Archive for category: Economics and Society

Dominique Pasquier, Télécom ParisTech, Institut Mines-Télécom (IMT)

This text is published as part of the “Digital Society” column written by researchers from the Economic and Social Sciences department at Télécom ParisTech, members of the Interdisciplinary Institute for Innovation (CNRS).

[divider style=”dotted” top=”20″ bottom=”20″]

[dropcap]S[/dropcap]ome revolutions are silent ones. Internet integration in working-class areas is one such example.

Where do we stand in terms of the “digital divide”?

In the early 2000s there was a lot of talk about the “digital divide” focusing on inequality in terms of both access and uses. Annual reports by CREDOC have shown that over the past ten years working-class categories have started to catch up in terms of internet access: in France, between 2006 and 2017, the proportion of employees with Internet access at home increased from 51% to 93%, while for blue collars it rose from 38% to 83% (CREDOC 2017 : 48).

Age, rather than income or level of education, is now the most determining factor (8 out of 10 of those who never use the internet are 60 or older). But these same reports show that while the divide is closing in terms of internet access, internet use among working and lower classes remains less varied and frequent than among the middle and upper classes. Individuals without college degrees find it harder to adjust to paperless administrative services, do less research, buy less online, and only very rarely produce content. In short, there appears to be a kind of “working classes’ internet” that is less creative, less daring and less useful to a certain extent.

Shifting the focus

Perhaps the question should be looked at from a different angle. These statistical surveys are based on tallying up and lamenting shortcomings in comparison to the most innovative internet practices, meaning those of young, educated urban populations. The issue could be examined from a different perspective by starting out with the idea that the internet practices favored by the working and lower classes make sense in light of their everyday needs and that they are important indicators for understanding their relationship with the world and possible transformations in this relationship.

As Jacques Rancière explained in his analysis of written productions of workers in the 19th century, it is a matter of setting the equality of intelligences as a starting point for discussing and understanding how “a common language appropriated by others” can be re-appropriated by those for whom it was not intended (Rancière 2009 : 152).

This shifted focus would make it possible to perceive uses that may not stand out as remarkable, but which have dramatically transformed the relationship with knowledge and learning among those with low levels of education. Examples of such uses include looking up words used by doctors or found in headings of children’s homework. For sophisticated internet users, these uses may seem rather basic, but in the meantime they bring about profound changes by making relationships with experts less asymmetrical and by reducing the phenomena of “deferential attitude” among the working classes that Annette Lareau analyzes in her excellent book, Unequal Childhoods (2011).

Online research: learning and shopping

Employees with lower-paying jobs who do not use digital technology for work also spend a great deal of time online to inform themselves about their profession or their rights: the success of websites for caregivers is a good example. Childcare workers discuss their views on bringing up children and hospital service workers talk about their relationships with patients. It is also important to note the ways in which tutorials have revived interest in expertise traditionally held by the working class: novel cooking ingredients, new gardening or DIY methods and never-seen-before knitting patterns have made their way into homes.

Working-class families thus use the internet to learn, but they also use it make purchases. For people who live in rural or semi-rural areas, being able to access goods that had previously been impossible to find nearby in just a few clicks would appear to represent a huge opportunity. But in reality, it is a bit more complicated. Online marketplaces are less appreciated for their choice as they are for the savings they provide through browsing for special offers. Looking for deals is the main source of motivation, along with the fact that this makes it possible to manage supplies by purchasing in batches. At the same time, these savings are guilty of playing a role in weakening local business – or what remains of local business anyway.

In communities where people know each other well, shopkeepers are also neighbors – and sometimes friends – and betrayal can leave both sides feeling bitter. On the other hand, marketplaces for secondhand goods, such as Le Bon Coin which has recruited a significant number of rural and working-class customers, are described as virtuous markets: they allow people to enjoy leisurely browsing by geographic location (this has become a new source of gossip!) and provide an alternative to throwing away used goods. These marketplaces also give people the opportunity to earn a little money and help those who buy goods maintain a sense of pride, since they are able to furnish their homes or buy clothes at a low cost without resorting to donation systems. Online shopping has therefore led to paradoxical changes in relationships with the local community, as it has destroyed certain ties but created others.

