Many global challenges cannot be addressed by one single actor alone. Achieving sustainability requires governance by state and non-state market actors to jointly realise public values and corporate goals. As a form of public-private governance, voluntary standards involving governments, non-governmental organisations and companies have gained much traction in recent years and have been in the limelight of public authorities and policymakers. From a firm perspective, sustainability standards can be a way to demonstrate that they engage in corporate social responsibility (CSR) in a credible way. To capitalise on their CSR activities, firms need to ensure their stakeholders are able to recognise and assess their CSR quality. However, because the relative observability of CSR is low and since CSR is a contested concept, information asymmetries in firm-stakeholder relationships arise. Adopting CSR standards and using these as signalling devices is a strategy for firms to reduce these information asymmetries, by revealing their true CSR quality. Against this background, this article investigates the voluntary ISO 26000 standard for social responsibility as a form of public-private governance and contends that, despite its objectives, this standard suffers from severe signalling problems. Applying signalling theory to the ISO 26000 standard, this article takes a critical stance towards this standard and argues that firms adhering to this standard may actually emit signals that compromise rather than enhance stakeholders' ability to identify and interpret firms' underlying CSR quality. Consequently, the article discusses the findings in the context of public-private governance, suggests a specification of signalling theory and identifies avenues for future research.
MULTIFILE
Copyright enforcement by private third parties – does it work uniformly across the EU? Since the inception of Napster, home copying of digital files has taken a flight. The first providers of software or infrastructure for the illegal exchange of files were held contributory or vicariously liable for copyright infringement. In response, they quickly diluted the chain of liability to such an extent that neither the software producers, nor the service providers could be held liable. Moving further down the communication chain, the rights holders are now requiring Internet Service Providers (ISPs) that provide access to end customers to help them with the enforcement of their rights. This article discusses case-law regarding the enforcement of copyright by Internet Access Providers throughout Europe. At first glance, copyright enforcement has been harmonised by means of a number of directives, and article 8(3) of the Copyright Directive (2001/29/EC) regulates that EU Member States must ensure the position of rights holders with regard to injunctions against ISPs. Problem solved? Case law from Denmark, Ireland, Belgium, Norway, England, The Netherlands, Austria and the Court of Justice of the EU was studied. In addition, the legal practice in Germany was examined. The period of time covered by case law is from 2003 to 2013, the case law gives insight into the differences that still exist after the implementation of the directive.
This project addresses the fundamental societal problem that encryption as a technique is available since decades, but has never been widely adopted, mostly because it is too difficult or cumbersome to use for the public at large. PGP illustrates this point well: it is difficult to set-up and use, mainly because of challenges in cryptographic key management. At the same time, the need for encryption has only been growing over the years, and has become an urgent problem with stringent requirements – for instance for electronic communication between doctors and patients – in the General Data Protection Regulation (GDPR) and with systematic mass surveillance activities of internationally operating intelligence agencies. The interdisciplinary project "Encryption for all" addresses this fundamental problem via a combination of cryptographic design and user experience design. On the cryptographic side it develops identity-based and attribute-based encryption on top of the attribute-based infrastructure provided by the existing IRMA-identity platform. Identity-based encryption (IBE) is a scientifically well-established technique, which addresses the key management problem in an elegant manner, but IBE has found limited application so far. In this project it will be developed to a practically usable level, exploiting the existing IRMA platform for identification and retrieval of private keys. Attribute-based encryption (ABE) has not reached the same level of maturity yet as IBE, and will be a topic of further research in this project, since it opens up attractive new applications: like a teacher encrypting for her students only, or a company encrypting for all employees with a certain role in the company. On the user experience design side, efforts will be focused on making these encryption techniques really usable (i.e., easy to use, effective, efficient, error resistant) for everyone (e.g., also for people with disabilities or limited digital skills). To do so, an iterative, human-centred and inclusive design approach will be adopted. On a fundamental level, scientific questions will be addressed, such as how to promote the use of security and privacy-enhancing technologies through design, and whether and how usability and accessibility affect the acceptance and use of encryption tools. Here, theories of nudging and boosting and the unified theory of technology acceptance and use (known as UTAUT) will serve as a theoretical basis. On a more applied level, standards like ISO 9241-11 on usability and ISO 9241-220 on the human-centred design process will serve as a guideline. Amongst others, interface designs will be developed and focus groups, participatory design sessions, expert reviews and usability evaluations with potential users of various ages and backgrounds will be conducted, in a user experience and observation laboratory available at HAN University of Applied Sciences. In addition to meeting usability goals, ensuring that the developed encryption techniques also meet national and international accessibility standards will be a particular point of focus. With respect to usability and accessibility, the project will build on the (limited) usability design experiences with the mobile IRMA application.
