Permission to access data is granted by default. The user has to take action to stop access.
For example, NHS patients can choose to stop sharing confidential information for research and planning purposes.
- Useful in cases where public interest in access to data is strong enough, for example medical research
- Users might not realise data is being shared
- Even if they are aware, users might not know how to stop access
- Not an appropriate form of consent for email or text marketing or communication. Users must give specific consent for this.
Was this pattern useful?