On January 15, 2023, Prof. Daniel J. Solove at the George Washington University Law School published an article “Murky Consent: An Approach to the Fictions of Consent in Privacy Law”. The research proposes a new concept Murky Consent, addressing the problematic consent from the end-users to the service providers on how the latters process the formers’ data, especially personal data.    

Image by azerbaijan_stockers on Freepik

First is the failure of current consensual systems in the EU and the U.S. 

Prof. D. J. Solove addressed the failure and fictions of express consent and notice-and-choice consent in both privacy laws in the EU and the U.S. respectively. It is undeniable that his criticism is the reality that many of us try to turn a blind eye or self convince that the users’ consent is the best and one-fit-all solution. Accordingly, the consent is usually ambiguous, subject to undue influence, distorted by old notions and expectation and incomprehensive due to the lack of full information. Furthermore, as average people, we are unequipped and unable to grant that much consent everyday, on every website, online services, and document that our name is mentioned on it with the request to process our personal data.  

Second, the new concept of Murky Consent

Beyond the binary of two current notions of consent, the Murky Consent proposed exists in the grey middle ground between full consent and non-consent which is highly ambiguous and dubious. Thus, it’ll lack the legitimacy of full consent and functions as a limited and weak licence to use personal data. In parallel, this new notion requires additional guardrails, defining the boundaries of reasonable expectation of privacy respect based on good faith and fair dealing principles. Then, it will have to balance between the individual’s autonomy and an acceptable option. Therefore, in the ideal situation where we fully understand the privacy aspects of the services provided, most of us would choose.         

In addition, the guardrails must provide to the Murky Consent: 

1. Limited Scope of data collection, retention period, necessary using purposes (minimisation principle); 
2. Robust duties to protect individuals, prioritising the individual’s interests and avoiding unreasonable risk; 
3. Appropriate obtaining and revoking mechanism where the Murky Consent is  obtained proportionately to the risks, through proper means and revocable in any case; 
4. Assurance to avoid unwarranted societal harm.   

For the full text of the article: https://ssrn.com/abstract=4333743 

For more about the cookies consent on AstraIA Gear: https://www.astraiagear.com/2023/01/18/edpb-report-on-a-common-standard-of-cookie-banner/