Meaningful Consent in the Digital Economy
Lead Research Organisation:
University of Southampton
Department Name: Sch of Electronics and Computer Sci
Abstract
Despite being asked to "agree" constantly to terms of service, we do not currently have "meaningful consent." It is unclear whether having simple and meaningful consent mechanisms would change business fundamentally or enhance new kinds of economics around personal data sharing. Since consent is deemed necessary and part of a social contract for fairness, however, without meaningful consent, that social contract is effectively broken and the best intent of our laws undermined. Our research challenges to address this gap are interdisciplinary: meaningful consent has implications for transforming current digital economy data practices; change will require potentially new business models, and certainly new forms of interaction to highlight policy without over burdening citizens as we go about our business. We have set out a vision to achieve an understanding of meaningful consent through a combination of interdisciplinary expert and citizen activities to deliver useful policy, business and technology guidelines.
Planned Impact
We aim to provide a functional meaningful consent framework that will facilitate greater understanding of data protection models, enable more effective policy and legislation that will work with citizen behaviour for meaningful consent. The interdisciplinary scope of the research in this project will deliver in three key areas for impact in each; policy, technology and business.
Social Policy Impact: Policy Framework [lead, Thomas, first output year 1] will translate research insights from the involved disciplines (economics, marketing and computing & web science) into principles to inform and structure the development of future data protection, privacy and consent legislation both domestically and internationally, since there is significant data protection policy activity at the European level. Of particular interest are questions about what constitutes meaningful consent in a personal-data context, how to determine which scenarios should require meaningful consent, how to implement those requirements in policy and respond to them with technology, and how compliance with user consent can be audited and enforced.
Academic/Technology impact [lead: schraefel, first prototypes 6m in] will include prototypes and techniques as part of a framework that aids understanding and awareness on the part of citizens for meaningful consent, both in business-exchange scenarios (eg participating in corporate-owned social networks, accessing material on sites where one subscribes, etc) and more generally, where these mechanisms provide smarter and more effective ways to elicit, store and communicate consent by reducing confounding effects such as habituation and decision fatigue.
Business impact [lead: Orhaghi, first outputs, year 1] will be in the form of a better understanding of how strong meaningful consent requirements would disrupt existing business practices and how this disruption could be exploited by new business models and practices that use privacy and consent as selling points.
Social Policy Impact: Policy Framework [lead, Thomas, first output year 1] will translate research insights from the involved disciplines (economics, marketing and computing & web science) into principles to inform and structure the development of future data protection, privacy and consent legislation both domestically and internationally, since there is significant data protection policy activity at the European level. Of particular interest are questions about what constitutes meaningful consent in a personal-data context, how to determine which scenarios should require meaningful consent, how to implement those requirements in policy and respond to them with technology, and how compliance with user consent can be audited and enforced.
Academic/Technology impact [lead: schraefel, first prototypes 6m in] will include prototypes and techniques as part of a framework that aids understanding and awareness on the part of citizens for meaningful consent, both in business-exchange scenarios (eg participating in corporate-owned social networks, accessing material on sites where one subscribes, etc) and more generally, where these mechanisms provide smarter and more effective ways to elicit, store and communicate consent by reducing confounding effects such as habituation and decision fatigue.
Business impact [lead: Orhaghi, first outputs, year 1] will be in the form of a better understanding of how strong meaningful consent requirements would disrupt existing business practices and how this disruption could be exploited by new business models and practices that use privacy and consent as selling points.
Organisations
- University of Southampton (Lead Research Organisation)
- Economic and Social Research Council (Co-funder)
- KnowNow Information Limited (Collaboration)
- World Economic Forum (Collaboration)
- Baxendale (United Kingdom) (Project Partner)
- Microsoft Research (United Kingdom) (Project Partner)
- Information Commissioners Office (Project Partner)
- Madano Partnership (Project Partner)
- Microsoft (United States) (Project Partner)
- Massachusetts Institute of Technology (Project Partner)
- Nokia (Finland) (Project Partner)
- University of Cambridge (Project Partner)
- Stanford University (Project Partner)
- eBay (United States) (Project Partner)
Publications
Gomer R
(2014)
Consenting agents
Baarslag T
(2015)
Optimal Negotiation Decision Functions in Time-Sensitive Domains
Baarslag T
(2016)
Negotiation as an Interaction Mechanism for Deciding App Permissions
Baarslag T
(2017)
Autonomous Agents and Multiagent Systems
Schraefel M
(2017)
The internet of things interaction challenges to meaningful consent at scale
in Interactions
Baarslag T
(2017)
An Automated Negotiation Agent for Permission Management.
