security of our users' data...". Page and his company were clearly aware that the trust-based relationship created with users had been severely damaged. Aol, Apple, Facebook, Google, Microsoft and Yahoo, along with other US companies and organisations, then wrote a letter to President Barack Obama, where they asked to be allowed to publish the specific figures on requests for personal data on their users under the US Patriot Act and the Foreign Intelligence Surveillance Act (FISA). To them, trust is about creating transparency for their customers concerning their inter- actions with the US government. Through this transparency effort, they hope to reduce the distance the revelations created between them and their customers – but without reducing their own access to and capitalisation on that same personal data. 59 DATA ETHICS – THE NEW COMPETITIVE ADVANTAGE THE SHARING ECONOMY Trust is profit. Quite literally. It's the business model for Internet com- panies like the private home rental service Airbnb, the platform where you can hire people for smaller jobs and tasks TaskRabbit, the car- pooling service BlaBlacar or GoMore and many other companies like these which form the sharing economy. Their business is to mediate trust between private individuals by giving them the tools to verify or to create expectations about each other and the products and services they use. Rachel Botsmann, the woman behind the 'collaborative consump- tion' concept, speaks of 'reputation capital'.51 That is, the value of one's reputation in this new type of collaborative sharing economy. She uses the example of a landlord on Airbnb, who got a cat to avoid getting a bad review from a guest who had seen a mouse running across the floor in the apartment he was renting. In the sharing economy, private individuals trade, exchange information and expenditures, and work together using the Internet, often without knowing each other before- hand. And all deals they make depend on the reputation they have built up via reviews and the products and companies they choose to support. Carpooling services mediate the trust between a person with a car and his or her potential passengers via recommendations from other former passengers. On private home rental platforms you rent a vacation home from a total stranger. Trust is mediated by these ser- vices, which have built systems that allow the user to, for example, verify the landlord's descriptions by reading other people's reviews, to guarantee his/her deposit and, in turn, for the landlord to check the renter's ID. Trust is the business model of the sharing economy. As Airbnb's slogan says, '2 million listings. 60 million guests. 191+ coun- tries. Trust is what makes it work.' 51. The Capital of the New Economy is Trust, Rachel Botsman, TEDGlobal, 2012. 60 DATA ETHICS FACILITATES TRUST TRUST IS ACHIEVED IN VARIOUS WAYS For consumers, trust is about expectations; more precisely, it's about something or someone living up to your expectations. Your expecta- tions as a consumer in digital space, in turn, are defined by various factors. It could be everything from the design of a website that cre- ates certain associations, personal experiences or things you've heard through the grapevine. Trust can also be achieved through different types of seals and certifications, where independent third parties ensure that what a company does can be trusted. Some companies have built up consumer trust for many years in the physical world, which they bring with them into the digital uni- verse. COOP. One of the largest food retailers in Denmark, COOP, has over 1.5 million loyal customers (in a national population of 5.6 million). The COOP Group uses personal data to personalise offers, analyse customer behaviour, optimise stores and provide members with deals from corporate business partners. But COOP, which is owned by its members, has set a limit to its data use. For example, the company has chosen thus far not to leverage customers' geographical data to push location-driven deals through to their smart phones. And COOP does not use price differentiation, that is, they do not set different prices based on knowledge of customer needs and behaviour. Customers get different offers depending on their shopping patterns.52 52. COOP interviewed August 2015 and March 2016. 61 DATA ETHICS – THE NEW COMPETITIVE ADVANTAGE MADE IN EUROPE The economic effect of Snowden's revelations cannot be mistaken in Europe. They resulted mainly in distrust towards US-based compa- nies. As the at that time Vice President for the EU Commission, Neel- ie Kroos, explained a month after the revelations: "If businesses or governments think they might be spied on, they will have less reason to trust the cloud, and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets, if you suspect or know they are being shared against your wishes? Front or back door – it doesn’t mat- ter – any smart person doesn’t want the information shared at all. Cus- tomers will act rationally, and providers will miss out on a great oppor- tunity...If European cloud customers cannot trust the United States government or their assurances, then maybe they won't trust US cloud providers either. That is my guess. And if I am right then there are multi-billion euro consequences for American companies."53 The non-profit think tank Information Technology and Innova- tion Foundation (ITIF) concluded that the robust competitiveness the US tech industry exhibited before Snowden, has fallen victim to the US government's surveillance programmes and that the price tag actu- ally exceeds the 35 billion dollars in lost revenue that they originally predicted would be the loss over three years.54 In 2014, SURFnet, the Netherlands' network organisation for high- er education and research, decided to create an entire department to develop its own cloud services (such as SURFdrive). Erik Huizer55, the CTO at SURFnet, said that this happened because universities dis- covered their data was on servers they didn't trust. At first they talked 53. Statement by Vice President Neelie Kroes on the consequences of living in an age of total information, memo, 4th of July, 2013. 54. Beyond the USA Freedom Act: How U.S. Surveillance Still Subverts U.S. Competitiveness, Daniel Castro, Alan McQuinn, ITIF, 2015. 55. CTO Erik Huizer, November, 2015, personal interview. 