Fostering Trustworthy Digital Engagement
•Descargar como PPTX, PDF•
1 recomendación•443 vistas
Digital Exeter January 2016 talk by Geoff Revill, Krowdthink Ltd digitalexeter.uk @DigitalExeter
Recomendados
Recomendados
Más contenido relacionado
Destacado
Destacado (20)
Similar a Fostering Trustworthy Digital Engagement
Similar a Fostering Trustworthy Digital Engagement (20)
Último
Último (20)
Fostering Trustworthy Digital Engagement
- 1. Fostering Trustworthy Digital Engagement A Product and Business Strategy #dataprivacyday Geoff Revill Krowdthink Ltd
- 2. Trust Fostering Trust in Digital Engagement is as much about HOW You build your system and company development culture, as it is about WHAT you build 1 February, 2016 copyright Krowdthink Ltd 2016 2
- 3. Krowd App • Privacy Preserving Hyper-Local Digital Engagement app (based on Wi-Fi) • Built in a Trust Framework • Connects People in Places – Just needs real-time co-location validation – Does not Know your Location • Discover who is here – Pseudonymous Identity – Self-Profiled – Location-oriented Persona • Engage with the crowd – Share what’s happening right here right now – What’s said in the Krowd stays in the Krowd • Defaults to Chatham house Rules 1 February, 2016 copyright Krowdthink Ltd 2016 3
- 4. Cyber Security = Trust? • Important to secure Economic Activity • UK Gov investing £1.9Bn Cyber Security • Does Cyber Security address Trust? – Its an Arms race • Does a cyber security commitment mean a company respects privacy? 1 February, 2016 copyright Krowdthink Ltd 2016 4
- 5. What is Privacy? • Principle • Law • Value • Privacy Implementation • Our Definition 1 February, 2016 copyright Krowdthink Ltd 2016 5
- 6. Privacy: Principle • Basis of US Privacy Law • Basis of EU Data Protection Act • Basis of new EU General Data Protection regulation (GDPR) 1 February, 2016 copyright Krowdthink Ltd 2016 6
- 7. Privacy: Law • Human Rights • USA – Defined by the online service provider! • Enforced by FTC – EU Safe Harbour • EU – Data Protection Act • Enforced by citizen’s ICO – New GDPR • Enforced by ICO of any EU country Informed Consent 1 February, 2016 copyright Krowdthink Ltd 2016 7
- 8. GDPR 1 February, 2016 copyright Krowdthink Ltd 2016 8
- 9. Privacy: Value Privacy ≈ Freedom 1 February, 2016 copyright Krowdthink Ltd 2016 9
- 10. Privacy Implementation • 7 Principles of Privacy by Design 1. Proactive not Reactive, Preventative not Remedial 2. Privacy as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality – positive Sum, not Zero Sum 5. End-to-end Security – Full Lifecycle Protection 6. Visibility & Transparency – Keep it Open 7. Respect for User Privacy – Keep it User-Centric • Underpins the GDPR 1 February, 2016 copyright Krowdthink Ltd 2016 10
- 11. Krowdthink App Dev Principle for Privacy • Every Digital Citizen has a different perspective on what privacy is…but…. – We can all agree on when it’s breached.. • “When the Information I provide is used for a purpose other than that for which it was understood to be provided” 1 February, 2016 copyright Krowdthink Ltd 2016 11
- 12. Quick Trust Poll • How many of you consider your mobile service provider to be basically trustworthy? – Who knows that they opted in to share continuous (cell tower) location & movement data for commercial/marketing purposes? – Who knows that they opt-in to location tracking via Wi-Fi for commercial/marketing purposes? • How many of you have lowered your Trust in the Mobile provider now knowing how they sell your location & movement data? 1 February, 2016 copyright Krowdthink Ltd 2016 12
- 13. Anonymization Double-Speak 1 February, 2016 copyright Krowdthink Ltd 2016 13 Copyright: Daniel C. Barth-Jones, M.P.H., Ph.D
- 14. Transparency for Anonymization • USA – HIPAA – Health data released after provably below 0.04% de-anonymization risk – Low dimension data • Why not for Location Data? – It’s at least as sensitive as health data • as defined under the Data Protection Act – High dimension data – 4 location data points to de-anonymize location • With 95% accuracy 1 February, 2016 copyright Krowdthink Ltd 2016 14
- 15. Reluctant Digital Sharers • Pew Research (USA) - 2015 – 59% have recently cleared cookies – 57% refused to transact data when relevance unclear – 25% have used a temporary username/email – 24% given deliberately inaccurate data – 23% refused to engage if real identity needed – 10% encrypt calls or emails – 9% user anonymous web browsing (Tor etc) • Mobile Ecosystem Forum Consumer Trust Study 2015 – 30% growth, 2014 to 2015, in reluctance to data share • 50% specifically highlight browsing and location data • Explosion in Growth of the Ad Blocker – 82% growth 2014-15 in UK – 12m UK active users June 2015 1 February, 2016 copyright Krowdthink Ltd 2016 15
- 16. The Sharers Desire • Pew Research (USA) - 2015 – 93% of adults say that being in control of who can get information about them is important – 90% say controlling what information is collected about them is important – 93% say ability to share confidential matters with another trusted person is important 1 February, 2016 copyright Krowdthink Ltd 2016 16
- 17. Cognitive Dissonance Immediate Benefit Subsequent Consequence 1 February, 2016 copyright Krowdthink Ltd 2016 17 TIME T R U S T
- 18. Cognitive Dissonance Trade: Feature for Your Data Data Breach Who suffers? 1 February, 2016 copyright Krowdthink Ltd 2016 18 TIME T R U S T
- 19. Online Trust Definitions Social An attitude of confident expectation in an online situation of risk that one’s vulnerabilities will not be exploited Business Confidence that the value exchange is fair and equitable and that loss of trust drives an equivalent/proportional consequence on both parties 1 February, 2016 copyright Krowdthink Ltd 2016 19
