Tuesday, 4 July 2017

E-commerce practices raise questions about how to protect consumers in globalised digital markets

How can we better protect consumers in a globalised digital world? The Luxstyle case suggests unfair practices are not being stopped quickly enough.

A number of Consumers International’s members have contacted us regarding the practices of LuxStyle, a Danish company that was advertising through Facebook and Instagram.

The adverts directed consumers to the company’s website where they were asked to provide their postal and email addresses to get the price list for the products being advertised. The consumers were then sent the products and an invoice, despite the fact they hadn’t ordered anything. If the consumer didn’t pay the invoice, many received a letter from a debt collection agency.

Danish ombudsmen takes action

Complaints about Luxstyle were first received by the Danish Consumer Ombudsman in 2015. Further complaints were received from countries including Australia, New Zealand and Canada. Consumer authorities from Norway, Sweden, Austria, and Belgium also contacted the Danish Consumer Ombudsman and consumers in Singapore and Malaysia lodged complaints with consumer organisations.

On 25th January 2017 LuxStyle was reported to the Danish police by the Danish Consumer Ombudsman, for breaching the Danish Marketing Practices Act section 3, in which ‘traders may not use misleading or false information or omit material information if this is likely to materially distort consumers’ or other traders’ economic behaviour on the market.’ To date we understand the Danish police have not yet brought charges.

Australian Commission issues a public warning

In January and February 2017, the Australian Competition and Consumer Commission received 127 complaints about LuxStyle and, on 2 March, issued a public warning. The ACCC Deputy Chair Delia Rickard said. “The Australian Consumer Law provides specific protection to Australian consumers.  If a business sends unsolicited goods to an Australian consumer, the consumer is not required to pay for the goods, nor is the consumer required to pay to return the goods.”

Facebook finally blocks the adverts – but not the business pages

Finally in May 2017, Facebook blocked the advertisements.  A spokesperson told Canadian news outlet CBC, "We determined that these ads violated our policy against deceptive claims and business practices, and have blocked the company from advertising on Facebook going forward. We apologize to anyone who was inconvenienced." 

Interestingly CBC noted that when it first contacted Facebook, it had been advised that the case was being investigated, and that it was only after the story was published that Facebook said it would take down the advertisement.

However when we looked on Facebook this month we could still view business pages for the products sold by Luxstyle that redirect consumers to their website. There also appear to be reviews for the products being advertised by Luxstyle and recent complaints from consumers.

Serious questions

We are pleased that Facebook recognised that these practices are deceptive, however our timeline suggests it took seven or eight months, from September 2016 to May 2017 for the Luxstyle adverts to be blocked on Facebook and Instagram. We understand the need to investigate allegations and follow procedures, but why did it take so long?

During this time Facebook groups had been set up by people who felt that they had been scammed by LuxStyle and at least eight consumer protection agencies became aware of the problem.

We are also concerned that business pages are still promoting the company’s website.
Consumers International has contacted Facebook and national consumer agencies to find out more about the issue and in particular find answers to these questions:

  1. When did Facebook first become aware of the problem and what did they do about it?
  2. Did the national consumer protection agencies inform Facebook and if so when, and what response did they get? Is there more that national consumer protection agencies can do to stop international practices like these in the future?
  3. Finally, have these practices been effectively stopped? Why are there still Facebook business pages  that link to the company’s website? 

Any consumers affected by these practices can contact their national consumer protection agency or consumer protection organisation to understand their rights.

Wednesday, 17 May 2017

BEYOND THE BREACH: why high profile data breaches are not the only concern for consumers in the digital economy

Organisations in countries all over the world were affected by a major cyberattack last Friday (12 May 2017) and over the weekend when the Wannacry virus struck. Amanda Long, Director General, Consumers International, talks about what the virus means for consumer organisations.

This was different from the high profile security breaches that we are familiar with, like Ashley Madison or Yahoo. In these cases, people’s personal data was targeted in the attack, which can result in serious consequences: credit card fraud, identify theft as well as distress at private information being made public. 

The Wannacry attack was different because it didn’t directly target consumers’ personal data, instead it was able to shut down critical parts of companies or organisations’ IT systems and only open them up again once a ransom was paid.  
Yet the consequences could be just as serious. According to the BBC, an estimated 47 NHS trusts in England reported problems at hospitals and 13 NHS organisations in Scotland were affected as operations were cancelled, ambulances were diverted from A&E departments and people had problems obtaining medicine prescriptions. 

Thankfully this time, the immediate consumer impacts in other countries appear less severe: train ticketing unavailable in parts of Germany or public services in some parts of China. However, our member in Oman reported areas of the internet were shut down as a precautionary measure.  

It's a stark reminder of the range of security-related risks that citizens and consumers face in an increasingly connected digital world. Although we may not always be aware of it, digital systems under pin the financial, health, transport and communications systems that millions of consumers rely on.  

And while nation states have long been building defence against such attacks on their national infrastructure, the Wannacry case shows how easily this could happen to any commercial service like payments services, ecommerce, or transport.  Even those who are not connected to the internet can be affected when ATMs or transport is not available. 

The connected nature of the online world brings multiple benefits. But the same interconnections create a major challenge for anyone trying to keep people, countries and assets secure in the digital world.  

Preventing similar disruption requires everyone to play their part, consumers to practice good digital security, companies to keep products updated and secure, and organisations to treat cybersecurity as a strategic/board level priority.  

And as consumer organisations we have a role in understanding where new threats could come from and what impact they might have - and not only respond to harms after they happen.  This requires an understanding of how the digital ecosystem works, and the way threats to consumer welfare change and evolve. 

Data breaches have got a lot of attention and a lot of consumer facing policy is in place. However, to be effective for consumers in the digital world we also need to know what’s around the corner. 

Wednesday, 26 April 2017

UNCTAD e-commerce Week 2017: Putting people at the heart of the digital economy

To mark UNCTAD e-commerce week (24-28 April 2017), Consumers International’s Director General Amanda Long outlines the need for a fairer and more inclusive digital economy that is built on consumer protection and trust.

UNCTAD e-commerce Week: Amanda Long speaks at high-level panel on
'Digital Transformation for all'

It goes without saying that people are at the heart of digital transformation. People as consumers, as citizens, as families, friends and employees, as students or as business owners.

For many people, e-commerce is the gateway to the digital world and the wealth of social and economic opportunities it provides. It is where we buy and compare products, transfer our money and savings, set up and maintain online businesses. And for those who are only now gaining access to the internet e-commerce is likely to be their first online interaction.

In recent years, the global e-commerce industry has seen an explosive pattern of growth. Total e-commerce sales generated around $1 trillion in 2012 and this total is now thought to be close to $1.9 trillion annually - almost doubling in just four years.

Yet whilst these figures give us a sense of the enormous potential that the digital economy could have for consumers and businesses across the globe, to fully embrace the benefits, we must create a digital world that works for everyone, everywhere.

The many faces of e-commerce

By taking a look at just some of the wonderful examples of how people are using e-commerce, it is clear to see why diversity and participation are so important:
  • In Uganda, young people with innovative business ideas are being granted access to crowdsourced loans online through the Youth Empowerment scheme. [1]
  • Artisan producers in Morocco use online platforms like Anao to sell products direct to customers around the world. Co-operatives like the Women Weavers of Morocco eliminate the need for the middleman and so increase profits. [2]
  • Start-up business like the SafeMoto app in Rwanda are combatting the issue of road accidents, 80% of which involve mototaxis. The app scores mototaxi drivers for safety using telematic software on their smartphones. Customers can clearly see who are the bad drivers, and opt for a safer ride thus driving demand for safer transport. [3]  

In all of these examples we see the empowerment of consumers through the creation of new services and jobs, new markets and growth.

There is so much more, however, that still needs to be done before we have a digital world that works for everyone. With only 50% of the world currently online, there are still many consumers who are missing out on the power of e-commerce. According to the World Bank’s Digital Dividends report, only 15% of the world’s population have access to high-speed broadband and nearly 2 billion people do not own a mobile phone, leaving them unable to fully participate in the digital economy.

