Digital services have undergone a shift to multi-actor constellations characterised by the utilisation of personal data. By involving external actors, service capability and variety increase but so does the number of actors that gain access to personal data. Here, privacy policies are legal documents that serve two primary functions: specifying the purpose and details of data processing in a binding manner and informing users about it. Privacy policiestherefore have special importance in which the processing is based on user consent. In a case study of the platform eBay, we identified 18 problems that point out difficulties in achieving consent in a meaningful way in today’s large-scale and massively interconnected digital service ecosystems. Based on these problems, the design goals are determined which help to find meaningful consent in digital service ecosystems. These goals include notifications for changed purposes of data processing in ecosystems or the reasonability of time needed for consent in relation to the usage time of the service. Thus far, no legal limits govern the reasonability of efforts for consent to privacy policies. This requires a fundamental rethinking of the concept of consent or far-reaching automation of privacy-related legal acts.
Kurtz, Christian; Wittner, Florian; Vogel, Pascal; Semmann, Martin; and Böhmann, Tilo, "Design Goals for Consent at Scale in Digital Service Ecosystems" (2020). In Proceedings of the 28th European Conference on Information Systems (ECIS), An Online AIS Conference, June 15-17, 2020.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.