User-centric Consent

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

This page looks at the entire user experience when deciding to go forward with a Web Site and the totality of the user commitment in information and duration of any transaction.

This is a part of the User Choice Experience wiki which contains information on the Paradox of Choice.


Any site that claims to be human-centric must address the purpose that brought the user to the site. Specifically, if user data is required, is that data germane to the user's goals? The primary goal is a simple presentation to a human user about the purpose of data sharing and what data will be required, and what will be retained. The purpose encompasses the end goal of data sharing together with both a user understanding of the data shared as well as a list of the data elements needed. The data shared will always include the required data but may also be combined with purposes that are not required to proceed. For example, the purpose can be to allow a medical prescription to be created together with a separate purpose to establish an ongoing relationship between the user and the provider.

When a human user is asked to consent to a transaction their purpose is to achieve some objective. As a part of most digital transactions, the user is asked to share some data with the provider of that service. In very few cases is the user engaged with the provider solely to share data. More typically the data sharing is an artifact of the purpose of the transaction. Clearly the sharing of data is only a result of the user's desire to complete their task. It is meaningless to ask the user to share data if the purpose is not responsive to the user's task at hand. The implication of this is that when the purpose is completed, that the need for saving the data should be extinguished. Where the purposes for data sharing are different, it is to be expected that the retention time for different data elements will be different. For example, when the user's biometric data is stored so that the user entering the venue can be assured to be the one that submitted the data, the biometric data should be immediately deleted while other data may be retained till the entire transaction has completed.



The purpose of the sharing between the user and the Web Site must be clear to both, but the level of detail that is actually exposed to the user on the Web Site will clearly need to be scoped to what the user is expected to be able to understand. That means neither too much nor too little data. Creating such a display that meets legal as well as UX imperatives is never easy. So, compromise is inevitable.

Each community will likely have their own set of purposes, but it is inevitable that many interactions will require purposes from different communities. For example, the user may wish to attend a ball game when COVID restrictions are in place. The user will need to provide sufficient identity information to bind them to the COVID certificate as well as some means for paying the admission fee. Here the financial community will be setting the purpose as "on-line payment", while the public health community will be setting the purpose as "COVID free". The admission to the ball pack is conditioned on both purposes being met. The impact of this is that a single site may need to understand purposes from more than one community, which implies that a single language for expressing purpose is highly desirable, even when the set of purposes is disjoint between the communities.


Other Material

  • The wiki page Consent to Create Binding goes into great technical detail on what happens under the covers when a user first agrees to establish a continuing relationship with a Web Site.