Privacy and Identity: How do we ensure informed consent?

Online consent forms are ubiquitous. You must enable cookies and accept privacy policies and terms of use for almost every site you visit. How many people actually read these forms, or know what they mean?

I recently visited the CNN home page and was met with a small banner at the bottom of the screen. It read “By using this site, you agree to our updated Privacy Policy and Terms of Use.” I did not have to read through these terms or agree to them to access the site; my consent was given (without my consent!) immediately upon visiting. By clicking to view the Privacy Policy, I learned that my location could be tracked, my IP data monitored, and social media data captured, including my name, email, photos, gender, and social network.

Sadly, this did not surprise me, and it probably would not surprise most readers. We are used to giving this data away as a price to pay for Internet access and the convenience that the Internet provides us. We can read the news for free from home. We can pay our bills online. We can go grocery shopping without leaving the house. We can look at our friends’ vacation photos and send them messages. We like having these conveniences, but they come at a cost.

We give away our consent freely because we have been conditioned to do so. But giving away pieces of our identity data has risks. I’ve attempted to catalog those risks in the chart below.

Identity Data Risk Table

The chart is categorized by color according to layers of identity data.

Green pieces of information are what I call Social Relationship Data. This information is required to have relationships with others, and is mostly used for messaging and identity verification in social networks.

The gray layer contains what I call Societal Integration Data. This information is necessary to obtain basic, crucial services. Shopping and banking are made possible by this information (in addition to Social Relationship Data). To live without an address or access to financial institutions can create difficulty in finding work and fulfilling basic needs.

Blue data are what I call Existential Data. This information is core to your personhood and cannot be changed. It is, consequently, the most important information about you. Discrimination based on health status and citizenship status is widespread, and this layer of identity data is most frequently used to cause personal harm.

I’ve created what I call the “Identity Rainbow” to illustrate these layers, pictured below.

Identity Rainbow

When we share data about ourselves online, it is almost always data from the Social Relationship and Societal Integration layers. We allow this data to be shared because we have faith in institutional safeguards that protect us from the dangers of losing this data. We assume that banks will protect us if someone steals our credit card and misuses it. We assume the police will protect us if someone finds our address and angrily comes to our house.

We do not worry about keeping this data private because the risks of losing this data are low. They are not low for everyone—those under threat of physical violence, for example, would want to keep their address and location private. The convenience of sharing that data for those individuals does not outweigh the danger. But for most people, the convenience of home delivery outweighs the fear of home invasion.

This is a calculated risk that can be provided with consent. However, to ensure informed consent, we must be aware of those risks and actively choose to embrace them. By stealthily sharing identity information about me, corporations abuse their trust.

Informed consent requires active sharing of information in a deliberate, thoughtful fashion. It should allow us to choose which layers of identity data to share with different organizations and require us to proactively make this choice. However, doing this on a website-by-website or organization-by-organization basis is tedious and leads to disengagement. Consequently, we shrug off important consent forms and freely share our information without realizing it.

The creation of universal online identities with inherent privacy settings, such as a firewall, would give control back to users and allow for truly informed consent. However, it is important to consider what information this should entail. Information from the Social Relationship and Societal Integration layers allows us to easily act as consumers and fulfill our day-to-day needs. Existential information is required, however, for health care services, paying taxes, voting, and other important needs.

Identity Data Web

If we were to combine all of our identity information under one identity, we could allow integrated access between all of the institutions that currently safeguard that data, including the government, hospitals, banks, and corporations. However, allowing access to all of this data creates existential risk. Obtaining access to all layers of identity information can result in identity theft and a complete loss of freedom—a literal erasure of your existence.

Given the risk, is informed consent to sharing this information ethically permissible? Are there any benefits that outweigh the danger, and in what circumstances? The answer, as I see it, is no. A universal identity, whether centralized or decentralized, should take this into consideration and ensure that existential data is not linked or stored together with other forms of identity information.