Petteri Kalaoja

Professional & Personal
Consent Customer data Privacy Uncategorized

A Consent and Privacy Management Framework

The change drivers in customer behaviour, tightening privacy regulation around the globe and evolving privacy technology is changing how people value and give consent to use their data. This has both short and long-term impacts, especially for businesses that have been used to utilising consumer data very freely.

This thesis investigates different factors that must be considered when approaching such a large and complex environment of change drivers. The work includes a categorisation of themes and relevant topics where an organisation can choose the correct elements when building an iterative privacy strategy. The research also analyses new privacy-related technology needed to comply with the regulation.

Research findings from the questionnaire and interviews gained insight into how people value their privacy and how they compare this against how they act in practice. The conclusion is that a majority of people are concerned about how their personal data is used, and they want to be in control of that, but their actions are contractionary. People expect companies to apply transparency, fairness and a customer-first approach when designing the consent process, no matter if the user is declining or giving consent. These findings align with other similar studies. Another finding was that users experience consent fatigue when they are forced to react to consent banners almost on any service they access, mainly because most of these banners are designed differently. Even though legislation directs how consent must be acquired, there are no standards currently that would make the consent process quick and user-friendly. An outcome of the study was customer-centric prototypes of consent banners that build trust in users.

The outcome of the thesis presents a framework to build and manage consent and privacy in a complex and rapidly changing environment. It applies a customer-centric approach to design services that are based on trust and transparency.

Link to the full thesis: