Most digital privacy advocates take user consent as the go to solution to avoid Big Brother. But does that stand the test of reality?

Online consent is not a trivial process. source: BBC
A thought provoking tweet
The W3C DPV provides a data privacy vocabulary ontology
  1. You need to process the data to comply with a legal obligation (for instance, apply tax codes based on your location)
  2. You need to process the data to save somebody’s life (for instance, this has been discussed in relation to covid tracking apps)
  3. Processing is necessary to perform a task in the public interest or to carry out some official function (for instance, computing statistics related to the pandemic)
  4. You have a legitimate interest to process someone’s personal data. This is the most flexible lawful basis, obviously.

Consent is hard to do right

Each policy takes an “average of 10 minutes to read, an average individual encounters around 1500 of those each year. 76 work days!” (source: TheAtlantic). Consumers obviously don’t read, understand or acknowledge any of those terms (and even if they did once, the providers change them regularly). And that study was conducted in 2012, before data brokers were so prevalent. Without tools such as Scripta Manens, it would be impossible to decypher, to such a point that some artists denounced that situation visually:

Reading terms and conditions, by designer Dima Yarovinsky
CCPA approved “Privacy Options” button (but the state opt-in/opt-out remains hard to guess from the flat icon, it would be good that designers further help on this). Source: cylab

Consent is no panacea

Despite all that technological goodwill, the practice of privacy notices often remains misleading, and sometimes harmful. Trust is coercive to the individual in the sense that a shrink-wrap license, or being forced to sign a privacy notice before getting care at a hospital is coercive to the sick and anxious person.

Clubhouse’s dark privacy pattern
Source: https://blog.pcloud.com/invasive-apps/

It’s Time for a Mindset Shift

Privacy, like digital identity, is a shared property. “Consent is social and contextual” (source: Sheldrake). We now have a few years of experience, and it’s time we address consent fatigue.

Towards a national privacy law in the U.S. ?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store