close
close

Mondor Festival

News with a Local Lens

Building consumer trust in Smart Data
minsta

Building consumer trust in Smart Data

Executive summary

What is smart data?

Smart data gives consumers the ability to share their data between businesses and other organizations, to enable new uses of data in ways that benefit consumers, society and the economy. There is great potential for smart data systems to bring benefits to many sectors of the economy. The increased productivity and competition benefits enabled by personal data mobility are estimated to increase UK GDP by £27.8 billion. Government 2024 Smart Data Roadmap identifies priority sectors of banking, finance, energy and road fuels, telecommunications and transport; and retail and home buying are other areas of interest. Programs spanning multiple sectors may also allow consumers to have greater choice in personalized services and could lead to better prices, for example services such as auto-switching or tailored account management. It is essential to leverage the benefits of consumer trust in, and therefore engagement with, smart data. This guidance document provides a blueprint for data holders, authorized third parties, civil society and any other participating organizations to ensure consumer trust in smart data systems through the use of a framework trust.

A trust framework aims to provide a set of rules, standards and agreements that govern how data is shared, used and protected between different participants in smart data systems. This will be enforced by the relevant supervisory body for each system. Strong and effective trust frameworks are essential to ensure that consumer protection is built in from the outset to foster consumer confidence, and for businesses to feel equally protected with legal certainty for all parties.

Risks and harms for consumers

Which? analyzed a number of existing smart data systems and their trust frameworks and undertook 6 months of detailed engagement with key stakeholders and technical experts across a wide range of sectors including energy, banking and finance .

Our engagement with stakeholders indicated that consumers will struggle to engage with new smart data products and services unless they understand what is happening and are confident that they and their data is protected. Our stakeholder analysis shows that if smart data systems are developed without adequate protections, there is a risk of consumer harm, such as:

  • Poor quality products and services
  • Lack of meaningful consent
  • Risk to consumer safety
  • Exploitation of vulnerable users

A trust framework based on consumer control and consent

In December 2023, the Smart Data Council commissioned Which? determining “what the consumer benefit looks like” in smart data trust frameworks.

We recommend a trust framework that goes further than that of the ICO statutory data sharing code or advice on valid consent because the ICO does not have a specific mission in the harm caused to smart data consumers that we identify above.

Based on our analysis and engagement, we have identified that there is currently no model to follow to ensure that new trust frameworks for smart data systems adequately protect consumers. This led us to develop and test a new model of trust frameworks with a wide range of stakeholders, including regulators, civil society organizations, startup representatives, service providers and technical experts. We consider this model to be sector and technology agnostic. That is, regardless of the sector in which the smart data system is established or the technologies used, the principles will remain applicable and effective.

Our Trust Frameworks model aims to encourage future projects aimed at fostering consumer trust from the start. To achieve this, consumer control and consent are at the center of Which?’s Trust Frameworks model. By considering consumers from the design phase of smart data systems, the risks posed to consumers are minimized, thereby building consumer trust, which is essential to realizing the social and economic benefits that smart data systems can unlock.

These requirements are feasible to implement and their universal adoption would create consistency, leading to increased consumer trust and engagement in smart data products and services.

Figure 1: Which model? for smart data trust executives

Building consumer trust in Smart Data
Governance

Clear governance requirements incentivize all parties to assess and manage consumer risks and take steps to integrate ongoing monitoring, robust accountability and redress mechanisms with clear milestones for all participating organizations. These proactive measures build consumer confidence by assuring them that they can reach a resolution should a problem arise. In turn, this increases consumer engagement with the smart data product or service.

Protection

Consumer data in smart data systems must be protected from misuse or cyberattacks. Smart data systems will change the way consumer data was previously shared and analyzed between parties and it is essential that fundamental consumer rights and protections are not weakened or reduced. Adhering to data management and cybersecurity principles will give consumers confidence that they can control the secure access and use of their data, building trust and engagement in intelligent data systems.

Scalability

Ensuring that smart data systems are scalable will result in greater participation from relevant organizations. We consider scalability to refer to the technical infrastructure for interoperability. Furthermore, enabling access to more data points will increase coverage and social inclusion, paving the way for innovative and diverse smart data products and services for consumers. This is supported by inclusive by design measures such as common language and accessibility.

Next steps

To realize the benefits that smart data can deliver, consumer trust is critical to adoption and engagement with smart data products and services. Using the Which? for Trust Frameworks will ensure that the principles underlying governance, protection and scalability are robustly applied to mitigate risks and promote consumer trust in intelligent data systems.

Which? calls on companies and organizations participating in smart data systems to adopt this model smart data trust framework and put it into practice in current and future smart data systems. This commitment should be made even in the absence of legislation, demonstrating a proactive approach to consumer protection. It also eliminates the risk that a failure in one use case within an industry will compromise consumer trust and engagement in the broader smart data ecosystem as a whole.

Although each major player in the smart data ecosystem has specific responsibilities, cooperation among stakeholders is essential to build and maintain consumer trust. Participating organizations use the principles and findings of our trust framework to strengthen their current approaches to protection (data management and cybersecurity) and accessibility. Program providers must oversee the quality and standards of the above, using the principles of the Which? Trust Framework. to avoid the harms we have identified for consumers. They should also play a leading role in governance (particularly system roles and responsibilities, accountability and responsibility, monitoring and recourse) and scalability (particularly interoperability).

Which? also urges the government, through the Department of Business and Commerce (DBT), to play a leading role in coordinating the smart data landscape, guiding the development of smart data systems and facilitating the cross-sector interoperability and a common language. This includes monitoring how program providers are preventing the consumer risks we have identified and how they are implementing governance and scalability in their sectors. The Government’s new Data (Use and Access) Bill (“DUA Bill”) represents a key opportunity to strengthen the legislative framework to support consumer confidence in smart data systems. Especially:

  • The government should take the opportunity, through the Bill, to signal its intention to implement Article 80(2) of the UK GDPR, so that if a provider designs a service in a faulty way, such that the rights of more than one user are violated in the same way, an appropriate organization can bring an action for compensation on behalf of all those affected as that group. .
  • Additionally, regulations proposed under the bill are expected to contain requirements for how smart data systems must meet the needs of the most vulnerable people.
  • If the bill passes, the new powers available to the government should be used to prevent consumer harm and build consumer confidence in smart data.