Workshop at the Consumer Identity World 2017 EU in Paris, France
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Workshop at the Consumer Identity World 2017 EU in Paris, France
Workshop at the Consumer Identity World 2017 EU in Paris, France
So I think we're ready to start our workshop and thank you so much for being here. I'm actually going to encourage everyone to move down because we're gonna have an interactive workshop. So we're gonna get you guys talking. So if I could ask everyone to move down, that would be wonderful. I'm Rema per mutual. I'm CEO of MEF, which is the mobile ecosystem forum. And for those of you who don't know us, we are a global trade body that was established in 2001 that really looks at accelerating a sustainable and trusted mobile ecosystem.
And we represent a very broad range of companies who are building this space. That includes mobile operators, personal data holders, technologists, innovators, and those who are really creating new opportunities, services for consumers and for enterprises in the digital world. So today's workshop is really looking at how trust can be an advantage.
And as you, no doubt have noticed throughout these two days, trust is a key theme and one that all of us need to build with the consumer today's workshop really looks at how building trust can help to accelerate the take up of the personal data economy, as well as data driven services. And specifically, we're going to be looking at whether creating a consumer trust framework and an internationally recognized kite mark can really be the right instrument towards that. I really want to thank our partners for this session. They are investment impact firm, a media network.
Many of you may know, as well as personal data manager. Did you need, who needs this session? So just a bit of an overview for you. The first part is really gonna be scene setting. We're gonna be discussing how trust is seen by the consumer and can be a business catalyst as well. We'll be looking at a batch that already is in the market. And then the second half will be all about getting your feedback. We're gonna have an interactive facilitated session, and we will be sharing a survey that we're gonna ask you to fill out and there'll be some incentives for doing that.
So just a little bit of background on our work in this area. So me has been looking at consumer trust as a core area that industry really needs to focus on for the last five years. And in the beginning, we were really looking to raise awareness of the kinds of privacy and security and identity issues that were holding industry back and where we needed to think about things from a consumer perspective.
So, as an example, one of our early deliveries was actually an app's privacy generator for the Android store because we found that a lot of apps have no privacy policy at the time. So we wanted to solve that. And it was really raising awareness amongst industry, including developers in all parts of the ecosystem that we need to think about things in a very different way since then.
And in a GDPR world, we have looked to hone our focus very much, not on compliance, but really looking at how good stewardship by the industry for the industry and adding an innovation element to how we iterate and offer services to consumers can really be a trust advantage. And that's what today's workshop is all about.
We've delivered a number of key deliverables in this area, including white papers, the personal data economy, which is really at the heart of the opportunities that are out there that have also been supported by, by GDPR, as well as looking at digital consent today, we're releasing a white paper on PSD two and what the, what the guidelines and implementation looks like to give guidance to industry on what the opportunities are and how they can look at implementation from a different perspective. So it's a, it's a really exciting time and focus.
And what we've also been doing is a consumer trust survey over the last four years, that really looks at understanding consumer attitudes and motivations when it comes to engaging and purchasing on the mobile device. So what motivates consumers to engage more and what holds them back equally this year, we thought it was really important to look at GDPR principles and where they are working. Are consumers aware of them? How do they react to principles like data portability and transparency in practice?
So the news that's come out of this year's survey, that's not new is that trust remains the single biggest barrier to adoption. And that's a four year study year on year increasing. So 40% of consumers are prevented from engaging or purchasing more because of some kind of trust issue. And that's quite an alarming statistic. But when you look at the, the high level kind of results, what we find also is the majority don't like sharing data today. So 39% are uncomfortable doing so and say, they, they never do.
At the same time, we have 32% who are reluctant shares and they know they have to share the data if they want to access the service or app, but they would rather not. So what they're actually doing and just I'm, I'm not gonna be sharing all the survey results today, but this year they're deleting apps. They are stopping using them. It's not a good or positive picture for the industry or, or what we want to achieve. But the good news in 2017 is that we see a shift from reluctant shares of the past, to the rise of savvy consumers.
So the savvy consumer is essentially a smartphone user that jealously guards, their privacy and security, and will take action, both positive and negative in terms of how they're reacting to an app or service. So if they don't trust the app or the provider, they will maybe use it, but then delete it. Or they will leave negative reviews.
They'll, they'll tell their friends not to use it. And there are very serious repercussions for this.
And, and we can see that in terms of apps usage overall, which are quite a ways down from previous days where certain apps are trusted, but many go unused at the same time. What we see here is consumers are increasingly aware of the value of their personal data. So we'll share some information on that equally. They can have trust, be a significant motivator. So almost half would recommend services that are trusted to their friends or family and 44% leave, positive reviews, 32% use an app or service more if they actually trust it.
