Raising Consent Awareness With Gamification and Knowledge Graphs: An Automotive Use Case

Sven Carsten Rasmusen*, Manuel Penz, Stephanie Widauer, Petraq Nako, Anelia Kurteva, Antonio Roa-Valverde, Anna Fensel

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review

20 Citations (Scopus)


Consent is one of GDPR’s lawful bases for data processing and specific requirements for it apply. Consent should be specific, unambiguous and most of all informed. However, an informed consent request does not guarantee having individuals who are aware of what it means to consent and the implications that follow. Consent is often given blindly now, in particular because of information overload from long privacy policies written in legal language and complex interface designs that cause consent fatigue on the users' side. This paper presents a knowledge graph-based user interface for consent solicitation, which uses gamification to raise the legal awareness and ease individual’s comprehension of consent. The knowledge graph models informed consent in a machine-readable format and provides a unified consent model to all entities involved in the data sharing process. The evaluation shows that with the help of gamification, the interface can raise individuals' average legal awareness to 92.86%.
Full Text Preview

Gathering information about one’s behaviour is an important key to improving existing technology as it can provide an insight into behavioural trends (i.e., how and why individuals act in certain situations (Rodríguez et al. (2013), Štreimikienė (2014), Elbayoudi et al. (2016), Fotopoulou et al. (2017)). Such information has proven to be useful for large organisations in sectors such as insurance and online-advertising, who have started the trend of “behavioural targeting” (Jaworska and Sydow (2008); Zuiderveen Borgesius (2016)). Now, more than ever, personal data is being collected, analysed, and shared between multiple entities and, in most cases, the collection happens without one’s consent and knowledge about the implications that follow (Joergensen (2014); Bechmann (2014)).

In order to change that, in 2018, the European Parliament and Council of the European Union1 accepted the General Data Protection Regulation (GDPR)2. GDPR has led to a drastic change in how the personal data of European citizens is handled by introducing six lawful bases for the processing of personal data, one amongst which is consent. Consent has a crucial role since no data processing can begin without it. GDPR has set specific requirements for it (Art. 6, 7). Consent should be freely given, unambiguous, explicit, and most of all informed (Rec. 32). In order to have informed consent, a consent request, which is compliant with GDPR, must present information about what data is required, for what purposes, how the data will be processed, by whom, etc. (Art. 7, Rec. 32). However, presenting such information does not guarantee that one will be truly informed (i.e., aware of what it means to consent). There is a need for consent tools that focus on raising individuals’ legal awareness while being compliant with GDPR (McStay (2013)).

One of the main means of requesting consent online is via a User Interface (UI) - a prompt window asking one to “Agree” to the presented privacy policy and terms and conditions, which are rarely read and “when they are, they are hard to digest” (McDonald and Cranor (2008); Drozd and Kirrane (2020)). The option to “Not Agree” is also rarely present (Utz et al. (2019); Matte et al. (2020)). Options such as consent revocation are, in many cases, hidden from individuals (i.e., one needs to search and go through several screens to withdraw the given consent). According to Article 7 of GDPR, “it shall be as easy to withdraw as to give consent” thus such consent request UIs are in violation. Giving consent by selecting “Agree” to the presented privacy policy does not imply that individuals are aware of what their actions mean and the implications that follow (Byrne et al 1988). For example, individual’s vehicle sensor data such as fuel and speed can be used by insurance companies to make decisions about the value of the vehicle and for medical payments or personal injury protection coverage in the case of a car accident. Such data could be used to adjust a driver’s insurance premiums upwards or downwards depending on their driving habits, age, and health without the driver realising that this adjustment was based on continuously collected data. In most cases, one gives consent without questioning what is asked and for what purposes (Bechmann (2014); Joergensen (2014)). Bechmann (2014) defines this behaviour as a beginning of a culture of “blind consent”. Humans look for visual cues when presented with content (Clark and Mayer (2016); Brookhaven National Laboratory (2017)). Presenting individuals with long paragraphs of legal text does not ease comprehension (Wszalek (2017); Ericsson (1988); Kurteva and de Ribaupierre (2021)). Instead, it can lead to confusion and information overload (Gross (1965)), which can make one dismiss the process by giving consent without being informed.
Continue Reading
Original languageEnglish
Pages (from-to)1-21
JournalInternational Journal on Semantic Web and Information Systems
Issue number1
Publication statusPublished - 1 Jan 2022


Dive into the research topics of 'Raising Consent Awareness With Gamification and Knowledge Graphs: An Automotive Use Case'. Together they form a unique fingerprint.

Cite this