Consent
Full Title or Meme
In the context of Identity Management Consent will mean the determination of the Intent of a Subject to Authorize the release of data that might be in the message or on a Resource Server whose release is controlled by the Subject.
Context
- The term Resource Owner (RO) is often used for the entity that control release of information. That term is misleading in that many controllers do not, in fact or in law, own the data.
The model of Notice & Consent, therefore, is
no longer relegated strictly to the legal realm; it is inherently a human-technology interaction problem, one that requires the expertise of those professionals and academics versed in human- computer interaction issues and, ideally, public policy and ethics. As discussed above, taking a step back to adopt a global, technologically neutral approach that is ethical, includes an awareness of society and involves industry is key. And, critically, professional UX designers – who fundamentally understand how people interact with technology – will need to tap into design thinking to try to address this intractable problem. How do we move forward?
Industry must
be included in this conversation at all stages or we risk a race towards compliance for compliance’s sake.
Redesigning Data Privacy: Reimagining Notice & Consent for human-technology interaction
Problems
Solutions
References
- See also wiki page Consent Grant
- Global Alliance for Genomics and Health: = Consent Policy