So clear opportunity to leverage a trusted relationship with the consumer. And that's really what we're here to explore today is how do you take that trust and really build upon it? We know that GDPR for businesses is setting a lot of standards and compliance in terms of how you need to implement.
But I, I think what's been forgotten is what does this mean for the consumer who may never have heard of GDPR and how do you communicate those important principles on an international level to the consumer? So today we have kicked off the first phase of our feasibility study to get your feedback on whether creating a consumer trust framework and specifically a kite mark around that could be the right way forward.
So some further results from the study, what engenders trust and clearly transparency is number one, we found in fact that 43% of individuals want to know what is happening with their personal data. When it's being shared equally 23%, want to understand what the value exchange is. And they would be actually willing to share data if they trust the provider, as well as get some kind of value in exchange, be it a new service or a discounted or, or free service.
So they are beginning to realize the data is very much an asset, and we're no longer in a situation where sharing personal data is something that consumers will just do willingly. This, the savvy consumer will just switch off. And that's what the industry really needs to prepare for. So unsurprisingly, surprisingly trust is eroded by bad user experience and influencers who tell us not to, to trust the, the app or service. So moving on, what have we learned from our work and where do we want to go as an industry?
So clearly trust is really important, and we need to think about how to provide it to consumers in a simple and concise way. And today we're going to explore some potential advantages of a kite mark, certainly for individuals, it's really about communicating the integrity of how the data's being collected, how it's being processed and for businesses, it's really a differentiator on how you are acting with integrity and potentially standing out amongst your competitors. So we'll be looking to explore that good stewardship is really fundamental.
And here I wanted to share our partner, a media network's identity principles that really lay out some of the key aspects that we should be looking at when we look to set principles and standards. So here financial inclusion, design and governance are clear aspects of good stewardship that need to be looked after. So I'm really excited to be here with you to explore this topic further and look forward to engaging you in the discussion session. And with that, I am going to hand it over to my colleague Mac from the trusted executive foundation to talk to you about building trust in business.
Thank you. The assumption that they have other disowned spend It's. There we go. Sorry about that. Good morning. It's good to be with you. I'm going to bring you a different and a wider perspective on trust and not from your industry and from the world of leadership development. And one of the key messages for you is that the way that we lead and managing manage our businesses has to change. If we are going to have an end to end top to bottom trustworthy proposition for our consumers, Since time is short, these are my three key points to you.
The first one is a wonderfully elegant and simple definition of trust and trustworthiness. The only way to be trusted is to be trustworthy. And if there was one thing that I would like you to take away from today, it's that one take away and examine your own behavior. In terms of trustworthiness, there is only one way to be perceived as trusted. And that is to be from the inside trustworthy. The good news is that with that comes the advantage of profitability, and we'll be seeing not only as trustworthy, but as a result of that, be stand out, be profitable.
The second point is about brand reputation. We can't protect our brands unless there is good stewardship and good stewardship starts at the very top. We need trustworthy stewards in the boardroom and throughout the world. We've been used to adverse stories about lack of trustworthiness from large companies and small companies alike. They keep hitting the news.
It's almost like every week, there is a breakdown in trust and many of our senior leaders have actually fallen as a result of that, perhaps because they are, it's not that they themselves are untrustworthy, but they're somewhere within the business. There is a breakdown in trust.
Now, one of the things that we have discovered through the research of John Blakey, who's part of the trust of executive foundation. His deep research has provided the evidence that more than 50% of our businesses culture is actually as a direct result or direct influence of the chief executive. So if we pause to think about that for a moment, we need that kind of trustworthiness in the board because it will filter right throughout the organization. And at that point is directly relevant to the trust framework. And the trust kit mark was speaking about, we are in an age of information overload.
So, you know, we all experience that on a, on a personal level. So we have to recognize that and provide an antidote. And that antidote is decision simplicity. And we could just imagine that if we have a trust kit, mark, that is the decision simplicity that consumers are actually looking for. Let's not take anything for granted. As far as trust is concerned, we will have as many views of trust as there are people in this room. It's a very subjective topic. So let's start with looking at what the academic research says about the definition of trust. And here are two examples that are relevant.
Now, this is what's happening in the minds of your consumers. When they're thinking about whether to share their data with you. And it's a balance for them between risk and reward, the power of trust is that it removes the risk element for your consumers. Trust is the one thing that changes everything and think about that in your own personal relationships, compare that with those that you don't regard as trustworthy and you see that difference. And that's what we are looking for in terms of establishing trust and removing that risk element.
