Clicking “Accept” Is Not the Same as Choosing
To download an app, you usually need to register, a process most people are familiar with. You read the terms, click “Accept”, and continue. On the surface, this seems to indicate that you’ve chosen to agree to register for the app, but that sense of choice quickly fades. There is only one option for continuing past the page. Check the box, and you can continue through the process. If you do not check the box, then you cannot continue. This simple action impacts our ability to interact with digital systems. It is hard to think of consent as being voluntary when there is a significant cost to rejecting.
Digital design is prevalent enough to be influential in our daily lives and work life and how information is distributed across digital platforms. If a user refuses an online service, there will be significant opportunity costs, including the loss of news and updating materials, and missing out on daily communications.
As such, the concept of digital consent is increasingly diminished in meaning. Refusal can incur significant costs through time, disruption and social pressure, therefore making the experience difficult for individuals to view that they are giving free and fully informed consent.
Designed to Make Refusal Hard
Interface design causes the first problem. Some platforms still offer the options “Accept” and “Reject” at the same time, but those two user experiences are often dissimilar. Normally, to “Accept” requires fewer steps and is quicker than “Reject,” which may require many steps. One type of button is “Accept” which only takes one click to complete while a user must navigate multiple pages to “Reject”. This creates a larger difference, as it has turned privacy protection into an additional operation. Once again, the more steps it takes to refuse, the more likely users are to select the option that is easier for them to complete.
According to the European Data Protection Board (2023) deceptive design patterns lead users to make decisions that advantage businesses, by using things like visual emphasis, defaults, and operational pathways.
In Deceived by Design, Forbrukerrådet (2018) found that apps use default settings, long exit paths and repeat requests to make it hard for users to protect their privacy.
The crux of the issue is not only user inattention, as apps are influencing people’s choices even prior to acting. These indicators may actually be set up to confuse people as to whether or not they are consenting.
When Consent Becomes the Price of Entry
The issue goes much beyond merely having an interface. It also extends far deeper into how the platform operates. The majority of digital platforms work by continuously collecting and analyzing their users’ data, using that information to help create targeted advertisements, recommend content, and retain users. If users can more easily refusal this data collection, the platform’s business model will be affected. Currently, consent is no longer treated as a choice but instead as a requirement for engaging with a service. Because most platforms depend on user data to support their business models, they do not have an incentive to provide users with an efficient way to refuse a service or to do so without a penalty. Thus, users do not have a choice but to provide their consent to use those services.
Standardizing designs across various services can increase the efficiency of tools or technology. When users become accustomed to clicking “accept” without consideration, they will do so across multiple platforms and at various times. This results in an interactive format of consent and a habit of clicking “accept” rather than a conscious act.
Users who regularly interact with the same interface will be less likely to think critically about it. Therefore, through design, individual decisions regarding consent will shape the user’s overall experience of consent, allowing the platform to gather more data without notice of objection over an extended period of time.
Platforms do more than provide services. They set the terms of use and how users will engage with the platform.
As such, they create the rules, and they are not just neutral tech platforms (Suzor, 2019). Users cannot create rules for their benefit within the platform, they must play by the pre-existing rules established before the game begins. This is important because it’s not just whether a user clicks “accept”, it’s also who made the choices, who gets the benefit and who pays the cost when a user does not accept.
Why Users Stay Even When They Know the Risks
Leaving a social media or instant messaging app is difficult for many reasons, one of which is that the platform’s value relies heavily on its users. In order to get the most out of an app, people use it to communicate with their friends, family, colleagues, and many other people.
Between group chats and notifications about courses, there are many features that connect the functionality of the app with its use by actual users. Internship info can be shared via social networking sites. Work culture and family networks can remain fixed for several years.
Moving from that network means missing out on the ability to connect with others, lose a chance to meet with people, and disconnect from day-to-day life.
Practices and institutions reflect this dependence. Many companies today are combining messaging, payments, authentication, news and group communication into one platform. As a result it is harder for users to leave since they don’t just leave one service but they would also lose many conveniences within their daily lives.
The dependence of users to these platforms is easier seen in workplaces, schools or any other entity that has standardized on one of the major platforms listed above. A job notice can be posted only through one application. In some cases, applications or features may require you to log in via your account with the service or by scanning a QR code that is associated with your account.
Therefore, the platform has become less of a tool and more of an extension of our day-to-day lives. This is an important factor in the digital rights movement, since while people can theoretically leave a platform, it’s becoming increasingly harder for people to leave in practice.
WeChat illustrates the changing role of messaging platforms by serving as more than an instant messaging app. It provides capabilities for group messaging, mobile payments, accessing services and coordinating daily activities. In many users’ cases, leaving WeChat means stepping away from an overall communication and participatory system rather than just losing one channel of communication. For many families, groups of friends, classes and worksites, using WeChat for all these different functions keeps people closely connected and thus, is a very meaningful case study to illustrate the phenomenon of platform dependency in an actual and concrete way.
This case shows why continued use should not be taken as evidence of genuine consent. Chen and Cheung (2018) found many WeChat users who clearly have privacy issues remain on a platform due to the high social costs associated with leaving.
This indicates dependence and shows why consent is not effective in reality. Continued use may appear as consent, but this may reflect that there are no viable alternatives. Thus, participation on the platform could reflect more of social pressure and actual need than true volition to participate.
A Checkbox Cannot Protect Privacy
We cannot only rely on clicking “Accept” to understand privacy. According to Nissenbaum (2018), the idea of “contextual integrity” suggests that privacy relates to which way information is supposed to flow according to certain norms in a given situation.
