Bridging policy silos to boost trust online

OECD Directorate for Science, Technology and Innovation

©David Rooney

Three out of four people access the Internet everyday across the OECD. But one-third of those daily users don't yet buy online. Why not? According to a 2014 consumer survey the top two concerns reported by EU Internet shoppers are the misuse of personal data and security of online payments. 

In a 2015 US Census Bureau survey 45% of online households reported that privacy and security concerns stopped them from conducting financial transactions, buying goods or services, posting on social networks, or expressing opinions on controversial or political issues via the Internet. These concerns extend to small business owners. While almost 95% of small and medium enterprises (SMEs) in the OECD had broadband access in 2014, only 20% used it to conduct e-sales. Recent surveys show that uncertainty on data privacy and digital security risk are critical elements. Trust issues rank highest in the list of obstacles for SMEs to realise the full economic potential of the Internet.   

The links between consumer protection, privacy and security have long been clear, but with personal data now at the core of e-commerce business models, and increasing digital security threats, the need for joined-up approaches in managing consumer protection, privacy and security risk has become compelling. The vitality of the digital economy is at stake.   

Today information communication technologies (ICTs) and the Internet are increasingly used for data-intensive economic and social activities which rely on an open and interconnected digital environment, and on the ability to move data easily, flexibly and cheaply across the world. Reduced transaction costs make it possible for a large number of buyers and sellers to interact over long distances. In this ecosystem, uncertainty can be high and trust is essential to realising the full economic and social benefits of the digital economy.

Trust is the state of mind that enables a person to be willing to make herself vulnerable to another an essential component of a healthy society and economy. From the privacy point of view trust is about the willingness of an individual to become vulnerable to an organisation by disclosing personal data.  From a consumer protection point of view trust is the willingness of a consumer to risk time and money to engage in commercial activity. Digital security concerns can undermine trust, cutting across the consumer protection and privacy dimensions, but can also expand more generally to impact business, the economy and society. It takes patience and effort for a company to establish customer trust; however, one wrong move can destroy it forever.

Traditionally, regulators and professionals charged with overseeing these issues come from different types of agencies and communities but there is increasing overlap in the substantive and organisational challenges they face. The need has never been greater for breaking down the traditional 'silo' approach and promoting more co-ordinated governance mechanisms. If even modest projections are correct, the growth of the Internet of things applications and big data analytics could represent a fundamental shift in how users and business alike engage with and are impacted by the Internet. This will most likely raise new issues and different dimensions of existing challenges across consumer protection, privacy and security concerns. Ultimately, silo approaches will increase complexity rather than facilitate solutions for maximizing the benefits of these new developments while minimising the potential risks.

The OECD began developing policy frameworks for trust online in the early 1990s with a view to helping governments realise the economic and social potential of the ICTs. With the Council adoption in March 2016 of the revised Recommendation on Consumer Protection in E-commerce (E-commerce Recommendation), the three OECD pillars for trust online: privacy, security and consumer protection have now all been recently modernised.  Prior to this, the OECD Recommendation on Digital Security Risk Management for Economic and Social Prosperity (Security Risk Recommendation) was adopted by Council in September 2015, and the landmark OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (OECD Privacy Guidelines) were revised in 2013. 

Taken together, these three Recommendations represent a modern overarching policy framework for addressing the broad scope of the emerging promises and risks of the digital environment. More than that, they also highlight tightening links across the three areas. There has always been a "security safeguards" principle in the OECD privacy guidelines, but the 2013 revisions also highlight the need for a risk-based approach. This is commonplace in the security world and the 2015 Security Risk Recommendation explicitly notes the value of such an approach for implementing the OECD Privacy Guidelines. The revisions to the 2016 E-commerce Recommendation, in turn, bring "free" services exchanged for personal data within its scope and likewise include new provisions on privacy and security to reflect the corresponding need to protect consumer data.

One key element of this modern overarching policy framework is the role of risk management. Despite the increasing awareness of risks and uncertainties when using the Internet, such as security threats, digital risk continues to be approached as a “special” matter, in isolation from economic and social decision making. In businesses, for example, digital security risk is often viewed solely as a technical issue, while privacy and consumer protection are treated as legal compliance challenges. The three areas are rarely understood by business leaders as having economic implications directly affecting reputation, operations, competitiveness, innovation and revenues, and even less so as possible market differentiators, and sources of competitive advantage.

Greater co-ordination across the security, privacy and consumer protection policy communities is called for in addressing an increasingly wide range of issues.

Take, for instance, digital security incidents that result in a breach of personal data, bundling privacy and consumer risks related to fraud and identity theft with security issues in ways that significantly impact trust. The revised OECD Privacy Guidelines call for organisations to provide notifications in cases where there has been a significant security breach affecting personal data.

Meanwhile, businesses and consumers rely on digital identity management in online transactions as a means to reduce fraud, protect personal information (including financial information) and to reduce the likelihood of digital security incidents. Effective approaches cut across security, privacy and consumer protection issues.

Digital risk insurance is another challengeAlthough businesses and consumers are beginning to explore the possible benefits of digital risk insurance, standard policies are not designed to cover digital security and privacy risks. Concrete efforts, for instance, to address uncertainties around definitions, or the absence of relevant data on past incidents and losses, are needed to open up opportunities in this area.

Data access and portability also raise trust issues. Data access rights have long been a part of privacy laws, and this is now expanding to data portability, with new initiatives to enable consumers to obtain their data in formats that enable its re-use in other services. Effective authentication and security measures will be essential to making portability mechanisms trustworthy.  

Another tricky issue is so-called algorithmic discrimination. Automated decision-making, built on data-fuelled predictive analytics and machine learning, can generate valuable commercial and client insights. At the same time these operations bring risks of stereotyping and discrimination, which must be addressed.

These are but a few examples of the overlapping issues that could usefully be addressed in a more joined-up way by policy makers in the security, privacy and consumer communities as they work to address the digital risks that threaten trust online.

©OECD Observer No 307 Q3 2016

Economic data

GDP growth: +0.6% Q1 2019 year-on-year
Consumer price inflation: 2.3% May 2019 annual
Trade: +0.4% exp, -1.2% imp, Q1 2019
Unemployment: 5.2% July 2019
Last update: 8 July 2019

OECD Observer Newsletter

Stay up-to-date with the latest news from the OECD by signing up for our e-newsletter :

Twitter feed

Subscribe now

<b>Subscribe now!</b>

To order your own paper editions,email

Online edition
Previous editions

Don't miss

  • MCM logo
  • The following communiqué and Chair’s statement were issued at the close of the OECD Council Meeting at Ministerial level, this year presided by the Slovak Republic.
  • Food production will suffer some of the most immediate and brutal effects of climate change, with some regions of the world suffering far more than others. Only through unhindered global trade can we ensure that high-quality, nutritious food reaches those who need it most, Angel Gurría, Secretary-General of the OECD, and José Graziano da Silva, Director-General of the United Nations Food and Agriculture Organization, write in their latest Project Syndicate article. Read the article here.
  • Globalisation will continue and get stronger, and how to harness it is the great challenge, says OECD Secretary-General Gurría on Bloomberg TV. Watch the interview here.
  • OECD Secretary-General Angel Gurría with UN Secretary-General António Guterres at the 73rd Session of the UN General Assembly, in New York City.
  • The new OECD Observer Crossword, with Myles Mellor. Try it online!
  • Listen to the "Robots are coming for our jobs" episode of The Guardian's "Chips with Everything podcast", in which The Guardian’s economics editor, Larry Elliott, and Jeremy Wyatt, a professor of robotics and artificial intelligence at the University of Birmingham, and Jordan Erica Webber, freelance journalist, discuss the findings of the new OECD report "Automation, skills use and training". Listen here.
  • Do we really know the difference between right and wrong? Alison Taylor of BSR and Susan Hawley of Corruption Watch tell us why it matters to play by the rules. Watch the recording of our Facebook live interview here.
  • Has public decision-making been hijacked by a privileged few? Watch the recording of our Facebook live interview with Stav Shaffir, MK (Zionist Union) Chair of the Knesset Committee on Transparency here.
  • Can a nudge help us make more ethical decisions? Watch the recording of our Facebook live interview with Saugatto Datta, managing director at ideas42 here.
  • The fight against tax evasion is gaining further momentum as Barbados, Côte d’Ivoire, Jamaica, Malaysia, Panama and Tunisia signed the BEPS Multilateral Convention on 24 January, bringing the total number of signatories to 78. The Convention strengthens existing tax treaties and reduces opportunities for tax avoidance by multinational enterprises.
  • Globalisation’s many benefits have been unequally shared, and public policy has struggled to keep up with a rapidly-shifting world. The OECD is working alongside governments and international organisations to help improve and harness the gains while tackling the root causes of inequality, and ensuring a level playing field globally. Please watch.
  • Checking out the job situation with the OECD scoreboard of labour market performances: do you want to know how your country compares with neighbours and competitors on income levels or employment?
  • Trade is an important point of focus in today’s international economy. This video presents facts and statistics from OECD’s most recent publications on this topic.
  • The OECD Gender Initiative examines existing barriers to gender equality in education, employment, and entrepreneurship. The gender portal monitors the progress made by governments to promote gender equality in both OECD and non-OECD countries and provides good practices based on analytical tools and reliable data.
  • Interested in a career in Paris at the OECD? The OECD is a major international organisation, with a mission to build better policies for better lives. With our hub based in one of the world's global cities and offices across continents, find out more at .
  • Visit the OECD Gender Data Portal. Selected indicators shedding light on gender inequalities in education, employment and entrepreneurship.

Most Popular Articles

OECD Insights Blog

NOTE: All signed articles in the OECD Observer express the opinions of the authors
and do not necessarily represent the official views of OECD member countries.

All rights reserved. OECD 2019