The next thing to have a look at and make sure we're all on the same page is a definition of trustworthiness. And this is from 30 years of debate. That's gone on in academic circles about what we mean by trustworthiness. And here's the, the definition it's ability, times, integrity, times benevolence, first point to emphasize to you as a mathematical one. It's not ability plus integrity plus benevolence it's times. So that means if you fail in any one, you fail in all of them. So that raises the acting.
As far as being just what the ISQ said, we will need the ability to deliver what we say we are going to deliver. Now, this is for all of this, these three days are about this, the huge complexity and tech technology that you've all been speaking about.
You, your experts in this that's wonderful. The, the bottom line is that you deliver what you say to your customers. So we need, we need that ability or else we won't be trusted. Integrity's another one which we ring true with everyone in this room. We would all think that we are ethical and full of integrity. What that means is we have to be truthful and transparent at all times with all people in everything. Now that raises the anti for us as individuals. That's what trustworthiness means. It's not an easy thing to do.
It's got to be constantly on our minds about being ethical and full of integrity. And the third one is the new kid on the block. Anyone who has ever studied leadership, I can guarantee will never have come across the word kindness as a compet competency for leadership. But this is what is emergent. If you can be trusted to do people, no harm, if you can be trusted to choose, to be kind to people. That is what makes all of the difference. So if we put these three together, that's what we're speaking about.
When we talk about trustworthiness now from a consumer's point of view, we can translate these three orders into certainty. So what you say you're going to deliver. It's certain that you will deliver that. That's what they're looking for. They're looking for transparency in all dealings with you, especially when things go wrong. And the third thing is, they're looking for you to look after them, to provide the care, the loyalty that they can expect from you. And they need a ready way of identifying those things. Now we shipped our focus now to the trust trusted business.
Here is a quote from Charles Green. Who's a recognized expert on trust is, goes by an email of the trusted advisor. And this is directly relevant to the subject of the, the trust framework.
And again, it's that point about decision simplicity in a world where we're all bombarded with information. Now, this is the, the distrusted business model. This is the 19th and 20th century economic business model, which is falling apart under discre of transparency. It starts with the, the temple of worship being profit and profit alone as to why businesses are in existence. They pursue only one aim in this distrusted model, which is profit above all else. And that rests upon the two pillars of leaders with big brains who know best.
The intellectual ability are also the authority, the power of authority, the hierarchy, the decision making that has existed for so long and especially behind closed doors. The, the opaque world of business is how we've been doing business for all of this time. And under the, the scrutiny of transparency it's falling apart. Think of Uber, for example, a wonderful staff up eight years ago from success to success. And now look at the, the trouble they're in, especially with the license in, in London, for example.
So with that transparency comes problems for businesses that are not through and through trusted and trustworthy. If we look at now the new business model, the 21st century business model, we see, first of all, that the temple has got a new hitting of the triple bottom line. Now the triple bottom line you might have heard, spoken about, which is profits people and planet. So we're immediately getting the impression that there's more to business than making a profit businesses derive the profits from the societies and from the, the client base that they exist within.
They have to look after those or else they will not be rewarded with, with the business. So we're looking for a different type of business. One that that focuses its purpose on the triple bottom line, and a good way of putting this is to say that it's a purpose beyond profit, and it's doing well by doing good in the world. Take an example of Unilever Paul Pullman.
When he took over as chip executive, decided that they were going to have a sustainability plan over a period of 10, 20 years, which would double the profits, have the carbon footprint and raise a billion people into better health throughout the world. Now you can see how those purpose statements relate to the, the triple button line. And if we track Unilever's progress, since he took over all of these things are happening, they are on track to double profits, reduce the carbon for half the carbon footprint and raise more than a billion people out of ill health throughout the world.
Remember the Unilever made products are all health related. Now, then we're resting on those three pillars that we saw earlier of ability, integrity, and benevolence. So that's the new business model that you will have to consider adopting if you are going to be seen as a trusted business, right? The payoffs internally, we have no evidence of what happens when you are recognized as a trusted business, a massive reduction in stress, a significant reduction in sick days, and a major improvement in productivity and engagement.
In terms of the financial report, there are rewards, there are 20% difference here on the return on investment, and there are many other statistics about the financial benefits of being a trust business. So back to those three key points, again, we've looked at trust and trustworthiness. We've looked at the old business model that is being exposed and the new business model it's replacing. And we've looked at the rewards for adopting trust in, in your business.
Now, by addressing these, you will ensure that trust within your business is not just a Vene. And I'll leave you with this key question.
I, I I've ranged over a wider perspective on trust deliberately, which is different to what you will hear anywhere else in these three days. So that in itself is significant, but we need to narrow it back into.
So what, what does that mean for you trusting for, thank you very much. I'll now hand over to Manuelly. Who's going to give us an example from orange, Everyone. Good. So over the last two presentations, we emphasized enough on the importance of trust and what actually consumers are looking for. And this was supported by figures from the consumer trust report run by MEF.
