Opportunities and Challenges of Dynamic Consent in Commercial Big Data Analytics

  • Eva Schlehahn
  • Patrick Murmann
  • Farzaneh Karegar
  • Simone Fischer-HübnerEmail author
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 576)


In the context of big data analytics, the possibilities and demands of online data services may change rapidly, and with it change scenarios related to the processing of personal data. Such changes may pose challenges with respect to legal requirements such as a transparency and consent, and therefore call for novel methods to address the legal and conceptual issues that arise in its course. We define the concept of ‘dynamic consent’ as a means to meet the challenge of acquiring consent in a commercial use case that faces change with respect to re-purposing the processing of personal data with the goal to implement new data services. We present a prototypical implementation that facilitates incremental consent forms based on dynamic consent. We report the results gained via two focus groups which we used to evaluate our design, and derive from our findings implications for future directions.


Dynamic consent EU General Data Protection Regulation (GDPR) Human-computer interaction (HCI) Notification Re-purposing 



The research presented in this paper was jointly conduced by the SPECIAL, Privacy&Us and PAPAYA EU projects. The project SPECIAL (Scalable Policy-awarE linked data arChitecture for prIvacy, trAnsparency and compLiance) has received funding from the EU’s Horizon 2020 research and innovation programme under grant agreement No. 731601. The Privacy&Us project has been supported by the EU’s Horizon 2020 Research and Innovation Programme under the Marie Skłodowska-Curie Grant 675730 and the project PAPAYA (A Platform for Privacy Preserving Data Analytics) is funded by the H2020 Framework of the European Commission under grant agreement No. 786767.

We thank Harald Zwingelberg (ULD) and Rigo Wenning (ERCIM/W3C) for their valuable insight, ideas and contributions to the concept of dynamic consent, and also the participants of the two focus groups for their valuable feedback.


  1. 1.
    Article 29 Data Protection Working Party: Guidelines on consent under regulation 2019/679 (2018)Google Scholar
  2. 2.
    Article 29 Data Protection Working Party: Opinion 10/2014 on more harmonised information provisions. Accessed 25 Nov 2004Google Scholar
  3. 3.
    Article 29 Data Protection Working Party: Guidelines on transparency under Regulation 2016/679. Accessed 11 Apr 2018Google Scholar
  4. 4.
    Cate, F.H.: The limits of notice and choice. IEEE Secur. Priv. 8(2), 59–62 (2010)CrossRefGoogle Scholar
  5. 5.
    Cranor, L.F., Guduru, P., Arjula, M.: User interfaces for privacy agents. ACM TOCHI 13(2), 135–178 (2006)CrossRefGoogle Scholar
  6. 6.
    Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of SIGCHI Conference on Human Factors in Computing Systems, pp. 1065–1074. ACM (2008)Google Scholar
  7. 7.
    Holtz, L.E., Zwingelberg, H., Hansen, M.: Privacy policy icons. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 279–285. Springer, Heidelberg (2011). Scholar
  8. 8.
    Kay, M., Terry, M.: Textured agreements: re-envisioning electronic consent. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 13. ACM (2010)Google Scholar
  9. 9.
    Kaye, J., Whitley, E.A., Lund, D., Morrison, M., Teare, H., Melham, K.: Dynamic consent: a patient interface for twenty-first century research networks. Eur. J. Hum. Genet. 23(2), 141 (2015)CrossRefGoogle Scholar
  10. 10.
    Kelley, P.G., Cesca, L., Bresee, J., Cranor, L.F.: Standardizing privacy notices: an online study of the nutrition label approach. In: Proceedings of the CHI, pp. 1573–1582. ACM (2010)Google Scholar
  11. 11.
    Luger, E., Moran, S., Rodden, T.: Consent for all: revealing the hidden complexity of terms and conditions. In: Proceedings of the CHI, pp. 2687–2696. ACM (2013)Google Scholar
  12. 12.
    Murmann, P.: Eliciting design guidelines for privacy notifications in mhealth environments. Int. J. Mob. HCI 11(4), 66–83 (2019)Google Scholar
  13. 13.
    Patrick, A.S., Kenny, S.: From privacy legislation to interface design: implementing information privacy in human-computer interactions. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 107–124. Springer, Heidelberg (2003). Scholar
  14. 14.
    Ploug, T., Holm, S.: Meta consent: a flexible and autonomous way of obtaining informed consent for secondary research. BMJ 350, h2146 (2015)CrossRefGoogle Scholar
  15. 15.
    Prictor, M., Teare, H.J., Kaye, J.: Equitable participation in biobanks: the risks and benefits of a “dynamic consent” approach. Front. Public Health 6, 253 (2018)CrossRefGoogle Scholar
  16. 16.
    Schaub, F., Balebako, R., Cranor, L.F.: Designing effective privacy notices and controls. IEEE Internet Comput. 21(3), 70–77 (2017)CrossRefGoogle Scholar
  17. 17.
    Tabassum, M., Alqhatani, A., Aldossari, M., Richter Lipford, H.: Increasing user attention with a comic-based policy. In: Proceedings of the CHI, pp. 200:1–200:6. ACM (2018)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2020

Authors and Affiliations

  • Eva Schlehahn
    • 1
  • Patrick Murmann
    • 2
  • Farzaneh Karegar
    • 2
  • Simone Fischer-Hübner
    • 2
    Email author
  1. 1.Unabhängiges Landeszentrum für Datenschutz Schleswig-HolsteinKielGermany
  2. 2.Karlstad UniversityKarlstadSweden

Personalised recommendations