Geneva, Mar 5: With digital services dominating everyday life, a Switzerland-based not-for-profit foundation has launched a ‘trust label’ that vouches for the trustworthiness of the service.
Launched by the Swiss Digital Initiative (SDI), the ‘Digital Trust’ label assesses services offered by an online firm on 35 criteria across four categories — security, data protection, reliability and user interaction.
“Growing complexity and opaqueness, coupled with various scandals around data breaches and discrimination by algorithmic systems, are fuelling mistrust in digital services. The ‘Digital Trust’ label denotes the trustworthiness of a digital service in clear, visual and plain, non-technical language for everyone to understand,” Diana Kaliff, Digital Trust Label lead at SDI, told a group of visiting Indian journalists in Geneva.
“Companies can also do more in building trustworthiness on how they handle users’ personal data,” she said.
The label was launched in Switzerland last year and SDI has since expanded its services to Germany.
However, the label comes at a cost anywhere between 22,000 to 45,000 Swiss francs depending on the complexity of the digital service and with a validity of three years. It also includes two quality checks during the three-year validity period.
Companies such as Switzerland-based mobile and internet services firm Swisscom, Credit Suisse, Cisco WebEx, PeopleWeek (an international human resources and collaboration software company), and Wefox (a Berlin-based digital insurance provider) have got the Digital Trust label so far, Kaliff said.
Organisations that have committed to getting the label in 2023 include UNICEF, UBS (Switzerland-based multinational investment bank and financial services company), One Log (a joint login service for a federation of the largest Swiss media companies and publishing houses), Swiss supermarket firm Coop and Swiss wealth management group Julius Baer.
Many companies have taken the initiative to get labelled because their rigorous audit and certification improve their market position, said Fathi Derder, managing director of SDI.
Experts believe that the Trust label could be more effective if it is offered by an organisation backed by international bodies such as the European Commission or other multi-lateral institutions.
David Atienza, Scientific Director of the EcoCloud Sustainable Computing Center at the Ecole Polytechnique Federale de Lausanne (EPFL), noted that digital services undergo periodic software upgrades and it would be difficult to get the trust certification done after every update.
He also flagged the high costs involved in the certification and favoured the label to be offered by a government or a multilateral agency with some legal backing instead of a not-for-profit foundation.
On the certification process, Kaliff said each of the 35 criteria has detailed specifications such as secure communication, data transmission and storage, secure user authentication, efficient monitoring and reporting of any breaches, user consent for everything.
Once a company agrees to undergo the certification process, a third-party auditor sits down with the company to see if it meets the criteria.
The third-party auditor submits the audit report to the SDI, after which an internal certification committee of the SDI conducts a second-level check, seeking clarifications from the auditor as needed. It is only after this that the candidate receives the ‘Digital Trust’ label, according to SDI.
“We have developed the criteria partly based on requirements listed under the ISO and partly under the General Data Protection Regulation (an EU law),” Kaliff said.
She said the label is based on existing standards and if a service meets the criteria, it receives the label.
“If the service does not comply with the criteria, we give the manufacturers feedback on what can still be improved,” Kaliff said, adding that it was not obligatory for the SDI to grant a trust label to every company signing up for it.
Once awarded, the label is valid for three years and there is a quality check after the second and third year to see if the company is still compliant with the standards, she said. (PTI)
Follow our WhatsApp channel
