It is really hard to be a digital shopper if you want to be in control of your data just like it must have been hard to be a green shopper before various seals, labels and certificates were launched to guide us through the jungle of organic coffee, fair-traded jeans and sustainable lumber. But the seals for law compliant ethical digital serviced are coming.
Citizens and businesses are left in the dark, when it comes to chosing digital services that are not abusing their data. How should they know the difference between the Chrome and Brave browsers? Between Google and Qwant search. Between SurveyMonkey and LimeSurvey? Or MailChimp and Revue? And why should they move from Facebook Messenger to Wire when almost all their contacts are on Messenger, so that must be good enough.
The Swiss Digital Initiative (SDI), who’s working on developing an ethics label itself, has analyzed 12 different initiatives worldwide to map the most important and show the differences and similarities. The goal of all the labels are to foster ethical digital services by providing a benchmark to evaluate them. A label is a way of publicly ensuring trustworthiness of a digital service, and it allows users to make informed choices in a free and competitive market.
According to SDI there are three main challenges, when developing an ethics label compare to for example a food or device label.
A. Digital services needs to take into account the databased flows of information between the user, the service and the companies involved. Data that is gathered on an individual is more intimate and contextual than e.g. food data.
B. The fast pace of continuously evolving technology. How can a label keep up with a digital service being updated several times a week ?
C. For digital services on the other hand, the data-based processes might produce complex situations when it comes to identifying and assessing all the actors involved and the corresponding responsibility.
The 12 Initiatives
There some vital characteristics for a label that DataEthics.eu care about, and that is the governance behind an initiative and whether it is audited by independent third-party auditors. We know from green labels that they mainly gain trust if those two preconditions are fulfilled, but of course, as a beginning, a label run by e.g. businesses – like the one from Denmark – can boost a trend and trust, but independent audits will have to be added sooner or later.
- Data Ethics Framework, Germany, foundation. AI ethics label for products and services, aiming for auditing with third party and regulatory bodies.
- The Digital Standard, USA, Non-governmental organisation (e.g. Consumer Report). Setting standards and criteria for testing and rating software and smart devices aimed at electronic software, hardware and services. Self-assessment by companies but third-party assessment as case studies.
- The Ethics Certification Program for Autonomous and Intelligent Systems, USA, organisation (IEEE). Creates specification and metrics for certification of products and services. Both Self assessment and third-party.
- Fair Data Economy Score, Finland, public foundation under supervision of the parliament. A criteria framework and maturity model guides organisations to evaluate their fair and sustainable use of data aimed at companies as a whole. Primarily self-assessment.
- Trustmark for the Internet, EU, EU program. Internet trustmark to support the development and use of responsible technology and software with a single umbrella and various labels. Third-party auditing.
- Trustable Technology Mark, US, Foundation (Mozilla). Trust mark (label) aimed at users of IoT and labelling products. Self assessment with third party control.
- ATrustworthyTech Mark, UK, think tank. Aimed at products and services. Third party audits. Abandoned in 2019.
- D-seal, Seal for Data Ethics and IT Security. Denmark. Public private partnership. A label covering IT-security, privacy and data ethics. Aimed at companies as a whole. Self-assessment.
- AI Certification, Germany (Frauenhofer), Academia and government. A certification process and inspection catalogue to assess AI applications. Third-party auditing.
- Independent Audit of AI Systems, US, foundation. Framework for auditing AI systems within privacy, bias, ethics, trust and cybersecurity. Both companies as a whole and concrete products and services. The foundation itself will be auditor.
- Label Numérique Responsable, France, NPO. Label focuses on creating ethical, regenerative and inclusive technology use. Companies as a whole. Self-assessment followed by third party evaluation.
- Apple’s App Privacy Label, US, commercial. Privacy and data practises of apps in Apple’s app store. Self-assessment plus audit control by Apple.
The Swiss Digital Trust Label itself will be a combination of bio label and nutrition fact table for the digital world: it shows that mandatory criteria are fulfilled by a digital service, while at the same time giving users more information and transparency about four dimensions of the digital service: Security, Data Protection, Reliability of a service and Fair User Management (making transparent auto- mated decision-making). Eight test partners from the public and private sector are involved in the project: Axa, Booking.com, Canton Vaud, Credit Suisse, IBM Switzerland, SBB, Swiss Re and Swisscom.
The fact that none of the initiatives has yet been able to implement an internationally successful label for digital services or organisations shows the complexity of the topic. But SDI has 5 pieces of advice for success.
A. The label has to be known by its target-users. This means that its name/visualization must be easily remembered and that it must convey part of the quality/ambition of the label. This also means that one needs to think big to make the label known. This requires important financial resources and know-how.
B. The label should be supported by a strong and well- known organisation.
C. The label has to convey a general message. Buying a piece of food with the Fairtrade label gives consumers a sense that what they buy is fairer than goods without the label.
D. The governance of the labeling body has to be legitimate. The labeling process has to be perfectly clear and understandable to outsiders. It must be possible to assess whether the commercial and financial incentives set in place are compatible with the promises made by the label. Key steps of the labeling process are the audit by a third-party
E. The way the label organisation is funded needs to be transparent and understandable for outsiders. Profit-oriented labels are in tension with the broader goal pursued by the label