Subarea D.3: AlterEgo for Consent Managament
Explicit informed consent and the closely related notion of notice are cornerstones of most privacy and data protection legislations. However, both concepts often fail in real-world scenarios to improve transparency for data subjects (individuals) and provide meaningful control options. Indeed, existing mechanisms for notice and consent management tend to falsely assume that users are informed actors always able to make rational decisions about whether or not to consent to the collection, use, and onward sharing of their personal data, based on an accurate cost-benefit analysis. As a matter of fact, most users are overwhelmed by the number and frequency of consent decisions they have to make in various everyday scenarios. Moreover, they face a dilemma when making decisions, as they can only choose between two extreme options: either allow nearly unconditional access to sensitive personal data or being refused access to the service altogether. As a consequence, users tend to paid limited attention to notices (Privacy policies and Terms of service on the bottom of websites, permission screens, etc), consent to whatever terms when using digital goods, and have a poor understanding of what consequences their decisions might have. In addition, the withdrawal/revocation of consent remains in most cases a complex, inflexible, poorly scalable, and error-prone process. Furthermore, these issues are expected to be further aggravated by the current convergence between cloud computing, the Internet of things, and big data towards new mobile and pervasive computing environments. Indeed, traditional consent management techniques already criticized in the past for their limitations appear inadequate for the emerging big data-driven mobile context.
This project aims to develop and empirically evaluate the foundations of a novel approach aiming at enabling fine-grained consent decisions (providing alternatives to the existing all-or-nothing approach which poorly fits peoples' needs), automated and context-dependent refinement as well as reliable enforcement and dynamic revocation of consent decisions. More precisely, the project will investigate the feasibility of agent-based automated consent management focusing on environments in which individuals' socio-technical contexts as well as their preferences, goals, and expectations are in constant evolution.