In this chapter I outline the current practices in information technology that involve informed consent procedures, or should involve informed consent procedures but currently lack them. I do this by looking at several general areas with case studies to illustrate some of the more specific issues, as well as showing the extent of the problems as they are already found in information technology. From this I will show that, similarly to the way Manson and O'Neill showed in bioethics, there are serious concerns for the use of the Faden and Beauchamp style of autonomy-based theory for informed consent in information technology, and that this is therefore not an appropriate theory to use when developing informed consent practices in information technology. This chapter will set the scene for the next chapter, in which I outline how the Manson and O'Neill waiver-based theory could work better for information technology purposes given the similarities to and despite the differences from bioethics.
Informed consent as it is currently practised in information technology places the burden of understanding, assessment of competence, and evaluation of voluntariness firmly on the consenter. The consent-requester is, currently, only responsible for disclosure and processing of the acceptance (through a button click, for example). The disclosure itself is problematic, as often too much information is disclosed, resulting in important information hidden amongst irrelevant or unimportant information, or being deliberately obscured (see section 2.1.2). Often the information is not applicable to the consenter; or so vague as to be difficult to follow; or often, as in the case of End User License Agreements, which will be dealt with further, written in a language loaded with legal terms and constructions that mean very little to the consenter, or which deliberately obscure important information. This style of agreement fits in with the model presented by Faden and Beauchamp as effective consent (see section 1.2.2), because it relies mainly on the use of disclosure, but justifies itself with appeals to autonomy and the idealistic nature of the autonomous authorisation or duty to disclose models (also addressed in Chapter 1).
The cases I will use are cases that occur commonly in information technology situations. The examples I use here are End User License Agreements, privacy policies, and an area that has been studied before by Friedman et al. (2002): cookies. In each example, I will outline the problem, the current practices used to solve it, and analyse the problem in terms of the theories presented in Chapter 1. I will then use this to show how these autonomy-based theories are not appropriate for information technology, in order to pave the way for the next chapter.
The methods I use here for establishing the informed consent issues in information technology are from the school of qualitative data analysis, that is, through an interpretive analysis of several case studies, following Walsham in an attempt to gain “an understanding of the information system, and the process whereby the information system influences and is influenced by context” (Walsham, 1993). According to Walsham, the interpretive approach is commonly used within qualitative analysis, and is subjective, involves multiple constructed realities, and requires a full understanding of the context and values in order to establish claims. As mentioned previously, I use case studies to identify the characteristics of current approaches to informed consent in information technology, as well as identify the problems inherent to these systems. This approach relies on drawing cogent and plausible conclusions based on logical, rational reasonings from the analysis of each case study. I choose several exemplary EULA cases from large, popular software, as well as other software that is not as well-known, along with the general case of privacy policies and cookies to act as real-life examples of the extent of problems of current informed consent procedures in information technology. These case studies allow for a thorough and rich analysis of the actual and potential of current informed consent practices within information technology. Although they are not isolated cases, to answer to the criticisms of Darke (2000) and Yin (1993) on the limitations of case studies, the fact that these cases exist shows the problems inherent in the current systems used for obtaining consent and provides the motivation for the recommendations provided in chapters 3 and 4.