It is vital that we find the right balance between e-commerce that works for businesses and consumers. To do this, we must strive for digital transformation that is built on consumer trust and participation.

So how do we get it right?

Ensuring that everyone has their say. Yesterday I was on the UNCTAD e-commerce Week high-level panel on ‘Digital Transformational for all’. The event included talks from Mukhisa Kituyi, Secretary-General of UNCTAD, Jack Ma, founder and chairman of Alibaba Group as well as politicians, entrepreneurs, representatives’ from civil society and academia.

Another exciting announcement this week was the launch of UNCTAD’s ‘e-Trade for All’ online platform. This innovative online information hub will connect developing countries with potential partners and donors to empower them to make the most of e-commerce as a powerful driver of development.

We must follow the superb example set by UNCTAD’s e-commerce week and continue to involve a multitude of voices and opinions on the journey to digital transformation and progress. Let’s listen to consumers, producers, employees, prosumers and business owners about their experiences online, their expectations, needs and concerns. What does trust and confidence look like to them and how do we design it in?

Breaking the assumption that consumer protection stifles innovation. It won’t. In fact, careful design and safeguards to improve people’s confidence is essential if we want to bring everyone along on the journey to digital transformation and growth. We need to pay attention to social, economic, cultural and personal impacts on people and enterprises. If we don’t we risk creating a digital world where people are either left behind or lose their faith in the digital products and services available to them.

Making the most of international cooperation and connection. Building a trusted digital world can’t be done by one single entity, because we are all connected. Connectivity is both a blessing and a curse. On the one hand, we can connect to new markets, new products, our friends, new investments. On the other hand, when everyday things like payments mess up, or updates slow down a device, or when uncanny decisions are made about us based on our habits, it erodes our faith in the other amazing things that we can do with it.

So we need to make the most of the positive nature of connectivity. These connections across sectors, borders and segments mean that international organizations like UNCTAD are more important than ever. The UN Guidelines on Consumer Protection, for example, were updated last year to reflect the changing digital landscape for consumers. They show how together international bodies can create sound principles for consumers, certainty for businesses, and set a marker for good business practice in a changing world.

By working together, we can ensure the e-commerce industry is a driver of greater prosperity and equality for consumers across the globe.

1 - Mushana E SACCO Uganda Ltd. 2016. ‘Uganda Youth Economic Empowerment’. Fire Africa. Online link http://www.fireafrica.org/projects/projects/view/1057

2 - Boots, A. 2015, ‘Anou Connects Moroccan Weavers to World Market’, Fair Observer. Online link: https://www.fairobserver.com/region/middle_east_north_africa/anou-connects-moroccan-weavers-to-world-market-12804/

3 - Mulligan, G. 2016. ‘The Sharing Economy Takes Off in Africa’. This is Africa a Global Perspective. Online link: http://www.thisisafricaonline.com/News/Sharing-economy-takes-off-in-Africa?ct=true

Tuesday, 28 March 2017

Hacking the playroom: How can children be safe and protected in the digital world?

This year, the digital world will reach a significant milestone – Almost 50% of the world’s estimated 7.4 billion population will be online. And, according to research by UNICEF Innocenti, one-third of these will be children.

So what are the particular risks or harms that children face in an increasingly connected world? In this blog, children’s online rights expert Dr Rachel O’Connell will examine the issues  through the perspective of recent reports about connected toys. She will then consider the new European Union data protection rules, which come into force in 2018 and how these and other developments might help to provide more security, privacy and safety.

Toys that talk and listen
As connected and smart toys are being utilised by companies as marketing tools, advertising, product placement and sponsoring are increasing. For example, Cayla “the world’s first interactive doll” came in for criticism, when she was found to have in-built audio tools designed to market foods high in sugar or fat to children. You can see the video here from BEUC the European Consumer’s organisation.

Cayla was also in trouble for failing to protect children’s data and privacy. The blue-tooth enabled doll comes with a microphone to capture children’s speech which can then be analysed using a third party app.  So concerned was Germany's network watchdog by what they deemed the unlawful surveillance capability of the doll that they urged parents to destroy her:

Any toy capable of transmitting signals and surreptitiously recording audio or video without detection is unlawful. The danger, the agency claims, is that anything a child or someone else says in the vicinity of the doll can be transmitted without parents' knowledge. Also, lack of network security could allow the toy to be turned into a listening device, the agency suggests.

