The value of consent: Discussions with designers of ubiquitous computing systems

Luger, Ewa; Rodden, Tom

doi:10.1109/percomw.2014.6815237

Cited by 8 publications

(8 citation statements)

References 10 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our paper contributes to these areas of debate and the series of alternative consent mechanisms or systems with the proposition to open consent out instead of closing it down. It has increasingly been argued that informed consent is paradoxical and that we need to move beyond the individual "click-wrap agreement culture" [6, p. 22] to alternative models of consent [19,50]. Our study confirms these shortcomings of the existing models and provides us with a series of considerations relevant for the design of future consent systems.…”

Section: Concluding Remarks -Consent Beyond the Individualsupporting

confidence: 62%

“…While some research within this area is focusing on locking down user's personal data [16] for protection of privacy, other scholars recommend design guidelines to support HCI researchers as well as commercial developers in the design of informed and meaningful consent mechanisms or systems. For example, Lugger and Rodden suggest systems that allow for data review and consent withdrawal at any time, scaffold understanding through visualisations and opportunities for further interrogation [49,50]. Equally, they emphasise the "need for multiple approaches if effective consent practices are to be realised within the design of pervasive systems" [50, p.393].…”

Section: Concluding Remarks -Consent Beyond the Individualmentioning

confidence: 99%

See 1 more Smart Citation

Should I Agree?

Nissen

Neumann

Mikusz

et al. 2019

Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

Obtaining meaningful user consent is increasingly problematic in a world of numerous, heterogeneous digital services. Current approaches (e.g. agreeing to Terms and Conditions) are rooted in the idea of individual control despite growing evidence that users do not (or cannot) exercise such control in informed ways. We consider an alternative approach whereby users can opt to delegate consent decisions to an ecosystem of third-parties including friends, experts, groups and AI entities. We present the results of a study that used a technology probe at a large festival to explore initial public responses to this reframing-focusing on when and to whom users would delegate such decisions. The results reveal substantial public interest in delegating consent and identify differing preferences depending on the privacy context, highlighting the need for alternative decision mechanisms beyond the current focus on individual choice.

show abstract

Section: Concluding Remarks -Consent Beyond the Individualsupporting

confidence: 62%

Section: Concluding Remarks -Consent Beyond the Individualmentioning

confidence: 99%

Should I Agree?

Nissen

Neumann

Mikusz

et al. 2019

Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

“…We could simply provide the list of content-related guidelines based on the derived principles in the previous section. However designers have difficulty benefiting from these kinds of flat lists of guidelines [89], [90]. We therefore plan to produce a template to demonstrate the impact of these guidelines.…”

Section: Reprisementioning

confidence: 99%

How to Make Privacy Policies both GDPR-Compliant and Usable

Renaud¹,

Shepherd²

2018

2018 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA)

View full text Add to dashboard Cite

It is important for organisations to ensure that their privacy policies are General Data Protection Regulation (GDPR) compliant, and this has to be done by the May 2018 deadline. However, it is also important for these policies to be designed with the needs of the human recipient in mind. We carried out an investigation to find out how best to achieve this.We commenced by synthesising the GDPR requirements into a checklist-type format. We then derived a list of usability design guidelines for privacy notifications from the research literature. We augmented the recommendations with other findings reported in the research literature, in order to confirm the guidelines. We conclude by providing a usable and GDPR-compliant privacy policy template for the benefit of policy writers.

show abstract

“…Taking advantage of new interaction methods may provide for the ongoing negotiation of terms of consent. 18…”

Section: Lack Of or Partial User Interfaces And Consentmentioning

confidence: 99%

Demonstrably doing accountability in the Internet of Things

Urquhart

Lodge

Crabtree

2018

International Journal of Law and Information Technology

View full text Add to dashboard Cite

This paper explores the importance of accountability to data protection, and how it can be built into the Internet of Things (IoT). The need to build accountability into the IoT is motivated by the opaque nature of distributed data flows, inadequate consent mechanisms, and lack of interfaces enabling end-user control over the behaviours of internet-enabled devices. The lack of accountability precludes meaningful engagement by end-users with their personal data and poses a key challenge to creating user trust in the IoT and the reciprocal development of the digital economy. The EU General Data Protection Regulation 2016 (GDPR) seeks to remedy this particular problem by mandating that a rapidly developing technological ecosystem be made accountable. In doing so it foregrounds new responsibilities for data controllers, including data protection by design and default, and new data subject rights such as the right to data portability. While GDPR is 'technologically neutral', it is nevertheless anticipated that realising the vision will turn upon effective technological development. Accordingly, this paper examines the notion of accountability, how it has been translated into systems design recommendations for the IoT, and how the IoT Databox puts key data protection principles into practice.Accompanying the diversity of IoT devices and services are concerns centring on privacy and trust. When sensing occurs in the home, for example, patterns of behaviour can be detected and inferences made about inhabitants' lifestyles. Depending who is making these inferences, and who they share the data with, privacy harms can emerge. As Nissenbaum argues, inappropriate flows of information between contexts can cause harm to an individual's sense of privacy. 5 The nascent nature of the industry means there is a lack of harmonised standards for building IoT devices in ways that sufficiently foreground and anticipate data protection concerns. 6 Building trustworthy relationships with consumers in the new IoT infrastructure is critical, 7 and not least because an increasing array of high profile stories about IoT devices leaking data, 8 or being hacked and becoming implicated in widespread distributed denial of service attacks, 9 contribute to a diminishing sense of trust in the emerging infrastructure.Against this background we elaborate key challenges posed by the IoT from a regulatory perspective and how these practically occasion the need for accountability. These include challenges posed by devices that lack or only provide partial user interfaces and compliant consent mechanisms; the opacity of data flows to end-users and the spectrum of GDPR control rights; machine to machine communications and the legitimacy of access; and cloud storage and international data transfer safeguards. We move on to explore various aspects of the Accountability Principle, first its history in data protection governance and then how it is presented in Article 5(2) of GDPR. This exploration involves questioning the nature of the account to be provided...

show abstract

The value of consent: Discussions with designers of ubiquitous computing systems

Cited by 8 publications

References 10 publications

Should I Agree?

Should I Agree?

How to Make Privacy Policies both GDPR-Compliant and Usable

Demonstrably doing accountability in the Internet of Things

Contact Info

Product

Resources

About