* Any views expressed in this opinion piece are those of the author and not of Thomson Reuters Foundation.
Data are being collected each time we go online, and though it's unclear what harm that could cause, we agree to it over and over again
Linda Jeng is Visiting Scholar on Financial Technology at Georgetown University Law Center’s Institute for International Economic Law.
Kaitlin Asrow is a researcher and subject matter expert on data policy.
Imagine going to a restaurant, and after sitting down you are given a large contract laying out how your food will be prepared. You have to read the contract on an empty stomach, can’t change anything about its content, and if you didn’t agree to it, you have to leave without dinner. This experience would quickly deter us from dining out.
This sounds implausible, but it happens across our digital lives every day. Data are being collected, processed, and stored each time we interact with a webpage, app or service, it is unclear whether this is necessary, and what harm it could cause in the future, and yet we agree to it over and over as pop-ups flash across our screens.
Very few people have the time, much less the knowledge, to read and understand the lengthy user and privacy agreements of the apps they download or the websites they visit.
Researchers at Carnegie Mellon conducted a study in 2008 and calculated that it would take a person 25 days out of the year to read the privacy policy of every website visited (and this figure was calculated before mobile apps became widely-used).
The New York Times reviewed 150 privacy policies and the average readability was on par with reading the philosopher Immanuel Kant. But we still click “Agree’ because we need the product, we don’t feel there is a choice, and we are predisposed to avoiding those long contracts in the first place.
So how do we move to an online world that can be more like our favorite pizzeria? Where we visit digital spaces without signing a huge contract and still trust that we will get what we ordered, and that it won’t give us virtual food poisoning?
The restaurant industry has two lessons in which we can borrow. First, there are food safety and hygiene standards. This makes us confident that we are choosing from good options that won’t harm us.
The second is transparency. We can tell the difference between soup and salad, and we usually know if we were given the wrong dish.
First, the most important element of redefining digital consent is shifting responsibility away from consumers. Just like we can’t go into the kitchen and monitor what the cook is doing, we cannot verify that digital activities are safe for us, and what we would reasonably expect to occur.
Several groups have proposed new legitimacy tests for digital activities that shift the burden away from individuals.
New laws like Europe’s General Data Protection Regulation (GDPR) also introduce concepts that require entities to demonstrate legitimate interest before engaging in activities. Frameworks like these have the potential to improve trust across digital services significantly.
The second element is innovating around informed consent. While consent should not shift responsibility to consumers for safety and appropriateness, it still may be valuable to provide individuals with transparency and agency.
Even though I know my food is safe, I still want to customize my order or send it back if something is wrong.
Innovating around consent and disclosures is exceptionally hard, but we see increasing calls to do just this – especially within the financial services. For example, credit card companies are required to include a standardized list of disclosures, including the annual fee, APR, late payment fees, other transactional fees, grace periods, etc.
Despite this, education is still needed to walk consumers through this information.
Today there are persistent calls for improving digital disclosures and consent prompts for consumers. Numerous states, including Virginia, Illinois, Nevada, Vermont, Maine, New York, Washington, Utah, are following California’s lead and have adopted or are considering data privacy legislation.
The Consumer Financial Protection Bureau is also now examining how it might develop new regulations to ensure consumers have rights to access financial records, with many calling for standardized disclosures and consent models that should improve clarity and transparency.
Improving disclosure and consent will become even more necessary as innovation pushes into the digital future of programmable money and exploration of central bank digital currencies.
Finally, it may be time for our technical innovators’ brilliance to be directed towards user experience with disclosures and consent. Apple has come out with a new nutrition label to teach us about app privacy as a start. There is also a long history of apps and digital spaces nudging us towards everything from buying new shoes to taking more steps.
What if we turned that behavioral insight, human-centered design, and UX expertise towards making digital activities more transparent and participatory?
That work, combined with a structure that instills trust in the safety and legitimacy of activities, may finally give us a true seat at this re-defined digital table.