To be clear…
The company that produced the Cayla doll would have had numerous contractual relationships between a range of third parties, which include data processors, app platforms, marketing technology and advertising platforms, data management platforms, data analytics, and speech recognition software.

While blanket permission for these businesses to process a child’s data will have been given, when a parent clicks ‘I Agree’ to the Terms of Service and Privacy Policy, the limits to this approach to informed consent have been well documented

Rights of the child
As well as advertising and security, regulators are concerned by violations of the legal protection of children’s rights afforded under the UN Convention of the rights of the child , including Article 16:  

·         No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, or correspondence, nor to unlawful attacks on his or her honour and reputation.
·         The child has the right to the protection of the law against such interference or attacks.

However, as the UK Information Commissioner's Office (ICO) highlighted, under existing data protection legislation there was ‘little that could be done to prevent unscrupulous third parties from harvesting a child’s data and using it for inappropriate purposes’[1].

The new General Data Protection Regulation (GDPR), which comes into force in May 2018 stipulates why children’s rights merit specific protection with regards to their personal data:

“Children may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child.”

Article 8 of GDPR also states that where a child is below the age of 16 years, processing of their personal data is only lawful if consent is given or authorised by the holder of parental responsibility over the child. Member states can choose to lower the age at which parental permission is required to 13 years of age, but no lower.

The GDPR specifically states that separate consent will be needed for different processing operations – this means that in the future it will not only be a requirement to inform consumers of who the data processors are and obtain consent, they must also enable consumers to withdraw this permission at any point.

Privacy by design
 A key principle underpinning  GDPR is that businesses will need to adhere to the principle of Privacy by Design, which requires privacy and data protection compliance during the product or service design stage, instead of bolting them onto the end. These rules will have a reach far beyond the EU as any business processing EU citizens’ data will have to abide by them.

New rules, new tools
What is beginning to emerge, driven primarily by regulation, is a raft of technical standards which detail how businesses can develop Privacy Enhancing Technologies (PETs) that provide consumers with greater control over their personal data. For example

·         The PAS 1296 Age Checking code of practice is due for publication by the British Standards Institution next month, provides guidance for businesses mandated to check the age-related eligibility of consumers and to obtain verified parental consent before processing children’s data.
·         Kantara’s consent receipt specification enables consumers, to communicate and manage the personal data they have shared.

·         User-Managed Access protocol (UMA) is an access management protocol standard, which will enable end users to better protect their data no matter which platform they are on.

The global consumer movement has a duty to advocate for the adoption of best-practice tools and ensure that existing and new digital services are built with consumer protection in mind. Educating consumers about the choices they have available to them will also help pave the way for a digital world that is safer and more secure for people of all ages.

Wednesday, 15 March 2017

A digital world that is all of ours…

On World Consumer Rights Day, Consumers International Director General Amanda Long delivered a speech at the G20 Consumer Summit in Berlin - 'Building a Digital World Consumers Can Trust'.

The prize if we can build a digital world that everyone can trust, and where no one is left behind is clear to see.

In Africa, 1 million hand pumps supply 200 million rural water users.  A third of these hand pumps are estimated to be broken at any one time. In Kyuso, Kenya sensors that could detect and report faults quickly led to a 10 fold reduction in problems. Ninety eight per cent of pumps in the area are fully functioning. But that’s not all, sensors also monitor demand which they can link to fairer payments, and usage data can help plan better services. 

In Europe, it is estimated that 10 million people live with dementia. In the UK, doctors are trialling the use of IoT technology to help them pick up signs of changes in behaviour for patients with dementia. Sensors attached to kettles, fridges and even beds can give vital early clues as to how someone is doing – are they making tea as usual? Are they eating food from the fridge? Picking up and acting on these signs can help people stay well and reduce hospital admissions.