62 DATA ETHICS FACILITATES TRUST about using servers in Germany or from another Dutch company, but then what would happen if these providers were at some point acquired by Amazon or Google? By developing their own cloud ser- vices they could be completely sure that the data would remain under their direct control and Dutch legislation. On the topic, Huizer stated: “Cloud servers are one of the first things where you can turn strict pri- vacy laws into an advantage. Store your data in my country and we guarantee that it will be protected by our laws." As testimony to this, many European institutions and companies do not want their data in the hands of US-based companies due to con- cerns about American surveillance and industrial espionage. F-Secure. “We never share your data with other sites or companies.” This was the promise to customers that the Finish cloud company F Secure included when they launched their services in 2013, attracting one million customers in their first 9 months of existence. F-Secure also explicitly makes the point to their customers that all their data is physically stored in Finland. Though American cloud companies are still dominant, non-US cloud services are beginning to get a foothold. Their selling point is a very specific trust relationship between them and their customers: 'Here, you are free from NSA Surveillance.' The message clear; a business outside US jurisdiction does not run the same risks of NSA listening in. Qwant. The French search engine has wedged itself into the distrust surrounding US-based online services. In 2014 it sold twenty percent of its shares to the German publisher Axel Springer to buy European servers. At the beginning of 2015, Qwant launched the child-friendly search engine, Qwant Junior. Although the search giant Google has announced similar plans, the French Ministry of Education said that it will use Qwant Junior in some French schools.56 56. Qwant Wants to be an Alternative to Google, New York Times Bits, 2014. 63 DATA ETHICS – THE NEW COMPETITIVE ADVANTAGE T-Systems. In November 2015, Microsoft, as one of the first major American cloud services, made a Europe-based solution available to its European customers.57 Microsoft formed a partnership with Deutsche Telekom's subsidiary T-Systems as a so-called data trustee, which means that customers can use the Microsoft cloud in Germany under the custody of a company with German headquarters, and thereby subject to German data protection laws. Although they have investors and offices in the US and Canada, the company behind Blackphone, the first privacy branded smartphone, has chosen to locate its headquarters in Europe – in Switzerland, a country that enshrined the right to private communication and email in its constitution, making it no longer just the country of bank secrecy but also a privacy hotbed. A company's location has become one of the ways to gain consumers' trust and, increasingly, that of govern- mental and enterprise partners. Xapo. In January 2015, the Palo Alto-based company Xapo moved its servers to Switzerland. Xapo, which provides security and bitcoin services, got the sense from its customers that this wasn't enough, as the company's head office was still in the United States. So, at the end of the year the business moved headquarters from California to Switzerland.58 Zettabox. When the small American cloud service provider Zettabox established not only its servers, but also its headquarters in Europe in 2015, they did so with a direct reference to the forthcoming EU data protection legislation 57. Microsoft Announces Plans to Offer Cloud Services from German Datacenters, Microsoft News, 2015. 58. Switzerland is a banking capital. But a Bitcoin Capital, Fortune, 2015. 64 DATA ETHICS FACILITATES TRUST reform. In this way, they leveraged European data protection standards to stand out from other US-based competitors on the market.59 PRIVACY BRANDING Many companies have determined that it's a good idea to market products based on privacy features and the company's privacy sensitiv- ity. Many are doing so by differentiating themselves from multination- al, data-driven tech companies. In particular, Apple has developed its 'privacy brand' by going to battle with the US government, issuing public statements against the data-driven business model and launch- ing privacy features in products. Also Mozilla has made an effort out of presenting privacy as part of their company value system. For instance it is one of the 10 principles of the Mozilla Manifesto. A rising number of other companies are following suit. KiDMEMO.The Finnish service KiDMEMO gives parents a platform to share photos of their children privately – and print picture books for a fee. The owners say they created KiDMEMO because they couldn't find an existing service where they kept ownership of their photos and could also keep them safe. 'Our service guarantees your online privacy' states their website, which also emphasises that pictures on the website can only be seen by you or the people whom you have shared them with.60 Cozy. The French personal cloud service provider Cozy.io, which also sells other digital services, is proactively marketing the company as anti-Google. In the beginning, the slogan read: 59. Cloud startup Zettabox touts privacy and local storage to appeal to EU customers, PC World, 2015. 60. CEO and founder Jenni Lahti, personal interview 2014 and September 2016. 65 DATA ETHICS – THE NEW COMPETITIVE ADVANTAGE 'We cannot do evil' clearly a reference to Google's former 'Do No Evil' slogan. It was subsequently changed to: 'Ungoogle your digital life. Reclaim your privacy from Google.' Startmail.com. The Dutch search engine startpage.com is free because their email service isn't. Startmail markets itself as follows: "Take Back Your Email Privacy. “Free” email services aren’t free – you pay for them by sharing the most intimate details of your life with corporations and marketers. With StartMail, your email is for only you to read. We make it easy for you to protect yourself from unwanted intrusion and mass surveillance." Soverin.net is Startmails' competitor, also Dutch. It's even more direct in its marketing against the data-driven business model: "Just imagine…the postman opening your personal letters, the carrier listening in on your calls, the bank analysing your transactions. This happens to your ‘free’ email every day. Your personal messages are monitored and the data is sold for advertising...Soverin is the honest email service that doesn’t sell your data." Some multinational companies use similar campaign tactics to show that they approach their customers' privacy differently than their com- petitors. Microsoft once had a campaign against Google. Microsoft. In 2012, Microsoft led a fierce campaign against Google. When it emerged that Google's Gmail tracked all the content in emails to display personalised advertising, Microsoft's Hotmail promised not to and opened the site Scroogled.com to make fun of Google's personal data collection methods. They even made a cup emblazoned with 'Keep Calm While We Steal Your Data' and the Google logo. The site was shut down in 66 DATA ETHICS FACILITATES TRUST 201361 and has since been replaced with whymicrosoft.com, where Microsoft, in a more moderate tone, compares its services with those of Google, Amazon, Cisco and Salesforce. More recently, however, Microsoft has backtracked in relation to its privacy promises and battle against Google. 61. Microsoft Shuts Down Scroogled Website, Business Insider, 2015. 67