Newsletter Newsletter N°6

OECD 2016 Ministerial: Meeting the policy challenges of tomorrow’s digital economy

BroccaBy Josie Brocca, Policy Research and Advice, OECD

Few aspects of our lives remain untouched by digitalisation. The digital economy permeates the world economy, and has profound implications on how individuals and societies interact, live and work.

Putting in place the right policy and regulatory frameworks to support the digital environment and prepare for the economic and social changes ahead is essential. From 21-23 June 2016, Ministers, the business community, civil society, labour and the Internet technical community will gather in Cancún, Mexico, for an OECD Ministerial Meeting on the Digital Economy: Innovation, Growth and Social Prosperity.

Governments and policymakers must look at the digital economy as part of all economic and social policy development and approach it in a more holistic manner if the benefits are to be maximized in the future. Together, they will discuss better policies on a range of issues, including:

  • Internet openness – global data flows, which are at the core of the digital economy, have a significant impact on innovation, trade, global value chains and society as a whole. This innovation is driving economic growth and creating new industries – an Internet of Things is emerging.
  • Global connectivity – as more of the world moves onto broadband networks, both fixed and mobile, striking the right balance between innovation, consumer demand for products and services and infrastructure investments to meet these growing demands is important to the future growth of the digital economy.
  • Trust and digital risk management – trust is also foundational to the on-going development of the digital economy. It underpins business, institutional and personal relationships and is particularly important in a global online environment. Protecting and securing the digital environment in an age of billions of connected devices that continuously collect personal information is a complex task that goes beyond technical and legal challenges.
  • Jobs and skills – the increasing use of digital technologies is raising the demand for new skills including non-technical ones that are equally necessary to be able to use these technologies efficiently. These skills mixes are also required outside of work to ensure people are equipped to make use of digital technology in their day to day lives.

The upcoming Ministerial meeting builds on previous OECD Ministerial meetings on the digital economy – the 1998 OECD Ministerial Conference on Electronic Commerce in Ottawa and the 2008 Ministerial Meeting on the Future of the Internet Economy in Seoul.

Ottawa resulted in a global action plan for the development of e-commerce that targeted important policy areas such as privacy and consumer protection. Seoul recognised the essential nature and function of the Internet as a platform for growth and the need for governments to work with all stakeholders to guide its development particularly in the areas of Convergence, Confidence and Creativity.

Cancún will mark another pivotal point in the evolution of the digital economy, one in which digitalisation is increasingly pervading all economic sectors, providing huge benefits for all actors but also effecting social interactions, business and government processes, laws and regulations, and jobs and skills.

For more information on the Ministerial and participation please visit:

Back to Table of Contents

Newsletter Newsletter N°6

Building Blocks for Informing Data Public Policies to Enhance Privacy

karen_mccabeBy Karen McCabe, Senior Director Technology Policy and International Affairs, IEEE Standards Association

One of the four themes of the OECD Ministerial Meeting on the Digital Economy in June 2016 is building global connectivity and how to leverage the economic and social benefits from convergence to the Internet of Everything. In the context of the Internet of Things (or Everything) anything that happens, moves or changes produces data. Security and privacy are intimately linked. The link between data and ability to shape the lives of world citizens is stronger that ever with the use of evolving and new technologies and overall data driven innovation. The impact on the economy and society is tremendous. The impact on privacy and identity is concerning.

With this, there is a need for an inter-connected, informed collection of policies, standards and best practice so that data ownership, security and privacy concerns are holistically addressed and the business and societal benefits of data driven innovation is not hindered. Innovation in collaboration and engagement frameworks that are rooted in common values and principles will be critical—as will be embracing and accepting the geographical and cultural differences around privacy and identity. Global policies that promote responsible data use and data driven innovation, and that take into account identify management issues and practices, should be considered. Bridging industry, technical and policy communities across boarders will be essential to establishing building blocks for good data public policy.

So what are the building blocks?

First, we must consider that data alone do not possess inherent value. Instead it is the processing of data in innovative ways that brings new economic and social benefits, and this value creates a circle to feed into increased use of data-based decision making and analysis. In other words, it is the use of data that matters. With the rise of IoT, we are facing a data revolution. This data extends beyond a result of technology development or advancement and represents a new framework for understanding and interacting in the global economy.