Using the internet for reading and communication

The internet can be described as a relationship with writing – the mark of those who have created it. This can be difficult for individuals with low levels of education who do not write much in their work. Email, which requires standardized writing, is largely underused in these working-class families: it is only used to communicate with e-commerce websites or administrative services, and is often related to a problem in the latter case.

This is also because email is based on an interpersonal, asynchronous communication rationale that goes against the standards of face-to-face relationships and group discussion that are so prevalent in working-class communities. Facebook has fared much better: it allows users to exchange content by sharing links, is in keeping with a group discussion system and does not require formal writing of any kind. This social network appears to be a good way to stay in touch with extended family and close friends, while seeking consensus on shared values. It is a self-segregating network which is not particularly open to other social worlds.

While the internet has kept many of its promises in terms of our relationship with knowledge, it clearly has not managed to break down the barriers between different social worlds.

[divider style=”dotted” top=”20″ bottom=”20″]

Dominique Pasquier, sociologist, research director at CNRS and author of L’Internet des familles modestes. Enquête dans la France rurale (The Internet of Low-Income Families. A Survey in Rural France) Paris, Presses des Mines, 2018.

Dominique Pasquier, sociologist, research director at CNRS, member of the Interdisciplinary Institute for Innovation (i3), Télécom ParisTech, Institut Mines-Télécom.

The original version of this article was published in French on The Conversation France.

Also read on I’MTech

Patrick Waelbroeck, Professor in Economic Sciences, Télécom ParisTech, Institut Mines-Télécom (IMT)

[divider style=”normal” top=”20″ bottom=”20″]

[dropcap]N[/dropcap]umerous scandals concerning data theft or misuse that have shaken the media in recent years have highlighted the importance of data protection. The implementation of the General Data Protection Regulation (GDPR) in Europe is designed to do just that through four flagship measurements: seals of trust, accountability, data portability and pseudonymization. We explain how.

Data: potential negative externalities

The misuse of data can lead to identity theft, cyberbullying, disclosure of private information, fraudulent use of bank details or, less serious but nevertheless condemnable, price discrimination or the display of unwanted ads whether they are targeted or not.

All these practices can be assimilated to “negative externalities”. In economics, a negative externality results from a failing in the market. It occurs when the actions of an economic actor have a negative effect on other actors with no offset linked to a market mechanism.

In the case of the misuse of data, negative externalities are caused for the consumer by companies that collect too much data in relation to the social optimum. In terms of economics, their existence justifies the protection of personal data.

The black box society

The user is not always aware of the consequences of data processing carried out by companies working in digital technology, and the collection of personal data can generate risks if an internet user leaves unintentional records in their browser history.

Indeed, digital technology completely changes the conditions of exchange because of the information asymmetry that it engenders, in what Frank Pasquale, a legal expert at the University of Maryland, calls the “black box society”: users of digital tools are unaware of both the use of their personal data and the volume of data exchanged by the companies collecting it. There are three reasons for this.

Firstly, it is difficult for a consumer to check how their data is used by the companies collecting and processing it, and it is even more difficult to know whether this use is compliant with legislation or not. This is even more true in the age of “Big Data”, where separate databases containing little personal information can be easily combined to identify a person. Secondly, an individual struggles to technically assess the level of computer security protecting their data during transmission and storage. Thirdly, information asymmetries undermine the equity and reciprocity in the transaction and create a feeling of powerlessness among internet users, who find themselves alone facing the digital giants (what sociologists call informational capitalism).

Seals and marks of trust

The economic stakes are high. In his work that earned him the Nobel Prize in Economic Sciences, George Akerlof showed that situations of information asymmetry could lead to the disappearance of markets. The digital economy is not immune to this theory, and the deterioration of trust creates risks that may lead some users to “disconnect”.

