Trust as a Currency in the Digital Economy
Trust is always costly. We, as individuals and as society, pay more for trust even when we are not conscious of it. We buy electronic devices from famous brands because of the implicit guarantee that the shop owner will not disappear if technical problems arise or if the device is defective. We pay more for registered express mail because we do not have faith in regular post. We choose to stay in well- known hotel brands rather than random guesthouses because it is less likely that our security during the stay in an unfamiliar city will be endangered. Our taxes are used for issuing special number plates and licensing system for taxis to ensure passengers’ safety.
However, many current technologies reduce these premium costs of trust that we have been paying for. Real- time tracking systems combined with effective twoway review systems between customers and service providers allow us to trust unknown drivers at a much lower cost. It is evident that this is much more efficient than the state- approved taxi licensing system. We are also comfortable staying in a room owned by a stranger in a foreign city in a way that is not too different from staying in the house of a friend ( and many times, we become friends with those strangers). We can participate in these transactions of the so- called sharing economy without any hesitancy not because there is a guarantee by a state or governmental institution, but because we believe in the mobile application and its review system.
In the past, we would go to particular bars or listen to specific radio stations because we trust the bar owner or DJ’S taste in music. Today, we trust machines to predict our personal preferences, or even tell us what music we are likely to love. The growing capacity of Artificial Intelligence coupled with Big Data technology makes possible a customized recommendation system that foresees our taste in consumption even when we ourselves are not aware of such predilections until we try or ‘ discover’ the recommended products. This personalized experience is possible in a range of services, from online shopping and music streaming to dating applications.
Before we advance to the new digital world, let us stop and think about ‘ trust’ for a bit. What does it mean when we trust someone? What are the aspects of products and services that allow us to use them with trust?
SAFETY AND SECURITY
We trust products or services because of the implied safety. We buy expensive brands of electronic product because we want to make sure it will not explode when we use it. We even buy a guarantee just in case it really does explode. Safety or security is the basic underpinning of trust. In many cases, we do not have enough information to trust service providers, so the license systems provided by regulating agencies can help, such as in the case of taxi licensing systems that requires regular car checkups and the regulation that requires hotels to have standard fire exits. But we have seen from the case of ride hailing applications that technology and transparent information can be more effective than state regulations.
CERTAINTY AND AUTHENTICITY
We also base trust on certainty and authenticity. We want to make sure that our money are transferred to the right person at the right time. For these qualities, the technology of blockchain or distributed ledger may help raise certainty levels close to 100%. In addition to industries that require high level of authenticity evaluation such as diamond trade and real estate, there is already an attempt to use blockchain technology in the food industry to guarantee food safety throughout the entire supply chain. People might not need to put trust in regulating authorities or well- known companies anymore; they can trust the system instead. Such efficient systems can be private, decentralized and highly transparent, but at the same time safe, secured, and guaranteeing your privacy.
TECHNOLOGY AND TRUST
Stable hi- speed internet connections combined with efficient personal information management have changed our consumption habits and the way we feel about trust. These technologies support two important functions in any transaction.
First, these technologies can match demand and supply in the most specific manner. We do not need to guess the rate of food consumption and provide space to store raw food anymore. Customers can pre- order and sellers know in advance what they need to prepare, consequently producing less garbage. Actually, it does not even need to be the consumers themselves, but the smart fridge connected to the food supply web service.
Second, these technologies help build trust among strangers. In the past, we only trust ed those whom we knew well, whether individuals or companies. However, today we can trust the system instead of persons or brands. We do not need to trust our individual Uber drivers because we can trust the mobile application system which is cheaper and more effective than the national transport regulation system, including the meter system. As a consequence, the intermediaries who benefited from the inefficiency of
the old system, such as supermarkets or taxi- meter device producers, will progressively be excluded from these transactions in the upcoming digital era if they do not adapt their roles.
The application of these technologies to build trust can be found in government work and law enforcement as well. Thai courts recently launched a project using data analysis in determining provisional release without bail, and tracking the released defendant by electronic monitoring devices.
