Privacy and Informational Self-determination through Informed Consent: the Way Forward [CONFERENCE PAPER]

Privacy and Informational Self-determination through Informed Consent: the Way Forward [CONFERENCE PAPER]
Mohamad Gharib
International Workshop on SECurity and Privacy Requirements Engineering (SECPRE), 4 January 2022
Open Access
Abstract
“I have read and agree to the Privacy Policy”. This can be described as one of the biggest lies in the current times, and that is all what a service provider needs to acquire what can be called “informed consent”, which allows it to do as it pleases with your Personal Information (PI). Although many developed countries have enacted privacy laws and regulations to govern the collection and use of PI as a response to the increased misuse of PI, these laws and regulations rely heavily on the concept of informational self-determination through the “notice” and “consent/choice” model, which as we will see is deeply flawed. Accordingly, the full potential of these privacy laws and regulations cannot be achieved without tackling these flaws and empowering individuals to take an active role in the protection of their PI. In this paper, we argue that to advance informational self-determination, a new direction should be considered. In particular, we propose a model for informed consent and we introduce a proposed architecture that aims at tackling existing limitations in current approaches.