These types of stories are why it is so important to work together so we can make full use of the potential of digital technology and achieve these kind of results for everyone. 

It starts with getting more people online. This will bring many benefits for consumers: more choice, convenience and lower prices; an easier say in how services are run; lower barriers to entry for small businesses thus increasing choice. 

For those with access already, there is still much to gain – such as making the most of the potential of digital to expand opportunities for education, entrepreneurship, creation, healthier environments, healthier lifestyles, smoother transport and more efficient energy distribution. But none of this can happen without trust. 

We need trust for a better digital world 

This is the theme of this year’s World Consumer Rights Day and topic of the G20 Consumer Digital Summit that we are co-hosting with vzbv and BMJV as part of the German presidency of the G20 is ‘building a digital world consumers can trust’

But is this accurate? Do we need to improve confidence and build trust to maintain progress on digital? Doesn’t high uptake and enthusiasm for digital technology suggest that people are largely satisfied? Can’t we just carry on the way we have been, fixing problems as we go along? 

Carrying on as we are is of course an option, we could all convince ourselves that mass uptake and satisfaction with service quality is the same as satisfaction with business models, corporate practice and ethics. But that would be to ignore some clear signals coming from consumers about what the digital world can feel like at the receiving end: 

  • 60 per cent of mobile users worry about the privacy and security implications of a world of connected IoT devices. [1]
  • 71 per cent of people worldwide believe brands with access to their personal data are using it unethically. [2]   
  • And in that same survey, that concerns about privacy are consistent across age, gender, country and personality. 

Not properly understanding and addressing these signals would be missing a trick, it would miss the point that despite the enthusiasm and appreciation of what digital interconnectivity can do, it brings both positives and negatives; and, most importantly, it would miss an opportunity to make the system more inclusive and comfortable for everyone.

Paradox of connectivity

The beauty of so much that digital has given us is that it is all connected. The downside of so much that digital is that it is all connected. It’s a paradox of connectivity.

So when everyday things like payments or returning goods mess up, or updates slow down a device, or when uncanny decisions are made about us based on our likes, habits or opinions, when promises about privacy policies feel empty, when it feels impossible to keep your children safe from harm online – all of these things erode our faith in the other amazing things that we do with digital. 

Perhaps part of the problem is that we too often describe the digital world only in terms of numbers – how fast it is, how many connections there are or how much it could grow. 
But we need to also start thinking not just about how much we could grow, but how we can grow, and what we want to grow towards. We can remain inspired and impressed by the speed and innovation of digital technology, but also keep focused on what we as a world want to achieve through digital innovation?

What do we want to achieve through digital innovation?

Answering this question requires listening to the voices of people everywhere - people as consumers, citizens and as representatives of future generations.  

And trust needs to be more than what we call ‘transactional trust’, I.e the nuts and bolts of a transaction between a business and consumer (or consumers and consumers). 

If tech is going to go deeper into people’s lives, it’s no longer enough to say it will bring convenience, or save money. It has to offer more than that, more than just a transaction. Instead, it is way beyond time to think more roundly about consumers and their trust in the whole experience and try to understand what the combined effect of this fast, expansive, powerful and all-seeing digital technology is on people and their communities, their lives and their idea of the future. What does ‘whole experience trust’ look like to people? 

This type of reflection might be regarded as ‘stifling innovation’ or progress, but it’s the opposite - it’s the definition of progress. To progress means to bring people along on the journey, to pay attention to the impact on people, so that we do not leave anyone behind.   Otherwise we risk similar problems of that other current example of the boundary breaking, cross border, disruptive force - globalisation.  Where impact on some ordinary citizens has not been as understood or considered as necessary and some people have ended up feeling left behind and have lost faith in institutions and leaders.  

So who do we trust to build a better digital world?  

It’s up to all of us - consumers should trust their instincts and articulate what kind of digital world they want for themselves and their children.  Businesses should trust their relationships with people and make a stand to behave more responsibly and respond to people’s concerns – to stand out from the crowd.  Governments should trust their citizens to be able to recognise what is fair and right online and find ways to help them get it. 

