Gemäß DSGVO ist für viele Aktiväten nun die Einwilligung des Kunden (=Consent) notwendig. Heute mal ein kritischer Artikel dazu, warum dies unmöglich ist.
Even if you tried to create totally transparent consent, you couldn’t. Well-meaning companies don’t know everything that happens with the data they collect, particularly those that have succumbed, against their better judgment, to the pressures of online tracking and behavioral targeting. They don’t know where the data is going or how it will be utilized. It’s an ever-changing landscape. On the one hand, requiring consent for every use isn’t reasonable and may prevent as many good outcomes as bad ones. Imagine if new science suggests a connection between a property, or cluster of properties, and a particular cancer treatment. Returning for consent may impose obstacles that are impossible to overcome.
But on the other hand, what exactly does it mean to grant consent no matter what uses may come up in the future? Think about a surgeon explaining a procedure to a patient in great medical detail and then asking, “Are you OK with this?” We kid ourselves if we believe that consent is all that stands in the way of surgery and outcome. Most of us say OK not because we deeply grasp the details and ramifications but because we trust the institutions that educate and train surgeons, the integrity of the medical domain, and — at worst — the self-interest of the hospitals and surgeons wishing for positive acclaim and to avoid being sued.
It’s not that we don’t know what consent means; it’s that getting to a point where we understand the true sense of what consent means is impossible.
I hear the passion in your voice.
Stop thinking about consent! It isn’t possible, and it isn’t right. I respectfully but strongly disagree with my colleagues who believe that incremental improvement in consent mechanisms is the solution. My position is not that modeling “true” consent in this age of digital technologies is hard or even impossible, but that in the end, it’s simply not a measure of privacy! Take the Cambridge Analytica case. Very enlightened people complained, “Facebook shared the information without consent.” But was it really about consent? Based on all our behaviors, all the time, I promise you, if they had sought consent, they’d have gotten it. That’s not what outraged us. What outraged us was what Cambridge Analytica was doing, and has done, to democratic institutions and the fact that Facebook was so craven they didn’t care. Consent wouldn’t have mattered; it would have easily been attained.
We need to focus on approaches — “postconsent” approaches — that still rely on consent but not only on consent. Once we admit that consent is an inappropriate safeguard, we can ask, “Where do we go from here? How does a society address privacy and data collection?”
