Consumer trust of businesses has never been great.
But it’s demonstrably at an ebb in the post-Snowden era when it comes to personal data.
There’s qualitative and quantitative evidence telling the story.
Image source: https://www.flickr.com/photos/vincrosbie/16301598031/
Latest evidence:
Spotify last August: simple privacy policy change alarmed customers
Complaints, threats to leave (e.g. new Apple Music)
Lesson: commoditized? low switching costs, lack of sensitivity can hurt you even if the change wasn’t materially negative
Mobile Ecosystem Forum IoT consumer survey: trust issues biggest concern
(See: http://www.dw.com/en/spotify-feels-the-burn-after-privacy-policy-flub/a-18665269)
(See: http://www.bizreport.com/2016/04/21-globally-have-concerns-that-iot-machines-will-take-over-t.html)
Image source: https://www.flickr.com/photos/vincrosbie/16301598031/
Spotify shows how businesses can lose when you can’t sustain trustworthiness
Cash economy means you might have had only a single customer interaction – digital economy nearly always means repeated interactions
This makes the game theoretical stakes higher
In a moment we’ll talk about the upside potential
What about the compliance costs and penalties?
They’re more substantial than ever (GDPR: up to 4% of worldwide turnover, DPO, etc.)
But they’re clearly not about relationships with customers and end-users
Image sources:
https://www.flickr.com/photos/delmo-baggins/3143080675
http://www.huffingtonpost.com/marguerite-orane/worklife-not-balanced-enj_b_7189918.html
Use health, including consumer and clinical health devices, as an example
The HEART Work Group at OpenID Foundation is working on a use case
I’m a co-chair of the group
Alice Selectively Shares Health-Related Data with Physicians and Others
For example, one flow enables Alice to choose to share basic data about herself with a doctor before her first visit
Another lets Alice monitor and control access
There’s a flow involving Alice sharing the list of her medications with her spouse
And one where Alice agrees to donate data to clinical research in deidentified fashion
(See: Economics of Privacy: p. 15: “strategic consumers may make a firm worse off in the context of dynamic targeted pricing”)
(See: https://bitbucket.org/openid/heart/wiki/Alice_Shares_with_Physicians_and_Others_UMA_FHIR)
Okay, so why enable personal data sharing?
Data quality and accuracy -- one US study: only 5% agreement between medications listed in EHRs and what patients actually take
This gap affects cost, efficiency, and satisfaction as well
Improved clinical research sets – one UK study: over half the respondents supported use of their data by commercial organizations for research
A floor of 17% were not willing to share data at all
Better care – Philips did a study with Banner Health
Patients with chronic disease using a smart device and an app would tend to leverage continuously monitored vital signs
Shorter, less expensive, less ER-intensive stay: savings averaged 10 days/year and $27K/year
(See: http://well.blogs.nytimes.com/2016/03/31/let-patients-read-their-medical-records/?_r=0)
(See: http://www.wellcome.ac.uk/News/Media-office/Press-releases/2016/WTP060240.htm)
Image sources:
http://www.serkworks.com/rocket-surgery-institute/
https://upload.wikimedia.org/wikipedia/en/d/dc/Lab_Rats_Film_Poster.jpg
http://www.mastgeneralstore.com/products/id-1426/magnet_-_i_love_lucy_vitameatavegamin
So that’s a business-based reward-centric viewpoint
Beyond the business-based risk-centric viewpoint of regulatory compliance, why should businesses do what individuals want regarding personal control?
The IoT brings new volumes and sources of data, and new use cases for people wanting to share that data
CareKit added person-to-person sharing in the Apple ecosystem
Dumb socks vs. smart socks – need a solution in wider ecosystems
How can we meet these needs?
Are the tools and technologies we have available actually ready?
ForgeRock asked companies if current methods such as opt-in checkboxes and cookie acknowledgment flows can adapt
Only 9% think they can
However, all is not lost.
(See: https://www.forgerock.com/about-us/press-releases/new-global-survey-finds-companies-lack-adequate-data-privacy-consent-tools-todays-evolving-regulations-dynamic-digital-economy/)
Image source: https://www.etsy.com/listing/184845181/quotation-marks-temporary-tattoo-set-of
It’s a good thing we’re seeing this innovation
Recent TRUSTe Safe Harbor Poll: after Safe Harbor invalidated: respondents approximately tripled use of consent for ensuring EU data transfer compliance
What could the delegation, consent, and access experience look like in UMA?
Let’s look briefly at a consumer health IoT scenario where UMA provides a linchpin for needed capabilities
Is a standard built on OAuth 2.0
Delivers externalized authorization
Provides digital consent control to end users
Allows to share data and revoke access to data