In this context, the GDPR strongly encourages (but does not require) seals and marks of trust that allow Internet users to better comprehend the dangers of the transaction. Highly common in the agri-food industry, these seals are marks such as logos, color codes and letters that prove compliance with regulations in force. Can we count on these seals to have a positive economic impact for the digital economy?

What impacts do seals have?

Generally speaking, there are three positive economic effects of seals: a signaling effect, price effect and an effect on quantity.

In economics, seals and other marks of confidence are apprehended by signaling theory. This theory aims to solve the problems of information asymmetry by sending a costly signal that the consumer can interpret as proof of good practice. The costlier the signal, the greater its impact.

Economic studies on seals show that they generally have a positive impact on prices, which in turn boosts reputation and quantities sold. In the case of seals and marks of trust for personal data protection, we can expect a greater effect on volume than on prices, in particular for non-retail websites or those offering free services.

However, existing studies on seals also show that the economic impacts are all the more substantial when the perceived risks are greater. In the case of agri-food certifications, health risks can be a major concern; but risks related to data theft are still little known about among the general public. From this point of view, seals may have a mixed effect.

Other questions also remain unanswered: should seal certification be carried out by public or private organizations? How should the process of certification be financed? How will the different seals coexist? Is there not a risk of confusion for internet users? If the seal is too expensive, is there not a danger that small businesses won’t be able to become certified?

In reality, less than 15% of websites among the top 50 for online audience rates currently display a data protection seal. Will GDPR change this situation?

Accountability and fines

The revelations of the Snowden affair on the large-scale surveillance by States have also created a sense of distrust towards operators of the digital economy. To the extent that, in 2015, 21% of Internet users were prepared not to share any information at all, whereas this was true of only 5% in 2009. Is there a societal cost to the “everything for free” era on the Internet?

Instances of customer data theft among companies such as Yahoo, Equifax, eBay, Sony, LinkedIn or, more recently, Cambridge Analytica and Exactis, number in the millions. These incidents are too rarely followed up by sanctions. The GDPR establishes a principle of accountability which forces companies to be able to demonstrate that their data processing is compliant with the requirements laid down by the GDPR. The regulation also introduces a large fine that can be as much as 4% of worldwide consolidated turnover in the event of failure to comply.

These measures are a step in the right direction because people trust an economic system if they know that unacceptable behavior will be punished.

Data portability

The GDPR establishes another principle with an economic aim: data portability. Like the mobile telephony sector where number portability has helped boost competition, the regulation aims to generate similar beneficial effects for internet users. However, there is a major difference between the mobile telephony industry and the internet economy.

Economies of scale in data storage and use and the existence of network externalities on multi-sided online platforms (platforms that serve as an intermediary between several groups of economic players) have created internet monopolies. In 2017, for example, Google processed more than 88% of online searches in the world.

In addition, the online storage of information benefits users of digital services by allowing them to connect automatically and save their preferences and browser history. This creates a “data lock-in” situation resulting from the captivity of loyal users of the service and characterized by high costs of changing. Where can you go if you leave Facebook? This situation allows monopolizing companies to impose conditions of use of their services, facilitating large-scale exploitation of customer data, sometimes at the users’ expense. Consequently, the relationship between data portability and competition is like a “Catch-22”: portability is supposed to create competition, but portability is not possible without competition.

Pseudonymization and explicit consent

The question of trust in data use also concerns the economic value of anonymity. In a simplistic theory, we can suppose that there is an arbitration between economic value on the one hand and the protection of privacy and anonymity on the other. In this theory there are two extreme situations: one in which a person is fully identified and likely to receive targeted offers, and another in which the person is anonymous. In the first case, there is maximum economic value, while in the second the data is of no value.

If we move along the scale towards the targeting end, economic value is increased to the detriment of the protection of privacy. Conversely, if we protect privacy, the economic value of the data is reduced. This theory does not account for the challenges raised by trust in data use. To develop a long-term client relationship, it is important to think in terms of risks and externalities for the customer. There is therefore an economic value to the protection of privacy, which revolves around long-term relationships, the notion of trust, the guarantee of freedom of choice, independence and the absence of discrimination.

The principles of pseudonymization and explicit consent in the GDPR adopt this approach. Nevertheless, the main actors have to play along and comply, something which still seems far from being the case: barely a month after the date of effect of the regulations, the Consumer Council of Norway (Forbrukerrådet), an independent organization funded by the Norwegian Government, accused Facebook and Google of manipulating internet users to encourage them to share their personal information.

Patrick Waelbroeck, Professor in Economic Sciences, Télécom ParisTech, Institut Mines-Télécom (IMT)

The original version of this article (in French) was published on The Conversation.

Also read on I’MTech :

[one_half]

[/one_half]

[one_half_last]

[/one_half_last]

On May 25th, the GDPR came into effect. This new regulation requires administrations and companies in the 27 EU countries to comply with the law on the protection of personal data. Since its creation in 2013, the IMT Research Chair Values and Policies of Personal Information (CVPIP) aims to help businesses, citizens and public authorities in their reflections on the collection, use and the sharing of personal information. In this article, Claire Levallois-Barth, coordinator of the Chair, and Ivan Meseguer, co-founder, return to the geopolitical and economic context in which the GDPR is part and the obstacles that remain to its effective implementation.

[divider style=”dotted” top=”20″ bottom=”20″]

The original version of this article was published on the VPIP Chair website. This Chair brings together researchers from Télécom ParisTech, Télécom SudParis and Institut Mines Télécom Business School, and is supported by the Fondation Mines-Télécom.

[divider style=”dotted” top=”20″ bottom=”20″]

We were all expecting it.

The General Data Protection Regulation (GDPR)^[1] came into force on May 25, 2018. This milestone gave rise to numerous reactions and events on the part of companies and institutions. As the Belgian Data Protection Authority put it, there is undoubtedly “a new wind coming, not a hurricane!” – which seems to have blown all the way across the Atlantic Ocean, as The Washington Post pointed out the creation of a “de-facto global standard that gives Americans new protections and the nation’s technology companies new headaches”.^[2]

Not only companies are having such “headaches”; EU Member States are also facing them as they are required to implement the regulation. France,^[3] Austria, Denmark, Germany, Ireland, Italy, the Netherlands, Poland, the United Kingdom and Sweden have already updated their national general law in order to align it with the GDPR; but to this day, Belgium, the Czech Republic, Finland, Greece, Hungary and Spain are still submitting draft implementation acts.

And this is despite the provisions and timeline of the bill having been officially laid down as early as May 4, 2016.

The same actually goes for French authorities, as some of them have also asked for extra time. Indeed, shortly before GDPR took effect, local authorities notified they weren’t ready for the Regulation, even though they had been aware of the deadline since 2016, just like everyone else.

Sixty French senators further threatened to refer the matter to the Constitutional Council, and then actually did, requesting a derogation period.

In schools and universities, GDPR is getting increasingly significant, even critical, to ensure both children’s and teachers’ privacy.

The issue of social uses and practices being conditioned as early as in primary school has been studied by the Chair Values and Policies of Personal Information (CVPIP) for many years now, and is well exemplified by major use cases such as the rise of smart toys and the obvious and increasing involvement of U.S. tech giants in the education sector.

As if that wasn’t enough, the geographical and economic context of the GDPR is now also an issue. Indeed, if nothing is done to clarify the situation, GDPR credibility might soon be questioned by two major problems:

• U.S. non-compliance with the EU-U.S. Privacy Shield agreement, which was especially exposed by the Civil Liberties Committee (LIBE) of the European Parliament;^[4]
• The signing into law on March 23, 2018 – i.e. precisely before GDPR enforcement – of the Clarifying Lawful Overseas Use of Data (CLOUD Act) by Donald Trump.

