This survey is used to research the patterns, uses, definitions and terms used for authorisations, permission-ing, agreements and consent. The scope of this research will be to just correlate answers by industry, authorisation format, state justification and to look at how these conform to the Consent Receipt (personal data processing receipt) and ISO 29184. The object will be to produce a summary and breakdown of the responses for use with future CISWG works.
Produce a summary that can contribute towards the development of common use and practice for use of terms in identity management, catalogue common dark patterns and identify existing or similar best practices that are conferment to consent receipt and ISO 29184 works. The
in contrast to transparency provided by a consent receipt format to identify a set of criteria for evaluating against a baseline for the development that is provided by the consent receipt v.1 + Legal requirements for the context.
Here is the link to the google forms survey,
CISWG Survey proposal - to ask WG members to pick a target type of survey and to facilitate the survey to create an initial data set to examine. (target segment table to be created)
This method: is to discuss on list (or on a call if time permits) comment on this page (in comment box below), suggest improvements or ask for clarification on this survey with the aim to start inviting people to use the survey after the CISWG meeting on September 12. To make this easy, the survey is narrowly scoped and focused on just collecting data to review, in order to set a basis for follow on research (if applicable).
Survey Summary
This is a short survey focused on assessing the terms used authorisations, consent based interaction, in permissions and agreements.
The Kantara Initiative Consent & Information Sharing WG, is working on a Personal Data Processing Receipt Specification, and has already produced a consent receipt that has been a basis for developing digital privacy records for services in and used with other standards efforts, industry and government.
The objective of this survey is to collect and audit the use of terms in the authorisation and permission-ing of personal data, and contrast against the standards used. The survey will aim is to inform the actual use of terms, and their interpretation from those who use them. As well as to consider a consent centric understanding of the various legal justifications for processing personal data.
More information can be found on the Kantara CISWG Wiki
Possible Follow On Research & Discussion
- Security & Privacy Risks, surveillance and dark patterns. e.g. → identification of the malicious and benign mis use of transparency.
- Terms: Legal, Technical, Business, Contract Vs Privacy, Governance Vs platform permissions
Background Research
Links to research to help inform this study
Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds
Natasha Lomas → https://techcrunch.com/2019/08/10/most-eu-cookie-consent-notices-are-meaningless-or-manipulative-study-finds/
Dark pattern links
- https://www.darkpatterns.org/types-of-dark-pattern
- https://uxdesign.cc/the-12-types-of-dark-patterns-and-why-you-should-care-38a7b584777b
- https://medium.com/greater-than-experience-design/how-to-avoid-ux-dark-patterns-when-asking-people-for-their-data-c8ea01565312
- https://www.eff.org/deeplinks/2019/02/designing-welcome-mats-invite-user-privacy-0