The Consent Paradox: Accounting for the Prominent Role of Consent in Data Protection

  • Benjamin BergemannEmail author
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 526)


The concept of consent is a central pillar of data protection. It features prominently in research, regulation, and public debates on the subject, in spite of the wide-ranging criticisms that have been levelled against it. In this paper, I refer to this as the consent paradox. I argue that consent continues to play a central role not despite but because the criticisms of it. I analyze the debate on consent in the scholarly literature in general, and among German data protection professionals in particular, showing that it is a focus on the informed individual that keeps the concept of consent in place. Critiques of consent based on the notion of “informedness” reinforce the centrality of consent rather than calling it into question. They allude to a market view that foregrounds individual choice. Yet, the idea of a data market obscures more fundamental objections to consent, namely the individual’s dependency on data controllers’ services that renders the assumption of free choice a fiction.


Commodification Data protection Discourse analysis Informed consent Information control Power 


  1. 1.
    Bergemann, B.: Der “informed consent” im Datenschutz: Eine politikwissenschaftliche Analyse, Master thesis. Freie Universität Berlin (2017).
  2. 2.
    Schermer, B.W., Custers, B., van der Hof, S.: The crisis of consent: how stronger legal protection may lead to weaker consent in data protection. Ethics Inf. Technol. 16, 171–182 (2014)Google Scholar
  3. 3.
    Boltanski, L., Chiapello, È.: The New Spirit of Capitalism. Verso, London (2007)Google Scholar
  4. 4.
    Austin, L.M.: Enough about me: why privacy is about power, not consent (or harm). In: Sarat, A. (ed.) A World Without Privacy: What Law Can and Should Do?, pp. 131–189. Cambride University Press, New York (2014)Google Scholar
  5. 5.
    Zanfir, G.: Forgetting about consent. why the focus should be on “suitable safeguards” in data protection law. In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Reloading Data Protection, pp. 237–257. Springer, Dordrecht (2014). Scholar
  6. 6.
    Koops, B.-J.: The trouble with European data protection law. Int. Data Priv. Law. 4, 250–261 (2014)CrossRefGoogle Scholar
  7. 7.
    van der Sloot, B.: Do data protection rules protect the individual and should they? An assessment of the proposed general data protection regulation. Int. Data Priv. Law. 4, 307–325 (2014)CrossRefGoogle Scholar
  8. 8.
    Barocas, S., Nissenbaum, H.: Big data’s end run around anonymity and consent. In: Lane, J., Stodden, V., Bender, S., Nissenbaum, H. (eds.) Privacy, Big Data, and the Public Good: Frameworks for Engagement, pp. 44–75. Cambridge University Press, Cambridge (2014)CrossRefGoogle Scholar
  9. 9.
    Rouvroy, A., Poullet, Y.: The right to informational self-determination and the value of self-development: reassessing the importance of privacy for democracy. In: Gutwirth, S., Poullet, Y., De Hert, P., de Terwangne, C., Nouwt, S. (eds.) Reinventing Data Protection?, pp. 45–76. Springer, Netherlands, Dordrecht (2009). Scholar
  10. 10.
    Crain, M.: The limits of transparency: data brokers and commodification. New Media Soc. 20, 88–104 (2016)CrossRefGoogle Scholar
  11. 11.
    McDermott, Y.: Conceptualising the right to data protection in an era of Big Data. Big Data Soc. 4, 1–7 (2017)CrossRefGoogle Scholar
  12. 12.
    Manson, N.C., O’Neill, O.: Rethinking Informed Consent in Bioethics. Cambridge University Press, Cambridge (2007)CrossRefGoogle Scholar
  13. 13.
    Laurie, G.T.: Genetic Privacy: A Challenge to Medico-Legal Norms. Cambridge University Press, Cambridge (2004)Google Scholar
  14. 14.
    Kosta, E.: Consent in European Data Protection Law. Martinus Nijhoff Publishers, Leiden (2013)CrossRefGoogle Scholar
  15. 15.
    Bennett, C.J.: The Privacy Advocates: Resisting the Spread of Surveillance. MIT Press, Cambridge (2008)Google Scholar
  16. 16.
