Each day, the average smartphone user is asked to provide consent for something on their smartphone. For instance, users are asked to consent to the use of cookies, consent for the tracking of their location, and consent for the company to utilize user data to "improve the user experience" from a smartphone app. After ten prompts, the majority of users cease reading the prompts and tap "Accept". This is not an accident or error in judgment. It is the result of consent fatigue.
Consent fatigue is the phenomenon caused by a constant barrage of data permission requests, which leads users to give up on the consent process altogether. The concept of consent is intended to provide users with a sense of control over their personal data; however, the process has been reduced to a formality that creates an opportunity for continued tracking of user activities.
While the user is either unaware or unsure of how or why their smartphone is collecting information, the data that is collected is significantly greater than that which users willingly provide. When it comes to smartphone data collection, our understanding of how smartphones communicate and what types of information they provide is evolving.
For example, even with location services disabled, smartphones will still send metadata and sensory data that allow them to function correctly. Accelerometers, gyroscopes, and other types of sensors provide information on an individual's daily routine and movement. In research, it has been shown that when only four separate points of location data are utilized, an individual may be identified uniquely.
The Power of Metadata: Cybersecurity researcher Susan Landau states that "patterns alone will tell you much about someone and who they associate with socially, medically, politically." Communication metadata can provide an individual with insight into behavior without ever being privy to the actual content of the communication.
Why Consent Fails
Most of the time when data collection occurs, it has been "consented" to by the user agreeing to terms in a privacy policy that is written in legalese, covering many data and general information from many different platforms. Consent must involve the user knowing what they are consenting to and having the ability to make a choice, so it is safe to presume that neither are really available.
Without having to turn off all the cell phone functionality, users are unable to disable telemetry and metadata independently. Apps use users data in different ways and third-party information brokers share the information they have compiled on users, in ways other than how it was originally used. Therefore, the user is left with the responsibility to manage; however, they cannot be reasonably expected to be able to perform this task.
The Illusion of Control
Users are provided with the illusion of choice through the creation of privacy setting options; however, these options only give limited protection to the user when privacy is kept in mind, as even the most privacy conscious users can be still tracked by others via their cellular network signals, behaviors, and aggregated data.
Burner phones will no longer provide any amount of privacy protection the instant that they are turned on. Using two devices creates a link. Users generally have no choice but to agree; therefore, the compliance due to Consent Fatigue occurs because it is impractical for them to be able to resist.
Real-World Consequences
The issues generated by location-based advertising extend to many additional areas, including the potential for tracking someone’s access to abortion resources, political protest, and the use of location data for employment. Location-based advertising may create a false impression of privacy by allowing advertisers access to information typically considered private, such as a person's mental health or social situation.
Many experts are advocating that consent alone does not protect privacy and propose looking toward limiting data collection by default. One common suggestion is to limit the amount of data obtained from a user to only what is needed for the purpose of operating the service, so as not to create a profile or to take advantage of that information by selling or using it for other purposes.
As smartphones are everywhere, the problem isn't whether or not users agree to provide consent for advertising purposes, but rather, has consent become too much of a stretch when considering the ethical and practical limitations of this method of telling users that their privacy is being protected? The concept of consent was created to promote user autonomy; however, in today’s world, consent has become simply a way for systems to protect themselves and not for users to protect their own privacy.