I asked Peter Fleischer, Google's Global Privacy Counsel, a question about 'opt-in' or 'opt-out', in a panel session at the Computers, Privacy and Data Protection Conference in Brussels in January, to which he gave an interesting answer, but one that was greeted with more than a little dismay. In essence, his answer was that the whole question of 'opt-in/opt-out', and by implication the whole issue of consent, was a bit of a red herring. Unsurprisingly, that was not a popular view at a conference where many of the delegates were privacy advocates - but he did and does have a very good point. He went on to explain, quite reasonably, that if someone wants something online, they'll just consent to anything - scrolling down through whatever legalese is put in the consent form without reading it, then clicking OK without a second thought, just to get at the service or website they want. And he's right, isn't he? That IS what we all do, except in the most exceptional circumstances.
The question, then, is what can or should be done about it. Peter Fleischer's implication - one shared, it appears, by most in the industry, is that we should realise that emptiness and unhelpfulness of consent, and not bang on so much about 'opt-in' or 'opt-out'. We're missing the point, and barking up the wrong tree. And, to a certain extent, I'm sure he's right. As things stand, consent, and opt-in, and not really very helpful. However, it seems to me that he's also missing the point - whether deliberately, as it suits the interests of his employers to have opt-out systems and allow such things as browse-wrap consent on the net, or because he thinks there's no alternative, I wouldn't like to say - in the conclusions that he draws, and the suggestions as to what we do next.
If consent, in its current form on the net, is next to meaningless, rather than abandoning the concept as useless wouldn't it be better to find a way to make it more meaningful? This is something that many people are wrestling with - including the EnCoRe (Ensuring Consent & Revocation) group - and something I shall be presenting a paper about at the BILETA conference in Vienna next week. The way I see it, the internet offers unprecedented opportunities for real-time communication and interaction, for supplying information and for allowing users choices and options - shouldn't there be a way to harness these opportunities to make the consent process more communicative, more interactive, more 'real-time', and to give users more choice and more options?
Peter Fleischer's employers, Google, actually do some really interesting and positive things in this field - the Google Dashboard and Google's AdPreferences both provide information and allow options and choices for people whose data is being gathered and used - the next stage is for these to be given more prominence, for right now they're pretty hidden away, and it's mostly just the hackers and privacy advocates that even know they exist, let alone use them well. If they can perhaps Google can help consent to become much more than a red herring, and instead part of the basic process of the internet.