Since the European General Data Protection Regulation (GDPR) mandate, marketers worldwide have reluctantly appended privacy consent mechanisms to their site user flow. The dark patterns they use show they have no viable alternative but to collect cookie data. Consumers respond by providing fake data, using ad blockers and other techniques. Escaping this vicious cycle requires inserting a new catalyst – a Consent Commons.
Consumers without Tools
Privacy consent pop-ups and banners stand in the way of digital content and experiences. Both research and experience tell us that consumers improvise to hop the barrier to gain free access: ad-blockers, trash email accounts, and fake names and addresses
For even the privacy-savvy consumer, the mechanics of consent are simply too complex to navigate. The underlying clauses of privacy regulations written for lawyers and technologists turn into convoluted user interfaces. The deliberately confusing user-experience for opt-out and personal data transparency is frustrating for those who bother. And the variety and variability of consent-wall designs is impossible to learn.
When surveyed, consumers invariably want privacy and control over their data, yet online behaviors show that consumers are still prepared to give up those rights in return for free content. This is after all how the web was built. However, consumers are increasingly aware of privacy violations, surveillance and exploitation of their personal data. With regulation but no tools, consumers must still concede power to the corporate data brokers.
Publishers without Alternatives
Privacy regulations such as GDPR, CCPA and their variants are a huge impediment to how digital business has been conducted to date. All the research shows that consumers providing genuine informed consent negatively impacts acquisition and the journey to conversion. The first mover that provides a consumer-centric consent experience will be disadvantaged in competing to those who still violate or confuse.
The marketing KPIs for the collection and processing of personal data favor quantity over quality, so consumers’ fake data is still prized. Hence the incentivized behavior for marketers is to comply with privacy regulations while creating workarounds to continue data collection as before. Supporting this behavior are reputed vendors providing consent experiences rife with dark patterns, experts in collecting with pseudo-compliance.
Today’s marketer is restricted by compliance regulation, current business models, and established marketing processes and systems. All dependent on now unscrupulous methods of collecting personal data. Privacy enforcement and penalties are a risk that business are prepared to take to play in competitive markets for acquisition and attention. And thus the situation perpetuates, privacy regulation as a burden with few benefits.
A Privacy Conundrum
In my ideal world a consumer would define their consent preferences one time and post them into a single place. Every device they use to access content (browser, mobile, connected home and vehicle, IOT end-point) would reference those preferences as they accessed content. Publisher sites then automatically reach out for the privacy settings to be applied as the default.
This type of browser-side setting has long been proposed, but not adopted. Marketers’ addiction to freely collected personal data via cookies is not given up so easily. Those dark patterns of consent and business as usual seem to be working fine for now.
The conundrum is how to resolve the problem of what the privacy-aware consumer should be experiencing versus the data collection requirements of the marketer. In this case, using privacy legislation and compliance and the guardrails to a more mutually valuable process.
A Multi-Party Solution
The utopian solution is out of reach right now, but we can build an important stepping stone on the consumer side. Enable the consumer to learn their own preferred privacy settings. Those settings need to be extremely simple, applicable to all consent-walls and readily available for reference.
Consent Commons provides a simple way for the consumer to create their own pattern. Like a 4-digit PIN that evolves into a zig-zag on a numeric keypad, it is committed to muscle memory. The PrivacyTech Vendors are all committed to helping users protect their privacy, so the personal data stores would be an ideal place to create and manage these settings.
Early adopting privacy-aware consumers define and publish their privacy settings, which sets us up for the next part of the challenge – creating a compelling reason for publisher sites to adopt Consent Commons icons. Once adopted, consumers will see the icons and be able to quickly update the settings to their own preferences – as a proxy for browser-side settings.
Challenges and Opportunities
The Consent Commons provides an effective visual summary of what data is being collected, used, shared and where is stored. As part of this adoption strategy is needs to be active allowing consumers to state their preferences like the other consent wall experiences. This will demand additional symbols and widgets, designed to add minimal friction on the journey to access the content.
Then comes the critical challenge, how to incentivize publishers to abandon the dark patterns of consent and begin to give consumers the transparency and control. The carrot to GDPR’s stick. The MyData, Project VRM and Me2B movements are working towards a model where user consent is superseded by agency over their data.
Extending the Consent Commons standardized experience to include preference information and intent increases its value to all. To replace or even to add to consented cookie data this becomes the fuel for precision marketing and even intent-casting.
Consent Commons could take on the much needed role of personal data clearing house, standardizing and aggregating consumer’s preference data from various sources. As an unbiased body, providing the ontological and technical means to join consumer data. Adopting the clearing house approach for Personal Data Store technologies provides a viable alternative to marketers currently harvesting cookie data via deceptive consent experiences.
2 Replies to “A Commons for Privacy Consent”