So just to remind you very quickly, I mean, consumers are seeking for increased increasingly transparency about the data that is being collect for long, for which purpose, but they also looking for additional control on which data is been collected under their consent. And of, of course, they're looking for tangible benefits where these benefits are in terms of financial benefits or where in terms of enriched experiences, personalized experiences, and actually what we found out, consumer trust studies that even the simple fact of being able to collect it at Beck is actually seen as a benefit.
And of course the level of expectations is even higher for companies like orange. We have a recurring, transactional relationship with their customer. So we're not a GFA where we do not, you know, our products are not free and actually the product is not the consumer itself. So we're getting paid every, every month for accessing to communication services. So the level expectation is very high and that's why orange understood very early that trust is important. And privacy of, of course, is a way of building trust and that we are involved in a number of initially both internal and external.
Just to mention a few we've been working over the last four years with a think tank in French, which is called, I think on working on the VRM models. And we are also pushing forward framework for portability across different verticals. Just this is in terms of external initiatives, and I'll be talking about one internal initiative, which is called a trust badge, which is actually being pushed to the market as well. The good thing is actually the biggest advocate of our trust trustworthy strategy is our CEO. So Shan Richard has been very vocal about it in 2014.
He publicly, so in front of Analyst and media signed chart on personal data and in 2016 is actually, he actually announce the, the release of the trust badge. And he keeps reminding us every day to go back to life point.
I mean, it has to come from the top. He keeps reminding us very every day on the Porwal on trust and how to actually build in trust in, in our, in our products and services. So what is the trust batch? The trust batch basically brings control and transparency within applications. The up economy is booming. We see in some markets that 80% of data is coming from from apps.
And we know also, which are some of the barriers toward to, you know, the app usage, unless people, many people, 60% of people actually don't download an application when they see all the permission that are asking by the application, 70% of them don't trust applications on their handset. So for this reason, we thought it was a good idea to start from applications. And the way we do is very simple transfer is not a standard on application. It's rather a tiny SDK that goes within existing applications.
So it's a function on it in a way that provide a user with a detailed information about all the data point that are collected, but it is a demographic data location, data or photos, for example, contacts or analytics in app analytics. And then you can have a, you can get a, if you click on one of our, those icons, you can actually get a very detailed explanation of our data points that are being collected in the second part of the, the trust batch. We actually explain the usages.
So the purposes of, for collecting such data, what it is for social, for commerce, for advertising and all in simple words, that could be understood by any, any, any consumer. And of course from a by click on any of these I code, you can direct directly access to the parameters of the application and you cannot provide or retrieve the consent trust. Batch is available to everyone. So the moment we are focusing on implementing this internally, we think we need to give out the example to the, to the industry.
We got a 25 applications or orange applications with which embed the trust batch dispatch it's available in nine markets already and soon will be available in five additional markets. And since the beginning, we took the choice to make these SDK available as open source to, to broader community of the developers. So I really encourage you to spread the voice about the TPA and adopted within your, within, within your company with this, I'm gonna end over to Julian, the chairman of PGME. Thank you very much. Thank you very much. So there will be another slide.
Maybe it will come I'll ah, so as we've just heard, putting your trust in someone puts you at risk as an individual, it makes you vulnerable. And that's the key point. As somebody said, trust is the bridge between the known and the unknown. And if we are going to share more personal data so that businesses can do more for us, then we're actually stepping into the unknown than we are today. We're putting ourselves at more risk and we need a signal that, that option is safe. That we have something that we can trust that we know what our vulnerabilities will be.
And that's the role of a trust mark, as you saw from orange and an associated trust framework. Now there are trust marks today, and there are many trust frameworks. So what are we doing for the new one? The problem with the ones we have today is they're not well recognized or they're in niche particular places. Some are very clear. Oranges is a good example. I'm not just saying that, cuz it's there. It really is a good example. You can have a look at it, but some are pretty opaque.
In fact, despite that it's been proven time. And again that if you have a trust mark, you will do more business. People will respond to them. So we know that they do well, but we've got unnecessary duplication today and we're confusing the consumer because they don't know how to differentiate one mark from another. If they actually know the marks at all. So I contend, we need a single easily understood and clear personal data, trust mark and associated trust framework.
One that can be widely adopted that enables a consumer anywhere in the world to know that they are safe, sharing who they are, their identity and their personal data with the dis business displaying the mark that has been independently assessed as meeting the trust framework. It's not difficult in itself. It says we just need one. But then of course, what is trust? What are the important characteristics that need to be defined to provide the insurance required from a consumer perspective? And that's the key question that's gonna drive us hopefully now.
So if we look we've had trust, built face to face over centuries, we kind of know what it is, but we've never really had to define it. And it hasn't really scaled well, but we want to scale it more. We want to do more on the internet just as we're losing trust. So we need to have something that the consumer can see and understand from us. So what we're about to do is ask you to engage, tell us what you think about what you've heard. Let's have a discussion as we've only got about half an hour, but let's have a discussion amongst us right now and what we think a trust mark should be.
Do you agree with that contention, A classic example of an international trust. Mark is actually the padlock in the URL bar, right? We all know what it means. It's taken a long time, but at least we know what it means. We need to do something the same. We have these definitions. How do we define it from a consumer viewpoint? How do we take Mac's presentation, which looks at non-technical things and embody that within a framework that can be reflected within a badge.
Now, what I'm about to do as Mac and Rema will host the conversation amongst you is I'm going to walk around and give you all one of these, which is a survey. Could you please, while you're having the conversation, take the time to fill it out. When you do I'll come and collect them at the end, or you can do it and You get a wonderful book. There's an incentive. There is an incentive cause everyone needs an incentive, right? You don't give data without getting an incentive. We were told that there has to be a value exchange. So that's how value's your Brother.
It is actually a very good book. And I'm not saying that I actually listen to a lecture on it and everything else.
So it, it is very useful and gives you a good perception of trust. What's The book, The trust, The value proposition, The Trust provide the incentive.
Ah, Well you'll say that. I'll bring it back. So could you fill out the, this, leave us your name and address. If you want to be involved in the following activities, we will be removing that from the compiled answers. Your answers will not be associated with your name and address, right. That you're gonna have to trust us on. Okay. You Have a Julian. So we're gonna kick off with a very simple question. Open opening the mic. What are your thoughts? And I see a gentleman right there. I don't know if we have a mic, but I think we have a small enough group.
I mean, maybe you guys, I would consider moving down so we can have more of a discussion. Yeah. Thank you for you. You could say in your seat. Yeah. Thanks for, It's very, very interesting presentation. I'm actually speaking, but as a I'm a Deloitte director, so I'm taking off my Deloitte hat. I'm speaker, no attribution to exactly.
I'm speaking as a consumer and as a citizen, actually it's very interesting view, I think is the first time that I saw, you know, this approach from a business model perspective, which is surprising because all big fours, Deloitte, of course we speak a lot about trust because we are financial auditors. And of course we it's, it's it's, you know, the most, one of the most, at least trust will experiences. But as you are presenting, actually, I just had a thought where why rely on trust helps to drive? The big firms are big because clients trust them.
I believe, I think it is also very risky. And I just want to have, you know, your feedback on that. I have two examples. So for example, you were showing the HTPs whatever on, on navigator, on the browser earlier and, and Symantec is one of the biggest providers of certificates to basically make the experience of users very secure. As some of the specialists here, have they have heard Symantec certificates got compromised. It's actually much, much bigger than what the news, you know, told in the last month.
For example, as I'm concerned, I don't trust Semantec at all, which means I don't trust websites behind Symantec, which is 90% of websites. So you were talking about the governance of how this would work. I'm speaking about if you put your business and rely all on trust.
If, if, if an event which is independent, you know, from all your organization, for example, and second example was Deloitte cyber hack, which happened, and I can speak about Deloitte hackers can get to do a system that that could happen to any organization. So the question is how isn't that very risky to build your business only on trust, if that particular trust ultimately got impacted by an event, which is not independent, you know, from your effort, particularly why, for example, if you build your experience only by product quality, I don't trust apple as a consumer.
I mean, I can publicly state that, but still by the products, because as of today, I think that the best. So just almost like difficult question to guys, So, okay.
So, and we want to have everybody answer that from their perspectives as well. But the simple answer is, I don't think you build anything on one thing, right? And a trust framework must include rectification when there are problems, right? So if you look at GDPR, it has requirements when things go wrong. So my personal view is a trust framework has included in it. What happens when it goes wrong, right? So the transparency that you will notify in a certain amount of time and that you will take ratification actions and do whatever you want to do.
Now, some people, and I'm not saying this is necessarily my opinion, but just to show the divergence that you could have, I was talking to someone yesterday and says, does that mean to say, you'll have a fund to solve the problem, right? If you'll do it, is that something that you should have in a trust framework or not? Those are the sorts of questions we want to get answered from, you know, the community. And it may be that there's not just one level that there's different levels of, of trust that you can do. So I think it's a combination of all those things.
So, so philosophically understand the potentially the benefits, you know, it's a good marketing activity for businesses and, and maybe for consumers in time, if it grows in value, it becomes something. But I think the difficulty with this along with any new schemes in this area is what's the governance model, who is the authority? What is their credentials in order control, who comes into my business, your business and says, we are trustworthy. What's the annual cost of going through that process? How is that assessment?