    Gutwirth, S.: Short statement about the role of consent in the European data protection directive. Vrije Universiteit Brussel, Brussels (2012)Google Scholar
  17. 17.
    De Hert, P., Papakonstantinou, V.: The new general data protection regulation: still a sound system for the protection of individuals? Comput. Law Secur. Rev. 32, 179–194 (2016)CrossRefGoogle Scholar
  18. 18.
    Quelle, C.: Not just user control in the general data protection regulation. In: Lehmann, A., Whitehouse, D., Fischer-Hübner, S., Fritsch, L., Raab, C. (eds.) Privacy and Identity 2016. IAICT, vol. 498, pp. 140–163. Springer, Cham (2016). Scholar
  19. 19.
    Lynskey, O.: The Foundations of EU Data Protection Law. Oxford University Press, Oxford (2015)Google Scholar
  20. 20.
    von Uckermann, E.F.: Einwilligung nach BDSG – ein Mißverständnis? Datenschutz Datensich. DuD. 3, 163–168 (1979)Google Scholar
  21. 21.
    Matzner, T., Masur, P.K., Ochs, C., von Pape, T.: Do-it-yourself data protection—empowerment or burden? In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Data Protection on the Move, pp. 277–305. Springer, Netherlands, Dordrecht (2016). Scholar
  22. 22.
    Rhoen, M.: Beyond consent: improving data protection through consumer protection law. Internet Policy Rev. 5 (2016)Google Scholar
  23. 23.
    Solove, D.J.: Privacy self-management and the consent dilemma. Harv. Law Rev. 126, 1880–1903 (2013)Google Scholar
  24. 24.
    Arnold, R., Hillebrand, A., Waldburger, M.: Personal data and privacy. Final report (Study for Ofcom). WIK-Consult, Bad Honnef (2015)Google Scholar
  25. 25.
    Acquisti, A., Sleeper, M., Wang, Y., Wilson, S., Adjerid, I., Balebako, R., Brandimarte, L., Cranor, L.F., Komanduri, S., Leon, P.G., Sadeh, N., Schaub, F.: Nudges for privacy and security: understanding and assisting users’ choices online. ACM Comput. Surv. 50, 1–41 (2017)CrossRefGoogle Scholar
  26. 26.
    Calo, R.: Against notice skepticism in privacy (and elsewhere). Notre Dame Law Rev. 87, 1027–1072 (2012)Google Scholar
  27. 27.
    Kauppi, N., Madsen, M.R. (eds.): Transnational Power Elites: The Social and Global Structuration of the EU. Routledge, London (2013)Google Scholar
  28. 28.
    Acquisti, A., Taylor, C.R., Wagman, L.: The Economics of Privacy. Social Science Research Network, Rochester (2016)Google Scholar
  29. 29.
    Simitis, S. (ed.): § 4a Einwilligung. In: Kommentar zum Bundesdatenschutzgesetz, pp. 432–466. Nomos, Baden-Baden (2011)Google Scholar
  30. 30.
    Rogosch, P.M.: Die Einwilligung im Datenschutzrecht. Nomos, Baden-Baden (2013)CrossRefGoogle Scholar
  31. 31.
    Hermstrüwer, Y.: Informationelle Selbstgefährdung: zur rechtsfunktionalen, spieltheoretischen und empirischen Rationalität der datenschutzrechtlichen Einwilligung und des Rechts auf informationelle Selbstbestimmung. Mohr Siebeck, Tübingen (2016)Google Scholar
  32. 32.
  33. 33.
    Gottweis, H.: Argumentative policy analysis. In: Peters, G., Pierre, J. (eds.) Handbook of Public Policy, pp. 461–479. Sage, London (2006)CrossRefGoogle Scholar
  34. 34.
    Bennett, C.J., Raab, C.D.: The Governance of Privacy: Policy Instruments in Global Perspective. Ashgate, Aldershot (2003)Google Scholar
  35. 35.
    Klein, B., Moss, G., Edwards, L.: Understanding Copyright: Intellectual Property in the Digital Age. SAGE, Los Angeles (2015)CrossRefGoogle Scholar
  36. 36.
    Strauss, A.L., Corbin, J.M.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications, Thousand Oaks (1998)Google Scholar
  37. 37.
    Keller, R.: Analysing discourse. an approach from the sociology of knowledge. Forum Qual. Sozialforschung Forum Qual. Soc. Res. 6 (2005)Google Scholar
  38. 38.
    Haverland, M., Yanow, D.: A hitchhiker’s guide to the public administration research universe: surviving conversations on methodologies and methods. Public Adm. Rev. 72, 401–408 (2012)CrossRefGoogle Scholar
  39. 39.
    Saldaña, J.: The Coding Manual for Qualitative Researchers. SAGE, Los Angeles (2009)Google Scholar
  40. 40.
    Schwartz-Shea, P., Yanow, D.: Interpretive Research Design: Concepts and Processes. Routledge, New York (2012)Google Scholar
  41. 41.
    Boltanski, L., Thévenot, L.: On Justification: Economies of Worth. Princeton University Press, Princeton (2006)Google Scholar
  42. 42.
    Fischer, F., Gottweis, H.: Introduction: the argumentative turn revisited. In: Fischer, F., Gottweis, H. (eds.) The Argumentative Turn Revisited: Public Policy as Communicative Practice, pp. 1–27. Duke University Press, Durham (2012)CrossRefGoogle Scholar
  43. 43.
    Menzel, H.-J.: Datenschutzrechtliche Einwilligungen: Plädoyer für eine Rückkehr zur Selbstbestimmung. Datenschutz Datensicherheit DuD. 32, 400–408 (2008)CrossRefGoogle Scholar
  44. 44.
    Schaar, P.: Datenschutzrechtliche Einwilligung im Internet. Multimed. Recht MMR 2001, 644–648 (2001)Google Scholar
  45. 45.
    Iraschko-Luscher, S.: Einwilligung – ein stumpfes Schwert des Datenschutzes? Datenschutz Datensicherheit DuD. 30, 706–710 (2006)CrossRefGoogle Scholar
  46. 46.
    Roßnagel, A., Pfitzmann, A., Garstka, H.: Modernisierung des Datenschutzrechts. Gutachten im Auftrag des Bundesministeriums des Innern. Bundesministerium des Innern, Berlin (2001)Google Scholar
  47. 47.
    Zscherpe, K.: Anforderungen an die datenschutzrechtliche Einwilligung im Internet. Multimed. Recht MMR 2004, 723–727 (2004)Google Scholar
  48. 48.
    Kutscha, M.: Mehr Datenschutz — aber wie? Z. Für Rechtspolit. ZRP 43, 112–114 (2010)Google Scholar
  49. 49.
    Kamp, M., Rost, M.: Kritik an der Einwilligung: Ein Zwischenruf zu einer fiktiven Rechtsgrundlage in asymmetrischen Machtverhältnissen. Datenschutz Datensicherheit DuD 37, 80–84 (2013)CrossRefGoogle Scholar
  50. 50.
    Körner, M.: Informierte Einwilligung als Schutzkonzept. In: Simon, D., Weiss, M. (eds.) Zur Autonomie des Individuums: Liber Amicorum für Spiros Simitis, pp. 131–150. Nomos, Baden-Baden (2000)Google Scholar
  51. 51.
    Ladeur, K.-H.: Datenschutz – vom Abwehrrecht zur planerischen Optimierung von Wissensnetzwerken. Zur “objektiv-rechtlichen Dimension” des Datenschutzes. Datenschutz Datensicherheit DuD 24, 12–19 (2000)Google Scholar
  52. 52.
    Bräutigam, P.: Das Nutzungsverhältnis bei sozialen Netzwerken - Zivilrechtlicher Austausch von IT-Leistung gegen personenbezogene Daten. Multimed. Recht MMR 2012, 635–641 (2012)Google Scholar
  53. 53.
    Schafft, T., Ruoff, A.: Nutzung personenbezogener Daten für Werbezwecke zwischen Einwilligung und Vertragserfüllung. Comput. Recht CR 22, 499–504 (2006)Google Scholar
  54. 54.
