A Shared Economy Space (SES) is a network of stakeholders which want to organise certain economic transactions together in a trustworthy way. If it focuses on managing personal data within such transactions one can talk of a Personal Data Ecosystem (PDE).
We want to address SESs that address digital transactions and need to manage personal data in these transactions. The SES wants to ensure control of all stakeholders on their own data (personal or not) and a high trust level between the stakeholders in complying to regulation and SES norms and rules on user data control, data protection and privacy. Examples of SESs are: book and record shops with their customers; regional health (care) ecosystem with hospitals, doctors, nurses and patients; companies providing public transport services and their customers.
Digital B2C systems emerge rapidly worldwide (e.g. Apple, Google, Facebook, Amazon) but their business models often lead to serious worries about user data control, trustworthiness and privacy-friendliness. Moreover, in certain sectors (health, human resources) the privacy and trust aspects are crucial for good relations between the stakeholders and trust must exist for proper functioning.
For some time now Trust Providers are trying to build a market for support trust management inSESs. They focus however often on particular aspects (authentication, data security, reputation, etc.), leaving still much to implement by the SES itself.
Trust Networks for Shared Economy Spaces
In the coming decade, the seamless integration of our on- and offline lives will be one of the main problems of social development. Understanding of this process is crucial and broad societal discussion is necessary to ensure a sustainable societal development. Global forums, like the World Economic Forum (WEF in Rethinking Personal data and Digital Enlightenment Forum (DEF – www.digitalenlightenment.org) give much attention to this.
A Trust Network (TN) is here defined as the group of all stakeholders in a SES, together with a TN Platform Provider, a company that provides and facilitates a platform at which the SES transactions are done in accordance to the conditions set by the SES (the stakeholders together).
Trust is being given to someone (or something) if this party is thought to be trustworthy in the given context and/or for the given task. For example: an airplane pilot or a surgeon can be considered trustworthy while performing their professional tasks. Most importantly trust is strongly dependent on the context in which it is given (see here, also for references to other authors). When applied in the digital environment we often do not realise that many factors that play a role in trusting people or organisations offline are not available online (e.g. the experience with a person by seeing her behaviour and presentation, hearing her talking, etc). Trust can also not only be derived from rational arguments. Hence for a party to be trustworthy attention must be given to two sets of elements:
- Rational elements that can provide support to trustworthiness. This could be: ensuring mutual interest; providing insurance; be accountable and accept liability for damage; compliance with legal obligations and contractual conditions; technical assurances through Privacy by Design, Privacy Impact Assessment, quality of development; ensuring transparency, auditability and understandable information; and in general ensure a good reputation.
- Emotional elements. This includes building sympathy and a positive perception, for example through providing convenience and usefulness, an environment which feels familiar and friendly, or good custom support and maintenance services.
The TNPP is responsible to provide a trustworthy space for the transactions in TN. The SES together with TNPP will define the specific rules (legal and/or normative context) under which intended transactions take place. Within the TN ‘trust’ is established when the TNPP can give through technology and contract sufficient certainty that these rules are adhered to. We assume always that the end-user has its own data vault, which can only be accessed by or with explicit permission of this user. This does not have to be under the responsibility of the TNPP. Any Trusted Third Party could perform this task. We may distinguish two types of TNs.
One2Many (O2M): The TN is a transaction network between one services providing organisation and many end-users. This organisation can be a group of organisations if there is sufficient agreement between the members of such group to act together. The organisation agrees by contract how personal data of the end-user in the TN can be used. Based on this contract a technical interface is being implemented and managed by the TNPP. This interface respects the contractual agreement and the third party provides a certain level of guarantees that the personal data management will follow contractual obligations. This will be achieved partly by technical means and partly through governance. The Dutch start-up QIY can be considered a TNPP in this sense. Examples of TNs could be: a large retailer with its loyalty customers; a large company with its employees; or a group of banks with their account holders.
The TNPP could bring a number of such trust interfaces together on one platform. This could simplify governance, allow standardisation and replicable implementation of (parts of) the interfaces. Note that one customer may also relate to more organisations on such platform.
Many2Many (M2M): This TN allows all relevant Service Providers that agree with its conditions. Hence SPs are stakeholders in the SES at an equal level with other stakeholders (incl. for example end users, user organisations, public organisations). The TNPP provides the infrastructure for trustworthy transactions in this TN. It offer an API management portal for SPs to join in a trustworthy way. The TNPP takes responsibility for transactions to be executed in conformity with contractual level of trust and personal data management principles pre-agreed by the SES. It will provide tools and services like “sticky policies”, logging, auditing and random conformity tests, thus supporting ‘Levels of Trust’ as pre-agreed with the SES in the TN. Synergetics (BE) is an example of such TNPP.
The Governance structure of TNs must be based as much as possible on ‘separation of concern’. This should be reflected in a Governance Board representing the SES stakeholders that oversees the work of the TNPP and takes care for auditing and reporting to the SES members in the TN.
TN’s should also be open to the use of various Trust Providers, e.g. Identity or Claim providers, personal data storage providers, reputation providers, etc. in order to stimulate innovation and scalability.
Clearly both types of TNs can create trust between the members of the SES. It improves efficiency of transactions because trust allows giving consent at a general level through the SES contract between stakeholders, or as revocable decisions for groups of services.
The choice of the type of TN as described above depends on the SES.
- If a large organisation for commercial reasons does not want to cooperate with competitors in the same sector in the relation with his customers, then O2M is likely to be the best solution.
- When in a sector or region the objective is to cooperate between service providers in their relation to customers, for example due to government regulation or otherwise, the M2M is better suited.
The M2M type is better scalable, as the TNPP is not involved in the specific relations between the SP/Organisation and its customers as is the case in the first type.
Despite their differences, both types of TNPPs could derive added value in jointly developing Common Principles as minimum requirements for TNs. Digital Enlightenment Forum can support such discussions. This could lead to a more uniform approach, interoperability or certification of TNs at a longer term, and hence create more trust at the end-user.
Note that in TNs as described above it is essential that the user himself is responsible for managing his personal data. This could be done by a TTP contracted and supervised by the SES, but in principle by any TTP chosen by the user.
It can well be that certain transactions do not need a high level of authentication and that a “Facebook-like” identity suffices. This depends on the context and the choices of the user, who cannot be obliged to always choose optimal safety with the extra hassle that goes with it. Integration of different levels of authentication in a TN can therefore be convenient.