No single entity can reassure trust.  And in any case, trust in business, government, media and NGOs is in decline in part because people feel these institutions can’t protect them from the negative effects of globalization and technological change.  

We need to face up to some of the complex and big issues of access, ownership, tracking, competition and to work with the fact that we are in flux – and that we don’t have all the answers but that but that we have a better chance of finding them if we work together. 

The recommendations presented at the summit on 15th March are the first time that the role of demand side trust in driving growth in digital has been thought about, and acknowledged on such a major stage. However, they are just the starting point of something bigger. We want to achieve these recommendations and much more beyond in partnership with others, in line with Consumers Internationals’ new commitment to ‘come together for change’.

Only then can we build the #BetterDigitalWorld that we all deserve.


1. Mobile Ecosystem Forum, 2016

Monday, 13 March 2017

Consumers and the Internet of Things: one connection too many?

Liz Coll, Head of Digital Advocacy at Consumers International, takes a look at recent trends in the global uptake of connected devices and considers what these trends can tell us about consumer attitudes towards the Internet of Things.  

Last year our report on ‘Connection and Protection in the digital age’ explored the impact of the rapidly expanding trend of the Internet of Things (IoT) – with more and more everyday objects connecting to the internet. As with any ‘next big thing’ topic, the figures looked astounding with some commentators predicting 50 billion IoT devices to be connected by 2020.

New reports in 2017 have not been quite so bold with their predictions. According to analyst firm Gartner, the total number of IoT devices deployed by 2020 is more likely to be just over 20 billion. As with any forecast about the future of the digital economy, there are no certainties – but this drop feels significant. Could it be that consumer attitudes and concerns about connected devices are, at least partly, behind these more reserved predictions in 2017?

Our 2016 report suggested that security concerns and the invasive nature of connected technology would potentially hold back consumer engagement in this next deeper, more personal phase of digital technology. The focus of our work with G20 governments to help ‘Build a Digital World Consumers can Trust’ makes the case that unless consumers can trust digital technology, they won’t readily accept it into their everyday lives.  Getting trust right is therefore a key part of creating a vibrant demand side for the market.

So does it look like this is the case for the consumer market for IoT devices? A report released by Deloitte in 2016 points to an uneven uptake of consumer IoT devices in more developed economies. Connected entertainment devices such as games consoles and smart TVs have maintained a steady growth but sales of Fitbit devices failed to meet expectations.

Some research indicates that this limited take off is because of a failure to meet people’s needs, both in terms of pricing and also the difficulty of use and maintenance. As shown in the MEF Global Consumer Survey from April 2016, the levels of privacy and security were also problematic for consumers, with 62% and 52% of those surveyed reporting these as the biggest concerns, respectively.

Another example of the noticeable consumer resistance to connected devices has been the move by some Fitbit users to turn off the smart elements of their devices off only months after purchasing the products. With novelty seemingly wearing off so quickly, does this mean that penetration of IoT devices won’t happen as all those excited articles predicted?

In reality, it is hard to prove or predict that people won’t buy internet of things products because of a lack of trust. As privacy and technology expert Gilad Rosner somewhat ominously predicted that business momentum will mean that “The Internet of Things will happily march along with lousy privacy and security, and we will be the poorer for it”. 

Connected technology seems to be one of those things that creeps into products – an alarm clock on a smart phone that suddenly wants to become a ‘sleep tool’ to help you enjoy a restful night. An insurance provider that offers a subsidised fitness trackers, for as long as you keep active.

But with high profile internet of things problems such as the #Toyfail and the development of devices such as fertility trackers collecting and analysing sensitive information about one of the most private aspects of people’s lives, perhaps people will start to demand technology that is not just helpful but safe, ethical and human-centered.

How can consumer organisations play a leading role by working with businesses to ensure that connected devices can be safer, less invasive and prioritise consumer interests? Our member Consumer Reports’ new digital standard initiative is an excellent example of how the global consumer movement can evaluate and test the safety of digital products and services, empowering consumers to make informed choices about whether they want to invest in IoT devices. This week, Maria Rerecich of Consumer Reports will speak at an SXSW event that considers how a consumer organisation can include privacy, security, and data practices in its testing protocols.

