Informed Consent: We Can Do Better to Defend Privacy

TL;DR

This paper critiques the reliance on informed consent for privacy protection, highlighting its behavioral limitations and advocating for stronger protective regulations over empowerment-focused policies.

Contribution

It challenges the effectiveness of informed consent in privacy law and proposes a shift towards protective regulations rather than solely empowering individuals.

Findings

Informed consent often fails due to behavioral biases.

Current privacy laws inadequately address behavioral targeting issues.

Stronger protective rules are needed to effectively safeguard privacy.

Abstract

We need to rethink our approach to defend privacy on the internet. Currently, policymakers focus heavily on the idea of informed consent as a means to defend privacy. For instance, in many countries the law requires firms to obtain an individual's consent before they use data about her; with such informed consent requirements, the law aims to empower people to make privacy choices in their best interests. But behavioural studies cast doubt on this approach's effectiveness, as people tend to click OK to almost any request they see on their screens. To improve privacy protection, this article argues for a combined approach of protecting and empowering the individual. This article discusses practical problems with informed consent as a means to protect privacy, and illustrates the problems with current data privacy rules regarding behavioural targeting. First, the privacy problems of behavioural targeting, and the central role of informed consent in privacy law are discussed. Following that, practical problems with informed consent are highlighted. Then, the article argues that policymakers should give more attention to rules that protect, rather than empower, people.