"Collective consent describes those cases that sit between the realms of government regulation and individual consent. Imagine, for instance, a group of patients with a specific type of cancer. They would like to make their data available for research, but are afraid the data may fall into the wrong hands (‘wrong’ in this case ranging from a future employer to their social network). If half the group shares this data, it would become relatively easy to infer information about the other half. In other words, an individual view of consent doesn’t take account of the fact that the entire group has a stake in each person’s decision. In addition, if the cancer is genetic, sharing this data may also impact the family members of the patients. Therefore, instead of each patient making these decisions on their own, we could imagine them coming together and collectively deciding on the best course of action: who do they want to extend access to this data and under what conditions?
Acting collectively would also push back against some of the problems stemming from the power imbalance between the individual and, for instance, the social media platforms we consent to. Instead of having to decide between signing an EULA or leaving the platform, we could collectively negotiate an EULA we would enthusiastically consent to." (https://foundation.mozilla.org/en/blog/when-one-affects-many-case-collective-consent/)
"Many of the new data governance models being pioneered today rely on some notion of collective governance and consent.
- Data Trust (where trustees govern data rights on behalf of a group of beneficiaries),
- Data Commons (where data is governed as a commons),
- Data Cooperatives (where data is governed by the members of the coop) and consent champions (where individuals defer some of their data sharing decisions to a trusted institution)."
"Of course, many questions remain: Who would be part of this collective? How are decisions made? How do we negotiate between the individual and collective interests? How do groups come into existence? How are rules enforced?
Below I briefly discuss each of these questions.
Who are the members of the collective?
Who should be part of the group that makes decisions about data sharing? In the case of the cancer example shared above, the natural group could be cancer patients and their families, perhaps guided by medical professionals or advocacy organisations. In other cases, the bounds of the group may be less clear. As a general rule, the group should be made up of people affected by the decisions and not be made up by people not affected by the decision. That being said, in some cases those affected by the decision to share data may not be able to form part of the collective (for instance because they have not yet been born) and a representative might be elected to advocate on their behalf.
How are decisions made and by who?
Within the collective, who gets to decide? And who gets to decide who decides? Will the collective rely on some form of direct democracy, where all the members of the group feed into the decision, or will they vote in representatives? Will decision-making bodies be determined by external actors (eg a government) or by the group itself? And how are decisions made? Majority vote? Unanimity?
The answers to these questions will likely depend on such things as the size of the group, the sensitivity of the data, the number of decisions that needs to be made day-to-day, the level of expertise of the members of the group etc. My personal preference veers towards models that allow us to ‘reform without violence’, meaning it should be relatively easy to replace decision-makers (as is generally true in a electoral democracy).
This question is as old as the notion of governance itself. One approach would be to say we can put the needs of the collective over the needs of the individual, as long as doing so does not, for instance, violate anyone’s human, or data protection rights. Much the same way many governments mandate that the wealthy pay a higher tax rate than the less affluent but would never torture an individual, even when doing so could save the lives of many (this approach follows a rule utilitarian line of reasoning). Of course, the real challenge is navigating the grey zone in between and answers will depend on cultures, preferences and jurisdiction of the collective in question.
How do collectives come about?
I could see many reasons for a collective to emerge. It could be mandated by a government, driven by a specific need stemming from the data subjects (eg find a cure for cancers), or initiated by the data collector who would like to obtain data with the full consent of those the data is about.
How are rules enforced?
Going through the trouble of deciding who can collect, access and use specific types of data for specific purposes is meaningless if we cannot also enforce those rules. The most obvious way to guarantee enforcement is if the collective is also able to control access to the data."