What happens if we are not subject to keeping our trust, mark, what is the rectification period? How long do we have to comply? How do we win it back? And so I understand that, you know, I'm possibly being a pain by asking those questions, but before going forward, if you look at a lot of standards, bodies, they're really clear around that governance process and what happens when things goes wrong. And without understanding the architecture of that, it's very, very difficult to say, you know, it's worth the effort and the cost in order to go down that road.
So we are in a feasibility stage Katrina and there, there are many questions to answer about what would make it successful. We don't have a governance model that we're proposing and discussing today, as I was showing with the media principles, clearly there would need to be one. We'd also need to work very hard to ensure that it gets the wide adoption and interest. What we're really aiming for today is to get everyone's feedback on whether this is a good idea and an area that industry really should invest in.
It's clear that GDPR is very focused on the business side for the consumer, but how does the consumer know? And so we're proposing this as a potential instrument that could be very powerful, that could also address interoperability and create an international standard. And so would really value feedback primarily on that key question of is this the right instrument for the problem that we're trying to, to address. So could we ask far away?
So yeah, I, I was just gonna come back on, on what was saying as well, and, and look at this. And the fact that trust is simply an expectation about the terms and conditions of how we are interacting, what those terms and conditions are, can vary wildly. And we already have some, I mean, every single brand is there about building trust. And right now each brand has to build trust on their own merits and build trust with their consumers.
And one of the nice things about having a framework is that it gives consumers the ability to say, I, I am willing to trust this brand because I have a relationship with them and they are assessed by a standard body to having similar degree of process and control around it. And therefore are more likely to trust a similar mark in a different situation. So really what it gives us is an easier way for consumers to be able to recognize that there is a process behind that, whatever it might be, right. We have those in many different situations.
Anyway, we trust airline pilots. We, you know, there, there, there's a model we have with that. Thank you. Comments from the floor. Does anybody else see whether that is an advantage for the business? Does anybody think that they don't feed a trust, mark? Any other sort of comments or thoughts is the questionnaire or the survey raising any questions from you over here? Matthew turned into the microphone, man.
Yeah, I was, I was question number four. That was exactly your question too.
What, what are the key benefits in our seriousness that consumers may get from Trustmark? I really have a difficult time to answer this.
Like, okay, I, I trust the company, but what do I gain from I'll do that other than a piece of mind, I don't have to worry, but that's, that's, that's an answer right there. Yeah. We personally, we purposely left those blank to see what you guys would come up with both from the consumer perspective and the business perspective.
So we, we're happy to have a discussion about it if you guys have some ideas to share. Yeah. About it's for me, it's freshly hard. I think as, as a consumer, what do I gain from first market? Like yeah. That's the only thing that I can come up with. So it's really like, okay, it's good, good to have some trust, but it's, I see it really as a, a precondition to do any sort of interactions. If I don't don't trust the service, why should I interact with it? So that might be enough. Is it enough? That's the question we're really asking?
Is it enough that a trust mark just is a precondition and, and for a lot of people, it will be in that fine if you'd like, or does it say something else? So we talked to Katrina, talked about the governance model. Does it tell me that not only can I do business with these people, but I know if it goes wrong, something will happen.
So the, so I suppose that is the question we're asking, cuz at the end of the day, if we agree to do this and it'll only be done, if everybody wants to do it, then we have to explain it to the consumer. Like we have to explain the pad. Now the padlock took a while to explain to consumers, but most people now kind of understand that don't enter your credit card details. If it's no past, I know we all know that it's a little bit more to that and stuff.
So, but it's maybe that's all we need, but is it, that's what I'm asking or we are asking from yours businesses, you are facing the consumer, you're in the identity world. You're facing this problem of asking people to give you very valuable data about themselves. What's inhibiting them. And will this help you remove those inhibitions? I don't think it's, it's a trust one, but that's my personal opinion. So. Okay. But thanks.
So I think the example is, is a different one because what it is telling you is that the data is encrypted and people kind of understand that, you know, encryption means that there is no man in the middle attack or something like that.
But when we are talking about a trust mark, we are saying that some external entity is coming and validating a business and saying that, you know, they are doing what they, that basically seems like an audit in today's world, almost reputation based systems where, you know, multiple people are, are generating reputation for a particular entity could be interpreted as that trust smart. But then again, it can be misused or, you know, abused in certain ways. So it almost seems like each business has to earn that trust by themselves and a third entity coming in.
