“Consent” is a fundamental part of processing user data. It has a special place at the heart of digital privacy theory. Given the importance of consent, it shouldn’t be surprising that there’s plenty of legal wrangling over how it’s defined.
Most people are familiar with the basics of online consent. Indeed, “consent” is a fundamental part of processing user data. It has a special place at the heart of digital privacy theory.
Early privacy scholars like Alan Westin advocated for a “notice and choice” model of user privacy that’s still popular today. In this model, consent is the key that unlocks a processor or business’s ability to leverage user data.
Given the importance of consent, it shouldn’t be surprising that there’s plenty of legal wrangling over how it’s defined. In the past, simply visiting a website might have considered an implied form of consent, in other words, it suggested the website could use visitors’ data however they wished. That’s not the case any more.
Now, the gold standard for consent is called “informed consent.” Under GDPR, this means:
The CCPA’s “Do Not Sell” is an attempt at solving modern questions of online consent. Typically the user journey for managing consent preferences for a given company is long and circuitous. If a user wants to withdraw their consent regarding the selling of their personal data, they might have to visit multiple web pages and complete multiple different request forms, each of which would be processed by a different business department.
CCPA seeks to remedy this by making companies feature one big “Do Not Sell My Personal Information” button on their homepage and in their privacy policy. The aim is make it easier for users to manage their preferences so that exercising rights of their data doesn’t take as much effort.
You can learn more about the CCPA’s “Do Not Sell” provision in our dedicated article.
One of the most discussed aspects of CCPA is the design of the “Do Not Sell” button. There’s been confusion over how the button should look because of ambiguity in the user choice. Do users check a box to say “Yes, do not sell my information”? Or un-check a box to say “No, do not sell my information”? Faced with calls for clarification from the public, the California Attorney General’s Office issues additional guidance on the button, including the below example of acceptable design:
The confusion around “Do Not Sell” interaction design -which wasn’t fully alleviated by the image above, speaks to the need to for clear guidance and ongoing dialog between privacy authorities and relevant business stakeholders.
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo