Social Networking Services provide services in return for rights to commercialize users’ personal data. We argue that what makes this transaction permissible is not users’ autonomous consent but the provision of sufficiently valuable opportunities to exchange data for services. We argue that the value of these opportunities should be assessed for both (a) a range of users with different decision-making abilities and (b) third parties. We conclude that regulation should shift from aiming to ensure autonomous consent towards ensuring that users (...) face options that they will use to advance individual and common interests. (shrink)

In recent years, insurance companies have begun tracking their customers’ behaviors and price premiums accordingly. Based on the Market-Failures Approach as well as the Justice-Failures Approach, I provide an ethical analysis of the use of tracking technologies in the insurance industry. I focus on the use of telematics in car insurance and on the use of fitness tracking in life insurance. The use of tracking has some important benefits to policyholders and insurers alike: it reduces moral hazard and fraud, increases (...) actuarial fairness, and incentivizes safe behavior. These benefits, however, are outweighed by significant moral objections. First, the use of tracking technologies significantly undermines the fairness of the interaction between insurance companies and policyholders. Specifically, the use of tracking eliminates information asymmetries, but in such a way that favors insurers exclusively. Furthermore, tracked behaviors and the ability to choose to behave safely are highly correlated with other variables such as income. Therefore, tracking-based insurance relies on and exacerbates existing inequalities and injustices, which undermines the benefits that tracking is supposed to introduce. (shrink)

Through the exponential growth in digital devices and computational capabilities, big data technologies are putting pressure upon the boundaries of what can or cannot be considered acceptable from an ethical perspective. Much of the literature on ethical issues related to big data and big data technologies focuses on separate values such as privacy, human dignity, justice or autonomy. More holistic approaches, allowing a more comprehensive view and better balancing of values, usually focus on either a design-based approach, in which it (...) is tried to implement values into the design of new technologies, or an application-based approach, in which it is tried to address the ways in which new technologies are used. Some integrated approaches do exist, but typically are more general in nature. This offers a broad scope of application, but may not always be tailored to the specific nature of big data related ethical issues. In this paper we distil a comprehensive set of ethical values from existing design-based and application-based ethical approaches for new technologies and further focus these values to the context of emerging big data technologies. A total of four value lists were selected for this. The integrated list consists of a total of ten values: human welfare, autonomy, non-maleficence, justice, accountability, trustworthiness, privacy, dignity, solidarity and environmental welfare. Together, this set of values provides a comprehensive and in-depth overview of the values that are to be taken into account for emerging big data technologies. (shrink)

The “privacy paradox” refers to the discrepancy between the concern individuals express for their privacy and the apparently low value they actually assign to it when they readily trade personal information for low-value goods online. In this paper, I argue that the privacy paradox masks a more important paradox: the self-management model of privacy embedded in notice-and-consent pages on websites and other, analogous practices can be readily shown to underprotect privacy, even in the economic terms favored by its advocates. The (...) real question, then, is why privacy self-management occupies such a prominent position in privacy law and regulation. Borrowing from Foucault’s late writings, I argue that this failure to protect privacy is also a success in ethical subject formation, as it actively pushes privacy norms and practices in a neoliberal direction. In other words, privacy self-management isn’t about protecting people’s privacy; it’s about inculcating the idea that privacy is an individual, commodified good that can be traded for other market goods. Along the way, the self-management regime forces privacy into the market, obstructs the functioning of other, more social, understandings of privacy, and occludes the various ways that individuals attempt to resist adopting the market-based view of themselves and their privacy. Throughout, I use the analytics practices of Facebook and social networking sites as a sustained case study of the point. (shrink)

More and more, we face AI-based products and services. Using these services often requires our explicit consent, e.g., by agreeing to the services’ Terms and Conditions clause. Current advances introduce the ability of AI to evolve and change its own modus operandi over time in such a way that we cannot know, at the moment of consent, what it is in the future to which we are now agreeing. Therefore, informed consent is impossible regarding certain kinds of AI. Call this (...) the problem of radical ignorance. Interestingly, radical ignorance exists in consent contexts other than AI, where it seems that individuals can provide informed consent. The article argues that radical ignorance can undermine informed consent in some contexts but not others because, under certain institutional, autonomy-protecting conditions, consent can be valid without being (perfectly) informed. By understanding these institutional conditions, we can formulate practical solutions to foster valid, albeit imperfectly informed consent across various decision contexts and within different institutions. (shrink)

The legal basis for processing personal data and some other types of Big Data is often the informed consent of the data subject involved. Many data controllers, such as social network sites, offer terms and conditions, privacy policies or similar documents to which a user can consent when registering as a user. There are many issues with such informed consent: people get too many consent requests to read everything, policy documents are often very long and difficult to understand and users (...) feel they do not have a real choice anyway. Furthermore, in the context of Big Data refusing consent may not prevent predicting missing data. Finally, consent is usually asked for when registering, but rarely is consent renewed. As a result, consenting once often implies consent forever. At the same time, given the rapid changes in Big Data and data analysis, consent may easily get outdated. This paper suggests expiry dates for consent, not to settle questions, but to put them on the table as a start for further discussion on this topic. Although such expiry dates may not solve all the issues of informed consent, they may be a useful tool in some situations. (shrink)

Participation in research is supposed to be voluntary and informed. Yet it is difficult to ensure people are adequately informed about the potential uses of their biological materials when they donate samples for future research. We propose a novel consent framework which we call “demonstrated consent” that leverages blockchain technology and generative AI to address this problem. In a demonstrated consent model, each donated sample is associated with a unique non-fungible token (NFT) on a blockchain, which records in its metadata (...) information about the planned and past uses of the sample in research, and is updated with each use of the sample. This information is accessible to a large language model (LLM) customized to present this information in an understandable and interactive manner. Thus, our model uses blockchain and generative AI technologies to track, make available, and explain information regarding planned and past uses of donated samples. (shrink)

Increasing numbers of decisions about everyday life are made using algorithms. By algorithms we mean predictive models (decision rules) captured from historical data using data mining. Such models often decide prices we pay, select ads we see and news we read online, match job descriptions and candidate CVs, decide who gets a loan, who goes through an extra airport security check, or who gets released on parole. Yet growing evidence suggests that decision making by algorithms may discriminate people, even if (...) the computing process is fair and well-intentioned. This happens due to biased or non-representative learning data in combination with inadvertent modeling procedures. From the regulatory perspective there are two tendencies in relation to this issue: (1) to ensure that data-driven decision making is not discriminatory, and (2) to restrict overall collecting and storing of private data to a necessary minimum. This paper shows that from the computing perspective these two goals are contradictory. We demonstrate empirically and theoretically with standard regression models that in order to make sure that decision models are non-discriminatory, for instance, with respect to race, the sensitive racial information needs to be used in the model building process. Of course, after the model is ready, race should not be required as an input variable for decision making. From the regulatory perspective this has an important implication: collecting sensitive personal data is necessary in order to guarantee fairness of algorithms, and law making needs to find sensible ways to allow using such data in the modeling process. (shrink)

In the 60+ years that the modern concept of informed consent has been around, researchers in various fields of practice, especially medical ethics, have developed new models to overcome theoretical and practical problems. While (systematic) literature reviews of such models exist within given fields (e.g., genetic screening), this article breaks ground by analyzing academic literature on consent models across fields. Three electronic research databases (Scopus, Google Scholar, and Web of Science) were searched for publications mentioning informed consent models. The titles, (...) abstracts, and if applicable, full publications were screened and coded. The resulting data on fields, models, and themes were then analyzed. We scanned 300 sources from three databases to find 207 uniquely named consent models, and created a network visualization displaying which models occur primarily in one field, and which models overlap between fields. This analysis identifies trends in the consent debate in different fields, as well as common goals of consent models. The most frequently occurring consent models are identified and defined. The analysis contributes toward a cross-disciplinary “consent design toolkit” and highlights that there are more interrelationships between models and fields than are acknowledged in the literature. Where some models are designed to solve distinctively field-specific issues and are specific to biomedical ethics, some may be adaptable and applicable for other fields including engineering and design. (shrink)

An online world exists in which businesses have become burdened with managerial and legal duties regarding the seeking of informed consent and the protection of privacy and personal data, while growing public cynicism regarding personal data collection threatens the healthy development of marketing and e-commerce. This research seeks to address such cynicism by assisting organisations to devise ethical consent management processes that consider an individual’s attitudes, their subjective norms and their perceived sense of control during the elicitation of consent. It (...) does so by developing an original conceptual model for online informed consent, argued through logical reasoning, and supported by an illustrative example, which brings together the autonomous authorisation (AA) model of informed consent and the theory of planned behaviour (TPB). Accordingly, it constructs a model for online informed consent, rooted in the ethic of autonomy, which employs behavioural theory to facilitate a mode of consent elicitation that prioritises users’ interests and supports ethical information management and marketing practices. The model also introduces a novel concept, the informed attitude, which must be present for informed consent to be valid. It also reveals that, under certain tolerated conditions, it is possible for informed consent to be provided unwillingly and to remain valid: this has significant ethical, information management and marketing implications. (shrink)

Personal data use is increasingly permeating our everyday life. Informed consent for personal data use is a central instrument for ensuring the protection of personal data. However, current informed consent practices often fail to actually inform data subjects about the use of personal data. This article presents the results of a requirements analysis for informed consent from both a legal and usability perspective, considering the application context of educational assessment. The requirements analysis is based on European Union law and a (...) review of current practices. As the main outcome, the article presents a blueprint which will be the basis for the development of an informed consent template that supports data controllers in establishing an effective and efficient informed consent form. Because the blueprint, and subsequently, the template, distinguishes between legal and usability requirements, it also provides the basis for the mapping of legal requirements in other contexts. (shrink)