To capitalize on opportunities for economic growth via innovation, flexible and adaptable policies are needed. Stakeholders should focus on using datasets responsibly and work to ensure that personally identifiable information is accessible only by those who are authorized to do so, without limiting innovation. In other words, privacy protection frameworks need to support secure and reliable data flows while enhancing responsible, risk-reducing behavior regarding the use of personal data.

The building blocks will be a combination of tools, processes and paradigms that need to work together to create policies to promote responsible innovation while safe guarding against harmful practices and actors. Building blocks include programs that help stakeholders comprehend, coordinate and integrate principles of privacy, identity management and technology and standards development. This will identify commonalities and differences, and set the stage for how stakeholders may address gaps. Working in a paradigm that embraces openness, transparency and inclusiveness and where there is respectful cooperation, due process and broad consensus will generate synergies, which can lead to an open path for global expertise and insight to be shared and innovated upon.

A core building block will connecting technology experts with policy experts. A current challenge is that those in the technical community are not intimately involved in the technology policy sphere—and those in the policy community are not necessarily fully engaged in the technology sphere. There is a gap between the technical community and policy community that is expected to grow as technology continues to rapidly advance. Today we are increasingly seeing new technology policy challenges coming onto the already complex IG, cyber-security and privacy scene, with the Internet of Things (IoT), smart grid, smart cities, intelligent transportation, eHealth, etc. – and all experiencing the issues of privacy and identity management.

The technical community can bring to bear values used in technology development—values of transparency, open discussion, protection of privacy, bottom-up development, transnational cooperation and consensus standards. It is critical for technology experts to become engaged in IG policy discussions since their expertise and insight could have significant impact to policy discussions, decisions and execution on a global scale. It is critical for those in the policy community to be informed by technologists about the state of technology.

Back to Table of Contents

Newsletter Newsletter N°6

ICANN launches the Domain Name Systems Entrepreneurship Center (DNS-EC) to build capacity in Africa and the Middle East

Nigel-Hickson_web_0By Nigel Hickson, Vice President for Europe, ICANN

Over the past couple of years, ICANN has been working with community leaders on various programs tailored to raise awareness on the potential of the domain name industry and foster the development of new domain names related businesses in Africa and the Middle East. ICANN stakeholders in both regions have come together to develop the local expertise in the domain name sector to help facilitate the growth of this industry and strategically position them for business success.

This is one of the strategic areas ICANN has been focusing on. Building capacity is critical for this development, and so last year ICANN signed an agreement with Egypt’s National Telecommunication Regulatory Authority (NTRA) at the ICANN London Public meeting last June, to establish a Domain Name System Entrepreneurship Center (DNS-EC) for developing the domain name industry in Africa and the Middle East. The DNS-EC aims to develop local capacities and engage interested parties from across both regions in the global domain name industry ecosystem.

Initial investment for the project is from both ICANN and the NTRA; ICANN, through partnerships with business and technical experts, provides the training and mentoring programs, and the NTRA incubates the Center for the first three years hiring a small team for operations.

A three-year project, it kicked off over the past eight months, with six workshops organised in four countries (Egypt, Tunisia, UAE, Qatar) covering business development, policy and technical best practices in the DNS sector. More than 100 participants from over a dozen countries (Egypt, Tunisia, Sudan, Iraq, Jordan, Lebanon, UAE, Qatar, Pakistan, Kenya, Nigeria, Benin, Burkina Faso and Djibouti) attended. Participants’ backgrounds varied from technical, to policy and business development professionals coming from ccTLD registries, registrars, hosting companies, government agencies and academic networks. Several community experts have already contributed to the project by providing the program with material and taking the time to travel and conduct the trainings. The project is already displaying success with some of the trainees of the DNS technical track recently participating as co-trainers in some programs.

Looking ahead, the NTRA is currently in the process of hiring a dedicated program manager to oversee the Center’s activities and develop its business. We will also see the launch of a legal track very soon. The legal track will specifically focus on legal issues pertaining to domains and domain name disputes.

Cognisant of the importance of this project at this time, ICANN will continue to build the network of experts in Africa and the Middle East and seek to capatilise on it where relevant in both regions. Additionally, we will facilitate internship opportunities for members of registries and registrars to work alongside DNS sector experts, in our continuous efforts to build sustainable capacity on the ground in both regions.

Back to Table of Contents

Newsletter Newsletter N°6

Identification: A Critical Enabler of Societally Beneficial Economic Growth

DaggBy Kenneth Dagg, Chair Identity Assurance Work Group, Kantara Initiative

With more and more online purchases, consumers and businesses are rapidly moving into the digital economy. There is also a demand from citizens and businesses that governments digitally deliver more and more of their services.

Work is ongoing in federations such as the Digital Identification and Authentication Council of Canada (DIACC), the National Strategy for Trusted Identities in Cyberspace (NSTIC), the United Kingdom Identity Assurance Program (UK IDAP) and the European Union Electronic identification and trust services (eIDAS) to address these demands. As well, the Organisation for Economic Co-operation and Development (OECD) has established “Trust in the Digital Economy” as one of their four themes that will improve the economic and social well-being of people around the world.

Reports from these groups – Moving Canada into the Digital Age[1], A Digital Single Market Strategy for Europe[2], Building Canada’s Digital Future[3] and Enhancing Online Choice, Efficiency, Security, and Privacy[4] – indicate that national governments realize that there are significant economic growth opportunities when economies move into the digital age. As stated in Moving Canada into the Digital Age1, the case is compelling: “separate research has shown that savings for large enterprises under a digital payments system are estimated at $5 billion per year in Canada with small- and medium-sized enterprises and financial institutions capturing $700 and $600 million, respectively.” Realizing savings such as these will enable businesses to innovate the new socially responsible solutions they require to remain competitive and deliver more and better services to their clients. However, these studies identified that a critical requirement to make this growth possible was an ability to undertake digital identification and authentication.

The Kantara Initiative was established in June 2009, as a program of IEEE-ISTO, to foster identity community harmonization, interoperability, innovation, and broad adoption through the development criteria for operational trust frameworks and deployment / usage best practices for privacy-respecting, secure access to trusted online services.

A key component of the Kantara Initiative is its Identity Assurance Framework (IAF). This framework specifies the criteria against which Credential Service Providers (CSPs) are assessed to become approved by the Kantara Initiative. Enterprises, governments, verticals, and communities can trust credentials proofed and issued by Kantara Initiative approved CSPs as if they had performed the approval themselves.

As an example, the United States Government’s Federal Identity, Credential and Access Management (FICAM) Program approved the Kantara Initiative as a Trust Framework Supplier. With that approval federal agencies in the government of the United States are able to trust CSPs that Kantara Initiative approves for credentials at Levels of Assurance 1, 2, and 3 (non-PKI).

As national economies require this trust, the global economy requires inter-jurisdictional trust. A soon to be released study conducted by Kantara Initiative for the Cabinet Office of the United Kingdom indicated, identified that, with a few enhancements to both frameworks, the UK could trust US FICAM approved CSPs. This study indicates that inter-jurisdictional trust of identification is feasible and should provide an impetus to international fora to begin the work needed to make this possible. To aid in this effort Kantara Initiative will be undertaking work to evolve its IAF to more easily enable the mapping of other trust frameworks.

This work, along with the efforts underway in many nations, is moving the world along the roadway to having a viable digital economy that can be trusted by governments, consumers and businesses.

Kantara Initiative is a participating Member of the OECD-ITAC. If you would like to learn more about its IAF and how your organization can use it or contribute to its growth please contact us using






Back to Table of Contents

Newsletter Newsletter N°6

Taking stock of privacy in APEC

christineBy Christine Runnegar, Director of Public Policy, The Internet Society

APEC has been leading the way with an innovative approach to privacy protection for cross border transfers of personal data: an approach that has also attracted the attention of the EU.