As consumer organisations continue to monitor ongoing developments in the connected world, it’s vital that the global consumer movement advocates for businesses to build security and privacy in at the design stage. It’s not just the right thing to do but could be a smart business move as consumers look for products they’re sure they can trust  – for your child’s next birthday would you buy a smart toy classed as ‘espionage equipment’?

We are co-hosting the G20 Consumer Summit in Berlin on WCRD this week which will provide an excellent opportunity to engage in a dialogue with governments, business leaders and key stakeholders about the most pressing concerns that consumers face and how to work together to create a better digital world.

Tuesday, 28 February 2017

Digital Identity - what could it mean for consumers?

In our latest blog post Amanda Long, Director General at Consumers International, discusses the topic of digital identity and the potential benefits and threats for consumers.

The idea of people having an easy way to prove their identity online through a digital identity is not new, but has so far been used mainly by governments enabling citizens’ access to public services. Austrian citizens can use an approved app on their smart phone, or a smart card to apply for benefits, do tax returns or access healthcare. 

A digital identity is a means by which individuals can prove their identity online - for example, job applicants needing to prove their residency status, or even qualifications.  It links up to an identity checking system which can verify that the person with that identity is who they say they are – both online and in person. This means people can use their digital identity credentials to access services or products without having to physically present valuable documents, such as passports, birth certificates, driving licenses or a handful of utility bills.

Digital identity could represent a comprehensive solution to many millions of people who are effectively barred from entry to many things that could improve their quality of life. Without traditional forms of documentation, transactions like renting accommodation, setting up a bank account or getting a mobile phone contract become impossible.

It could also solve problems for consumers in more developed markets, wherever identity is a problem. According to a start-up digital identity provider: “Age verification online would prevent underage users from opening inappropriate social media accounts, and ensure that minors cannot access adult content. It would also help online retailed to confirm that someone is eligible to buy age restricted goods like DVDs, computer games, alcohol, cigarettes and knives” (YOTI)

Digital identity could potentially deliver financial inclusion, seen as a strong route out of poverty - or at the very least accelerates us towards it. The World Bank has a programme dedicated to identity and financial inclusion, ID4D – which “helps countries analyse problems, design solutions, and implement new systems to increase the number of people with official identification and the development impact of the overall identification system.

Of course for some people, the scope that any kind of centralised identity system has for government surveillance and discrimination will be cautious about the implications of digital identity systems. With this large caveat in mind, what is there that we learn from the pioneering steps governments have taken in exploring digital identity that might be useful for budding consumer applications? The UK digital identity verification programme has developed a set of Consumer and Privacy principles to guide practice. 

These types of frameworks will be important as the implications of this technology could be significant. If it is not designed with protection in mind and regulated accordingly:

-          Individuals’ privacy could be at risk, with the potential for personal data for all parts of your digital existence being held by digital ID verification services, as a means to authenticate who you are, with you having little or no control of what’s collected and stored or how it is being used to make decisions about you.  If alternative income streams to monetising consumers’ personal data aren’t identified then the risks to privacy will continue.

-          There is a threat of lack of consumer choice. It is very possible that a critical mass could form of people using a particular digital identity service that means it is effectively forced onto everyone.  This could mean less competition between digital ID verification providers and also a weakening of consumers’ rights to protection. In this scenario, the speed at which a particular service is adopted by a mass of people may mean that the opportunity to check, challenge and reform terms and conditions of the service are reduced. An individual who is swept up with this, who sees it as the only way to continue access to a product, may agree to terms and conditions that if given more time or choice they would not.

-          We might also see a situation where one person would need multiple digital identities, in order to access a variety of services as companies may not recognise the same identity providers.

-          The liability model for digital identity is also complex. For example, should digital identity providers be responsible for actions done based on the authentication they give?

With so much potential for consumer benefit and significant threats at play, consumer organisations must build up their expertise on this issue so they can influence the private sector as it develops digital identity systems. Consumer organisations are in a strong position to draw upon existing public sector practice, and the need for trust, confidence and consumer protection in digital systems to influence this nascent industry for the better.