LO 8.4.3.A

Learning Objective: Recognize the main point behind each of the five “C’s”

• Consent

• Clarity

• Consistency

• Control and transparency, and

• Consequences and harm.

Review

• Consent

It needs an agreement about what data is being collected and how that data will be used to establish trust between the people who are providing data and the people who are using it. The agreement starts with obtaining consent to collect and use data.

At every step of building a data product, it is essential to ask whether appropriate and necessary consent has been dispensed.

• Clarity

Clarity is closely linked to consent. You cannot consent to anything unless you're clearly told what you're consenting to. Users must have clarity about what data they are dispensing, what is going to be done with the data, and any downstream consequences of how their data is used.

• Consistency

Trust requires consistency over time. We usually do not trust someone who is unpredictable

• They may have the best intentions, but they may not honor those intentions when you need them to.
• They may interpret their intentions in a strange and unpredictable way. And once broken, rebuilding trust may take a long time.

Restoring trust requires a prolonged period of consistent behavior. Consistency, and therefore trust, can be broken either explicitly or implicitly.

• Control and transparency

Once we have passed our data on to a service, we should be given sufficient information to understand what is happening to our data.

A major part of the shift in data privacy rights is moving to give users greater control of their data. For example, Europe’s General Data Protection Regulation (GDPR) requires users’ data to be provided to them at their request and removed from the system if they so desire.

• Consequences and harm

It is crucial to ask whether the data collected could cause harm to an individual or group. We continue to hear about unforeseen consequences and the "unknown unknowns" in the use of data and the combination of data sets. Although risks can never be eliminated completely, many unforeseen consequences and unknown unknowns could be predicted and known if only people had tried.

Due to potential problems with the use of data, laws, and policies have been put in place to protect certain groups, such as the Children's Online Privacy Protection Act (COPPA) protecting children and their data. Likewise, there are laws to protect specific sensitive data sets: for example, the Genetic Information Nondiscrimination Act (GINA) was introduced in 2008 in response to growing fears that genetic testing could be used against a person or their family.