While other countries and regions are still focusing on the differences between their privacy laws, APEC economies, having agreed on a set of general privacy principles (the APEC Privacy Framework), found a way to bridge their diverse legal environments to enable privacy-respecting cross border personal data flows. Additionally, they shifted the principal resource burden from enforcement (public authorities) to compliance (data controllers, processors, and those who certify them). The result is the APEC Cross Border Privacy Rules (CBPR) system and the APEC Privacy Recognition for Processors (PRP). (Please see

Participation in both systems is voluntary. Economies choose whether they wish to participate, accountability agents (i.e. those who certify that organisations are compliant with the APEC CBPR program requirements) choose to be recognised, and organisations choose to be certified as APEC CBPR system and/or PRP compliant. The foundational feature of both systems is accountability for personal data collection and handling. Organisations wishing to be certified must demonstrate that their privacy policies and practices meet the required standard, accountability agents must verify and monitor compliance, and economies must provide the necessary “backstop” enforcement.

There are currently:

  • 4 participating economies: USA, Mexico, Japan and Canada
  • 1 accountability agent: TRUSTe (with another entity’s application currently pending)
  • 12 certified organisations

It’s still early days, but the EU has also taken an interest in this work. In 2014, the APEC Data Privacy Subgroup and the EU Article 29 Working Party published a common referential on the APEC CBPR system and the European Binding Corporate Rules (BCRs). Politically, this is an important step forward towards privacy framework interoperability between APEC and the EU. Next steps include the development of a common application form for dual certification.

But, the work does not stop there …

2015 marks the 10 year anniversary of the APEC Privacy Framework – a good time to take stock of the privacy landscape and see whether any updates are needed. The APEC Data Privacy Subgroup is currently reviewing the APEC Privacy Framework, using the revisions to the OECD Privacy Guidelines as a starting point, and finalising some proposed amendments. Spoiler alert! The core privacy principles are likely to remain unchanged. As for the other changes, you’ll have to wait until they are published next year.

Back to Table of Contents

Newsletter Newsletter N°5

ITAC Newsletter N°5 July 2015

The Internet Technical Advisory Committee (ITAC) to the OECD brings together the counsel and expertise of technically focused organizations, in a decentralized and networked approach to policy formulation for the Internet economy.  The main purpose of ITAC is to contribute constructively to Internet-related policies developed in the OECD. It mostly contributes to the work of the OECD Committee on Digital Economy Policy (CDEP) and its specific working parties such as the Working Party on Communications and Infrastructure Services Policy (CISP) and the Working Party on Security and Privacy in the Digital Economy (WPSDE).

Table of Contents

Editorial: On the road to Mexico 2016
By Constance Bommelaer Senior Director, Global Policy Partnerships, and Nicolas Seidler, Policy Advisor, The Internet Society

Interview of Ambassador Dionisio Pérez-Jácome Frisione, Mexico’s Permanent Representative to the OECD

New Internet (and IoT) Era and the Protection of Economic and Social Activities
By Karen McCabe, Senior Director Technology Policy and International Affairs, IEEE Standards Association

Consent as a critical component for Trust in the Growth of the Digital Economy
By Mark Lizar, CISWG Co-Chair, Kantara Initiative

Investigating Whether Internet Paths Stay Within Borders
By Emile Aben, System Architect, RIPE NCC

United we stand: Protecting against cyber threats with standards for sharing
By OASIS CTI Technical Committee

Previous Newsletters

Newsletter N°1
Newsletter N°2
Newsletter N°3
Newsletter N°4

About This Newsletter

ITAC provides an avenue for new technical insights to contribute to the work of the OECD. ITAC is open to any Internet technical and research organization that meets the membership criteria listed in the Committee’s Charter.

ITAC encourages Policymakers, members of Civil Society and Businesses to submit queries regarding any of our work to [email protected]

If your organization is interested in joining ITAC and contributing with technically informed advice to the OECD’s development of Internet-related policies, we invite you to visit our website:, to read the “Criteria for Membership” in ITAC’s Charter (Section III).

For further information on ITAC, please contact us at [email protected]

Newsletter Newsletter N°5

Editorial: On the road to Mexico 2016

isoc photoBy Constance Bommelaer Senior Director, Global Policy Partnerships, and Nicolas Seidler, Policy Advisor, The Internet Society

In many respects, 2015 is shaping like a defining year for the future of the Internet and its potential for development.

