New publication: ‘Informed’ consent in popular location based services and digital sovereignty

In many countries, informed consent is required before a service provider can collect personal data from a user. For location-based services (LBS), this applies in particular to personal location information, which can enable deep inferences about a person. As part of the SIMPORT project, we wrote the article “‘Informed’ consent in popular location-based services and digital sovereignty“, which was published in the Journal of Location Based Services on 1 February 2022. The article was also awarded the Best Full Paper Award 2021.

In this paper, we present a systematic analysis of how informed consent for the collection of personal location information is obtained in 40 popular LBS on each of the two largest app stores. Two independent raters assessed the content, structure and design of the dialogues shown by apps to obtain consent from users.

Location access dialogue types on Android 11: full-screen (komoot), custom (Strava) and system dialogue (Signal) – Screenshots were taken during app analysis

Based on their assessment, we identified common approaches used across and within different app categories and platforms, including the frequent use of ‘dark patterns’. Dark patterns are user interface designs that are intended to tempt users into certain actions that are in the interest of the company.

Number of dark patterns found in total for all apps per rater.

We highlight key issues arising from these common designs, discuss specific gaps in the procedure of obtaining informed consent and propose improvements to that procedure. In addition, we consider current practice in the context of enabling digital sovereignty with respect to personal location information. Our findings can shape the design and evaluation of informed consent procedures for future LBS in research and practice.

Mockup of an intrusive location access request (based on actual observations)

Link to the Open Access Dokument