{"id":7547,"date":"2020-12-02T10:00:26","date_gmt":"2020-12-02T04:30:26","guid":{"rendered":"https:\/\/gtm360.com\/blog\/?p=7547"},"modified":"2022-04-11T15:23:47","modified_gmt":"2022-04-11T09:53:47","slug":"consent-dilemma-have-you-given-it-or-not","status":"publish","type":"post","link":"https:\/\/gtm360.com\/blog\/2020\/12\/02\/consent-dilemma-have-you-given-it-or-not\/","title":{"rendered":"Consent Dilemma &#8211; Have You Given It Or Not?"},"content":{"rendered":"<p>The Netflix show <a href=\"https:\/\/www.netflix.com\/in\/title\/81254224\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Social Dilemma<\/em><\/a> has rekindled the eternal controversy over privacy, tracking, and manipulation by digital companies.<\/p>\n<p>As consumers, many of us outrage at brands for using our private information to target us with personalized communications, ads and targeted offers.<\/p>\n<p><a href=\"https:\/\/gtm360.com\/blog\/wp-content\/uploads\/2020\/11\/consent-fi.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-7553 size-full\" src=\"https:\/\/gtm360.com\/blog\/wp-content\/uploads\/2020\/11\/consent-fi.jpg\" alt=\"\" width=\"630\" height=\"280\" srcset=\"https:\/\/gtm360.com\/blog\/wp-content\/uploads\/2020\/11\/consent-fi.jpg 630w, https:\/\/gtm360.com\/blog\/wp-content\/uploads\/2020\/11\/consent-fi-200x89.jpg 200w\" sizes=\"auto, (max-width: 630px) 100vw, 630px\" \/><\/a><\/p>\n<p>In this post, I&#8217;m going to go out on a limb and argue that brands have received consumers&#8217; consent for all those allegedly outrageous actions &#8211; explicitly or implicitly.<\/p>\n<p>Let&#8217;s see how.<\/p>\n<p><em><strong>Explicit Consent<\/strong><\/em> is when a consumer knowingly takes &#8211; or gives permission for &#8211; a certain action A. For example, find credit score. This would happen when they use a credit score checking service like Credit Karma (USA) or Credit Mantri (India).<\/p>\n<p><em><strong>Implicit Consent<\/strong><\/em> is when a consumer knowingly takes &#8211; or gives permission for &#8211; a certain action B, which requires another action A to be completed as a pre-requisite. By giving explicit consent for B, they have given implicit consent for A. For example:<\/p>\n<p><strong>Action B:<\/strong> Apply for a loan.<\/p>\n<p><strong>Action A:<\/strong> Have lender run a credit check.<\/p>\n<p>The lender&#8217;s Terms &amp; Conditions will inevitably state that, by taking &#8211; or giving their consent for &#8211; Action B, loan applicants have automatically given their consent for Action A. An average consumer may not read T&amp;Cs but that&#8217;s a topic for another day. See my <a href=\"https:\/\/qr.ae\/pNbS7Y\" target=\"_blank\" rel=\"noopener noreferrer\">Quora Answer<\/a> for background on this example.<\/p>\n<p><em>Per se<\/em>, brands have taken consent in both situations.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Borrowers who want a loan in 5 mins should be prepared to face the lender&#39;s recovery actions in 5 mins after defaulting. Digital disbursement can&#39;t coexist with &quot;analog&quot; recovery actions like 3 reminders via regd post over 90 days etc. etc. <a href=\"https:\/\/t.co\/UPBz2EMl8J\">https:\/\/t.co\/UPBz2EMl8J<\/a><\/p>\n<p>&mdash; Ketharaman Swaminathan (@s_ketharaman) <a href=\"https:\/\/twitter.com\/s_ketharaman\/status\/1235180786158129158?ref_src=twsrc%5Etfw\">March 4, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<hr style=\"width: 70%;\" \/>\n<p>Consent is a broad subject. It goes beyond pings and pokes on social networks and enters the picture in many everyday actions by companies. For instance:<\/p>\n<ol>\n<li>Send goons to your doorstep to collect money you owe them e.g. PayTM, India<\/li>\n<li>Suggest savings products based on your bank balance e.g. Betterment, USA<\/li>\n<li>Sign you up for Payments Bank when you top up your Mobile Phone prepaid connection e.g. Airtel, India<\/li>\n<li>Access your Utility Bill when you use a payment app to pay a Mobile Phone bill e.g. Bharat Bill Pay Service, India<\/li>\n<li>Show personalized ads in return for free content from friends, favorite brands and news outlets e.g. Facebook, worldwide.<\/li>\n<\/ol>\n<p>In my opinion, all these companies have received consent for these actions. Just that some of them take explicit consent whereas others take implicit consent.<\/p>\n<p>In the above set of examples,<\/p>\n<ul>\n<li>PayTM seeks explicit consent for its loan recovery measures in its sign-up form.