Law in the Internet Society

Issues on Obtaining Users’ Consent to Privacy Policies

-- By MayaWakamatsu - 19 Oct 2021

Problems regarding Obtaining Consent to Privacy Policies

In some countries, data protection acts depend on the idea of individual consent to the collection of information. For example, under the EU General Data Protection Regulation (GDPR), processing personal data is generally prohibited, unless it is expressly allowed by law, or the data subject has consented to the processing. Under the Protection of Personal Information in Japan, consent is required if a company provides personal data to third parties, obtains “special care-required personal information” (which includes data such as race, social status medical history, etc.), or utilizes collected information for purposes other than those it had informed the public about. However, there are some problems with relying on individual consent as follows.

The Problem1: Users consent to privacy policies even if they do not want to

First, people generally cannot use systems or services that companies provide unless they consent to privacy policies and terms of use. Some people might consent to the privacy policy, even if they do not want to consent to the privacy policy, just because they want to use the service or they feel it is almost impossible to negotiate with companies to amend the privacy policy. If they want to or they need to use the service, there is no way to avoid consenting the privacy policy unless an individual negotiates with companies, and companies agree with it. As a result, even if users do not want companies to surveil their information, their information is controlled and surveilled by companies after users consent to the privacy policy. and it could endanger people’s freedom of thought.

The Problem 2: Users consent to privacy policies without reading

Secondly, the more detailed companies’ privacy policies become in an effort to obtain users’ valid consent, the more likely it is that users will tend not to read such long and detailed privacy policies, and, ironically, some users will consent without reading and understanding the whole content of the privacy policies. This reality is echoed by the Japan Fair Trade Commission’s survey in 2020, which showed that only 5.5% out of 2,000 people read full contents of terms of use before starting services. Some users may argue that while they consented to the privacy policy, they overlooked the specific contents of the privacy policy, and they may argue that the consent should ultimately be recognized as invalid. As a result, the validity of the consent will become questionable.

Possible Solutions

The Solution 1: Regulations and Standards

It is unreasonable that we can’t use systems or services unless we consent to their privacy policies, and it could endanger people’s freedom of thought as mentioned above. Although The GDPR and its guidelines provide detailed and strict requirements of obtaining consent and mandate that consent should be freely given, specific, informed, and unambiguous, setting stricter requirements on the obtaining of consent would not be practical and ideal solutions in light of freedom of thought. Privacy is not something that individuals should or can consent to allow surveillance. To protect our freedom of thought, individual consent should not be the criterion, and we need to generally regulate privacy invasion by setting regulations and standards. Setting standards to regulate collecting and surveilling personal information, rather than setting stricter requirements on the obtaining of consent, would be a practical and possible solution. Companies should make systems secure and secret for users, and If companies did not follow the standards, they should be strictly subject to penalties.

The Solution 2: Support for Companies

Even if it is possible to set standards or regulations to socially regulate collecting personal information, companies might argue that their revenue might reduce because of the standards and regulations. Some companies earn money by selling data, and data is used for personalized advertisements, but companies still can earn money by advertisements if the companies can keep having users. Some users will not mind paying some amount of fee to use the services and supporting companies as long as they will not endanger their freedom of thought. Additionally, companies can be operated with money collected from donations, investment crowdfunding, or rewards-based crowdfunding.


I believe that there are some problems on obtaining consent to privacy policies, and we should set regulations or standards to socially regulate on collecting and surveilling our personal information.

The best route to improvement is to locate the idea of your own that goes beyond what we discussed in class, and to make that the center of the essay. Most of what is contained in the present draft summarizes the discussion of the inadequacy of consent from class. Making clearer what you yourself are adding to the conversation will produce a much more effective second draft.

You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable. To restrict access to your paper simply delete the "#" character on the next two lines:

Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list.


Webs Webs

r3 - 06 Dec 2021 - 15:44:15 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM