If only for the amount of posts and chronicles piling up already, I believe it is safe to say that the Ethical Commerce Alliance’s Ethics in eCommerce London Summit (at The Royal Institution) was a major success. We were all treated to a literal avalanche of insights coming from apparently unrelated angles. There was a sense of momentum, common purpose, and upcoming change.

Since I had agreed to connect the dots across all sessions to give a final summary and lightning-fast analysis, I ended up with plenty of notes. Mostly digested now, my conclusions follow below and certainly go beyond my brief intervention (given obvious time constraints).

_____

I will start by saying that I do not know of a single company that starts off with a “being unethical” strategy (sort of Megamind style). In fact, most people believe they are being moral and working “for the common good”. This paves the way for a difficult debate that started with Greek philosophers and, to the best of my knowledge, has not yet been resolved. How can we trust ethics if they rest in the eye of the beholder? As someone pointed out, what seems entirely necessary for some is perceived as “woke” by others.

There is also a question of legitimacy and authenticity. Do ethics require a sacrifice? A hard rebirth like that of the Buddha? Is it about putting yourself in the shoes of the majority, thereby resulting in the greatest possible impact at the expense of a few? Do you care enough about people that you would help your competitor be as ethical as you are so that the consumer is truly better-off? Do you instead see ethics as a competitive advantage and therefore another piece of leverage?

Examples of this dilemma abound: Does Apple deserve any credit for allowing people to disable third-party trackers when they have no use for them? Does the iPhone maker get to decide what is right or wrong by blocking access to innumerable apps in the name of privacy while considering the App Store’s user-level identifiers a natural part of the ecosystem (and receiving a CNIL fine after using them for ad targeting purposes without consent)?

Given that her keynote opened the event, Stephanie Hare’s Technology Is Not Neutral provides an ideal introduction to the nature of the dilemmas at hand. Twitter, Meta, Apple, or Alphabet have recently been confronted with hard choices: public order and security vs. freedom of speech or confidentiality, non-discrimination vs. decentralization, etc. Neutrality was simply not an option and at times they were accused by both sides of the aisle (eg., by not doing enough to moderate AND by interfering with free speech at all).

It was with this basic premise, and a quick update to the same topic in the more recent flavor of Generative AI (to the tune of Terminator, Blade Runner 1.0, and Minority Report) that we were led by Stephanie into the first panel.

I have grouped what followed into five separate topics, disregarding the chronological order of the sessions or side chats:

Who gets to judge?

If data ethics boil down to “the systematic accounting of how you avoid doing wrong when using data” (in the words of Harry Farmer)*, should such data ethics be defined by intention, or should we be judged by the outcomes instead?

We found no need to go all the way back to Kant and Bentham, as this centuries-old dilemma was brought to life by the constructive disagreement between Catherine King (advocating for the journey that starts with mere posing and ends with actual customer expectations) and David Mannheim (advocating for honesty as a non-negotiable starting point). Stephanie Hare made the point that co-creating a data ethics framework with our customers could help us find the right balance - which sounds very much aligned with Marc Steen’s Participatory Process.

Somewhat vindicating Catherine’s less popular perspective, a separate panel on sustainability showed that what started as “greenwashing” has actually resulted in informed consumers who appreciate transparency, paving the way for authenticity (the next level, already at play) - and yet we were left with an open question about the value of certification schemes now that even Starbucks boasts a B Corp seal and with the worst polluters quickly amassing well-sounding stamps in an implausible manner.

Carlo Baratti’s chat on ethical sales a few hours later inadvertently pointed at a darker side of the focus on intention, as it would subject outcomes to what a particular company or person considered ethical or “true” (in Carlo’s words: “Tell the truth, but do not impose your truth on others”). Erin Meyer’s The Culture Map was quoted a few times by Carlo and others to illustrate how different countries would make separate interpretations of what is considered right, appropriate, or respectful to others.

Opening the debate even further, Diana Spehar’s impressive efforts to bring ethical practices to Sky’s customers were confronted with the "consistency test" during the Q&A: If ethical practices were to be rewarded by customers, why was it that people trusted the company so little according to certain benchmarks? Internal buy-in was most likely the answer, and she did provide a few tips to make progress on that front (covered below).

