Opportunities and Challenges of Dynamic Consent in Commercial Big Data Analytics
- 63 Downloads
In the context of big data analytics, the possibilities and demands of online data services may change rapidly, and with it change scenarios related to the processing of personal data. Such changes may pose challenges with respect to legal requirements such as a transparency and consent, and therefore call for novel methods to address the legal and conceptual issues that arise in its course. We define the concept of ‘dynamic consent’ as a means to meet the challenge of acquiring consent in a commercial use case that faces change with respect to re-purposing the processing of personal data with the goal to implement new data services. We present a prototypical implementation that facilitates incremental consent forms based on dynamic consent. We report the results gained via two focus groups which we used to evaluate our design, and derive from our findings implications for future directions.
KeywordsDynamic consent EU General Data Protection Regulation (GDPR) Human-computer interaction (HCI) Notification Re-purposing
The research presented in this paper was jointly conduced by the SPECIAL, Privacy&Us and PAPAYA EU projects. The project SPECIAL (Scalable Policy-awarE linked data arChitecture for prIvacy, trAnsparency and compLiance) has received funding from the EU’s Horizon 2020 research and innovation programme under grant agreement No. 731601. The Privacy&Us project has been supported by the EU’s Horizon 2020 Research and Innovation Programme under the Marie Skłodowska-Curie Grant 675730 and the project PAPAYA (A Platform for Privacy Preserving Data Analytics) is funded by the H2020 Framework of the European Commission under grant agreement No. 786767.
We thank Harald Zwingelberg (ULD) and Rigo Wenning (ERCIM/W3C) for their valuable insight, ideas and contributions to the concept of dynamic consent, and also the participants of the two focus groups for their valuable feedback.
- 1.Article 29 Data Protection Working Party: Guidelines on consent under regulation 2019/679 (2018)Google Scholar
- 2.Article 29 Data Protection Working Party: Opinion 10/2014 on more harmonised information provisions. Accessed 25 Nov 2004Google Scholar
- 3.Article 29 Data Protection Working Party: Guidelines on transparency under Regulation 2016/679. Accessed 11 Apr 2018Google Scholar
- 6.Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceedings of SIGCHI Conference on Human Factors in Computing Systems, pp. 1065–1074. ACM (2008)Google Scholar
- 8.Kay, M., Terry, M.: Textured agreements: re-envisioning electronic consent. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 13. ACM (2010)Google Scholar
- 10.Kelley, P.G., Cesca, L., Bresee, J., Cranor, L.F.: Standardizing privacy notices: an online study of the nutrition label approach. In: Proceedings of the CHI, pp. 1573–1582. ACM (2010)Google Scholar
- 11.Luger, E., Moran, S., Rodden, T.: Consent for all: revealing the hidden complexity of terms and conditions. In: Proceedings of the CHI, pp. 2687–2696. ACM (2013)Google Scholar
- 12.Murmann, P.: Eliciting design guidelines for privacy notifications in mhealth environments. Int. J. Mob. HCI 11(4), 66–83 (2019)Google Scholar
- 17.Tabassum, M., Alqhatani, A., Aldossari, M., Richter Lipford, H.: Increasing user attention with a comic-based policy. In: Proceedings of the CHI, pp. 200:1–200:6. ACM (2018)Google Scholar