Consent Dilemma – Have You Given It Or Not?

The Netflix show Social Dilemma has rekindled the eternal controversy over privacy, tracking, and manipulation by digital companies.

As consumers, many of us outrage at brands for using our private information to target us with personalized communications, ads and targeted offers.

In this post, I’m going to go out on a limb and argue that brands have received consumers’ consent for all those allegedly outrageous actions – explicitly or implicitly.

Let’s see how.

Explicit Consent is when a consumer knowingly takes – or gives permission for – a certain action A. For example, find credit score. This would happen when they use a credit score checking service like Credit Karma (USA) or Credit Mantri (India).

Implicit Consent is when a consumer knowingly takes – or gives permission for – a certain action B, which requires another action A to be completed as a pre-requisite. By giving explicit consent for B, they have given implicit consent for A. For example:

Action B: Apply for a loan.

Action A: Have lender run a credit check.

The lender’s Terms & Conditions will inevitably state that, by taking – or giving their consent for – Action B, loan applicants have automatically given their consent for Action A. An average consumer may not read T&Cs but that’s a topic for another day. See my Quora Answer for background on this example.

Per se, brands have taken consent in both situations.


Consent is a broad subject. It goes beyond pings and pokes on social networks and enters the picture in many everyday actions by companies. For instance:

  1. Send goons to your doorstep to collect money you owe them e.g. PayTM, India
  2. Suggest savings products based on your bank balance e.g. Betterment, USA
  3. Sign you up for Payments Bank when you top up your Mobile Phone prepaid connection e.g. Airtel, India
  4. Access your Utility Bill when you use a payment app to pay a Mobile Phone bill e.g. Bharat Bill Pay Service, India
  5. Show personalized ads in return for free content from friends, favorite brands and news outlets e.g. Facebook, worldwide.

In my opinion, all these companies have received consent for these actions. Just that some of them take explicit consent whereas others take implicit consent.

In the above set of examples,

  • PayTM seeks explicit consent for its loan recovery measures in its sign-up form.

  • While signing up, Betterment asks its users to enter their banking credentials (via Plaid). Users who have done so have provided consent to the wealth management app to access their bank balance. While the anonymous commenter on the Finextra article titled TD Bank accuses Plaid of duping customers by ripping off its trademarks feels that the consent was obtained “unknowingly”, to me it seems like totally explicit consent.

  • Airtel was denounced for sneaking in an implicit consent.

The disconnect between Explicit Consent and Implicit Consent regularly fuels faux outrage on social networks.


Apart from the type of consent and the manner in which it was taken, there are three more questions related to the topic:

  • Is the consent granular or carte blanche
  • Will consumers give consent or not?
  • Will consumers realize that they have given consent?

According to me, the exact language of the consent-seeking statement is critical in framing the overall narrative around consent. Given below is a handy primer:

Primer for Consent Statement

(Context: Fintech App ACME seeks Banking Data)

(A) I permit ACME to access all data in tables CUST_TRXN, CUST_MORTGAGE, but not in tables CUST_LOAN_TRXN and CUST_CREDITCARD_TRXN

(B) I permit ACME to access all data related to current account and mortgages but not loans and credit cards

(C) I permit ACME to access all data it requires to give me tips to maximize my yield but not to switch banks.

As you can see, the language shifts from technical to feature to benefit.

Years ago, I issued guidance to my retainer clients that people are more likely to give consent if the consent statement is worded around a Benefit rather than as a Feature or in Technical terms. See my post entitled How Brands Can Leverage The Eternal Disconnect Between Want & Like and Finextra blog post entitled Open Banking: Consent is Key for context.

A recent study by ING confirms my prediction. In a recent article reporting on this study, Finextra says:

UK polling firm Ipsos has found strong evidence of a disparity between what people say they want and what they say they are prepared to do. One of the firm’s surveys found 75% of people would like to have access to data on how they spend their money, but only 40% said they were comfortable providing the information that could lead to that. (emphasis mine)

Despite years of planning and hype, EU Open Banking / PSD2 regulations have not stipulated the consent language. That’s a shame. If at all Open Banking takes off in the European Union, I predict that there will be a Fintech version of Social Dilemma in the forseeable future.

On the other hand, California has done a good job in this regard. While it’s still early days, the most populous American state’s new California Consumer Privacy Act (CCPA) is the first data protection regulation I know of that expressly recognizes the role of language in obtaining consent.

Not just that, the state’s regulators have shrewedly forseen the potential for brands to use dodgy language to create deception via Dark Pattern. More at California outlaws wording, webpage buttons designed to hoodwink people into handing over their personal data. Maybe it comes from the proximity of California’s lawmakers to Silicon Valley or whatever but credit where credit’s due.