Ethics and Information Technology

, Volume 16, Issue 2, pp 171–182 | Cite as

The crisis of consent: how stronger legal protection may lead to weaker consent in data protection

  • Bart W. Schermer
  • Bart Custers
  • Simone van der Hof
Original Paper
First Online:

Abstract

In this article we examine the effectiveness of consent in data protection legislation. We argue that the current legal framework for consent, which has its basis in the idea of autonomous authorisation, does not work in practice. In practice the legal requirements for consent lead to ‘consent desensitisation’, undermining privacy protection and trust in data processing. In particular we argue that stricter legal requirements for giving and obtaining consent (explicit consent) as proposed in the European Data protection regulation will further weaken the effectiveness of the consent mechanism. Building on Miller and Wertheimer’s ‘Fair Transaction’ model of consent we will examine alternatives to explicit consent.

Keywords

Privacy Data protection Consent 
This is a preview of subscription content, log in to check access.

References

  1. Acquisti, A. (2009), Nudging privacy: The behavioral economics of personal information. Security & Privacy Economics. November/December 2009.Google Scholar
  2. Acquisti, A., Grossklags, J. (2005). Privacy and rationality in individual decision making. IEEE Security & Privacy. January–February, 24–30.Google Scholar
  3. Adjerid, I., Acquisti, Brandimarte, L. & Loewenstein, G. (2013). Sleights of privacy: Framing, disclosures, and the limits of transparency. SOUPS ‘13 Proceedings of the ninth symposium on usable privacy and security, Article No. 9.Google Scholar
  4. Böhme, R. & Köpsell, S. (2010), Trained to accept?: A field experiment on consent dialogs. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2403–2406.Google Scholar
  5. Brockdorff, N. & Appleby-Arnold, S. (2013). What consumers think, EU CONSENT Project, Workpackages 7 & 8.Google Scholar
  6. Calo, M. R. (2012), Against notice skepticism in privacy (and Elsewhere), 87 Notre Dame Law Review 1027.Google Scholar
  7. Calo, M. R. (2013), Digital market manipulation, University of Washington School of Law Research Paper No. 2013-27; 2013-08-15.Google Scholar
  8. Custers, B. H. M. (2001). Data mining and group profiling on the internet. In Anton. Vedder (Ed.), Ethics and the internet (pp. 87–104). Antwerpen: Intersentia.Google Scholar
  9. Custers, B. H. M. (2012). Predicting data that people refuse to disclose; how data mining predictions challenge informational self-determination, Privacy Observatory Magazine, Issue 3.Google Scholar
  10. Custers, B., Van der Hof, S., Schermer, B., Appleby-Arnold, S., & Brockdorff, N. (2013). Informed consent in social media use. The gap between user expectations and EU personal data protection law. Journal of Law and Technology, 10(4), 435–457.Google Scholar
  11. Faden, R., & Beauchamp, T. L. (1986). A history and theory of informed consent. New York: Oxford University Press.Google Scholar
  12. Hurd, H. M. (1996). The moral magic of consent. Legal Theory, 2, 121.CrossRefGoogle Scholar
  13. Internet Society. (2012). Global internet user survey, summary report. http://www.internetsociety.org/sites/default/files/rep-GIUS2012global-201211-en.pdf. Accessed February 14, 2014.
  14. Jolls, C., & Sunstein, C. (2006). Debiasing through law. The Journal for Legal Studies, 35(1), 199.CrossRefGoogle Scholar
  15. Kleinig, J. (2010). The nature of consent. In The ethics of consent: Theory and practice (Miller & Wertheim, ed.), New York: Oxford University Press.Google Scholar
  16. Kosinski, M., Stillwell, D. & Graepel T. (2013), Private traits and attributes are predictable from digital records of human behavior. PNAS Early Edition.Google Scholar
  17. McDonald, A. M. & Cranor, L. F. (2010). The cost of reading privacy policies.Google Scholar
  18. McDonald, M., & Lowenthal, T. (2013). Nano-notice: Privacy disclosure at a mobile scale. Journal of Information Policy, 3(2013), 331–354.Google Scholar
  19. Miller, F. G. & Wertheim, A. (2010). Preface to a theory of consent: beyond valid consent. In The ethics of consent: Theory and practice (Miller & Wertheim, ed.), New York: Oxford University Press.Google Scholar
  20. Miller, F. G., & Wertheim, A. (2011). The fair transaction model of informed consent: An alternative to autonomous authorization. Kennedy Institute of Ethics Journal, 21(3), 201.CrossRefGoogle Scholar
  21. Nissenbaum, H. (2011). A contextual approach to privacy online. Daedalus, 140(4), 32–48.CrossRefGoogle Scholar
  22. Pollach, I. (2007). What’s wrong with online privacy policies? Communications of the ACM, 50(9), 103–108.CrossRefGoogle Scholar
  23. Rawls, J. (1999). A theory of justice (revised edition). Oxford: Oxford University Press.Google Scholar
  24. Solove, D. J. (2011). Nothing to hide; The false tradeoff between privacy and security. New Haven: Yale University Press.Google Scholar
  25. Solove, D. J. (2013). Privacy self-management and the consent dilemma. Harvard Law Review, 126, 1880–1903.Google Scholar
  26. van den Berg, B., & van der Hof, S. (2012). What happens to my data? A novel approach to informing users of data processing practices. First Monday, 17(7), 2.Google Scholar
  27. Westin, A. F. (1967). Privacy and freedom. New York: Atheneum Press.Google Scholar
  28. Zarsky, T.Z. (2003). Mine your own business. Yale Journal of Law & Technology,5(1), Article 1.Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2014

Authors and Affiliations

  • Bart W. Schermer
    • 1
  • Bart Custers
    • 1
  • Simone van der Hof
    • 1
  1. 1.eLaw@LeidenLeidenThe Netherlands

Personalised recommendations