    Bull, H.P.: Zweifelsfragen um die informationelle Selbstbestimmung – Datenschutz als Datenaskese? Neue Juristische Wochenschr. NJW 59, 1617–1623 (2006)Google Scholar
  55. 55.
    Pollmann, M., Kipker, D.-K.: Informierte Einwilligung in der Online-Welt. Datenschutz Datensicherheit DuD 40, 378–381 (2016)CrossRefGoogle Scholar
  56. 56.
    Arnold, R., Hillebrand, A., Waldburger, M.: Informed Consent in Theorie und Praxis: Warum Lesen, Verstehen und Handeln auseinanderfallen. Datenschutz Datensicherheit DuD 39, 730–734 (2015)CrossRefGoogle Scholar
  57. 57.
    Buchner, B.: Die Einwilligung im Datenschutzrecht – vom Rechtfertigungsgrund zum Kommerzialisierungsinstrument. Datenschutz Datensicherheit DuD 34, 39–43 (2010)CrossRefGoogle Scholar
  58. 58.
    Buchner, B.: Grundsätze und Rechtmäßigkeit der Datenverarbeitung unter der DS-GVO. Datenschutz Datensicherheit DuD 40, 155–161 (2016)CrossRefGoogle Scholar
  59. 59.
    von Lewinski, K.: Privacy Policies: Unterrichtungen und Einwilligung im Internet. Datenschutz Datensicherheit DuD 26, 395–400 (2002)Google Scholar
  60. 60.
    Petri, T.: Datenschutzrechtliche Einwilligung im Massengeschäftsverkehr. Recht Datenverarb. RdV 23, 153–158 (2007)Google Scholar
  61. 61.
    Beisenherz, G., Tinnefeld, M.-T.: Aspekte der Einwilligung: Zivil- und strafrechtliche Bezüge der Einwilligung im Datenschutzrecht. Datenschutz Datensicherheit DuD 35, 110–115 (2011)CrossRefGoogle Scholar
  62. 62.
    Caspar, J.: Soziale Netzwerke – Endstation informationelle Selbstbestimmung?: Ein Bericht aus der Behördenpraxis. Datenschutz Datensicherheit DuD 37, 767–771 (2013)CrossRefGoogle Scholar
  63. 63.
    Bellanova, R.: Digital, politics, and algorithms: governing digital data through the lens of data protection. Eur. J. Soc. Theory 20, 329–347 (2017)CrossRefGoogle Scholar
  64. 64.
    Draper, N.A.: From privacy pragmatist to privacy resigned: challenging narratives of rational choice in digital privacy debates: challenging rational choice in digital privacy debates. Policy Internet 9, 232–251 (2017)CrossRefGoogle Scholar
  65. 65.
    Hull, G.: Successful failure: what Foucault can teach us about privacy self-management in a world of Facebook and big data. Ethics Inf. Technol. 17, 89–101 (2015)CrossRefGoogle Scholar
  66. 66.
    Bellanova, R.: Data protection, with love. Int. Polit. Sociol. 8, 112–115 (2014)CrossRefGoogle Scholar
  67. 67.
    van Dijk, N., Gellert, R., Rommetveit, K.: A risk to a right? Beyond data protection risk assessments. Comput. Law Secur. Rev. 32, 286–306 (2016)CrossRefGoogle Scholar
  68. 68.
    Borgesius, F.J.Z., Kruikemeier, S., Boerman, S.C., Helberger, N.: Tracking walls, take-it-or-leave-it choices, the GDPR, and the ePrivacy regulation. Eur. Data Prot. Law Rev. 3, 353–368 (2017)CrossRefGoogle Scholar
  69. 69.
    Article 29 Data Protection Working Party: Guidelines on Consent under Regulation 2016/679. WP 259 (2017)Google Scholar
  70. 70.
    Gellert, R., Gutwirth, S.: The legal construction of privacy and data protection. Comput. Law Secur. Rev. 29, 522–530 (2013)CrossRefGoogle Scholar
  71. 71.
    Rauhofer, J.: One step forward, two steps back? Critical observations on the proposed reform of the EU data protection framework. University of Edinburgh School of Law, Edinburgh (2013)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  1. 1.WZB Berlin Social Science CenterBerlinGermany

Personalised recommendations