Neue Veröffentlichung zum Datenschutz in digitalen Ökosystemen


Kürzlich erschien im Springer-Verlag der Sammelband „Human Factors in Privacy Research“ von Nina Gerber, Alina Stöver und Karola Marky. Das ZRD steuerte ein Kapitel darüber bei, wie man in digitalen Ökosystemen eine nutzerfreundliche und rechtssichere Zustimmung zur Verwendung der eigenen Daten erreichen kann.

Bianca Steffes vom Lehrstuhl für Rechtsinformatik und Simone Salemi vom ZRD arbeiteten dafür mit Denis Feth und Eduard C. Groen zusammen. Ihr Beitrag mit dem Titel „Generic Consents in Digital Ecosystems: Legal, Psychological, and Technical Perspectives“ ist online kostenfrei zugänglich.



Consent is an important authorization basis for the processing of personal data. According to the General Data Protection Regulation (GDPR), consents must be as specific and unambiguous as possible. In practice, however, this leads to users being overwhelmed by the large number of consent requests, which can ultimately be detrimental to freedom of choice. What the overwhelming number of requests for consent can lead to is reflected by the so-called cookie fatigue problem: users have become accustomed to accepting cookies on websites only to get rid of cookie banners as quickly as possible. As cookies do not always lead to the collection of personal data, the cookie fatigue problem cannot be transferred entirely to the problem we would like to address in this chapter. It only serves as an example for the consequences of overloading a data subject with requests for consent. As the GDPR demands that consent be informed and given freely, the current strategy of consent handling cannot be in the spirit of the data protection legislation. In this chapter, we present our vision of how consent can be integrated in the context of digital ecosystems from three perspectives: (1) achieving legal compliance according to data protection law, (2) demonstrating technical feasibility, and (3) assuring user-friendliness by adding cognition to the equation. Our approach aims to enable “generic consents” within a clearly defined scope and context. Although generic consents that serve as a “catch-all” are generally not allowed, we leverage the specific characteristics of digital ecosystems to impose limitations that can justify their use in this particular context. We will also detail the legal implications and present implementation options.