Clear informed consent is the key to ensuring consumers trust every digital transaction. It’s a critical issue – which is why MEF’s Global Consumer Trust Working Group has examined the issues in order to develop a free whitepaper on the subject. Here, we present some of the highlights.
In 2010, 7,500 people sold their souls to the UK retailer, GameStation. These unwitting customers had bought from the store and missed the “immortal soul clause” buried in the site’s terms and conditions. Thankfully, this was an April Fool’s joke and GameStation returned its harvested souls back to their rightful owners.
But the point was made: when people buy digital goods and services, they rarely know what they are signing up for.
Today, in an age of ad blockers and hacking scandals, consumers are more savvy when it comes to their personal data and want clarity on who holds their data and why.
Companies are rethinking their data approaches too. No one wants a brand reputation scandal or to fall foul of regulators, who are starting to crack down on abuses. Furthermore, services built on data have the opportunity to be more personalised and build better relationships with the end-user.
The question is: where to start?
One answer is to make it very clear what data is being requested and why. And the best place to do this is at the point where the data exchange takes place – the consent form.
After all, when there is genuine consent:
- Businesses can build effective goods and services targeted to individuals
- Consumers can assign high quality data to companies they trust
The paper analyses all aspects of the consent issue – exploring legal definitions, best practice, regulation, technology solutions and more. Here are ten takeaways from the report:
All consent should be informed
Broadly this means that a person must understand what they are signing up to. This compels the supplier to use clear and understandable language. It also means that, in most cases, children and people affected by mental illness are not legally competent to give consent.
There are many types of consent
They vary in terms of how much active participation they ask of users. At one end is implied consent. Here, participation with a service is in itself proof of consent. At the other end is explicit consent, wherein a participant must give clear and documentable consent to the terms of the agreement.
Consent should be in plain language
The GameStation example at the start of this piece shows how lawyers have mostly run consent policy. Now, many think it’s time for a change. They recommend organising consent forms into six plain-language categories and presenting them as follows:
- What data we want
- What we will do with it
- What we will give you back in return for the data
- What data we will keep
- What will we share with third parties and why
- How we give you right to forget/erase/revoke
Regulators are cracking down
From next year, the EU’s General Data Protection Regulation (GDPR) will impose new restrictions on how companies collect, store and share personal data. It will change the rules on consent. There will be no more implied consent. No more bundled consent (where consent requests are packaged with other terms and conditions) and new rights of access and deletion.
It’s not just the EU…
GDPR has all the attention. But other regions are turning their attention to consent processes. They include Brazil (Data Protection Bill), South Africa (Protection of Personal Information Act) and others.
There are specific consent questions for app developers
New consent regulation compels service providers to outline every kind of data they wish to collect. But they cannot decline access when a person declines to agree to one of these requests. But what if an app cannot function without certain data? A ride sharing app, for example, needs access to GPS.
Changing consent policies can drastically affect your business
What happens when an organisation changes from a policy of implied consent to one of explicit consent? In the UK, the Royal National Lifeboat Institution charity (RNLI) found out. It went back to its database to request an active opt-in. Of its 900,000 most engaged supporters, 382,000 opted in. However, this smaller base gives more. The average donation rose to £8.39 from £2.94.
The rising option of ‘consent as a service’
Today, there are a growing number of companies offering specialist technical services around consent. They offer a kind of ‘Verified Consent’ or ‘Consent as a Service’ product, which meets the standards set by regulators (see section on GDPR) around transparency, control and so on.
Can a ‘thing’ give consent?
The Internet of Things raises important questions around consent such as: how can a person assign consent to hundreds of devices working on her behalf? How can she do this when there is no screen? Should things like connected CCTV cameras gather consent from every person they track?
As a legal idea, consent is a century old.
It began with a medical malpractice suit in New York. It centred on the case of Mary Schloendorff, who claimed she was operated on without permission. She won.
Understanding Digital Consent – A Useful Guide
Rising privacy concerns and imminent data regulation are combining to make consent a key issue for the digital economy. MEF’s Consumer Trust Working Group examines the topic in a new whitepaper: Understanding Digital Consent.
A comprehensive guide to digital consent in the personal data economy, the whitepaper looks at the regulatory requirements as well as the innovative models and technologies being trialled to help businesses implement best practice when it comes to data permissions for collecting, sharing and storing data.