The tripartite general concern about misuse of personal data as a challenge for the European digital single market
Trust in information and communication technologies (ICT) has become a matter of growing interest as EU citizens are increasingly engaging in the digital realm. Eurobarometer surveys show that in 2017 70% of EU citizens used the Internet every day and only less than a fifth never used the internet. Half of European citizens engaged daily on online social networks and of those daily users, 46% also actively posted content. 60% of respondents used the Internet for buying goods and services and 58% for online banking.
However, the widespread adoption of ICT products and services comes with sociocultural variances in public opinions and attitudes across Europe, which generate a diversity of reactions towards developments in ICT. A majority of citizens generally avoid disclosing personal information online and is concerned of becoming a victim of cybercrime (e.g. in 2017 69% were concerned about discovering malicious software on Internet-enabled devices and identity theft). But cybercrime is just one of three major areas of concern. EU citizens are also concerned that their online personal information is not kept secure by websites (73%) and public authorities (65%). So the quest for a trustworthy ICT environment seems to be squeezed between the ever increasing economic pursuit for unlimited technological innovation and growth and governmental attempts at creating security through surveillance. All in all we observe an increasing general concern about the misuse of personal data by 1. cybercriminals, 2. corporate entities and 3. public authorities. Moreover, this concern seems to be much more closely linked to contextual variables of ICT engagement (such as the perceived trustworthiness of the provider or the behavior of national security authorities) than the specific attributes of the ICT product or service involved.
Nowadays, the establishment and general diffusion of ICT in European societies no longer depends solely on questions of functionality, technical security and usability. In particular, respect for ethical and legal standards is increasingly becoming a decisive factor in the adoption of ICT (e.g. respect for human rights). Considering the areas of concern mentioned above, along with possible socio-cultural variations in those areas, the chances for identifying a simple mechanism for generating trust in ICT products and services are low. In addition, “trust” might not be a single, coherent phenomenon. Despite countless attempts at a definition of trust in different scientific disciplines, it remains elusive and yet, it pervades all aspects of social interaction. In any case, trust (or a functional substitute) will occupy a center position in any account of cooperation – which is a necessary prerequisite for the adoption of ICT products and services.
Regarding the socio-cultural aspects of cyber security we are confronted with volatile and elusive macro phenomena which obviously affect the engagement with ICT products and services significantly. A starting point for addressing this challenge is to ask for the main influences on public perception of the trustworthiness of ICT products and services and also the specific role of European values and norms among the main factors (incl. e.g. human rights). However, in order to determine the weight of socio-cultural aspects in cyber security considerations (incl. requirements for labelling of ICT products and services) we have to go further and ask more fundamental questions: Can we translate matters of perceived trust and risks into specific and dependable technical standards? Or, is this an impossible endeavor and we should rather focus just on questions about cyber awareness when we address socio-cultural aspects of ICT engagement?
by Martin Griesbacher and Stefan Reichmann (University of Graz)