So, so I guess the question is how does the consumer know because some brands we all know and recognize yeah. Maybe trust and trust less. Yeah. But there are also new businesses that are going to be coming up, particularly in data driven services. And so this is a way really of, of preparing for that future where a lot of our services will depend on data, whether it's IOT or AI or health data, a range of new services that are so reliant on, on data. And how does the consumer know if they can trust the service? And is there a way to build that assurance?
So I think the problem is that it, if there's a single trust mark, which all businesses can get a not good, there is this middle space where how do you trust that it is being implemented the right way? And that would become pretty broad.
So yeah, it seems, seems a little difficult from That perspective. I just wanna highlight that there is a question here that was suggested by our working group on what are the underlying elements of the trust relationship. Okay. The framework would provide. So it asks for you to look to prioritize that, okay, we recognize that these are GDPR principles, which, which may be the right ones, but they're also, there's also an open box to see if these are really the principles that that should be governed and enshrined that the consumer would associate with the trust. Mark. Sure. Question.
A And so ly, so one of the question I'm coming back to, to this HTTPS feeling is that the thing that the consumer is, is, is, oh, I can trust and leave my credit job because there is HTTPS, but the reality is not, this is just a mark, but giving you that it's something on the network is encrypted, but what's happening on the other side, meaning on the database side and things like that.
And this is where, again, it may, at some point we need to be careful not to put some batches, but basically the complexity of the technology makes the batches misleading in terms of the consumer understanding. And, and, and then back to your point of trust, it's a multiplication of things. If anything happened on the other side, because basically you left your data there because you think, oh, I can trust this guy. And then there is a data breach three weeks after operating on this side, because basically there were not on critique, currently your data and some wrong.
So the technology is very complex and where the, and the badges are good. But if they really want coming back to a nice point, you know, they really want to make something. There is a lot to put in place in order to ensure that really yes, you are secure. Yes. You are in charge. Yes. You can. Trust Governance is a big point coming across. Did you wanna speak again? There was one over here first and then I'll come on Open it. Where's the one over here.
So I think like setting governance aside, there is a benefit to having a trust market that it gives people a really quick signal across like the app landscape to know, okay, can I trust this and start using it? But I think after that, users actually need to know how every company is implementing that and how they're being complying with it. So I think the use case from orange was really great and that you guys are actually going through and providing people the visibility into like, here's where we're gathering. Here's why we're gathering it.
Here's potentially where we're sharing it, who we are sharing it with. So I think every company will have to actually give users that transparency over data usage, data sharing, and the value proposition, the value exchange, like you said, but I think at a higher level, there is a value to having some kind of a trust mark. But ideally it's something that universally that we could all agree to because if every company goes and implements that on their own as a user, you, you wouldn't trust it, right?
Like if Google gave a trust mark, you would say, of course you would, you would say that this is trustworthy, but having an independent body give that trust, mark is valuable. But I think the challenge comes back down to governance again, is how do we reach consensus on what are the, you know, parameters or attributes that we could all agree to that would help us decide what that trust mark is. And can we essentially universally agree to that? But I think, yeah, there's value to high level signal and recognition, and then a deeper dive of data, transparency Companies.
So as AAR, man, I can tell you that there's a wonderful consent management working group sponsored by. I welcome that is partly doing that second piece, but what you are, what I heard from that is that a trust mark is useful, but it will not be sufficient for everything that a, that a business gets just Andrew, Andrew first.
Oh, you've got, you've got the mic go for, Go for Laura back. We have a few minutes, but there's nothing to say that you can't stay longer than lunch, but now we'll, we'll the lunchtime two Related questions, which I'll chain on your answer. The first is clearly that GDPR is going to impose as a legal requirement on companies, things that up until now have been a matter of trust. So what do you foresee the trust mark as adding on top of compliance with the trust mark as adding on top of company's new legal obligations under GDPR?
Well, that would be interesting. I think it goes beyond GDPR cause GDPR doesn't, for example, cover many of the issues that Mac covered in his presentation, GDPR is only Europe. And even if GDPR is the law, it still doesn't tell me that somebody has been assessed, whatever the governance is that they are actually meeting GDPR. So we all know that you can have laws, but not necessarily be assessed to meeting the laws. We have laws for electrical compliance, but we still have the BS 1363 standard. And we have your kit mark and things like that.
So I think it does a lot more than just GDPR and it applies, I personally believe, but it doesn't mean so that you necessarily believe that as a whole or work better way that the trust mark will have items that are beyond what is in GDPR itself. So that takes not my same question.
Do you, GDPR has an extensive provision in it for codes of conduct, which can be recognized internationally and would be recognized within the framework. Would you see this trust, mark, would you see the governance framework and the structural framework for this as effectively being one of the first codes of conduct under GDPR Personally?
