Meanwhile, a couple of people have pointed me at the Modern Slavery Registry. It’s a register of things that companies are doing to tackle modern slavery. It’s run by a group of organisations including Oxfam, UNICEF and the TUC. The idea is that it’ll be used in a similar way to the CDP, to influence people’s decisions about companies and the data used by regulators.

Lots of our work at IF is about spotting places in systems where it might be possible to design interventions that improve people’s digital rights. Ian’s written before about building better infrastructure to protect against exploits, and both Trust & Design and the pattern catalogue are an effort to equip designers and others with new patterns when designing for privacy and trust.

So, the idea of public disclosure registers for carbon and modern slavery (and their potential use by investors) got me thinking: “What’s the equivalent for companies who make digital products?”

How would an investor understand if a company is a risk because of poor data ethics or lack of preparation for GDPR? How would a regulator learn if their policies are resulting in meaningful action? How would a consumer know if a company holds their data in a certain legal jurisdiction?

Is there a missing register? A register of things like:

  • Public GDPR commitments
  • Commitments about where data is held
  • Data about two factor authentication uptake by people using a company’s products

The technology for something like that would be easy to build. And things like CDP show there’s a precedent for using fees to support a register. The hard problem would be finding the first few companies willing to disclose this information, and the investors or regulators who are willing to make it into a virtuous circle.

If anyone works for an organisation interested in exploring this idea, please get in touch: [email protected]