Re: [proposals] Why would notice and consent not be adequate? (#5)

@darobin The papers you've shared are interesting, really. For example, from the first one "[a method of privacy regulation which promises transparency and agency but delivers neither](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3354129)" below is an interesting part :

> Fundamentally, “notice and choice” is a misnomer when few privacy notices offer sufficiently meaningful information capable of influencing the user’s ultimate decision, and when a choice of whether to accept all the terms offered or simply seek a different product is often no choice at all. Notice and choice has been roundly criticized by policymakers, academics, social scientists, advocates, and others for quite some time, and with good reason. The idea that a generic description of a company’s practices could possibly provide a sufficient disclaimer as to what data a company collects and how the data is used begs credulity; considering that the description is generally written in ten-point font and inscrutable legalese, is buried on the company’s website, and is one of an unmanageable number that individuals encounter in a day, the proposition is laughable. People encounter so many privacy policies in their daily lives that it would be irrational to read each of them—one study calculated that it would take the average person 200 hours per year. There are also all kinds of cognitive phenomena that prevent individuals from obtaining meaningful information from privacy policies in the way that a notice and choice regime assumes they do, such as hyperbolic discounting and optimism bias.

The researches show many people indicates there are issues with notice and choice. True indeed. During the meeting, it has been recalled that the purpose of this group is to be focused on technical ideas and apply the laws (not focus on writing legislation or policy). True as well. We have the opportunity to build (re-build) products all in the scope of the law to protect user's privacy. People do not understand the cookies, too much pages to read, sometimes really technical etc... 

As it's our role to help the advertising ecosystem to evolve, I think it's also our role to make sure the user gets all the information (not simple for sure but we have to) via a clear, transparent, readable, accessible and controllable mechanism. Otherwise, some areas could face some issue for using them (e. g. EMEA with GDPR)

-- 
GitHub Notification of comment by anderagakura
Please view or discuss this issue at https://github.com/patcg/proposals/issues/5#issuecomment-1034782773 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 10 February 2022 11:02:32 UTC