Trust in sharing economy businesses is built primarily on peer group usage and ratings. The fact that peers not only reveal their opinions, but a huge amount of information as well, inevitably raises the question of cybersecurity. Providers, users and regulators all share responsibility for providing a satisfactory response.
Consumers making use of conventional business offerings place their trust in a combination of proprietary brand reputation and industry-specific regulation. But the recipe for success in the sharing economy includes another basic ingredient: the trust of the peer group. Peers share ratings and recommendations that are visible everywhere in real time, in personalised form. For example Uber passengers rate their ride and the driver; in turn, drivers get to rate their passengers. This way, depending on the trust they place in the judgement of their peers, new customers can decide whether or not to do business with a particular provider. Monolithic, laws-based regulation thus gives way to a peer-to-peer trust model. This creates enormous opportunities for providers for new, interesting business.
The trust model on which the sharing economy is based can enable companies to respond more quickly and precisely to changing customer needs, market developments or their own weaknesses. It also provides highly relevant information for people with similar interests. Broad-based ratings create transparency – for better or for worse. Because the system can cut both ways: just as a positive rating can help attract new customers, bad marks can destroy the trust of prospective customers before they’ve even been able to try out the offering for themselves.
The main disadvantage of the sharing economy is its vulnerability to manipulation. An aggressive competitor, frustrated customer or disgruntled former employee can easily torpedo a platform’s reputation by posting fake ratings.
The security and data privacy risks of a sharing economy structure shouldn’t be underestimated. A peer-to-peer provider very rapidly gathers, processes and saves a huge mass of personal data, including credit card or user information and consumer profiles. This information is what cybercriminals are after. Just imagine the economic, social and emotional damage that would ensue if someone were to steal and make public the entire bookings made by regular customers of a hotels platform. Unfortunately, the levels of protection defined for data of this type vary from country to country around the world. Each provider is basically free to do what they think is right.
Data security is in large part the responsibility of sharing platform providers. In other words, peer-to-peer providers have to adapt their systems and technologies to the information they gather, and assure appropriate protection. In concrete terms this means a sharing provider should only gather data relevant to their core business, and publish clear, concise terms and conditions governing their use. A layperson must be able to understand and accept these terms in good conscience.
Given the lack of standards and the complexity of the issue, at the moment there are big differences in how conscientiously providers fulfil this duty. And there are also big differences in the rules and regulations governing these matters in different countries and industries. Most digital players capture more data than they need for their core business and have terms and conditions designed to cover them for any eventuality – pages and pages of legal fine print that the average reader will have problems reading through, never mind understanding.
Anyone shifting all or part of their business model to the digital space should start thinking about and incorporating the data privacy issues right from the conceptual phase. New technologies can help bring a market-ready idea to success by delivering it in a contemporary package. But by the same token the rigours of cybersecurity can nip a sharing economy idea in the bud or derail a digital project before it’s reached its goal.
The people who use sharing platforms have only limited tools at their disposal to prevent the data privacy rules from being violated. So if you choose to engage in this type of business you should take responsibility for your own actions. For example you should be careful about what personal information you reveal to what providers. This means that you should pay attention to how the platform’s trustworthiness is rated, read the terms and conditions, and decide for yourself whether you’re prepared to take the described risks. If you want to avoid credit card fraud, for example, you may want to use a prepaid card with a limited amount on it for sharing purchases, or make payments via a separate account which you don’t keep much money in.
Assuring cybersecurity also means protecting your own platform, making sure that your computer, tablet and smartphone are sufficiently shielded from attach from cyberspace. There are already many powerful applications available to do so.
The role of the regulator in the digital economy is to require basic protection of customer data and make sure the legislation keeps pace with the times and technology. Against this backdrop the European Parliament has revised the EU’s General Data Protection Regulation (GDPR), scheduled to come into force at the end of May 2018. The regulations contain important additional rights, provisions to protect users, and substantial penalties for violation.
Also relevant is the PCI DSS, the international credit card standard (Payment Card Industry Data Security Standard). The PCI DSS, formulated in 2006 by a council established by credit card organisations, is designed to ensure a uniform approach to implementing security requirements for credit card transactions.
The data privacy legislation in Switzerland incorporates most of the existing international data protection rules, and is likely to adopt many of the new ones. Although the implications of the revised GDPR on a national and European level aren’t yet clear, we believe the enforcement of the regulation and any penalties that are imposed will prompt companies to tighten their data privacy rules and security controls on their customer data.
Providers, users and regulators all share responsibility for cybersecurity. We can only keep the internet healthy, clean and economically beneficial if everyone involved plays their part. Regulation should create the framework for basic protection and transparency. Users have to act circumspectly to ensure their personal data don’t end up in the wrong hands. And last but not least, peer-to-peer providers have to comply with the data protection requirements.
Modern technologies such as the cloud enable companies to deliver new business models very rapidly. It’s rarely the technical implementation that stands in the way of success, but rather a failure to translate a promising idea into a business model capable of responding to change and the needs of the market. Looked at this way, cybersecurity is no longer an obstacle to success but a welcome springboard.
In favor of simplicity I started to consolidate my blogging onto LinkedIn and will only once a while post something here as well. Please add me at LinkedIn to get more updates on security related topics.
A cloud can be many things. A white patch in a sunny blue sky, the source of a powerful thunderstorm or almost unlimited computing power. My cloud is a place where I am discussing security, technology, productivity, IT-business alignment and corporate citizenship with a few lightning bolts once a while. I welcome all comments and feedback and if you have a question please use the contact form below.