Over the past months, the OECD has been busy preparing for the 2016 Ministerial on the Digital Economy, to be held 24-26 June 2016 in Cancun, Mexico. This event will define priorities of OECD countries in leveraging ICTs for economic growth and social progress. Giving voice to the technical community, the Internet Technical Advisory Committee to the OECD, ITAC, will be actively engaged in preparations.

Harnessing the potential of ICTs to reach the UN Sustainable Development Goals (SDGs) will also be at the heart of the ten-year review of the World Summit on the Information Society (WSIS+10) this year. Following consultations with all stakeholders held by UNESCO and the ITU in the past two years, the United Nations in New York will be hosting a High-Level WSIS Review event in December that will take stock of progress and provide a vision for the WSIS beyond 2015.

Both the OECD and the UN streams of work highlight that ICTs and the Internet have already had a major impact on economic and social development. In a very measurable way, the development of Internet infrastructure around the globe has accelerated economic growth and social development on all continents. Today, the digital economy contributes 5 to 9 percent to total GDP in developed markets, and in developing markets, it is growing at 15 to 25 percent per year.

Governments, business, civil society and individuals have adopted them extensively. Mobile telephony, Internet access and social media have transformed communications opportunities for individuals, while governments and businesses increasingly rely on the Internet for communications and administration, delivering services and disseminating information. Many governments and development agencies have adopted strategies to leverage ICTs for development (ICT4D) and introduced programmes that take advantage of the Internet – stimulating access to information through telecentres and mobile applications; promoting business sectors such as outsourcing and software development; disseminating e-agriculture and e-health information, distance learning and mobile money; and establishing mechanisms to provide early warning of natural and man-made disasters. These impacts have grown as technology has become more sophisticated, user numbers have risen, more bandwidth has become available, and new services have been introduced. Further developments now underway – such as cloud computing and the Internet of Things – mean that ICTs will have even greater impact on development implementation and outcomes over the next fifteen years.

In light of this positive trend, the Internet technical community, in cooperation with all stakeholders, has a unique perspective to offer to tackle challenges ahead of us. This community can also help define priorities to allow the Internet reach its full development potential, such as:

  • Connectivity and access for all
  • Affordability
  • Reliability and resilience
  • An enabling legal and regulatory environment
  • Enhanced human capabilities

To tackle these priorities adequately, an open and collaborative approach to policy, standards and technology development will be crucial. A holistic approach is also critical if we want to fully harness the potential of the Internet. Indeed, there is a clear case on the importance of linking and articulating different facets that the Internet touches upon: development goals and governance of the Internet, security policies and economic objectives, global dialogues processes with bottom-up approaches.

This is clearly the spirit that we expect to find at the 2016 Ministerial in Mexico next year.

Newsletter Newsletter N°5

Interview of Ambassador Dionisio Pérez-Jácome Frisione, Mexico’s Permanent Representative to the OECD

Dionisio-Perez-Jacome, Ambassador of Mexico to the OECD
Photo: OECD/Michael Dean

In the interview below Ambassador Dionisio Pérez-Jácome, Mexico’s Permanent Representative to the OECD, answers a series of questions. The answers are given in the context of the still on-going process of definition and organization of the Mexico 2016 Ministerial on the Digital Economy. Therefore, a wide array of information on the Ministerial is still under review by the relevant Committees, including the OECD Council, and is thus not yet declassified and is subject to changes.

When did Mexico join the OECD, and what has been your country’s economic and social priorities since then?

On May 18th, 1994 Mexico deposited its instruments of ratification of the Convention on the OECD. For Mexico, joining the OECD and NAFTA the same year (1994) represented a key recognition of the progress we had achieved in the preceding years. It acknowledged our efforts guided towards establishing a more efficient market economy, through our strong commitment to deep structural changes, open trade and an open economy.

During the past 21 years, Mexico has emphasized its work with the OECD to tackle a wide array of challenges, including:

  • Consolidating a stable macroeconomic environment,
  • Achieving higher levels of inclusive growth and development,
  • Ensuring a high quality of education, o Boosting competition and competitiveness,
  • Improving regulatory framework and impact,
  • Reinforcing fiscal and budgetary policies, as well as strengthening institutions, through higher accountability, transparency standards and a results-based scheme.