The CLOUD Act unambiguously authorises U.S. authorities to access user data stored outside the United States by U.S. companies. At first glance, this isn’t sending a positive and reassuring message as to the U.S.’s readiness to simply comply with European rules when it comes to personal data.

Besides, we obviously should not forget the Cambridge Analytica scandal, which led to multiple hearings of Mark Zuckerberg by astounded U.S. and EU institutions, despite Facebook having announced its compliance with GDPR through an update of its forms.

None Of Your Business (Noyb), the non-profit organisation founded by Austrian lawyer Max Schrems, filed four complaints against tech giants, including Facebook, over non-compliance with the notion of consent. These complaints reveal how hard it is to protect the EU model in such a global and digital economy.^[5]

Such truly European model, which is related neither to surveillance capitalism nor to dictatorial surveillance, is based on compliance with the values shared by our Member States in their common pact. We should refer to Article 2 of the Treaty on European Union for as long as needed:

“The Union is founded on the values of respect for human dignity, freedom, democracy, equality, the rule of law and respect for human rights, including the rights of persons belonging to minorities. These values are common to the Member States in a society in which pluralism, non-discrimination, tolerance, justice, solidarity and equality between women and men prevail”.

Furthermore, Article 7 of the Charter of Fundamental Rights of the European Union clearly and explicitly provides that “everyone has the right to respect for his or her private and family life, home and communications”.

Such core values are not only reflected by GDPR, but by the whole body of legislation under construction it is part of, which includes:

• The Draft ePrivacy Regulation, which aims to extend the scope of current Directive 2002/58/EC to over-the-top (OTT) services such as WhatsApp and Skype as well as to metadata; ^[6]
• The draft Regulation on the free flow of non-personal data,^[7] which has generated heated debates over the definitions of “non-personal data” and “common data spaces” (personal and non-personal data)^[8] and which, according to European MP Anna Maria Corazza Bildt, aims to establish the free flow of data as the fifth freedom in the EU’s single market.<^[9]

Besides, the framework on cybersecurity is currently being reviewed in order to implement a proper EU policy that respects citizens’privacy and personal data as well as EU values. 2019 will undoubtedly be the year of the cyberAct.^[10]

A proper European model, respectful of EU values, is therefore under construction.

It is already inspiring and giving food for thought to other countries and regions of the world, including the United States, land of the largest tech giants.

In California, the U.S.’s most populous state, no less than 629,000 people signed the petition that led Californian MPs to pass the California Consumer Privacy Act on June 28, 2018. ^[11]

The Act, which takes effect on January 1, 2020, broadens the definition of “personal information” by including tracking data and login details, and contains provisions similar to the GDPR’s on:

• Individuals’ ability to control their personal information, with new rights regarding transparency, access, portability, objection, deletion and choice of the collected information;
• The protection of minors, with the prohibition from selling or disclosing the personal information of a consumer under 16 years of age, “unless affirmatively authorised”;
• The violation of personal data, with the right to institute a civil action against a company in the event of a data theft caused by the absence of appropriate security procedures.

California, the nation’s leading state in privacy protection, is setting the scene for major changes in the way companies interact with their customers. The Act, the strictest ever passed in the U.S., has inevitably been criticized by the biggest Silicon Valley tech companies, who are already asking for a relaxation of the legislation.

Let us end with an amusing twist by giving the last word to the former American president (yet not the least among them), Barack Obama. In a speech addressing the people of Europe, in Hanover, Germany, in 2016, he proclaimed:

“Europeans, like Americans, cherish your privacy. And many are skeptical about governments collecting and sharing information, for good reason. That skepticism is healthy.  Germans remember their history of government surveillance – so do Americans, by the way, particularly those who were fighting on behalf of civil rights.

So it’s part of our democracies to want to make sure our governments are accountable”^[12]

Also read on I’MTech