Giving and removing consent

Consent to data sharing with a third party

List of data points access is requested for, and buttons to approve or deny the request.

Description

A person authorises one service to share data about them with another, third-party service.

For example, someone may allow their bank to share account data (like balances or transactions) with a budgeting app. These authorisation moments are often initiated by the third party, with the person being sent back to the original service to review and approve the request.

IF sees this as an important moment because it’s when data can leave a trusted service. People need to understand who the third party is and what they’re asking for, to avoid sharing data they didn’t mean to.

Advantages

  • People can benefit from services working together, combining strengths.
  • Once authorised, background sharing can support ongoing functionality without repeated interruptions.
  • The authorisation step is a critical opportunity to help people make informed decisions.

Limitations

  • Once enabled, background data sharing can be easy for people to forget, reducing their awareness and control.
  • The service sharing the data may know little about the requesting third party, limiting its ability to support people’s decisions.
  • Being connected to a trusted service can make third parties appear more trustworthy than they are.

Examples

  • Open Banking →

    A regulated standard for sharing banking data that is used by services to support consumers and businesses with their finances. It’s used by consumer budgeting apps to collect people’s banking data from multiple accounts.

  • Google Health Connect →

    A centralised Android application for managing the sharing of health and fitness data between multiple services

Related patterns