Advanced Privacy Consent Systems
Note: This submission was contributed by the author to the Office of the Privacy Commissioner of Canada’s Consultation on Consent under PIPEDA.
Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.
PIPEDA’s accountability principle requires organizations to develop and implement policies and practices to uphold the Fair Information Practice Principles (FIPPs), including the obligation to obtain meaningful consent. The OPC states that the FIPPs challenge organizations, researchers and technologists to be more creative in how they present information to data subjects and use technology to build in privacy protections with a view to making consent more meaningful for data subjects. In this consultation paper we will elaborate on the OPC’s question:
“(w)hat tools (for consent) would be effective and who is best placed to implement them?”
Further, the OPC points out that data subjects have little time and energy to fully engage with privacy policies and face cognitive biases and practical constraints when making privacy decisions while controllers are confronted with the practical difficulties of trying to explain their personal information management practices.
A major challenge is how to author meaningful information about privacy risks in order to inform the data subjects’ decisions whether or not to provide consent.
Below, we will present a few of Signatu’s considerations behind the making of its advanced engine that allows controllers to author meaningful information in different output formats in order to inform the data subjects’ decisions whether or not to provide consent (see points 5-12 below).
Furthermore, the OPC points out that the complexity of today’s information ecosystem, especially in the context of cloud computing, big data and the Internet of Things (IoT), poses challenges to obtaining and providing meaningful consent.
Below, we will present a few of Signatu’s considerations behind the making of its advanced engine that allows for multiple scenarios in which controllers can integrate privacy policies into systems for delivery to data subjects through different channels, en bloc or layered or integrate parts of privacy policies at key points in the user experience (granular consent) (see points 13-14 below).
The full submission is available in the following language(s):
Note: As this submission was provided by an entity not subject to the Official Languages Act, the full document is only available in the language provided.
- Date modified: