Language selection

Search

Real Results Vol. 3

July 2021

Protecting Privacy Rights
through Innovative Research

Is “Meaningful Consent” a Contradiction in Terms?: Three Design Jams Seek the Answer

As Canadians continue to embrace connected devices, are they aware of the privacy trade-offs they might be making? Are they ‘meaningfully’ consenting to how these devices collect and use their information?

 

Someone touching a checkmark badge on a computer screen.

3964 words and 18 minutes. According to one study, that’s the average word count of a typical privacy policy, and the average time it takes someone with proficient reading abilities to read it.

Let’s be honest, like millions of other Canadians, when we get a new device, whether it’s a smart watch, a digital personal assistant, or even a wearable health monitor, we typically pull it out of the box and rapidly click "Agree" regardless of its terms of service and privacy policies. We impatiently scroll and finger-swipe our way down lengthy and arcane ‘consent’ agreements, replete with opaque legalese – without knowing what information will be collected about us, who will get to look at it, and what it’s actually worth in the burgeoning data market.

And once we click “Agree”, it’s entirely possible that multiple companies will end up knowing more about our daily habits and activities than many of our closest friends and neighbours. We quickly ‘agree’ even though we are keenly aware that companies will possess sensitive information about us, that data breaches are a common occurrence, and that our personal information can be both used and abused.

But what choice do we have? Against our better judgment, we ‘agree’ because we want to use technology. In some cases, we need to use it. And who among us has the time, expertise, or inclination to become privacy, legal, or datamining experts? So we click “Agree”, and hope for the best.

Decorative elementDecorative element

“Once we click “Agree”, it’s entirely possible that multiple companies will end up knowing more about our daily habits and activities than many of our closest friends and neighbours.”

Under the federal Personal Information Protection and Electronic Documents ActPIPEDA, as it is known – organizations are required to obtain “meaningful consent” for the collection, use, and disclosure of personal information. In order for consent to be meaningful, organizations must inform individuals of their privacy practices in a comprehensive and understandable manner.

However, many privacy experts believe that complex legal agreements with private companies and governments that collect, analyze, and store our personal information do not constitute meaningful consent.

Even though some would argue that PIPEDA is old and obsolete, consent remains central to personal autonomy and continues to play a prominent role in privacy protection – where it can be meaningfully obtained.  

Sometimes when a problem seems intractable, the best way forward is to get everyone in a room to try and figure things out. To grapple with the relationship between technology and meaningful consent, the OPC issued a call for “Design Jams” – collaborative brainstorming events that bring together experts from varied backgrounds to generate solutions in a creative environment.

Applicants were asked to develop proposals that aimed at developing new, cutting-edge consent solutions that incorporate the OPC’s Guidelines for obtaining meaningful consent.

Three Design Jam projects were funded. To learn more about each project:

Decorative element

What Is a “Design Jam”?

Birdview of participants at a brainstorming session.

Jams bring people together for facilitated dialogue and co-creation in response to a design challenge – acting as an incubator for new ideas, projects, and organizations.

Vancouver Design Nerds Society

 

Decorative element

Technology and Meaningful Consent by the Numbers

 



The estimated number of connected devices in the world.
(Institute of Electrical and Electronics Engineers)

 



The average number of connected devices, including smartphones and smart TVs, in U.S. households
(Deloitte)

 



The length, in words, of the average privacy policy
(New York Times)

 



The average time it takes someone to read a privacy policy, with most requiring proficient reading abilities
(New York Times)

 



The percentage increase in the number of words in the average privacy policy since 2008
(Into The Minds)

Other articles from Real Results


Disclaimer: The OPC’s Contributions Program funds independent privacy research and knowledge translation projects. The opinions expressed by the experts featured in this publication, as well as the projects they discuss, do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.

Date modified: