Consent Receipts For a Usable And Auditable Web of Personal Data

Vitor Jesus, Harshvardhan J. Pandit

Research output: Contribution to journalArticlepeer-review

Abstract

Consenting on the Web, in the context of online privacy and data protection, is universally accepted as a difficult problem, mainly because of its cross-disciplinarity. For example, any approach to online Consenting needs to meet usability, legal, regulatory, technical, and business requirements. To date, effort has been predominantly focused on meeting compliance with regulations and automation, and less on the true re-empowerment of users with respect to their personal data. One approach that has not seen sufficient research is the use of ’Consent Receipts’, which offer a new paradigm of recording interactions concerning consent and using them as proofs in future actions, similar to familiar use of a common shopping receipt. In addition to being a record, receipts encourage accountability in how technology handles consent and is beneficial for all involved stakeholders. For organisations, it assists with legal requirements for demonstration of valid consent, while for users it provides transparency and accountability by being a proof to be used against malpractices related to consent. Receipts also have uses in addition to those related to consent, such as for authorising the holder in exercising related rights. This paper analyses the requirements, uses, and benefits offered by Consent Receipts with an extensive and broad literature review. Since receipts are a novel concept, we identify properties and requirements, and then new mechanisms necessary for the Web to support receipts. We then demonstrate feasibility of receipts through proof-of-concepts in three common real-world use-cases: (a) acceptance of a privacy policy and its subsequent changes; (b) choices expressed via consent dialogues or cookie banners; and (c) verbal interactions with Amazon Alexa.
Original languageEnglish
Pages (from-to)28545-28563
JournalIEEE Access
Volume10
Early online date8 Mar 2022
DOIs
Publication statusPublished - 8 Mar 2022

Bibliographical note

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ .

This work was supported by the European Union’s Horizon 2020 Research and Innovation Program Next Generation Internet (NGI) Trust for Project 3.40 Privacy-as-Expected: Consent Gateway under Grant 825618. The work of Harshvardhan J. Pandit was supported in part by the Irish Research Council Government of Ireland Postdoctoral Fellowship under Grant GOIPD/2020/790, in part by the European Union’s Horizon 2020 Research and Innovation Program NGI Trust for Privacy as Expected: Consent Gateway Project under Grant 825618, and in part by the ADAPT Science Foundation Ireland (SFI) Centre for Digital Media Technology funded by Science Foundation Ireland through the SFI Research Centre Program Co-Funded under the European Regional Development Fund (ERDF) under Grant 13/RC/2106_P2.

Keywords

  • Companies
  • Europe
  • GDPR
  • General Data Protection Regulation
  • Law
  • Privacy
  • Technological innovation
  • Usability
  • accountability
  • consent
  • consent receipt
  • personal data
  • web

Fingerprint

Dive into the research topics of 'Consent Receipts For a Usable And Auditable Web of Personal Data'. Together they form a unique fingerprint.

Cite this