Consent and the Right to Privacy

Abstract

There is currently intense debate about the significance of user consent to data practices. Consent is often taken to legitimate virtually any data practice, no matter how invasive. Many scholars argue, however, that user consent is typically so defective as to be ‘meaningless’ and that user privacy should thus be protected by substantive legislation that does not rely (or does not rely heavily) on consent. I argue that both views rest on serious mistakes about the validity conditions for consent. User consent is sufficiently impoverished that it does not guarantee legitimacy but is not so impoverished as to be ‘meaningless’; it can legitimate data practices that are independently reasonable but not those that are exploitative. Since many valuable data practices must be consented to if they are to be legitimate (or so I argue), our privacy legislation should continue emphasizing the importance of user consent, even if auxiliary protections are also desirable.