The Colour of Consent - imagining a Ux/Ui

Consent is complex, however it has to be solved - so what would a user experience look like? Given that we have to convey an awful lot of messages in a very small space, in a short about of time and be sure we have done our best efforts to make the user aware of what they are agreeing to.


Given that under the ideals of data portability/ sharing the user should be able to choose, any system cannot favour or stop the user from doing anything, but we should enable the user to make an informed decision. 

This is not a solution, but presented as a conceptual framework of what we need to achieve. 



sets out the red, amber, green or some other colour base format. The colour itself would be calculated from answering a set of questions, and the answers to those questions will be key to informing the user about what the company can and will do with their data if the users agrees. A company cannot pick their colour, it is be calculated and provable based on a standard method ( which does not exist right now). An interesting model becomes when this is regulated and a company can be fined for incorrect / misleading presentation.

Red is implying to the user that the company is asking to copy all of the existing user data and then do what they like with it. 

Amber is implying to the user that the company will copy some, and only what is required, of the user data and will limit what they can do with it.

Green is implying that the company will not copy any data and will only access the data and will share any outcome with the user. 


This would link to the actual policy words but the core of this question/ answer would be; does the company want to take a copy of your data, copy some data, just access your data

This would link to the actual policy words but the core here is what the company can do with your data in regards to sharing. Are they able to do what they want, only limited or actually they don’t need/ want to share.

This would link to the actual policy words but does the company want to use data to profile you which only they can use or create insights for you that will be shared with you to add value. 

This would provide a link to show what data is going to be copied/ used

This would link to a policy statement, it will show how long the consent is granted for, one off, many, streaming, if limited to value, volume. It will show how and when the consent will end. It should also highlight if the company can sell on/ pass on/ transfer your data and what rights you have. It should also show how the user can revoke access/ consent and what will happen

This will / can be dynamic. This is either a market/ ecosystem generated star rating for the company to say that they are trustworthy or not. Or it could be an algorithm that determines a rating based on say how long the company has been established, how many users they have, are they being investigated, where they are located, how strong is their privacy statement and how accessible is it. 


As examples


A bank’s consent screen could be red with 5 gold stars as they want to copy some of your data into their own systems. 

A start-up’s consent screen could be green with no stars; showing good intent but has no proof

A utility company could be amber with two stars as they are recovering from a major data leak