5 best practices for collecting consent on connected devices
Posted: October 24, 2023
As beneficial as connected devices have turned out to be, managing consent across a range of devices and platforms remains an unsolved data privacy challenge to date. Businesses have hardly any suitable solution in regard to data privacy regulations that obligate them to collect consent against purposeful data collection methods.
Simple as it may seem from the top, going deep becomes way too puzzling for manufacturers to balance a user-friendly experience with compliance-adhering consent requests.
Makers of connected devices face a host of hurdles, such as diverse ecosystems, varied user interfaces, limited screen real estate, user attention span, data complexity, contextual relevance, consistency across platforms and user awareness, to name just a few.
With all the above challenges in mind, collecting consent on connected devices – like smart TVs, connected cars, apps, and more – requires following a host of best practices. Here, we enlist the top five practices that highlight how manufacturers of connected devices can be more convincing in their approach to data collection.
Best practices for collecting consent on connected devices
Best practices for collecting consent on connected devices include maintaining consistent design and language across devices, syncing preferences across devices, ensuring transparency, clarity, and context, as well as prioritizing user control and education.
Transparency and clarity
A straightforward and user-friendly consent flow plays a paramount role in collecting consent from connected devices. It empowers users to make informed decisions, ensures compliance with regulations, contributes to a positive brand image, and offers a superior user experience.
Clarity in consent comes with ease of language in the cookie consent banner. It helps users fully understand the implications of their consent choices. The use of plain language makes the message accessible to a broader audience, including those with limited proficiency in the language. Fully understanding what they consent to minimizes the risk of unintended data sharing.
Clearly stating the purposes for data collection, such as improving device performance or enhancing the user experience, helps users provide informed consent. Clear statements prove to be a selling point for devices, for they convey to users how sharing personal data contributes to customization and personalized experiences.
For example, data collection in the case of thermostats, among other connected devices, requires location data to determine the local weather forecast. Bearing in mind, if companies state clear purposes for each request, users will voluntarily share relevant data.
Unambiguous and unforced consent
Collecting consent and preferences for connected devices needs to be unambiguous and unforced. Ambiguous and forced consent includes coercive tactics like pre-ticked checkboxes and dark patterns. Such consent requests manipulate or pressurize users to opt in to data collection.
As the current state of IoT devices remains in the early stages of development, the industry overall is not profitable. IoT device manufacturers count on the personal data of users to make up for the return on investment.
As this imbalance endangers the future of IoT manufacturers, some take a law-breaking approach in order to collect and monetize user data. However, even a slight deviation from the norm may result in legal consequences, including reputational damage and financial loss.
GDPR requires specific, informed, and ambiguous consent requests. Explicit, clear, and ambiguity-free consent requests enable users to make informed and voluntary decisions regarding their personal data.
Manufacturers, in lieu of breaking the law and losing user trust, should trade convenience for data sharing. They should respect the privacy rights of users and adopt ethical practices like opt-in, layered consent, and dynamic consent.
Contextual consent requests
Timing is crucial in a consent journey. Properly timed consent requests reinforces the idea that consent is being collected for that very specific purpose.
Contextual consent requests for connected devices enable users to review their privacy settings and manage their consent preferences with ease.
Ideally, consent requests should not come in a volley. It risks overwhelming users. Instead, they should be presented in relevance to the users’ interaction with the devices’ features.
Consent should go hand in hand with users’ journey into the features of a device or platform. It should be seamlessly integrated as such the requests are displayed only when a specific functionality or feature a user is trying to access.
For example, for a fitness tracker, the most convenient time for asking consent is when the user is about to initiate a run-tracking feature.
Visual design and user experience
Design speaks volumes for data collectors who want to convey clear communication to users, maintain a consistent branding, and empower users to feel in control of their data.
When designing a consent interface, connected device manufacturers should consider the variety of devices that a user might interact with, such as wearables, smartphones, TVs, etc.
The design of consent banners should be tested for responsiveness and seamless adaptability to different sizes and resolutions. It makes sense to use design elements that users are most familiar with.
Designing a consent interface that aligns with the overall branding of the platform requires consistency with the platform’s color schemes, fonts, and visual elements.
For smaller screens, legible fonts in relation to size, contrasts, and color should be duly considered for better accessibility.
A scan-and-go approach (QR code) embedded in devices with limited manual data entry or complex interactions enables a quick and seamless interaction. It redirects users to a privacy policy that unveils detailed information regarding purposes for data collection practices. It also enables users to easily log in or provide consent without manual data entry.
Cross-platform consistency
Cross-platform consistency practice provides users with a coherent and seamless experience across all connected devices and platforms. It avoids redundant consent requests and consent fatigue.
Consistency across platforms can be achieved with careful planning, adherence to the design principles mentioned above, and consideration of the user experience.
Cross-platform consistency across different connected devices requires syncing user preferences using a centralized consent hub. A centralized privacy setting hub with a smart recognition mechanism identifies when a user grants consent on one platform or device and updates the consent across other channels, platforms, or devices.
In this hub, user preferences are centrally stored and synchronized across devices. It allows users to set their preferences once and have their preferences retrieved across all platforms for a hassle-free experience.
Conclusion
There is no tried-and-tested recipe that works adequately for collecting consent on connected devices. As the world of connected devices remains very new to most of the populace, for now, it is a time of experimentation and finding out what works best for your particular business.
At the helm sits users’ awareness, which covers detailed information about the sorts of data being collected and the implications of their consent decisions. To the point where consistency, clarity, and transparency are maintained, manufacturers can rest assured that users will voluntarily consent to data collection practices.
Download our comprehensive Data myths and misconceptions research report
This insightful report sheds light on the concerns of US consumers regarding the security of their online data. Inside, you’ll gain a deeper understanding of:
- The effectiveness of popular data protection measures
- The level of awareness among US consumers regarding the data companies can collect
- Compliance with data privacy legislation by US consumers
- Strategies for building consumer trust through responsible data handling