In a separate chronicle of the event Caroline Helbing argues that there simply is an ever-present expectation of ethics on the part of the moral agents that we people are. Perhaps we should revisit the notion of universal moral laws.

And yet I was left wondering: could this be replicated in the more complex arena of data protection where negative consequences are even harder to perceive by the wider population (beyond, as someone pointed out, poor digital advertising experiences)? A coffee-break chat led me to further ponder a theory: Machine Learning’s grand entrance into our daily lives will show us the real impact of indiscriminate personal data mining, exposing a need for individuals to enjoy protection at “data activation” or “decision-making” level once it is too late to fix the data collection challenge. In other words, it will be our inability to obtain a working visa or health insurance policy that wakes us up to the fact that sharing pictures of the food we eat, the places we visit, or the content we read will both feed the giant engine and act as a trigger for it to flex its muscles on us when we least expect it.

This idea, already codified in article 22 of the GDPR, could prove particularly future-proof at a time when entirely stopping our personal data exposure can do little to decrease the impact of automated decisions, as we are gradually more affected by the data previously shared by others (either because they are similar to us or because they are not), as well as by what we still consider non-personal data.

Are we missing the forest for the trees?

Harry Farmer (Ada Lovelace Institute) explained that the ongoing focus on differential accuracy in biometrics -a good point, as facial recognition takes two entire chapters in Stephanie Hare’s book- is only a technical problem that has a technical solution, but we need to address the wider problem (how about discrimination?).

We could easily connect this with my latest point above: the upcoming EU hashtag#AIRegulation is indeed able to tackle the side-effects of unrestricted data storage (in the past) and ongoing data exposure (in the future) once the cat is already out of the bag, but it could also illustrate a rushed move by the legislator in the name of “being first” in the pursuit of the shiny new thing, choosing to regulate a specific technology while taking our eyes off the ball (basic human rights, bias, freedom, privacy, etc.). I believe that IBM’s Christina Montgomery’s statement at yesterday’s US Senate hearing on the need for AI Regulation (and differing from hashtag#OpenAI ’s Sam Altman’s) is aligned with this view. Suffice to look at a precedent that still haunts us: cookie (local storage) consent requirements in the hashtag#ePrivacy Directive II.

Privacy vs competition. Ethics are expensive.

Katharine Jarmul noted that it is the larger platforms who are first embracing Privacy Enhancing Technologies (eg. federated learning), posing a very present risk that it is Big Tech that ends up being more privacy-centric and more aligned with Privacy by Design principles than smaller or local players. This is something I have been debating for a while, and I could not help but connect this important point to a couple of testimonies I heard over the coffee breaks:

• A serial entrepreneur from Portugal was frustrated that there simply are no affordable tools or cheap technical solutions for small business owners which are GDPR compliant. Whoever needs to test an Minimum Viable Product will invariably pick one of the mainstream US-based tools which come packed with third-party cookies and trackers out of the box. Deviating from this will result in extra costs that people cannot afford at that stage.

• A UK-based expert in e-commerce applications for small businesses pointed out that Shopify was the first go-to solution in the market, and that it was simply non-compliant with the EU framework. Who is to blame when this is the default go-to?

I realized that it is easy for many of us to point people in the right direction with alternative analytics (cookieless, non-granular), marketing automation (locally hosted, pixel-free), (modular) ecommerce, or (tracker-free) content management tools, but we fail to appreciate that the hassle or cost differences are not insignificant to most small business owners.

Of course all of this results in less “digital sovereignty” when it comes to the EU. Small local players are either forced to spend the money they do not have or become fully dependent on US-based Big Tech (a closed shopping loop on Instagram, a business front-end on Facebook, marketing on Google and Amazon, etc.). Speaking of unintended consequences.

On a separate note, both Catherine King and Diana Spehar pointed out that data ethics programs are expensive (eg., it will always be easier to hire a non-diverse team that will introduce fewer safeguards in AI-related processes). Zeiss’ Wathagi Ndungu discussed the case for a company-wide moratorium in the internal use of generative AI, and Google has just announced that their own hashtag#ChatGPT competitor, Bard, will not be available in the EU for fear of uncertain regulatory consequences (surely a smart move given the prospects of potential lawsuits against OpenAI in the region). Everything in life is a trade-off, and this is no different: additional safeguards will result in a competitive disadvantage. In this case it could present itself in the form of fewer tools and technologies available to businesses and consumers.

