Respecting privacy is a cornerstone of trust, a central pillar on which brand reputation stands. From TrustArc’s Global Privacy Benchmarks survey in 2020, we learned that the majority of senior executives in large enterprises around the globe give themselves high marks for doing the right thing when it comes to privacy management. News headlines often tell a more complicated story.
Besides what others say or how well leaders view their actions, consumers form their own viewpoints. These experience-based opinions, on which trust is built, begin with landing on a webpage or opening an app for the first time. The adage “first impressions matter” comes to mind. Cookie consent, more than just a privacy checkbox and a regulatory requirement, is very much a part of that first impression – that first interaction where consumers begin to form their trust (or mistrust) in a brand.
Guidance on how best to manage consent comes typically from leaders in digital technology itself. While center stage on commercial growth and valuation, software technology also holds the mechanical keys to how privacy is executed. Given recent firestorms around digital privacy, however, it may be worthwhile to look at other sectors with proven leadership and competence in managing privacy.
Some industries have been tackling complex privacy challenges, particularly consent, for decades. One simple example: the heavily regulated financial sector has been in the center of privacy and consent issues for decades. For financial advisory, consent is not just a checkbox before proceeding. Consent is a documented course of action for the desired outcome within a given timeframe that includes expert views on their pursuit’s potential risks.
Our “hypothesis” is a simple one: specific industries that existed well in advance of the hyper digitalized world we live in today are well-practiced at working through consent issues.
The medical sector has been doing so for centuries. There may be lessons to be learned here that the digital world is exploring. It can be a worthwhile thought experiment to apply medical consent practices to the digital world. In medicine, before actions are taken, consent involves:
- Information disclosure (what experts know and propose to do, including other options available),
- Documentation of competence (why a particular expert can be trusted to execute these options to the best of their abilities),
- Comprehension (the explanation of complex matters and the choices available in such a way that a patient can competently make their own decision), and
- Voluntariness (the necessity of a patient then deciding on a course of action before it commences along with an ability to change their mind and withdraw consent at any time).
At the heart of medical consent are principles acknowledging an asymmetry in knowledge and power: what the professional knows, is capable of doing, and believes to be in the patient’s best interests versus what the patient is experiencing, knows, and must rely on others for what they need done. Putting these principles into practice, the medical world has rather precise methods and procedures to guide design. Included are safeguards against potential risks, such as unintended consequences, harms that patients may not anticipate and that they may not have considered when initially volunteering.
While most companies have adapted to ensure upfront online consent with their consumers as a formal process that meets legal requirements, it may be worth asking: are there lessons learned from the medical industry that can be applied to other sectors? And what businesses have embraced informed consent?
We’ll explore these questions and more in Part 2 of this blog series, Cookie Consent and Privacy: Is it Time for Informed Consent?