IEEE Transactions on Professional Communication Mar 2024 Open Access

Beware: Processing of Personal Data—Informed Consent Through Risk Communication

Lukas Seiling Weizenbaum Institute ; Rita Gsenger Weizenbaum Institute ; Filmona Mulugeta Mercedes-Benz (Germany) ; Marte Henningsen ; Lena Mischau Weizenbaum Institute ; Marie Schirmbeck Weizenbaum Institute

Abstract

<bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Background:</b> The General Data Protection Regulation (GDPR) has been applicable since May 2018 and aims to further harmonize data protection law in the European Union. Processing personal data based on individuals’ consent is lawful under the GDPR only if such consent meets certain requirements and is “informed,” in particular. However, complex privacy notice design and individual cognitive limitations challenge data subjects’ ability to make elaborate consent decisions. Risk-based communication may address these issues. <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Literature review:</b> Most research focuses on isolated aspects of risk in processing personal data, such as the actors involved, specific events leading to risk formation, or distinctive (context-dependent) consequences. We propose a model combining these approaches as the basis for context-independent risk communication. <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Research questions:</b> 1. What are relevant information categories for risk communication in the processing of personal data online? 2. Which potentially adverse consequences can arise from specific events in the processing of personal data online? 3. How can consequences in the processing of personal data be avoided or mitigated? <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Research methodology:</b> The GDPR was examined through a systematic qualitative content analysis. The results inform the analysis of 32 interviews with privacy, data protection, and information security experts from academia, Non-Governmental Organizations, the public, and the private sector. <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Results:</b> Risk-relevant information categories, specific consequences, and relations between them are identified, along with strategies for risk mitigation. The study concludes with a specified framework for perceived risk in processing personal data. <bold xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Conclusion:</b> The results provide controllers, regulatory bodies, data subjects, and experts in the field of professional communication with information on risk formation in personal data processing. Based on our analysis, we propose information categories for risk communication, which expand the current regulatory information requirements.

Journal
IEEE Transactions on Professional Communication
Published
2024-03-01
DOI
10.1109/tpc.2024.3361328
CompPile
Open Access
OA PDF Hybrid
Topics
professional writing
Export
BibTeX RIS

Citation Context

Cited by in this index (1)

  1. Hope et al. (2025)
    Investigating Cookie Banners and Mitigating Complacent Clicking With Informed-C…
    Journal of Technical Writing and Communication

