Building Consumers Trust: The role of transparency and control
1. Building Consumers Trust:
The role of transparency and control
Commonwealth
DataForum 2018
February 22nd, Gibraltar
Michele Nati
Lead Technologist for Digital Trust
Digital Catapult, London
@michelenati
https://www.linkedin.com/in/michelenati/
2. What Digital Catapult is?
Here to accelerate economic growth and
productivity for the UK
1 A not-for-profit, private limited company
2 Completely neutral
3
3. The Data Economy:
The opportunity
• More companies are
embracing digital
transformation
• With more data used to:
• Improve in Artificial Intelligence and
Machine Learning algorithms
• Deliver more personalised services
and attract new customers
• With IoT increasing
availability of data
• Most of them being personal
4. The Data Economy:
The risks
• Consumers are
becoming savvy
• And demands for trustworthy apps
(33%), with simple privacy
statements (source: MEF Consumer
Trust Report 2017)
• While hidden business
and lack of transparency
might hinder this growth
6. Consumers pain points
• Lie & Agree
• Takes too long to read and
understand
• Want to access the service
• (Often) No choice offered
• Agree & Forget
• Lack of record
• Difficult to retrieve
• Static information
• Lack of interaction
7. GDPR:
Innovation opportunities
Transparency
TrustworthinessTrust
- Transparency
(Article 12-14,
Information notice)
- Accountability
(Article 4 and 7,
Consent)
- Level of Control
(Article 17-19, Data
erasure and
portability)
First step:
Transparency
Savvy consumers demand
• Simple privacy
statements
• Clarity on collected
data and access to
them
• Better user
experience
8. How to redesign
Privacy Policies?
Problem Statement: How to increase consumers’ trust and
businesses’ transparency by developing a GDPR compliant solution
that takes into account the user experience and help to reduce
consumers pain points and organizations compliance burden related
to the provisioning of digital services using personal data?
Personal Data Receipts (PDRs), a human-readable record
summarizing in a simple and clear way what personal data an
organization is collecting about an individual, for what purpose, how
they are stored and for how long and if any third party sharing is
allowed.
9. Personal Data Receipts
• How it was built
• Multidisciplinary team: UX lead, Marketing expert,
Tech Lead, Lawyer
• Customer-centric approach
• Transparency can be measured, ASK
the Customers
• The categories of data
• The purpose, including 3rd party sharing
• The where, how and how long
• The contact details of the Data Controller
• What else consumers wants
• Simple, non technical, plain text
• Icons only as support
10. PDRs and GDPR compliance
• Article 12-14, Information notice
• Use of icons and simple text to explain: what, how and for what
purpose
• (could be personalized to target different demographic groups)
• Article 4 and 7, Consent
• Includes data collected under consent
• Provides a record for both individual and organization
• Article 17-19, Data erasure and
portability
• Provides a direct channel with the contact Data Controller
• Educates business to discover their customers data (in particular
IoT and third parties) and simplify cascade updates
• Privacy by Design and DPIA
11. PDRs: The benefits
For individuals (“Savvy consumers”):
• Privacy Policies become human and simplified
• Track and control on personal data sharing is simplified (and
possible!!)
• Reassurance that data will not end in the wrong hands is
possible (3rd party sharing highlighted)
Services and apps become more trustworthy and
more data are shared with more control
For organizations:
• Attitude to personal data become user-centric
• Open new personal comm channel with their uses
Consumers trust increases and churn is avoided,
while more data are accessed
12. Going beyond
• Resolve more
consumers and
businesses
tensions
• Risk of cybercrime
• Lack of control
• Fear of Surveillance
• Identify achievable
trustworthy
measures
• Stimulate debate, Generate
recommendation for EU
• Co-create a DTRL (Digital
Trust Readiness Level)
https://truessec.eu