Katharine Jarmul pointed at the über-present, apparently leaked “we have no moat” Google memo to express confidence in open source alternatives to the nascent big players, but questions are already being raised with regard to the real capabilities of the former in the absence of comparably large data sets at training level (and China’s failed attempts are replicating OpenAI’s effectiveness with more sophisticated algorithms as a result of both centralized censorship and the walled garden nature of Internet communications in the country -superapps!- provide a good illustration - The Economist published an in-depth analysis of this challenge a few days ago).

But, wait! Perhaps such a competitive disadvantage is a good thing, when we ponder the next question.

Growth is the enemy

Cecilia Scolaro (joined by Will Pickett and Alessandro Lovisetto in the sustainability panel) made a strong case for a separate trade-off that few dare to acknowledge: continuous growth is incompatible with sustainability. This was supported by Francesco Bottigliero: a focus on short-term results makes it harder to have a positive impact on the local community.

The Brunello Cucinelli iCEO went on to make a passionate argument for long-term goals, accepting that not everybody counted on the necessary support at the highest level in the organization (surprise).

Cookie banners run counter to personal agency. CRO is the opposite of customer centricity.

It was mostly agreed by everyone in the room that cookie banners have been a clear failure at all levels. Rhiannon Hanger made it clear that consent management tools result in the worst possible experience, and Francesco made the point that cross-domain tracking was not going away as a result of such banners, while Borja Santaolalla explained that a winning, recent trend was holding consent requests until customer data was actually required at some point further down the shopping experience.

Prior to that, Katharine Jarmul had shared an alternative “fine-grained” consent example (resulting in quick calls for a UX-focused review during the Q&A). As an alternative to behind-the-scenes or “consent”-based data collection, Rhiannon explained that we should co-create insight with the customer like we co-create experiences, stressing the importance of conversations at various levels.

Andreas Wagner and Rodger Buyvoets added to the calls for customer-driven optimization. The former produced tangible evidence that giving customers the room for exploration (of products otherwise hidden in the navigation and search user flows) had a bigger impact on actual sales than reacting to event-based data-driven insights. The latter explained that it is individuals who should decide on product taxonomies and feature descriptions to ensure that they speak the same language and are more easily found. There was also general agreement that it should be customers who eventually choose which preferences or needs they share with a given merchant - as opposed to behind-the-scenes profiling.

Andreas Wagenmann, Ana García, and Ramiro Alvarez Fernandez demonstrated that all of the above was actually feasible as of today through very specific examples of federated personalization and hyper-granular user controls.

With “imposed personalization” and brand-centric product discovery out of the way, it was the turn of hashtag#CRO (Conversion Rate Optimization). Rhiannon Hanger explained that our obsession with conversion rates had forced people into dead end alleys in which speaking to our customers was considered an unforgivable sin (my own words). She made a strong case for conversational commerce and Voice of Customer strategies, even daring to tackle the more complex distinction between Proprietarian ("my data" as a commodity) and Dignatarian ("my data" as me) perceptions of the personal information we are asked to share in our relationship with a given retailer.

The road is already paved

Wathagi Ndungu provided a very practical and upbeat perspective. We do have guidelines, and there are already a few processes that are proven to work - and this is particularly true in the legal compliance space. She mentioned the OECD AI Principles and stressed the importance of Impact Assessments, which happen to have been singled out by Supervisory Authorities as a key missing pillar in most organizations.

For her part, Diana Spehar did provide the most specific framework for scaling responsible data practices (divided into ethics of data, ethics of algorithms, and ethics of practices), together with some tips on “making friends” within the larger organization and thus aspiring to make a real impact. She considered three engagement narratives as particularly effective in this regard: supporting upcoming regulation, supporting customer trust, and supporting the brand. Diana went on to explain that specific KPIs can be derived from a Data Ethics Maturity Framework, subsequently being attached to measures taken at data protection, data governance, data analytics, corporate affairs, or product development level.

Lastly, it all came full circle as Sky’s Data Ethics Lead coincided with Stephanie Hare’s argument in favor of co-creation: speaking to our customers will help us understand the specific levers that build trust in our industry. Are we being dumped in favor of more ethical competitors?