Article Title
Abstract
Information notice and data subject's consent are the current main legal safeguards of data protection and privacy rights: they reflect individuals' instances, such as self-determination and control over one's own private sphere, that have been acknowledged in many jurisdictions. However, the theoretic strength of these safeguards appears frustrated by current online practices that seem suggesting to give-up with their most common form of implementation: privacy notices and request for consent. These measures are proving to be unsuccessful in increasing users' awareness and in fostering a privacy protective-behaviour. As recent studies have shown, although people declare privacy concerns, their actual behaviour diverges from their statements (the "privacy paradox"), as they seem to increasingly disclose personal data and to not even read privacy notices available online; eventually, the current privacy notices are not effective in regulating user's data disclosure.
Behaviourally informed approaches to regulatory problems, already applied to different areas of information provision and public policy, helped to clarify the reasons of similar peoples' behaviour that cannot be reduced to a simplistic "users do not care about privacy." Highlighting the regulatory weakness of traditional information notices, applied behavioural science has also demonstrated to be particularly effective in improving users' decision-making and attaining concrete policy objectives if accompanied by ad hoc design interventions to display the relevant, salient information. As users do not read privacy policies or act in contradiction with them, other strategies might be more successful in promoting, "nudging," privacy-protective behaviour.
The use of innovative information notices, like salient alerts and nudges, seems to be a promising means of behavioural change also in the area of digital privacy, a possible new area of application of behavioural insights.
Building on recent studies in the field ( conducted mainly in the U.S.), this paper considers new forms of privacy notices (like "visceral" notices), as alternative or complement to current legal (technical) measures for data protection. For the informed consent approach (or "notice and choice" approach) to work, it needs to be improved with welldesigned, transparent and regulated nudging system, capable to help citizens in their decision-making as regards their privacy.
Without disregarding the challenges and limitations of nudging strategies in public policy in general and in the privacy area in particular, and examining their legal grounds, the paper aims also to integrate that branch of legal-policy research that see "nudging" methods as an effective way to gently encourage safer behaviours in the citizens.
I
ISSN
0093-0709
Recommended Citation
Monteleone, Shara
(2015)
"Addressing the 'Failure' of Informed Consent in Online Data Protection: Learning the Lessons from Behaviour-Aware Regulation,"
Syracuse Journal of International Law and Commerce: Vol. 43:
No.
1, Article 4.
Available at:
https://surface.syr.edu/jilc/vol43/iss1/4