During the past three years, under President Peña Nieto, the OECD has been an important collaborator in the design of Mexico´s ambitious structural reform agenda. Mexico looks forward to continue its close work with the OECD in the implementation of structural reforms to achieve higher growth and productivity through a strengthened and more resilient and inclusive economy, institutions and society.

What are the objectives and hopes of Mexico for the 2016 OECD Ministerial?

The objectives and hopes for the 2016 Ministerial include:

  • Addressing the economic and social benefits of an open Internet and the policies that support its development
  • Taking advantage of the economic and social benefits from convergence to the Internet of Everything
  • Enabling greater co-operation to protect consumers and manage privacy and security risks
  • Benefitting from the new, ever-evolving labour markets

More detail on these issues can be found at

What in your opinion are the key changes in the digital economy since the last OECD CDEP Ministerial in 2008 in Seoul?

The main change in the digital economy since the Seoul Ministerial is the rapid pace at which the Internet has grown and diffused across the globe, and the deeper impact this has had on governments, businesses and societies. The very recent OECD Digital Economy Outlook 2015 sheds light on these issues:

  • World exports of manufactures ICT goods grew by 6% per year while ICT services grew by 30% yearly from 2001 to 2013.
  • There has been an overall decrease in prices, increasing mobile and internet per capita penetration. For example, mobile broad-band baskets for smartphones decreased on average in OECD countries by 52% in 2014 compared to 2012.
  • In 2014, 95% of enterprises had broadband, up from 86% in 2010.
  • In 2014, 76% of businesses had web presence and 90% were interacting with public authorities online.

This has also brought upon important changes and challenges for business through e-commerce, as well as to the job market, particularly for younger generations.

The increasing pace of technological progress, coupled with a rapid path towards the “Internet of Things” or “Internet of Everything”, poses challenges for governments, as well as important benefits for societies. Hence, governments are taking important steps to develop national digital strategies to ensure society reaps the full benefits of the digital economy.

Very detailed information on this question can be found in the 2013 OECD publication “The Internet Economy on the Rise: Progress since the Seoul Declaration”.

What do you see as the key challenges and opportunities for the digital economy in the next decade?

The key challenge is to continue to harness the benefits of the digital economy. Moving forward will include supporting even further penetration of services and making markets more accessible to all social sectors. Furthermore, trust must be enhanced in order to increase social participation, the number of enterprises participating in e-commerce (21% in 2014 on average for OECD countries, only up 2% from 2009) – particularly the need to boost SMEs – and further develop national strategies to face the impacts on skills and employment across the different social sectors: age, economic status, geographical location, etc.

The 2008 Ministerial resulted in the creation of the Internet Technical Advisory Committee (ITAC) and Civil Society Advisory Committee (CSISAC) to provide their expertise and views in the work of the OECD CDEP. How does Mexico see the value of the role of non-governmental stakeholders in the work of the OECD?

Mexico greatly values and supports the participation and work of ITAC, CSISAC and others in the OECD CDEP and other Committees. The digital economy requires collaboration amongst all stakeholders, which is an approach being sought after for the Mexico 2016 Ministerial, and is viewed by Mexico as a key element of an inclusive dialogue on these timely issues.

Photo credit: OECD/Michael Dean

Newsletter Newsletter N°5

New Internet (and IoT) Era and the Protection of Economic and Social Activities

karen_mccabeBy Karen McCabe, Senior Director Technology Policy and International Affairs, IEEE Standards Association

A new Internet age is emerging which will likely lead to many significant shifts in the Internet’s future role in society—namely as we progress to a device and human hyper-connected reality. These shifts will have major implications for the future of the Internet, not only on its governance and development, but also on its use and impact. There have been dramatic transformations to Internet-enabled devices that network and communicate with each other providing unprecedented opportunities for new services, improved productivity and efficiency, real-time decision-making and innovative user experiences.

