JOIN USConsent in the digital age
One of the hardest parts about working in tech policy is explaining to people what the work entails. Recently, I met a long-lost friend from high school. Like most people who you meet after a while, he ended up asking me what I was working on these days. It was one of those moments when I wished that data protection was as commonly understood a term as is accounting or litigation.
In so many such conversations, I realise most people understand working in tech policy as looking at terms and conditions.
It is the lowest common denominator for people who directly interface with the idea of data protection through the ‘I Accept’ button. That is the gap I sometimes try to fill through this column, with mixed results.
So let’s take some time to look at terms and conditions, and broadly, consent. When most people click ‘I Accept’, they do not know what they are consenting to. And whether this consent is valid is a topic of discussion among privacy experts around the world. While some believe that consent is the bedrock of the modern digital economy, others find the notion of accepting terms and conditions outdated.
I believe that the argument for why consent in its current form is essential has been well made. It serves as a get-out-of-jail card for companies who collect and process our data.
I remember a coffee brand using facial recognition as a means for customers to access its loyalty programme. The terms and conditions infamously stated that “the customer should not expect that their personal information will remain private”. If not for the privacy policy, implementation of the programme would not have been possible.
The fact that the company could design its privacy policy with such wordings is also a good argument for why consent is no longer a feasible means to safeguard privacy.
Rahul Matthan, in his book ‘Privacy 3.0’, sums it up brilliantly.
Outdated method?
Here are a couple of broad reasons he lists out why consent in its current form is outdated:
* Fatigue: Today, data about us is collected, processed, and used in more ways than we can imagine. The standard contracts that we agree to are complex and impossible to understand. It is why companies can claim that users should not expect that their personal information will remain private. That, coupled with the sheer number of contracts we end up accepting, means that we are providing consent without understanding what we are consenting to.
*Interconnection: If you were able to read and understand the terms and conditions, you would realise that the documents pass the burden of safeguarding your data away from companies and that consents provided at different times can authorise patterns of data collection that no one service provider could have foreseen.
Not only does consent need to be updated, but it also needs to be reimagined for a world that might not always understand why sharing information is important.
For example, most people cannot immediately understand why an app like Google Pay might need access to location data. If there is fraudulent activity, then knowing where it happened can be an essential piece of information to getting remedial action.
As tech advances and applications become more interconnected, the need for consent increases while the method through which it is collected remains outdated. Terms and conditions got us till here; we should not let them take us any further.
The writer is a policy analyst working on emerging technologies. He tweets @thesethist
Tech-Tonic is a monthly look-in at all the happenings around the digital world, both big and small.