- 20. Trustworth y Transparenc y Control Remedy Open Business Model Private by Default User Data Minimization Secure by Design No Covert Profiling or Tracking Trust in Digital Engagement 1 February, 2016 copyright Krowdthink Ltd 2016 20 Company Aspiration Empowering the User Operational Processes to Respect Privacy
- 21. QUESTIONS Geoff Revill @Krowdthink geoff@krowdthink.com Events: 1 February, 2016 copyright Krowdthink Ltd 2016 21 www.theprivacyadvantage.com Sponsored by ARM & Microsoft Becoming Web Safe Eventbrite 24th Feb -Exeter University
Notas del editor
- Bit on my background – comp sci grad 30 years ago, worked on natural lang understanding systems and real-time systems Sponsored by marconi comms – wrote layer 2 of the 1st broadband – X.25 for BTs Kilostream product – 128kBits/sec! Went commercial – introduced 1st commercial RTOS to UK for a US startup, ended up VP Europe, thru acquisitions, ended up in California product managing a sw tools dev team of 300 from 5 company acquisitions With a 10 man product management team. That product now acquired by intel as their IoT toolchain! Moved back to UK and worked for many high tech innovation companies especially in large scale data centric systems design. But – nothing motivated me more than when my daughter asked for a facebook account….leading to the question my wife asked – “What’s the Alternative? Note the title change – trusted to trustworthy – its important and we’ll come back to why later.
- If you listened to the government if we just added more security people would trust their digital service providers more. True – but does it solve the problem? Security is an ARMs race we can never win Is it right to equate security to trust? No! Its an important foundational building block but that’s all. Trust in digital engagement is about something more.
- Arte we being let alone if our every move is tracked?
- Today we offer up our Consent, but is the average citizen informed? USA – no regulation, birth of the privacy policy – its all the FTC can enforce! EU – DPA – changes in enforcement
- Sensitive data will probably include genetics – same level of sensitivity as location is currently afforded Consent will be more rigorously defined – no more ‘legitimate interest’ catch all. Be specific. More citizen rights – delete, portability, tighter definition of what’s personal – data, meta-data, derived data? Big change – FINES – 4% global turnover – changes the game completely – now it’s a massive corporate risk, not an legal/IT process issue, the ICO will become an indirect tax resource not a cost to government!
- Without control of privacy as individuals, we give up our right of freedom This is no less true as a digital citizen as it is for a citizen of a nation, digital citizens are subject to the commercial imperatives of their service providers Commercial law – the responsibility to create a profit trumps privacy legislation
- In 1997 the prospective ICOs for the upcoming DPA got together and realised that the Internet was going to create a privacy problem beyond their control. So they created these 7 principles that they hoped commercial companies would follow to help ensure that control was not lost….it never happened, US legislature decided not to regulate the Internet. But in 2010, as the full awareness of the issues were becoming clear for internet privacy, the ICOs got together and formally adopted PbD and it became a founding principle for how to assess the GDPR, the regulation that was being created to re balance the empowerment of the individual citizen with control over their digital selves. Only now are we seeing the UK ICO starting to push these principles into business. Think up front before you write your first line of code If you get this right you won’t have privacy settings in your application! The more privacy settings an app has the less likely it is that it respects your privacy Architect privacy in, don’t try and bolt it in later, it won’t work No need to compromise on functionality, there is always another way – a privacy preserving way No security no privacy online, it has to be part of your coding culture If you do it right you should be open for inspection – it can only help you keep your customers trust and respect as you respect their privacy Always put the customer before the needs of your business – this is the hardest one of them all….current culture drives compromise for privacy for monetary gain
- When we adopt a new app or service we have to start with Trust. Mostly because almost no one reads the privacy policy or understand sit in detail.
- Consumers told all safe – it’s anonymized – they think its black or white, anonymous means totally safe…it is not. The safer or more privacy respectful the algorithm is, the less value is left in the data….what do you think commercial entities chose? After all when was any of them challenged legally? Their first responsibility is to shareholders first – and data = profits on the Internet economy
- When we adopt a new app or service we have to start with Trust. Mostly because almost no one reads the privacy policy or understand sit in detail.
- When Facebook releases a new privacy intrusion feature, such as the automated name tagging of pictures through facial recognition, what happens? Media gets up in arms, users get annoyed, BUT Digital Engagement Increases! We are not by nature nice – people tend to enjoy discomfort of others! Until they experience the discomfort visited upon them. Facebook then backs off from the media attention and user grabbing activity a bit, enough to appease media and most irate users, but also not enough to Lesson one – people are selfish – it’s a survival instinct and a good one.