<\/li>\n<\/ul>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Time will tell how many of PayTM Postpaid&#39;s T&amp;Cs comply with loan recovery laws. But I appreciate that they\u2019re at least stated upfront \u2013 instead of being hidden behind an \u201cI Agree\u201d button. <a href=\"https:\/\/t.co\/uIPP0Wc3Zh\">pic.twitter.com\/uIPP0Wc3Zh<\/a><\/p>\n<p>&mdash; Ketharaman Swaminathan (@s_ketharaman) <a href=\"https:\/\/twitter.com\/s_ketharaman\/status\/1073132982628683776?ref_src=twsrc%5Etfw\">December 13, 2018<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ul>\n<li>While signing up, <em>Betterment<\/em> asks its users to enter their banking credentials (via Plaid). Users who have done so have provided consent to the wealth management app to access their bank balance. While the anonymous commenter on the <em>Finextra<\/em> article titled <a href=\"https:\/\/www.finextra.com\/newsarticle\/36755\/td-bank-accuses-plaid-of-duping-customers-by-ripping-off-its-trademarks\" target=\"_blank\" rel=\"noopener noreferrer\">TD Bank accuses Plaid of duping customers by ripping off its trademarks<\/a> feels that the consent was obtained &#8220;unknowingly&#8221;, to me it seems like totally explicit consent.<\/li>\n<\/ul>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">&quot;That is not an interface for Chase; it is Plaid, effectively training end users (of Betterment) to enter their bank credentials in an app that is not their bank&#39;s!&quot; ~ <a href=\"https:\/\/t.co\/2BnTYLI6HH\">https:\/\/t.co\/2BnTYLI6HH<\/a> via <a href=\"https:\/\/twitter.com\/stratechery?ref_src=twsrc%5Etfw\">@stratechery<\/a> .<\/p>\n<p>Isn&#39;t that the classical definition of phishing? <a href=\"https:\/\/t.co\/sM4d4bcP5L\">pic.twitter.com\/sM4d4bcP5L<\/a><\/p>\n<p>&mdash; Ketharaman Swaminathan (@s_ketharaman) <a href=\"https:\/\/twitter.com\/s_ketharaman\/status\/1227978352822235137?ref_src=twsrc%5Etfw\">February 13, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<ul>\n<li>Airtel was denounced for sneaking in an implicit consent.<\/li>\n<\/ul>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Going by this screen, Airtel Payments Bank has obtained the required consent for opening an account. For a digital bank, a check in the box and tap of I AGREE button should be sufficient proof of &quot;informed consent&quot;. Nobody&#39;s going to explain fineprint face-to-face. <a href=\"https:\/\/t.co\/OKdbjZkOWs\">pic.twitter.com\/OKdbjZkOWs<\/a><\/p>\n<p>&mdash; GTM360 (@GTM360) <a href=\"https:\/\/twitter.com\/GTM360\/status\/1123180711698153477?ref_src=twsrc%5Etfw\">April 30, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The disconnect between <em>Explicit Consent<\/em> and <em>Implicit Consent<\/em> regularly fuels faux outrage on social networks.<\/p>\n<hr style=\"width: 70%;\" \/>\n<p>Apart from the type of consent and the manner in which it was taken, there are three more questions related to the topic:<\/p>\n<ul>\n<li>Is the consent granular or <em>carte blanche<\/em><\/li>\n<li>Will consumers give consent or not?<\/li>\n<li>Will consumers realize that they have given consent?<\/li>\n<\/ul>\n<p>According to me, the exact language of the consent-seeking statement is critical in framing the overall narrative around consent. Given below is a handy primer:<\/p>\n<p><a name=\"primer-consent-statement\"><\/a><\/p>\n<blockquote class=\"skr-bq\">\n<div style=\"background-color: #fafafa; padding: 15px 30px;\">\n<h4><a href=\"https:\/\/gtm360.com\/blog\/2020\/12\/02\/consent-dilemma-have-you-given-it-or-not\/#primer-consent-statement\" target=\"_blank\" rel=\"noopener noreferrer\">Primer for Consent Statement<\/a><\/h4>\n<p>(Context: Fintech App ACME seeks Banking Data)<\/p>\n<p>(A) I permit ACME to access all data in tables <em>CUST_TRXN, CUST_MORTGAGE<\/em>, but not in tables <em>CUST_LOAN_TRXN<\/em> and <em>CUST_CREDITCARD_TRXN<\/em><\/p>\n<p>(B) I permit ACME to access all data related to <em>current account<\/em> and <em>mortgages<\/em> but not <em>loans<\/em> and <em>credit cards<\/em><\/p>\n<p>(C) I permit ACME to access all data it requires to give me tips to <em>maximize my yield<\/em> but not to <em>switch banks<\/em>.<\/p>\n<\/div>\n<\/blockquote>\n<p>As you can see, the language shifts from <em>technical<\/em> to <em>feature<\/em> to <em>benefit<\/em>.<\/p>\n<p>Years ago, I issued guidance to my retainer clients that people are more likely to give consent if the consent statement is worded around a Benefit rather than as a Feature or in Technical terms. See my post entitled\u00a0<a href=\"https:\/\/gtm360.com\/blog\/2020\/09\/02\/how-brands-can-leverage-the-eternal-disconnect-between-want-like\/\" target=\"_blank\" rel=\"bookmark noopener\">How Brands Can Leverage The Eternal Disconnect Between Want &amp; Like<\/a>\u00a0and <em>Finextra<\/em> blog post entitled <a href=\"https:\/\/www.finextra.com\/blogposting\/14695\/open-banking-consent-is-key\" target=\"_blank\" rel=\"noopener noreferrer\">Open Banking: Consent is Key<\/a>\u00a0for context.