Exploring why consent is really hard?
peeling back the layers — thanks to James Abell for the minecraft illustration.
We love the model or analogy about peeling an onion. We peel back one layer to reveal a new similar layer, each layer enabling us to offer a new idea or thinking and adding complexity. Often we use this model for ourselves to get to our inner core and what values drive us.
Consent: in digital context is being explored in many places by many people. Kantara and MEF are two good examples. However, I am finding that as I peel, explore and uncover the “onion” of layered consent, I find that the next layer is not more onion [with deeper inner meaning driving me to a core philosophy] but rather I find something totally new, indeed I don;t start with an onion but a coconut. Inside my coconut I find an orange, then a Kiwi, then a grapefruit, passing a passion fruit and then a dragon fruit. Peeling this inner core, I hope to find inner meaning but it only reveals a two spouted teapot!
Why use different layers; because they are different inter-related decisions that effect how the user will end up viewing and understanding what they see as consent. They are not all leading to one inner philosophy but rather different ones.
Digital consent if viewed as a simple outer layer. You asked a user to consent to enable a third party to do something with your data. There is a bunch of confusion about what you are providing consent for, to whom, for how long but these are simple attributes of a consent certificate. Just consider how Facebook uses the word privacy (it is a perference) or Apple’s model of Privacy (data stays on your device) or Google Privacy (it is a setting somewhere) — they all interrupt consent differently.
Next layer. (Orange) Who and how do you determine trust that the person requesting consent can be trusted and will be held accountable.
Next layer. (kiwi) Your data may be passed to third parties, who and where is consent and the ability to revoke. Is this consent controlled here or by the T&C’s. Does the consent get stored and passed, who has the true consent right now and how do you prove it. Is this supply chain terms or user data sharing terms?
Next layer. (grapefruit) I can directly influence the users choice of consent by design, colour and language (words and tense) — how ethical is this ?
Next layer. (passion fruit) Who decides ( responsible and accountable) what informed and explicit actually means for this consent, at this time, in this instance.
Next layer. (dragon fruit ) To innovate and create value I may need to ask for forgiveness rather than approval, but if we so set the rules of consent to approval only, it is likely that innovation and growth could be delayed or prevented. Is my funding stage, personal KPI ‘s or shareholders forcing certain demands/ requirements?
Next Layer. (two spouted teapot) To Opt-in or Opt-out and which do I choice to present to the user and how does it align to the privacy statement, design architecture and brand values? This seemingly core ideal is about your culture and thinking as a company, but does economic and commercial pressure mean you opt to ignore values?