Why the portability of #consent is more important than the mobility of data ?

The economic argument and case for data portability (mobility) is set out here.

Running with the assumption that you agree that data portability/ mobility will create value for the data economy, we need to also think about the thorny issue of layered consent.

Some posts that have explored areas of consent

Layered Consent: like peeling the onion, only to find it is not an onion!

Why “#Privacy-by-Design” is more than playing the game of #ethics of opt-in or the #morals of opt-out.

What level of consent is reasonable .....


However in this post, the purpose is to explore what happens when a copy of the data has arrived at the new home, where is consent. 




Define:    User                                 [an individual who has agreed to the T&Cs’ to access or use a Data_Holder’s service]
Define:    UserData                          [data collected by a Data_Holder from a user]
Define:    Data_Holder                    [the entity that has collected UserData from a User through agreement to: T&C’s, cookies or other Consent ]
Define:    Data_Recipient                [the entity that will recieve UserData from a Data_Holder as instructed by a User]
Define:    Consent                            [the informed, explicit approval given, received, collected and then stored by a Data_Holder on a User in relation to UserData]
Define:    Mobility_Of_User_Data  [UserData that can be safely, securely and privately copied from the Data_Holder to the Data_Recipient]

Run [Data mobility/ portability  program]

/* when the user provides consent, copy data from holder to recipient */
When User + Consent = TRUE

UserData  [Data_Recipient]  =   UserData  [Data_Holder]  

Data_Recipient = Data_holder(2)
END


What this means is that we now have a copy of the data in two places. However;

  • Does your original consent pass over to the new Data_Holder
  • Does consent for all content now sit with the new Data_Holder
  • What does the original Data_Holder believe they have consent for
  • Is consent sitting with both Data_Holders and are they different
  • Where is the consent receipts and how does the user gain access to them

Layered Consent is like peeling a onion, only to find it is not an onion!