<\/p>\n<p>A recent study by ING confirms my prediction. In a recent article reporting on this study, <a href=\"https:\/\/www.finextra.com\/newsarticle\/36692\/consumers-remain-suspicious-about-open-banking\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Finextra<\/em><\/a> says:<\/p>\n<div style=\"background-color: #fafafa;\">\n<p>UK polling firm Ipsos has found strong evidence of a disparity between<strong> what people say they want <\/strong>and <strong>what they say they are prepared to do<\/strong>. One of the firm&#8217;s surveys found <strong>75% of people would like to have access to data on how they spend their money<\/strong>, but <strong>only 40% said they were comfortable providing the information that could lead to that<\/strong>. (emphasis mine)<\/p>\n<\/div>\n<p>Despite years of planning and hype, <a href=\"https:\/\/twitter.com\/s_ketharaman\/status\/1310906971285942272\" target=\"_blank\" rel=\"noopener noreferrer\">EU Open Banking \/ PSD2 regulations have not stipulated the consent language<\/a>. That&#8217;s a shame. If at all Open Banking takes off in the European Union, I predict that there will be a Fintech version of <em>Social Dilemma<\/em> in the forseeable future.<\/p>\n<p><a href=\"https:\/\/gtm360.com\/blog\/wp-content\/uploads\/2020\/11\/risks-and-benefits-of-open-banking.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-7555 size-medium\" src=\"https:\/\/gtm360.com\/blog\/wp-content\/uploads\/2020\/11\/risks-and-benefits-of-open-banking-200x113.jpg\" alt=\"\" width=\"200\" height=\"113\" srcset=\"https:\/\/gtm360.com\/blog\/wp-content\/uploads\/2020\/11\/risks-and-benefits-of-open-banking-200x113.jpg 200w, https:\/\/gtm360.com\/blog\/wp-content\/uploads\/2020\/11\/risks-and-benefits-of-open-banking.jpg 480w\" sizes=\"auto, (max-width: 200px) 100vw, 200px\" \/><\/a>On the other hand, California has done a good job in this regard. While it&#8217;s still early days, the most populous American state&#8217;s new <em>California Consumer Privacy Act<\/em> (CCPA) is the first data protection regulation I know of that expressly recognizes the role of language in obtaining consent.<\/p>\n<p>Not just that, the state&#8217;s regulators have shrewedly forseen the potential for brands to use dodgy language to create deception via Dark Pattern. More at <a href=\"https:\/\/www.theregister.com\/2020\/10\/13\/california_updates_privacy\/\" target=\"_blank\" rel=\"noopener noreferrer\">California outlaws wording, webpage buttons designed to hoodwink people into handing over their personal data<\/a>. Maybe it comes from the proximity of California&#8217;s lawmakers to Silicon Valley or whatever but credit where credit&#8217;s due.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Netflix show Social Dilemma has rekindled the eternal controversy over privacy, tracking, and manipulation by digital companies. As consumers, many of us outrage at brands for using our private information to target us with personalized communications, ads and targeted offers. In this post, I&#8217;m going to go out on a limb and argue that &#8230; <a title=\"Consent Dilemma &#8211; Have You Given It Or Not?\" class=\"read-more\" href=\"https:\/\/gtm360.com\/blog\/2020\/12\/02\/consent-dilemma-have-you-given-it-or-not\/\" aria-label=\"Read more about Consent Dilemma &#8211; Have You Given It Or Not?\">Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":7553,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,6,4,1],"tags":[],"class_list":["post-7547","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-b1-integrated-marketing","category-bfsi","category-digital-marketing","category-mandatory-category"],"_links":{"self":[{"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/posts\/7547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/comments?post=7547"}],"version-history":[{"count":20,"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/posts\/7547\/revisions"}],"predecessor-version":[{"id":9468,"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/posts\/7547\/revisions\/9468"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/media\/7553"}],"wp:attachment":[{"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/media?parent=7547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/categories?post=7547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gtm360.com\/blog\/wp-json\/wp\/v2\/tags?post=7547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}