Consent is not an adequate protection for users even when it is properly obtained - this article explains why instead users must always retain control of their data (core principles of both SolidMIT & SAFEnetwork)
This is a conclusion reinforced by the Supreme Court’s judgment that we have a constitutional right to privacy. But personal information is information about our relationships as well, so information collected about us affects also our families, our friends, and our communities.
This is why “consent” is not a sufficient basis for determining the responsibilities to protect data about people. If I consent to allow a platform company to read all my email in return for giving me free email service, I am also giving away information about the people I correspond with, without regard to their wishes.
Even if I think the chance of harm to me from loss of my information by the platform company is a risk worth taking in order to have free email service, that may not be acceptable or appropriate for my children or my friends. Nor can I possibly know how future events in my life, or changes in technology or society, might affect my understanding of my safety or my best interests. Today’s easy consent might very well be tomorrow’s disastrous mistake.
So, the law we need is not about getting, managing, or automating consent. The objective is not consent, but control. People should be able to control access to information about them