Error message

Deprecated function: implode(): Passing glue string after array is deprecated. Swap the parameters in Drupal\gmap\GmapDefaults->__construct() (line 107 of /mnt/w/cyberlaw/docs/prod/sites/all/modules/contrib/gmap/lib/Drupal/gmap/GmapDefaults.php).

Redesigning Data Privacy: Reimagining Notice & Consent for human technology interaction

Author(s): 
Publication Type: 
White Paper / Report
Publication Date: 
July 31, 2020

The World Economic Forum partnered with the Center for Internet and Society at Stanford Law School and a community of policy-makers, researchers, civil society advocates, legal scholars, and industry and design practitioners to convene a set of conversations about the challenges of Notice & Consent as a norm for data collection and processing, particularly when it comes to the technologies of the Fourth Industrial Revolution. The goal was to facilitate creative thinking towards a potential redesign of the framework for all aspects of information collection, use, retention and disclosure.

Several main themes emerged from this unique assemblage of participants:

– Notice & Consent is at its core a humantechnology interaction problem, one that necessitates an interdisciplinary group of experts from the design and technology sectors to solve it. It can no longer remain the exclusive domain of lawyers, policy-makers and engineers; rather, designers, humanitarian experts and creative technologists must have a seat at the table, as well.

– Existing approaches do not scale for either traditional digital user interfaces or the emergent world of screenless internet of things (IoT) devices, smart cities or other connected environments. Any rethinking of Notice & Consent must be scalable and anticipate these emergent contexts.

– The concept of consent, and the mechanisms for asking for it, implicate questions of ethics and normative values that the existing framework neglects. Consent that is not freely given or informed, or that is coerced, is de facto defective. A consent process must offer substantive choices to the consenting party, including the ability to withdraw consent after the fact. “Take-it-or-leave-it” models do not offer meaningful consent.

– Dynamic, unpredictable data use and reuse demands dynamic, proactive policy responses based on positive reinforcement rather than static, reactive regulation rooted in punitive approaches. In general, incentives are viewed as more powerful than prohibitions. Positive regulation that affects incentives is therefore a potential means for effecting change in this space.

– While there is a substantial body of research that offers specific design advice to improve existing mechanisms, a fundamental change in the framework is needed towards mechanisms that both scale and incorporate ethical standards.

This white paper represents a distillation of the collective efforts of the participant experts who attended workshops in San Francisco as well as that of a multistakeholder project community from industry, academia and civil society. While the approach examines the United States as a proxy for the purposes of illustration, Notice & Consent as a norm is critically assessed more generally from a design-focused perspective, and guidance is offered to both the policy-making community and technology providers in terms of updating the existing reliance on a Notice & Consent framework to address human needs and values. By offering alternatives that place people at the centre of the paradigm, we hope that a more inclusive policy-making community can emerge to address today’s and the future’s most pressing challenges in regards to personal data collection and processing. In doing so, the empowerment of people and the opportunities for innovation should rest on more solid foundations.