References (82) · 1 in this index

  1. (2016)
    Regulation (EU) 2016679 of the European Parliament and of the Council of Europe on the pr…
  2. Voigt (2018)
    The EU General Data Protection Regulation
  3. 10.1145/3319535.3354212
  4. Solove (2013)
    Introduction: Privacy self-management and the consent dilemma
    Harvard Law Rev.
  5. Matte (2020)
    Do cookie banners respect my choice: Measuring legal compliance of banners from IAB Europ…
Show all 82 →
  1. Weinzierl (2020)
    Dark Patterns als herausforderung fr das Recht. Rechtlicher Schutz vor der ausnutzung von…
    Neue Zeitschrift fr Verwaltungsrecht Extra.
  2. 10.1145/3106426.3106427
  3. McDonald (2008)
    The cost of reading privacy policies
    IS: J. Law Policy Inf. Soc.
  4. 10.1080/1369118x.2018.1486870
  5. 10.1057/978-1-349-95121-5_472-2
  6. 10.1037/0003-066x.58.9.697
  7. 10.1016/j.copsyc.2019.08.025
  8. 10.3390/soc4040770
  9. 10.1109/msp.2005.22
  10. 10.1111/j.1745-6606.2006.00070.x
  11. Trepte (2014)
    Risky behaviors: How online experiences influence privacy behaviors
  12. 10.1007/978-3-319-20898-5_33
  13. Tabassum
    I dont own the data: End user perceptions of smart home device data practice and risks
  14. 10.1145/3274371
  15. 10.1007/978-3-642-14282-6_23
  16. 10.1016/j.compind.2009.12.001
  17. 10.1145/1572532.1572538
  18. Barth et al. (2021)
    Privacy Rating: A User-Centered Approach for Visualizing Data Handling Practice…
    IEEE Transactions on Professional Communication
  19. Graf (2011)
    Final HCI research report
  20. Rossi (2019)
    DaPIS: An ontology-based data protection icon set
  21. Meldau
    Iconset for data-privacy declarations v0.1
  22. Moskowitz (2011)
    Privacy icons
  23. Thouverain (2020)
    Privacy icons: Transparenz auf einen blick
  24. 10.21552/edpl/2019/3/9
  25. Rossi (2020)
    Whats in an icon Promises and pitfalls of data protection iconography
  26. 10.1201/9781482289688-50
  27. 10.1098/rsta.2016.0118
  28. (2009)
    ISO Guide 73:2009(en) Risk Management Vocabulary
  29. (2017)
    Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing…
  30. 10.1016/j.dss.2012.06.010
  31. Glover (2010)
    A comprehensive model of perceived risk of E-commerce transactions
    Int. J. Electron. Commerce  
  32. 10.1111/isj.12062
  33. 10.1016/j.ijinfomgt.2016.03.003
  34. 10.1145/3281444
  35. 10.2139/ssrn.2411672
  36. Levenson (2023)
    Nebraska teen who used pills to end pregnancy gets 90 days in jail
  37. 10.1515/9780804772891
  38. (2012)
    Guide for conducting risk assessments
  39. 10.1515/til-2019-0008
  40. Allyn (2020)
    The Computer Got It Wrong: How facial recognition led to false arrest of black man
  41. 10.1057/s41303-017-0064-z
  42. Schwinghammer
    Groping in the dark Exploring customer perception of hidden actions in smart service ecos…
  43. 10.1201/9781482289688-16
  44. 10.1016/0022-4375(93)90004-7
  45. 10.1177/154193129003400801
  46. Sasse (2005)
    Why do we need it How do we get it
  47. 10.2478/popets-2019-0047
  48. 10.1016/0925-7535(93)90025-9
  49. Koester
    Privacy risk perceptions in the connected car context
  50. 10.1016/j.jrt.2022.100029
  51. Mayring (2014)
    Qualitative content analysis: Theoretical foundation, basic procedures and software solution
  52. (2019)
    Privacy Icons Project (PIP) Expert Workshop at the Weizenbaum Institute for the Networked…
  53. 10.1057/9780230244276_2
  54. 10.1017/9781107295094.013
  55. 10.1016/s2215-0366(20)30150-4
  56. 10.1017/9781108555067.007
  57. 10.4135/9781412986229
  58. Ivov
    Jitsi meet
  59. (2012)
    Open broadcaster software OBS
  60. 10.30709/978-3-86113-806-8
  61. (2009)
    Opinion 52009 on online social networking
  62. Ohm (2009)
    Broken promises of privacy: Responding to the surprising failure of anonymization
    UCLA Law Rev.
  63. 10.14763/2019.2.1410
  64. 10.1017/CBO9781107590205.004
  65. 10.1186/s40537-019-0177-4
  66. 10.1257/jel.20171452
  67. (2013)
    Opinion 032013 on purpose limitation
  68. 10.1016/j.jpubeco.2019.02.001
  69. Laughery (1997)
    Warnings and risk perception
  70. 10.1109/csf.2014.15
  71. 10.1017/CBO9781107590205.003
  72. 10.1007/978-3-642-23768-3_2
  73. 10.1201/9781482289688-90
  74. 10.1109/cedem.2017.23
  75. 10.1145/3411764.3445387
  76. (2020)
    Communication from the Commission to the European Parliament, The Council, The European E…
  77. Harkous
    Polisis: Automated analysis and presentation of privacy policies using deep learning
CrossRef global citation count: 4 View in citation network → Build reading path →

Related Articles

  1. Computers and Composition Jun 2026
    “Article laundry” or “tutor in pocket?”: Multilingual writers’ generative AI-assisted writing in professional settings
    Qianqian Zhang-Wu
    writing pedagogy teacher development professional writing qualitative research digital rhetoric artificial intelligence multilingual writers
  2. Business and Professional Communication Quarterly May 2026
    Communicating Diversity and Inclusion in LinkedIn Job Advertisements
    Rashid Ashraf; Said Badreddine; Mohamed I. Albeshr; Hamsa Al Ammari; Malik Muhammad Sheheryar Khan; Pranav Naithani
    discourse analysis professional writing race and writing
  3. Business and Professional Communication Quarterly May 2026
    Andrew Carnegie and the Rhetorical History of Business and Professional Communication
    Joe Edward Hatfield
    rhetorical criticism teacher development professional writing archival research
  4. Written Communication May 2026
    Categorizing Human Identity in Writing Research: A Case for Participant Self-Identification in the Disaggregation of Data
    Jennifer Burke Reifman
    modern rhetorical theory professional writing empirical research
  5. Business and Professional Communication Quarterly Apr 2026
    Bridging Curricula and Workplaces in China: A Needs-Based Model for Arabic Business Communication
    Suo Yan Mei; Suo Yan Ju; Zarima Mohd Zakaria
    discourse analysis teacher development professional writing