Law in the Internet Society

View   r3  >  r2  ...
MilanPreeSecondEssay 3 - 27 Dec 2020 - Main.EbenMoglen
Line: 1 to 1
 
META TOPICPARENT name="SecondEssay"

Facing the parasite: is consent an instrument of collective submission?

-- By MilanPree - 17 Nov 2020

Changed:
<
<
The European GDPR promotes individuals’ consent as a means of protection against the capture of their personal data. However, if individuals’ consent is obtained, it ipso facto justifies the collection of their data and frees companies from any other legal justification. Moreover, consent is one of the rare exceptions to the collection of so-called "sensitive" data, including biometric data. The objective of this essay is to criticize the relevance of consent, which emerges as a means of collective submission rather than protection.
>
>
The European GDPR promotes individuals’ consent as a means of protection against the capture of their personal data. However, if individuals’ consent is obtained, it ipso facto justifies the collection of their data and frees companies from any other legal justification.

Not precisely. GDPR intends to require consent not only for additional collection, but also for each form of use of the data, on the basis of regulated disclosure. That's important to be clear about here.

Moreover, consent is one of the rare exceptions to the collection of so-called "sensitive" data, including biometric data. The objective of this essay is to criticize the relevance of consent, which emerges as a means of collective submission rather than protection.

 

Consent has no value in practice

Line: 16 to 23
 In practice, it is illusory to expect individuals to have such an understanding. In fact, apart from a small minority of savvy people, nobody has a clue, so consent cannot be truly informed. People don’t know what data collection is, what a “cookie” is, what it means to click and hence consent, why it matters not to consent. In addition, due to a huge asymmetry of information, individuals can easily trust companies’ privacy bullshit.
Added:
>
>
Is this a real statement about how informed consent can work, or a complaint that the way informed consent does work in this domain is different from the nature of informed consent in the delivery of health care, or how fiduciary responsibility works in the provision of financial advisory or legal services? If the former, why is this a different problem than those in the other domains. If the latter, what is the evidence upon which you make this judgment, and how should readers inform themselves, given that you cite nothing whatever, in order to test your conclusion?

 

Consent is extracted

Changed:
<
<
In addition to the absence of informed consent, one practical problem of consent as protection is that the burden of investigation, and therefore the burden of privacy, is put on individuals. However, it is unrealistic in practice to require from individuals to read all the privacy clauses and pop-ups they are confronted to every day. How long would it take? 2 hours? 5 hours? The cost of reading privacy clauses is far too high.
>
>
In addition to the absence of informed consent, one practical problem of consent as protection is that the burden of investigation, and therefore the burden of privacy, is put on individuals. However, it is unrealistic in practice to require from individuals to read all the privacy clauses and pop-ups they are confronted to every day. How long would it take? 2 hours? 5 hours? The cost of reading privacy clauses is far too high.

How can these estimates be taken seriously? An average of 2 to 5 hours a day? If the actual number turned out, on the basis of some real data, to be 45 minutes a year or less, would the argument change? If so, where's your data?
 This excessive burden placed on individuals makes consent an unfair game, because individuals trade their privacy for more convenience, and we can’t blame them for laziness or consent fatigue: mechanical clicking and privacy carelessness is the norm. Hence, facing the parasite, consent is a quasi-inevitable abdication, fostered by the huge asymmetry of information between the individuals and the company they deal with.
Added:
>
>
But if, as in GDPR-land, collection and processing occur on an opt-in basis, then fatigued individuals can stop doing consent-work, and the result will be that they are opted out from the collection and processing. You should at least respond to this objection, because it is central to the difference between EU and US approaches.

 Therefore, consent appears as an instrument of collective submission rather than protection.
Added:
>
>
Not shown.

 Collective submission is all the easier thanks to platform’s design choices aimed at nudging and influencing people’s privacy choices, conditioning the consumer to mechanically and instantly “agree” without even paying attention to it, without even realizing it: consent becomes a mere unconscious click. Furthermore, pop-up and privacy clauses are perceived as nuisances to get rid of: go away pop-up, let me read my article and use my brand-new iPhone. Lastly, consenting appears as a condition for the use of attractive services, transforming the meaning of what one consent to: I do not consent to be tracked, I consent to UberEATS? !

The consent requirement seems irrelevant in theory

Line: 47 to 71
 Therefore, the logic of consent is irrelevant and dangerous because it gives and encourages the parasite to organize, favor and tilt the voluntary submission of individuals to its unbridled and liberticidal consumption. This voluntary submission is all the easier due to the lack of awareness and knowledge individuals have.
Added:
>
>
The goal of this draft seems to be to ignore the criticisms of consent that I offered at length in the course and to replace them with other arguments. One route to improvement would be to explain why the arguments I made aren't worth acknowledging, or why if they are acknowledged they are shown to be false or unimportant. Another route to improvement would be to make your analysis of GDPR more accurate, and to provide some of the evidence upon which your judgments depend. It would also be helpful to explain why "submission" is the correct concept to describe users' relationship to opt-in agreements for data collection and management. It would be useful to contrast GDPR approaches to consent with the other global regimes, to locate the EU concepts against the background. I am not an admirer of GDPR or a believer in the principle of consent, as I discussed at length in the course, but to my eye this draft fails to take into account what the drafters of GDPR intended and achieved.

 
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Revision 3r3 - 27 Dec 2020 - 15:27:22 - EbenMoglen
Revision 2r2 - 20 Nov 2020 - 15:54:59 - MilanPree
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM