Abstract
Research consistently indicates that individuals value their online privacy, yet they frequently disclose their personal information, often in exchange for trivial benefits. This divergence creates a regulatory dilemma: should policy privilege stated preferences for protection or observed preferences for convenience? This dilemma can be observed directly in the European Union (EU) as lawmakers reconsider whether traditional banner-based consent should be replaced by lower-friction mechanisms such as browser-level automation or default-based governance through new regulations such as; digital omnibus regulation. Specifically, the ePrivacy Directive (Directive 2002/58/EC, 2002) is meant to align with the attitude of the users, mandating a user’s choice to consent to use cookies. While this regulation explains that users should be given an option to opt-in, some argue that by over-emphasizing user privacy, the user’s time and experience are compromised . The proposal of these new regulations Digital Omnibus Regulation Proposal aims to solve the consent fatigue problem, but it presents concerns for users who prefer privacy above all else. Our research helps in solving this dilemma by focusing on how policy interventions that attempt to balance these competing values affect user behavior and privacy decisions. This study will investigate how alternative consent architectures shape actual privacy-protective behavior. Drawing on bounded rationality, we argue that point-of-use prompts impose cognitive demands that can both motivate deliberation and produce fatigue. Reducing interaction costs may therefore decrease mental workload while simultaneously altering perceived control and trust, with uncertain consequences for behavior. We will conduct a controlled online experiment comparing three environments: legacy action-based banners, automated browser signals, and silent defaults with ex-post adjustment options. Transparency will be manipulated at high versus low levels. Rather than relying on intentions, we record behavioral outcomes including visits to privacy settings, opt-out decisions, and time allocated to information review. We further examine how trust, perceived control, and mental workload explain responses to different policy designs. By linking regulatory architecture to observable action, our study will provide evidence to inform ongoing debates about how digital consent should be governed. The findings will help to clarify when friction reduction enhances welfare and when it risks substituting opacity for autonomy.
Recommended Citation
Machavarapu, Tirumala Vamsi; KAUR, JOTI; and Smith, Kane J., "From Clicks to Signals: The Behavioral Consequences of Automating Privacy Consent" (2026). AMCIS 2026 TREOs. 20.
https://aisel.aisnet.org/treos_amcis2026/20