Marreiros H
(2017)
"Now that you mention it": A survey experiment on information, inattention and online privacy
in Journal of Economic Behavior & Organization
Filipczuk D
(2022)
Automated privacy negotiations with preference uncertainty
in Autonomous Agents and Multi-Agent Systems
| Description | Two key outcomes: 1. it is possible to re-imagine current consent of "you have read these terms" into something that can be automated by intelligent agents to manage and anticipate preferences - and to negotiate personal data trading on a person's behalf - this approach has particular implications for "headless" or displayless interactions that simply grab one's data without asking for explicit consent in the IoT - doors, halls, buildings, etc. we have developed both the theoretical mechanisms to make the negotiation possible, and explored and tested models of interaction for people to manage and trust these negotiations 2. It is also possible to better signal the STATE of data flows - in what we innovated to call Apparency to Transparency - where we can show that we can make how data is used - that it is being used and where - apparent to users - and then able to interogate how and in particular to action flows - This is a more elegant approach than the current brutish gdpr that asks for consent for cookies - which does not mitigate all tracking. We are not saying that we invent how to show trackers, but that we have proposed a framework for designers in particular to make explicit the state of information flows within use of their devices - that there is such resistance to doing so at all - to be "opaque" about transparency in data terms and conditions indicates that there is far more work to do for citizens rights - and for data innovation |
| Exploitation Route | 1) the World Economic Forum is using the concept of "meaningful consent" for a current working group between political and industrial regions 2) the work underpins the collaborative platform grant AutoTrust 3) our Five Pillars of MCDE is likewise in use with the ICO in the UK 4) this work has also informed the structures for Consentua UK |
| Sectors | Digital/Communication/Information Technologies (including Software),Culture, Heritage, Museums and Collections,Security and Diplomacy |
| URL | http://interactions.acm.org/archive/view/november-december-2017/the-internet-of-things |
| Description | UPDATE 2020 = the work has lead to the successful collaboration with Warwick that enabled the submission and acceptance of the Last Platform Grant, AutoTrust to explore human in the loop data sharing in the internet of vehicles. Likewise this work is being recognised and used in the World Economic Forums Data Trust and Meaningful Consent Panel - starting fall 2019. Findings on what is consent in the digital economy are being used by a variety of UK groups looking at privacy policy, including the Information Commissioner's Office and companies from EU arms of corporations from Visa to Facebook. Demonstrators from the project, including the Web Mirror, are being used by teachers to help students gain direct experience of why and how data consent works, and why it is important to enable them to make better informed consent choices. The resaerch work from this project has also been the foundation for the just-announced EPSRC DE Platform Grant AutoTrust - for the design of a safe, human cenetered Internet of Vehicles ADDITIONAL UPDATE 2021 - we have noted elsewhere the invited engagement with the world economic forum towards an international position for the WEF around the use of data and how consent features in that work. ADDITIONAL UPDATE - 2022 - Within the GDPR community, Dr. Richard Gomer, a former RF on the project, and new lecturer at Southampton in Electronics and Computer Science, is regularly asked both for interpretations of guidance, and the usability of the approaches towards supporting *meaningful consent* above, beyond and within privacy. One example from the COVID period is the Southampton hospital's novel saliva testing participant agreement. Members of MCDE looking at the document raised concerns with the pilot wording, and Dr Gomer was asked on board the team to help ensure the usefulness and usability of the approach. This interaction has lead to other similar queries and awarenesses that it is possible to think of these forms as more deliberately enabling of engagement rather than only (though necessarily) protecting data. This shows that the approach from MCDE is contributing to discussions within policy areas as well as in the medical devices/interventions spaces. We are planning a series of summer discussions to take place in the community as public events to explore together the art of the possible for thinking about, understanding and sharing data - as open science within pros, cons and opportunities for making these approaches better for all of us. For example, our Super Researcher from this project, Richard Gomer now: - holds a directorship with KnowNow Information - director of Defend Digital Me, a campaigning organisation that works specifically on issues of Children's privacy and digital rights (https://defenddigitalme.org/about/) - a direct result of connections and reputation built during MCDE - consulted on the Home Office-funded "KrowdSafe" project as a result of connections made during MCDE, around UI and trust-building (URL: https://www.gov.uk/government/news/crowd-safety-app-to-launch-following-home-office-funding) - member, PETRAS UMIS project, which builds on some of the MCDE research around embedding consent into the user journey, and which involves KnowNow Information as an industrial partner |
| First Year Of Impact | 2021 |
| Sector | Digital/Communication/Information Technologies (including Software),Education,Healthcare,Pharmaceuticals and Medical Biotechnology |
| Impact Types | Cultural,Societal,Policy & public services |
| Description | KnowNow Information - Consentua |
| Organisation | KnowNow Information Limited |
| Country | United Kingdom |
| Sector | Private |
| PI Contribution | Provided knowledge transfer to aid the development of the Consentua product - a general-purpose consent management platform - as product director for the company. |
| Collaborator Contribution | Provided engineering, marketing and business support. |
| Impact | Consentua - Software |
| Start Year | 2016 |
| Description | World Economic Forum - Data Intermediaries |
| Organisation | World Economic Forum |
| Country | Switzerland |
| Sector | Charity/Non Profit |
| PI Contribution | Provided input into the WEF report on data intermediaries |
| Collaborator Contribution | They wrote the report |
| Impact | Report: https://www.weforum.org/reports/advancing-digital-agency-the-power-of-data-intermediaries Involved stakeholders from a wide range of disciplines including CS, HCI, economics, law and public policy. |
| Start Year | 2021 |
| Description | World Economic Forum - Meaningful Consent |
| Organisation | World Economic Forum |
| Country | Switzerland |
| Sector | Charity/Non Profit |
| PI Contribution | The WEF sought to develop an approach on "meaningful consent" bringing together international experts in privacy and consent - so we were invited key speakers at the formative workshop for this document; we were also engaged in the preparation of the final draft, cited in it, and also members of our team are continuing as experts in ongoing WEF boards engaged in this. |
| Collaborator Contribution | Really, this work has been to bring our insights to the WEF |
| Impact | Redesigning Data Privacy: Reimagining Notice & Consent for human technology interaction |
| Start Year | 2019 |