- From: Robin Berjon via GitHub <sysbot+gh@w3.org>
- Date: Thu, 10 Feb 2022 00:59:23 +0000
- To: public-patcg@w3.org
A person's autonomy is their ability to make decisions of their own volition, without undue influence from other parties. People have limited intellectual resources and time with which to weigh decisions, and by necessity rely on shortcuts when making decisions. This makes their preferences, including privacy preferences, malleable and susceptible to manipulation. A person's autonomy is enhanced by a system or device when that system offers a shortcut that aligns more with what that person would have decided given arbitrary amounts of time and relatively unlimited intellectual ability; and autonomy is decreased when a similar shortcut goes against decisions made under such ideal conditions. The failure of notice and consent regimes is widely documented (as has been pointed out to you several times over). Here is a very cursory list from the primary literature: * Notice and choice as "[a method of privacy regulation which promises transparency and agency but delivers neither](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3354129)." * [Digital Market Manipulation](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2309703) * [The Pathologies of Digital Consent](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3370433) * [More Than You Wanted to Know: The Failure of Mandated Disclosure](https://bookshop.org/books/more-than-you-wanted-to-know-the-failure-of-mandated-disclosure/9780691161709) * [A review of what we already knew about privacy in 2015, in _Science_](https://www.heinz.cmu.edu/~acquisti/papers/AcquistiBrandimarteLoewenstein-S-2015.pdf), including on the malleability of expressed privacy preferences * [Privacy and Innovation](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1866085), which shows that consent regimes favour large players over small ones and therefore have negative competition effects * [The Competitive Effects of the GDPR](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3548444), also shows that consent creates competition issues * [Website design as contract](https://heinonline.org/HOL/LandingPage?handle=hein.journals/aulr60&div=44&id=&page=) * [The Role of Push-Pull Technology in Privacy Calculus: The Case of Location-Based Services](https://www.tandfonline.com/doi/abs/10.2753/MIS0742-1222260305) * [Misplaced Confidences: Privacy and the Control Paradox](https://journals.sagepub.com/doi/abs/10.1177/1948550612455931), in which giving the impression of control is manipulative * [Privacy policies as decision-making tools: an evaluation of online privacy notices](https://www.semanticscholar.org/paper/Privacy-policies-as-decision-making-tools%3A-an-of-Jensen-Potts/989347d793f2862249dd4c0506bc864deea7cc01), notices don't work to inform people * [The Cost of Reading Privacy Policies](https://kb.osu.edu/bitstream/handle/1811/72839/ISJLP_V4N3_543.pdf), there are too many notices anyway * [Industry Unbound](https://bookshop.org/books/industry-unbound-the-inside-story-of-privacy-data-and-corporate-power/9781108492423), covers this broadly I have spent way too much time reading on this topic and I am not aware of a single study showing that notice and consent is ever effective except in very specific cases that do not include persistent capture. -- GitHub Notification of comment by darobin Please view or discuss this issue at https://github.com/patcg/proposals/issues/5#issuecomment-1034371806 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 10 February 2022 00:59:25 UTC