Yes, it'll be one of, but it won't be GDPR specific if you met my international worldwide type thing. And, and just to add, I think GDPR is framed. It's very good and everything else, but it doesn't necessarily well when it was being framed, it wasn't necessarily being framed with the knowledge of all the new data that people are gonna be sharing like health and finance and, and various other things. So I think you'll find that as I say, there will be extra things that people want to see or potentially levels or who knows. That's what we are expecting.
We get quite a few arms going on, Alan, and then Katrina and then yourself again. And then finally, Yeah, Ellen's got a micro first. You get the final words.
So, so the, the issue of trust marks and, and I, we wanna think about it as trust marks because trust marks is simply a statement that a certain set of requirements that we met. We have many of these in the real world and we don't go.
I mean, underwriters lab is a prime example that when you buy a power supply and it's got an underwriter's lab stamp on it, you don't go in and have a look about what their internal processes are and how many people are winding, the transformers, et cetera. There is a stamp that says, this is not gonna burn my house down. And from an end user perspective, that is a valid, okay, good people have checked this, and this is probably safe. And I'm willing to trust that what we are giving is a guideline to the consumer to say, these are, these guidelines have been met.
One of the challenges I have with the GDPR is that there is no trust. Mark. Nobody actually says you are GDPR compliant until you go to court and are found not compliant. There is no mark. So do You see it as a benefit for the consumer? Sure. It it's verified by visa underwriting labs. I mean certified by theological Institute of America. It's why you buy a diamond. Didn't feel that it has value because there's trust mark associated. You finish That. Yeah.
But, but What reach behind that trust mark is, is a governing body. And I think, I think one of the things that I hear in this conversation is that when you, when you see the padlock in HTTPS, it, you know, what sits behind it is some very specific things that say this site aligns to some techn, a technical scope.
And you, you cannot display that unless your site meets that criteria. And I wonder, particularly because members like Al are involved and, and do Richard telecom and others, you know, they are going to be held account either by customers or GDPR or the interoperability requirements, whether or not this body could achieve more by saying, I don't know, there are three things, or there are five things that at a technical level, if they, if they are present either enforce trust or enforce trans transparency.
So for instance, the data is encrypted, how it's stored, where it's stored, whatever the case may be, because these are things as a, an industry body we can have impact over. The other thing is I E are likely to be doing something in this area. I think there's a governing body in Germany called tooth or something like that. I guess there's a similar one in France. And I know working in Germany, we could come up with something and the Germans will always say, this is not acceptable. We need the German equivalent.
So I wonder whether as a practice of professionals, we could be more successful with choosing the 2, 3, 5 things that are technically possible and auditable that people can attest to in the same way you can for HTTPS. Yeah. And therefore, as a result of that, a governance body picks up and turns that into something because, because that's something yes or no, we can each self-assess against as well. Yeah.
I mean, I, I think what is coming out is your original point around the primacy of the governance process. That it's, there's no good in having a trust mark without having a very clear understanding of what the governance model would look like and how we enshrine that. And also thinking of how to collaborate and leverage the existing work that's out there with I E E and, and other. But I also think there are things this body can do that could set on that pathway that could also be very practical in the short term That would make this worth doing well.
That would make the pathway towards trust and transparency concrete Just before we give the final word to, if you haven't got a book and you've got a survey, then let me know and I'll get them sent to you. Number two, number two is thank you for staying beyond the time. Cause that means that there must be some interest in this. And number three fun Word. Yeah.
No, very, very, this is the internet, right? The legitimacy comes from the community. If you look at trust, you know, I mean, there's a whole of literature about trust, but it's also very much, you know, what is the positive experience that you get and what referrals do you get? I think the three referrals that you need to get the trust. So my question would be wouldn't we just provide tools for the community to legitimate the trustworthiness and let them notify and, and communicate between each other. Very good point. Thank you. What a excellent point to end on.
So hopefully you found that a interesting B hopefully you want to be involved and Remo and the MEF will be pushing out the results of this work. She also surveying the MEF membership to add extra surveys will probably be, probably be publishing a link to the survey on the MEF website. We're we're going to look to see how we answer the results. You may look to tweak slightly, but you are the first participants to the survey. So really grateful for your feedback. And this is a really important exercise for understanding. Should we decide to move ahead?
And if so, how, if you would like to stay engaged, please do indicate. So on the survey, we have a working group of about 30 members. Who'll be looking to take this forward. If we decide to do that, you have real strong interest also from any network to turn this into very on project, where we can address the nuances of the, the points that you need today. So it is a deci it, we do want your input on whether it's a good idea, but the, how will obviously be the key to success. So thank you so much for your insightful comments, and please do hand in the surveys and enjoy your lunch very Much.