User-centred consent at MozFest

Last Saturday, Harry, Sarah, Georgina and I ran a workshop at MozFest, bringing people together to think about new design patterns for consent in four challenging areas: consent in public space, children giving consent, giving collective consent and giving consent on someone else’s behalf.

It was a great opportunity to build on things we’ve learned running the Trust & Design meetups, and to think about what new patterns we can start incorporating into our catalogue of data permissions.

Dsc0443

Participants joined one of four tables looking at a consent challenge. (Photo: David Marques/IF)

Consent in public space

After a quick introduction, we split the room into four groups. Each took one of the areas we’d highlighted and started sketching new consent patterns.

I worked with the team looking at consent in public space (or, more accurately, private spaces where the public can move through). We discussed stories like Transport for London’s Wi-Fi data collection trial, how retailers are using location tracking to map how we move through shops and how friends ambient personal assistants (like Amazon Echo and Google Home) listen to us when we visit their homes. These examples illustrate that the ways we are tracked in public spaces are less visible.

We started by sketching some symbols that illustrate what data is being tracked in a space. We then started to think about a design pattern where a notification is pushed to your phone upon entering a space, where you can give or revoke permission for that data to be collected.

Consent Symbols

My group, looking at consent in public space, looked at creating a set of symbols that inform people how data is collected in a space. (Photo: Ian Hutchinson/IF)

Why this is challenging

These sketches helped facilitate a conversation around how effective this design pattern could be. Two points stick in my mind.

First, the spaces we are tracked in host important services – like shops or transport. There’s a risk we could be forced to pay higher prices if we choose not to share our data. We’re starting to see this with driving tracking apps and insurance prices.

Secondly, while patterns like this are important in increasing people’s agency, it felt like it would be a quick fix to the wider issue of surveillance. Someone in the group called it a “constant game of cat and mouse”, where data tracking methods change and ways of designing consent would need to also change.

Growing an open resource

At the end of the session, the other teams shared what they’d come up with.

The group exploring collective consent looked at using grace periods when making payments in a shared flat, to reduce the effect of peer pressure.

To delegate consent to another person, the group exploring this challenge designed a set of screens that allow someone who’s ill to give responsibility for a bank account over to someone else.

Finally, the group looking at how children could give consent looked at how photos are shared on social media. They proposed a pattern where doing a particular gesture in a photo would show consent for that photo to be published.

We’ve documented the brilliant work everyone contributed at MozFest, and in the coming weeks we’ll be making some updates to the data permissions catalogue. The catalogue is an open resource, both in how you can use it and how new patterns are added to it.

Next stop, Berlin

Join us next Wednesday at Simply Secure’s Underexposed Salon in Berlin, where we’ll be co-hosting our bi-monthly Trust & Design Meetup.

Hear talks from Cennydd Bowles, a designer and writer on the ethics of future technologies, Tijmen Schep, a technology critic and privacy designer and our own Sarah Gold.

Find out more and get tickets on the Trust & Design website. We hope you can make it.