However, it is also common for information to be passed between these different environments or platforms, so what you provide in one environment may be leveraged for other purposes. Social media users may show their preferences through social interaction, which may be used to create targeted ads or predict future behaviors. Location data originally was used for navigation and later used for other analyses. The data isn’t the problem, it is the data’s meaning that isn’t constant across contexts.
Consent has clear limitations as a privacy mechanism. Users typically only see one screen at a time, while the scope of the data being processed is much larger and can continue to be processed long after the first click. User data can be kept for a long time, sent to other services, combined with other types of data, and reused in future scenarios.
Users cannot see what could happen next with their data and cannot renegotiate each new use of their data. One click is not enough to take on such a responsibility. Clicking a checkbox may seem uncomplicated, but it is not the case from a systems perspective.
“Informed choice” as a standard model is dying because people have been assumed to be capable of making rational decisions based on knowledge of complex concepts. However, research shows that it relies on an idealized model of self-management of one’s own privacy and often does not provide adequate protection of one’s personal privacy (Baruh & Popescu, 2017). The ongoing or continued data usage is reducing the effectiveness of informed consent (Saksena et al., 2021). The issue isn’t only how carefully the user reads the terms. The system puts too much emphasis on single-use informed consent and views an ongoing power relationship as a series of individual choices. The problem is much more than whether the user reads the terms carefully.
The platform can easily collect or use the users’ data after they have click “Accept”, and they become solely responsible for it.
The way consent is expressed gives the impression that users will have control over their data. However, the structure of the platform severely restricts the extent to which users are able to control their data. Thus, while consent may appear to be a way to protect users, it is much more like an umbrella in the legal sense for the platform. This creates additional problems related to digital rights, due to users being placed in a system that has the appearance of offering various options but provides very little ability for users to actually control their data (Huang & Krafft, 2024).
Digital Rights Need More Than Consent
The idea that users can simply leave if they take privacy seriously is an easy one to present, and appears to be valid on the surface. While there are other possible platforms, and users will make different choices about privacy versus convenience, this doesn’t really change the actual issues with this approach. The role of alternative platforms in social relationships, institutions and communication differs from that of mainstream platforms. Mainstream platforms provide value through their functional use and large base of users. Friends, classmates, co-workers and organisations usually use the same platform. Moving away from mainstream platforms may create fewer privacy risks but they may also severely limit individuals’ ability to participate in socialising and to live in real life. Thus, the problem with respect to alternative platforms is not only about personal preference but also includes the structural factors that impact the way the alternative platform is used.
In the same way, ongoing use can also represent limited choice, not true consent.
Someone might value privacy yet remain on the platform due to social, practical, and occasionally institutional costs of leaving. One’s behaviour may outwardly demonstrate consent but, in reality, indicate limited choice. This is why the burden of responsibility does not solely rest on users individually. More importantly, why has digital participation turned into a matter of accessing platforms?
Then, while the choice may exist only in form, it does not equal true consent. However, when users face the consent prompt, the majority of the user’s choices are already predetermined by platform design and power and the user’s reliance on the platform itself. Digital rights cannot exist only through personal consent when participation in digital life is so highly dependent upon access to the major digital platforms. Consent alone is insufficient to protect privacy.
Instead, stronger restrictions on data collection, more specific restrictions on how platforms can use data after collection, and stricter interface design rules that make refusal as easy as, or easier than, clicking “Accept” are also needed. Since mainstream platforms now serve as hubs for daily communication and essential services, people should not face the risk of being cut off from their connections when they choose to leave these platforms.
References
Baruh, L., & Popescu, M. (2017). Big data analytics and the limits of privacy self-management. New Media & Society, 19(4), 579-596. https://doi.org/10.1177/1461444815614001
Chen, Z. T., & Cheung, M. (2018). Privacy perception and protection on Chinese social media: a case study of WeChat. Ethics and Information Technology, 20(4), 279-289. https://doi.org/10.1007/s10676-018-9480-6
European Data Protection Board. (2023). Guidelines 03/2022 on deceptive design patterns in social media platform interfaces: How to recognise and avoid them (Version 2.0). https://www.edpb.europa.eu/system/files/2023-02/edpb_03-2022_guidelines_on_deceptive_design_patterns_in_social_media_platform_interfaces_v2_en_0.pdf
Forbrukerrådet. (2018). Deceived by design: How tech companies use dark patterns to discourage us from exercising our rights to privacy. https://storage02.forbrukerradet.no/media/2018/06/2018-06-27-deceived-by-design-final.pdf
Huang, K., & Krafft, P. M. (2024). Performing platform governance: Facebook and the stage management of data relations. Science and Engineering Ethics, 30(2), 13. https://doi.org/10.1007/s11948-024-00473-5
Nissenbaum, H. (2018). Respecting Context to Protect Privacy: Why Meaning Matters. Science and Engineering Ethics, 24(3), 831-852. https://doi.org/10.1007/s11948-015-9674-9
Saksena, N., Matthan, R., Bhan, A., & Balsari, S. (2021). Rebooting consent in the digital age: a governance framework for health data exchange. BMJ Global Health, 6(Suppl 5), e005057. https://doi.org/10.1136/bmjgh-2021-005057
Suzor, N. P. (2019). Who makes the rules? In Lawless: The Secret Rules That Govern our Digital Lives (pp. 10-24). Cambridge University Press.
Be the first to comment