COnSeNT 2021

Post detailing organising a workshop
published:
by Harshvardhan J. Pandit
is about: Consent Workshop 2021
academic conference consent workshop

Along with Vitor Jesus and Cristiana Santos, I was an organiser for a workshop on COnSeNT (Consent management in Online Services, Networks and Things). The workshop was conducted on 7 September as part of a larger academic conference, the IEEE European Conference on Security and Privacy (Euro S&P). It was a one-day event, conducted virtually over Zoom owing to the disruptions of COVID-19 pandemic.

The workshop was focused specifically on "consent", as it is applied to applications, services, industries, and many more through the medium of internet. It consisted of six papers, which spanned a diverse set of researchers as well as research domains. The event also consisted of a keynote and a panel where experts disseminated and discussed the state of the art and the current issues surrounding consent and consenting practices.

Information about the event, including its programme, links to presented papers and proceedings, recorded keynote and panel discussions, are available on its website: https://privacy-as-expected.org/consent2021/.

Keynote

The keynote was given by Dr Johnny Ryan (FRHistS), and was titled "Consent ‘spam’ and the undermining of European data protection law. Dr. Ryan is currently a Senior Fellow at the Irish Council for Civil Liberties (ICCL). He was previously the Chief Policy & Industry Relations Officer at Brave - the radical web browser. His work has focused on exposing the depths and prevalence of the internet-based surveillance ad-industry and its implications for competition/anti-trust and privacy.

With such a rich and impactful profile, having Dr. Ryan deliver a keynote to the workshop attendees was one of the highlights of the event. The keynote provided a well-presented explanation of how the RTB-based ad mechanisms work, who the actors are, and how the data being collected and used contains several problematic categories and has cause of concern regarding impact. They keynote is available for viewing online on YouTube.

Panel Discussion

The panel consisted of a number of experts and stakeholder representatives as academics, industry practioners, and authorities relevant to consent, who discussed "Does Consent work? If not Consent, what else?. The panel consisted of:

  • Armand Heslot (CNIL): Armand is Head of the technology experts department at the CNIL (the French Data Protection Authority) and represents CNIL at the Technology subgroup of the EDPB.
  • Irene Kamara (Tilburg university): Dr. Irene Kamara is an Assistant Professor of Cybersecurity Governance at Tilburg University. She is an expert in standardisation, with a doctoral thesis exploring the interplay between standardisation and the regulation of the right to protection of personal data. She has prior experience working as a trainee at EDPS, CEN and CENELEC, and is a member of member of the ENISA Experts List.
  • Mark Lizar (Kantara Initiative): Mark Lizar is the CEO & Founder of the OpenConsent Group, and is a co-inventor of the Kantara Consent Receipt specification. Mark is active in Canadian standards, conformance and the Kantara Initiative as an International Liaison and previously Co-Chair of the Consent and Information Sharing WG and Vice Chair of the Leadership Council.
  • Robin Berjon (New York Times): Robin Berjon is the VP of Data Governance at New York Times. He is an expert in Web technology and its standardisation with almost two decades’ worth of experience in developing and driving standardisation efforts, primarily in W3C, and notably as the Editor of the HTML Specification. He is a co-author of the Global Privacy Control specification.
  • Rob van Eijk (Future of Privacy Forum): Dr. Rob van Eijk serves as the Future of Privacy Forum’s Managing Director for Europe. Prior to this, Dr. van Eijk obtained a PhD focusing on online advertising (real-time bidding) and has worked at the Dutch Data Protection Authority (DPA) for nearly 10 years. He worked within the Article 29 Working Party in multi-stakeholder negotiations of the World Wide Web Consortium on Do Not Track.
  • Townsend Feehan (IAB Europe): Townsend Feehan is CEO of Interactive Advertising Bureau (IAB) Europe - the EU-level association for the digital marketing and advertising ecosystem conducting research and development of standards and specifications powering much of the online advertising ecosystem. Prior to joining IAB Europe, Townsend worked for Microsoft Legal & Corporate Affairs in Brussels.

A recording of the panel discussion is available for viewing online on YouTube.

Paper Presentations

The workshop had seven submissions of which six were suitable for presentation based on reviews. These were:

  • Paulina Jo Pesch, "Drivers and Obstacles for the Adoption of Consent Management Solutions by Ad-Tech Providers" | publication | preprint |
  • Vitor Jesus, "Pragmatic Online Privacy: the SftE Approach"| publication | preprint |
  • Piero Bonatti, Jonathan Langens and Luigi Sauro, "Representing Consent and Policies for Compliance" | publication | preprint |
  • Wilhelmina Maria Botes and Arianna Rossi, "Standards for consent? From icons to comics and beyond!" | publication | preprint
  • Beatriz Esteves, Harshvardhan J. Pandit and Víctor Rodríguez-Doncel, "ODRL Profile for Expressing Consent through Granular Access Control Policies in Solid" | publication | preprint |
  • Soheil Human and Mandan Kazzazi, "Contextuality and Intersectionality of E-Consent: A Human-centric Reflection on Digital Consenting in the Emerging Genetic Data Markets" | publication | preprint

Experience as Organiser

Overall it was a positive and learning experience in organising an event from the proposal stage, to setting up a website, inviting reviewers, and speakers for keynote and panel. It was also an experience in management on the day of the event, the several tasks that need to be taken care of behind the scenes to ensure everything runs smoothly. Given the virtual setting, certain things were easy, such as managing people entering and leaving, but other things were noticeably difficult, such as keeping an eye on people wanting to ask questions or engagement in general.

One important thing that came out of this was realising how much time is spent organising an event, and how little is visible when attending an event. It also clarified how much time is spent in communications and follow-ups, and how despite the most well-written emails the details are forgotten and need to be reminded or kept at hand for quick dissemination.

Another aspect of academic events is peer-reviewing, which involves asking a person to dedicate their time and energy to review someone else's work. The reviewer gets no compensation for this, other than perhaps a rudimentary shred of prestige to put on their CVs. The authors also get nothing from this arrangement, since their work is essentially given away for free to the publishers. One of the reviewers asked about attending the event, or a sort of discount or other arrangement, but unfortunately we had to refuse this request to what extent we could. For the authors and to ensure the work could be disscussed to the best extent, we asked the authors for an open preprint copy of their articles as either a link or a document which we could post on the workshop website. Moving forward, open-access and reviewer-perspectives are two important aspects.

Inviting such a high-profile group of people for the keynote and panel turned out to be much simpler and easier than I expected. All I had to do was ask (nicely and politely). Most people responded quite quickly, and were sympathetic to the various hiccups in the processes towards attending. The best to invite someone is to have someone (who knows them) ask them to attend. Failing that, its perfectly okay to directly email someone with an invitation. However, always have a plan B in case someone doesn't reply, and for this reason always mention a date by which you expect a reply so that you can move on to the next option on the list.