[How] Do Users Benefit From Giving Consent?
Workshop on Technology and Consumer Protection (ConPro) - co-located with IEEE Symposium on Security and Privacy (IEEE S&P)
✍ Harshvardhan J. Pandit* , Soheil Human* , Mandan Kazzazi*
publication 🔓copies: harshp.com , TARA , zenodo
📦resources: [How] Do Users Benefit From Giving Consent?
Proposal for research investigating what benefits, if any, do consumers get when consenting
Consent is meant to empower users by giving them a choice regarding the use of their personal data. Thus, organisations have the incentive to provide benefits, whether directly or indirectly, in return for consent. However, recent research has demonstrated the scale and scope of malpractices regarding consent on the web, where users are misled and coerced into giving away their personal data and privacy. In light of this, we call for investigating what benefits, if any, are specified in the context of consent; who benefits from it; and whether they can be observed in reality. We hope our work outlines the need to formally investigate the claims made when requesting consent and empowers users through greater transparency regarding benefits to make better-informed choices.
Considering that consent is used as a transaction by the organisation to legitimise collection, use, and sharing of user’s personal data, an important question to ask is who benefits from this , and what benefit or value do they provide in return . For websites, notices portray ‘benefits’ such as personalisation of advertisements and content, improvements to experience in a service, and measurement or analytics related to usage and performance metrics . Some are benefits to the organisation, such as analytics to improve services, which can also be an indirect benefit to the user. Others are directed to the user, such as personalisation and recommendations.
Evidence exists for the prevalence of malpractices such as dark patterns and not respecting user’s consent –, and poorly-defined purposes , – regarding consent on the web. However, to date, there has been no critical and methodological analysis investigating whether the purposes used for consent actually translate into any tangible or demonstrable benefits. More specifically, can and do users perceive benefits when consent is given as compared to when it is refused.
To investigate this, we propose a set of interdisciplinary methodological study in which researchers carefully study: (a) whether benefits exist in return for consenting; (b) how they are formulated or justified by data-controllers (c) whether they are clear and comprehensible; (d) whether they are legally justifiable; (e) can they be seen or demonstrated; (f) what ‘value’ does it provide to the user; and (g) do users perceive the benefit. For example, when websites specify consent for personalisation in ads, can we determine where ads will be shown, their form and manner, and can we distinguish ads influenced by giving consent. Through such analysis, our work will determine what ‘value’ is promised in lieu of consent, if it is actually provided, its scope and form, and if its impact is transparent to the user. We base this work on existing investigations regarding purposes of consent , human-centric views on consenting , and approaches for empowering users ,  to practice their privacy in pluralist  and sustainable  manners.
Methods & Potential Approaches
Sources of Information: cookie/consent notices, privacy/other policies, reports, publications, opinions of domain-experts;
Methodologies: surveys, interviews, focus groups, controlled and in-wild experiments, engagement with service providers, auditing, document analysis, data collection, data analysis;
Technological aspects: technological and algorithmic evaluation of benefits and their provision in services;
Legal compliance: conformance with legal frameworks;
Legal rights: rights provided by existing laws regarding benefits and information, e.g. Right to Access (GDPR A.15);
Information transparency: accessibility, availability, comprehensibility of information about benefits and its applicability;
Benefits within/across domains: benefits in the context of their respective domains, e.g. personalisation for retail and for medicine can have different consequences;
Linguistic aspects: quality, formulation, sentiment, readability, and vocabulary used in descriptions;
Users’ perspective towards benefits: knowledge, attitude, preferences in general and specific to domains/services;
Users’ perception when consenting: assess comprehension of benefits when interacting with consent requests, e.g. if a purpose is a benefit, to whom, and in what context;
Users’ perception after consenting: assess (immediate and long-term) comprehension of promised and received benefits;
Service Provider perspective: knowledge, attitude, perception, framing of service providers regarding benefits;
Actors involved: different parties involved and their relations;
Representation: UI/UX aspects, nudging, dark; patterns
Other human-centric aspects: heterogeneity, cognitive, collective, and contextual aspects  in relation to benefits.
This work is partially supported by the Internet Foundation Austria (IPA) within the NetIdee call (RESPECTeD Project; Grant#prj4625). Harshvardhan J. Pandit is funded by the Irish Research Council Government of Ireland Postdoctoral Fellowship under Grant#GOIPD/2020/790; European Union’s Horizon 2020 research and innovation programme under NGI TRUST Grant#825618 for Project#3.40 Privacy-as-Expected: Consent Gateway; and as part of the ADAPT SFI Centre for Digital Media Technology which is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106_P2.
Dissemination of this Work
For the purpose of Open Access the authors have applied a CC-BY-4.0 public copyright licence to any Author Accepted Manuscript version arising from this submission, and have deposited this article at https://doi.org/10.5281/zenodo.4601141.