Affiliation:
1. Department of Information Systems and Operations Management, Vienna University of Economics and Business, Welthandelsplatz 1, 1020 Vienna, Austria
Abstract
The General Data Protection Regulation (GDPR) identifies consent as one of the legal bases for personal data processing and requires that it should be freely given, specific, informed, unambiguous, understandable, and easily revocable. Unfortunately, current technical mechanisms for obtaining consent often do not comply with these requirements. The conceptual consent request framework for mobile devices that is presented in this paper, addresses this issue by following the GDPR requirements on consent and offering a unified user interface for mobile apps. The proposed conceptual framework is evaluated via the development of a City Explorer app with four consent request approaches (custom, functionality-based, app-based, and usage-based) integrated into it. The evaluation shows that the functionality-based consent, which was integrated into the City Explorer app, achieved the best evaluation results and the highest average system usability scale (SUS) score. The functionality-based consent also scored the highest number of SUS points among the four consent templates when evaluated separately from the app. Additionally, we discuss the framework’s reusability and its integration into other mobile apps of different contexts.
Funder
the city of Vienna under Digital Humanism programme
FWF Austrian Science Fund
Internet Foundation Austria
FWF Elise Richter and netidee SCIENCE programmes
Reference47 articles.
1. Kranig, T. (2019). Report of the Bavarian State Office for Data Protection Supervision, Bavarian State Office for Data Protection Supervision. Technical Report.
2. European Data Protection Board (2021). Belgian DPA Imposes €50,000 Fine on Family Service, European Data Protection Board.
3. European Data Protection Board (2021). Norwegian DPA: Order to Improve Solutions for Consent, European Data Protection Board.
4. Broad consent versus dynamic consent in biobank research: Is passive participation an ethical problem?;Steinsbekk;Eur. J. Hum. Genet.,2013
5. Costante, E., Sun, Y., Petković, M., and den Hartog, J. (2012, January 15). A Machine Learning Solution to Assess Privacy Policy Completeness: (Short Paper). Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, WPES ’12, Raleigh, NC, USA.