We are now poised for a revolution in which the connection goes beyond connecting only computing devices and begins to includes sensors, everyday objects and the built environment or infrastructure. Much of what we have traditionally considered to be inert and distinctly non-electronic is becoming a part of this mega-network—of what today is called the Internet of Things (IoT).

Where every device and virtually all electronic devices (and people) are connected in this new era of IoT, there is an exponential growth in collecting, transmitting and analyzing data resulting in a massive creation of a vast knowledge set that will help catalyze a knowledge society. While IoT and data analysis can lead to greater empowerment of world citizens and economic growth, the same opportunity challenges the concept of privacy and security.

The increasing rise in data capturing, linking, analyzing and using information raises concerns about individual privacy protection. Personal data is the type that has drawn the most attention from a regulatory and policy point of view. Thus, the challenge is to achieve an acceptable relationship among individuals’ right to privacy and the emerging opportunities in data innovation. Importantly, there is a paradox where the Internet and devices are used intensively and data is relinquished willingly with opposing fears that privacy is compromised. This paradox can hinder the potential unlimited growth of the new Internet (and IoT) age by users and industry that may ultimately affect the global economy.

Having guidelines and a set of global principles that focus on the protection of the economic and social activities that rely on the digital environment will serve as a strong foundation to help unencumber future development and support data innovation and usage opportunities that will benefit citizens of the world. This week at the 69th Session of OECD CDEP (Organisation for Economic Co-operation and Development Committee on Digital Economic Policy), the draft recommendation on Digital Security Risk Management for Economic and Social Prosperity—the result of a thorough review of the 2002 Recommendation of the Council Concerning Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security—will be submitted for discussion with the proposal that the draft Recommendation replace the 2002 Security Guidelines. The review was launched in 2013 by the Working Party on Security and Privacy in the Digital Economy (SPDE).

Newsletter Newsletter N°5

Consent as a critical component for Trust in the Growth of the Digital Economy

Mark Lizar, Kantara InitiativeBy Mark Lizar, CISWG Co-Chair, Kantara Initiative

In a day and age where sharing personal data is increasingly central to our social practices online and a requirement for the use of many services and applications, the capacity for users to understand and manage the data they share online is more important than ever.

Key to this is the notion of consent, which means that people explicitly agree to sharing, but at this time people can’t independently track or control sharing using policies.

In this regard, Kantara Initiative’s Consent & Information Sharing Work Group (CISWG) is proud to announce our work on a Consent Receipt open standard. The Consent Receipt seeks to increase personal data control and transparency by increasing the capacity for people to track and manage data sharing relationships. We can build stronger trust in today’s digitally driven economy by upgrading the digital consent and “I agree” buttons on and off the Internet so that they provide users with a record of what personal information they have shared with a particular service.

The Consent Receipt serves people, organizations, and governments by addressing a lack of user trust. A Special Eurobarometer research report, released in June 2015, indicated a strong demand for consent, greater transparency, and more personal data control. This report is generated from a survey completed in March 2015. Approximately 28,000 respondents from different social and demographic groups were interviewed.

Sample quotes from the report reveal the current paradox: users are expected to provide consent with little or no information regarding what data they have consented to release.

  • “Nearly seven out of ten people (69%) say that their explicit approval should be required in all cases “.
  • “Yet only Only one fifth of respondents say they are always informed about the conditions of data collection and its potential uses when they are asked to provide personal information online.”
  • “Two-thirds of respondents (67%) say that they find privacy statements too long to read, while nearly four out of ten (38%) find them unclear or too difficult to understand.”

The Challenge – Usable and meaningful consent is obstructed by outdated practices and infrastructure. Policies and consent management today are having the effect of obscuring personal data control and eroding trust and innovation in the digital economy.

The Solution – A Consent Receipt is designed to solve this issue by increasing the capacity for people to manage personal information sharing. The development of a common way to record consent enables privacy policies to be layered, making them machine and human readable.

A standardized Consent Receipt effectively enables consent to be managed independently of service providers while affording the opportunity to make consent a positive customer experience.

Kantara Initiative is a participating Member of the OECD-ITAC. If you would like to learn more about the Consent Receipt work and how your organization can contribute or adopt please visit: