Network of Excellence in Internet Science

Session 3: Identity & Trust

Ninia Azzopardi Oxford Brookes University An Exploratory Study on how Customers feel towards the EU Cookie Law, and if it affects their trust towards a website

Purpose - Past research on internet privacy has observed how consumers are concerned about the privacy of their online information and how easy it is for companies to gather, store and share this information. As e-consumers are lacking the knowledge on cookies, this research focuses on whether the change in the Privacy and Electronic Communications (Amendment) Regulations 2011 law (The Cookie Law) will affect e-consumers’ trust towards a website, as websites must now require consent from users and provide information about the purpose of storing cookies.

Based on past research, it was found that the following six variables; Perceived Privacy, Perceived Security, Perceived Risk, Context, Quality and Consumers’ Propensity to Trust, affect online trust.

Methodology - The research approach adopted in this dissertation was a qualitative exploratory study which was carried out through fifteen interviews. All respondents were asked about how they feel towards the six variables before and after the law was implemented, and their views towards the Cookie Law.

Findings - The results showed that users perceived the Cookie Law to be positive and a step in the right direction, though they feel that companies fail to ensure compliance with the law. Surprisingly, the findings also showed that most users seem to be unaware of the existence of this law, even though it was enforced to help users control their data.

Conclusion - The main conclusions drawn from this study is that users’ trust is unlikely to change as they believe that if they do not trust the website they will unlikely trust the cookie policy, though if there is third party accreditation then users’ trust will decrease when using the website. Furthermore, as users are now more aware of the law and its purpose, 56% of the respondents said that in the future they will look out for it.

Karmen Guevara University of Cambridge Identity and Trust the Foundations for Privacy

Historically, the notion of privacy has evolved in response to technology. New layers of privacy have evolved in response to concerns over the intrusion introduced by new technologies. This creates a powerful dynamic between the social technologies and the inherent need for privacy and restrictions on disclosure which underlie human behaviours. Such motivations contribute to privacy becoming a far more complex construct, due to the underlying socio-cultural and psychological factors.

Identity and trust are fundamental to privacy. Maintenance of privacy is held to be conserved through trust. Therefore, our focus is on identity. So trust is considered within this context. An examination of identity is based on the axes around which the formation of identity occurs and its dimensions are at the root of the continuous construction process of building an identity. The dynamic tensions that lie at the core of identity are considered with the implications for in real life and on-line trust and privacy behaviours.

The new dimensions of identity that are emerging from the interactions with social technologies are giving rise to new trust heuristics and privacy behaviours. These are explored in juxtaposition with the chasm that exists between users in real life and on-line privacy behaviours during this period in which a new layer of privacy is being evolved.

Trust, privacy and disclosure behaviours are drawn from subconscious emotional drives and responses. Therefore, the examination of identity and privacy is framed around the subconscious processes underlying behaviours. The theoretical framework applied is drawn from Psycognition which is based on the theory that behavioural motives originate from the subconscious and therefore are significant because they directly influence individuals’ perceptions and conscious behaviors.

A Psycognitive perspective is different from a purely psychological one, in that it takes a holistic socio-cultural systemic perspective of behaviours and the underlying subconscious processesThe Psycognitive approach is drawn from the disciplines of Human Sciences, Integral Theory, Evolutionary Psychology and Holistic Psychotherapy.

The methodology explored here includes the models applied in such an examination, for example, the Organisation of Experience, the Dynamic Feedback Loop and a Psycognitive Layered Architecture.

Conclusions are drawn from the data collected from an aggregation of field studies in which investigations of individuals’ core beliefs and behaviours relating to trust, privacy and security were conducted.

Prof. Alessandro Mantelero Politecnico di Torino Competitive Value of Data Protection: the Impact of Data Protection Regulation on Online Behaviour

In many contexts and debates, data protection laws are considered as an undue burden over enterprise activities, limiting their business opportunities, reducing their innovation in offering customized services and increasing their operating costs.

Some studies have demonstrated the limits and the lack of empirical evidence of these assumptions. On the one hand, the costs related to data protection are low and in many cases have indirect positive effects on different aspects, especially in terms of increased level of enterprise data security. On the other hand, although some projects find a barrier in data protection rules, in many cases this is due to an inadequate design of the project, focused on technical or business profiles without taking into adequate consideration the aspects concerning the protection of individuals.

At the same time, the increasing demand of individuals to have their privacy respected has generated new privacy-oriented services, increasing competition and innovation. From this perspective, the individual and social attitude towards privacy assumes a significant role in business activities and could become an important element in order to build trust in service providers. On the other hand, the lack of data protection increases the risks of illegitimate access to information or misuse of personal data, with a potential chilling effect on individual propensity for sharing and communicating personal information.

These needs become more relevant and perceived in the context of social networks, where service providers are collecting large amount of data (Big Data) in order to extract predictive information about individuals and social groups. In this sense, the recent EU proposal for a general data protection regulation contains different elements that can reinforce trust in data management. We could identify three different main lines in the proposal that have positive effects on trust in data management: reinforcement of attention to the design of the data processing, increased compliance to legal data protection framework, reinforcement of user's rights.

Historically, data protection rules attach great importance to the technological aspects concerning the processing of information, in order to define adequate procedure that guarantee a high level of protection. In this sense the data protection impact assessment, the privacy by design/by default approach and the preference for minimizing data collection are different solutions suitable to increase user's trust in the management of their data. At the same time, data portability and a more detailed regulation on the right to be forgotten reinforce the self-determination of the user in the social networks. Finally, the uniform approach adopted by the regulation, the different remedies and solutions adopted in order to increase the compliance to data protection rules (sanctions, audit, data breach notification, labelling) constitute further elements suitable to reinforce user's confidence.

Having made this initial assessment of the new EU Proposal for a general data protection regulation, it is important to define and analyse the role of identity management systems in social networks and their impact on profiling. From this perspective, the interaction between government and private sector in the field of authentication systems, the prevention of the risks of social control and the importance to preserve anonymity with regard to the freedom of expression assume particular relevance. An uncertain framework on these different aspects can have a negative impact on users, limiting freedom, self-determination and interaction in social networks.