For data to be regularly accessed in the future for a specific purpose the user has to give explicit permission. The choice to give consent must be clear and given freely. If a user declines a request for access, this doesn’t prevent them from using the service.
- It’s a low friction way for the user to agree to regular data sharing for a specific purpose e.g. a weekly newsletter without having to repeat the consent process every time
- The user understands why the data is needed and what it’s going to be used for, as long as the explanation is included in the request
- When and how consent is granted can be recorded to meet legal obligations
- It will be difficult for users to assess the consequences of data sharing if organisations request permission to access lots of data for multiple purposes at the same time
- It can be hard to understand what opting in will mean in practice, users must always know how they can opt out later on
Current European Union legislation requires users to opt-in to cookies being stored on devices.
Was this pattern useful?