TRUST IN SYSTEMS
Recent trends indicate that systems can be more trustworthy than humans in many situations, especially in societies where government operations are not fully trusted or not always effective. However, one of the fundamental elements that allow these technologies to operate is the free flow of data, including personal data. Consequently, it is not an overstatement that our personal data is no longer under our full control. The protection of privacy or data protection is a quality that technology and the market alone cannot provide as long as there is human intervention. That is why there must be rules to prohibit employees from copying and distributing personal data. Without the intervention by national legislature the overall level of privacy protection can become a race to the bottom.
Apart from regulations, we also need an environment that facilitates these systems. We do not want to sacrifice our privacy or security for free and fast connection. We need both free and safe flow of data. This is where laws can coordinate between the two equally important demands. An effective data protection law must be able to regulate company behavior concerning privacy and set minimum standards of technology used for securing data.
PRIVACY AND DATA PROTECTION IN THAILAND
The Thai legal system is behind in the area of data protection, though privacy issues have been raised as concerns frequently for the past several years. People have been complaining about their mobile numbers being sold to companies that conduct direct marketing via phone. Many are worried about the way telecommunication companies handle their mobile use data.
The first attempts to draft data protection law happened 10 years ago. There have been at least four different versions of bills that failed to reach the national assembly. The latest attempt was in early 2015. The Data Protection Bill was part of the Digital Economy Bills, together with the Cybersecurity Bill, Copyright Act Amendment Bill, Computer Crime Act Amendment Bill and 10 other laws. The Data Protection Bill did not face contention in the same way as the above- mentioned bills, but its contents were heavily resisted by industries whose business de- pends on customers’ personal data such as banking, finance and insurance.
However, considering the recent development in data protection laws in many Asian countries and the new General Data Protection Regulation ( GDPR) in the European Union, the authorities seem to finally understand that it is high time for Thailand to have a proper data protection law for both the public and private sectors. If not, the transnational nature of future data flow will naturally exclude Thailand from the network of safe countries for data transfer. Any companies who want to do business with European or other countries with higher level of data protection must follow the laws of those jurisdictions rather than Thai law. Without national law that reflects international best practices, the management of information in Thailand will become more and more complicated, which would curb the Thai Government’s ambitions to become a regional digital economy hub.
WHAT SHOULD WE EXPECT FROM THE NEW DATA PROTECTION LAW?
Anyone who has ever clicked the ‘ agree’ button after scrolling down the ‘ terms and conditions’ page should easily understand that the principle of consent and purpose limitation alone cannot help to protect our privacy. The requirement of data security standards and breach notification systems must also be included.
The new law is expected to navigate the difficult balance between personal data protection and benefits of data use. Some operations still have to be perfomed even without consent, such as in situations of fraud and crime detection, performance of contracts and research activities. These exceptions of ‘ legitimate interests’ should be prescribed in a way that does not override the fundamental rights of data subject. Also, the rights of data subjects — such as the right to access, right to erasure and, right to objection — must be recognized with reservations for business necessity to retain some data.
The new law will not only change the way we handle personal data, but it will also require a lot of work in re- classifying existing data. The data that is no longer necessary must be erased. The necessary data must be maintained under reasonable security standards. Legislators around the world are struggling to find ways to open up opportunities for more data use, especially in the case of Big Data, while at the same time looking for acceptable standards of encryption and pseudonymization.
The new data protection law will definitely create some burden for business, as well as for the government sector, which holds the biggest personal database in the country. Nevertheless, this change is inevitable if we want to enhance the environment for the flourishing of the digital economy. Privacy and security are the most important components of ‘ trust’ for tomorrow.
Thitirat Thipsamritkul is Lecturer at the Faculty of Law at Thammasat University. She can be contacted at thitirat. thip@ gmail. com.
People might not need to put trust in regulating authorities or well- known companies anymore; they can trust the system instead.