Distributed consent and its impact on privacy and observability in social networks Juniper Lovato 1 , Antoine Allard 2,3 , Randall Harp 4 , and Laurent H´ ebert-Dufresne 1,2,5 1 Vermont Complex Systems Center, University of Vermont, Burlington VT 2 D ´ epartement de physique, de g ´ enie physique et d’optique, Universit ´ e Laval, Qu ´ ebec (Qu ´ ebec), Canada G1V 0A6 3 Centre interdisciplinaire de mod ´ elisation math ´ ematique, Universit´ e Laval, Qu´ ebec (Qu ´ ebec), Canada G1V 0A6 4 Department of Philosophy, University of Vermont, Burlington VT 5 Department of Computer Science, University of Vermont, Burlington VT ABSTRACT Personal data is not discrete in socially-networked digital environments. A single user who consents to allow access to their own profile can thereby expose the personal data of their network connections to non-consented access. The traditional (informed individual) consent model is therefore not appropriate in online social networks where informed consent may not be possible for all users affected by data processing and where information is shared and distributed across many nodes. Here, we introduce a model of “distributed consent” where individuals and groups can coordinate by giving consent conditional on that of their network connections. We model the impact of distributed consent on the observability of social networks and find that relatively low adoption of even the simplest formulation of distributed consent would allow macroscopic subsets of online networks to preserve their connectivity and privacy. Distributed consent is of course not a silver bullet, since it does not follow data as it flows in and out of the system, but it is one of the most straightforward non-traditional models to implement and it better accommodates the fuzzy, distributed nature of online data. Introduction One key focus of the blooming field of data ethics concerns how big data and networked systems challenge classic notions of privacy, bias, transparency and consent 1 . In particular, the traditional privacy model (TPM), which relies on individual self-determination and individual consent, we argue, is no longer appropriate for the digital age. First, TPM requires that consent be informed, which may not be possible in the context of large data sets and complicated technologies. Second, TPM presumes individual control over personal information, but the flow of information in networked systems precludes anyone from having such control over any piece of data. While the modern information environment shows both conditions to be problematic, and while we briefly discuss the information condition, we focus most of our attention here on the individuality condition. Individual consent has many limitations—notably, we live in a highly networked and advanced technological society, where digital decisions and actions are interconnected and affect not just ourselves but our digital community as a whole. Individual consent, in a digital age, is flawed and ineffectual when protected class data and social profiles can be easily inferred via our social networks 2, 3 . The individual consent model works most effectively in a physical space with linear contracts between two discrete parties and no externalities. This however does not translate well to a digital realm where personal data boundaries are fuzzy and interwoven. The current overuse of individual consent online has also lead to a negative externality of weaker consent due to consent desensitization, in part because users are now faced with a deluge of consent requests 4 . Thus, a new approach for data privacy and consent in this context is needed. The new model of data privacy will need to take into account several factors: the networked virtual space that we occupy; integration of group consent; and a mechanism for distributed moral responsibility when data privacy is breached or data is processed, combined, or manipulated in unethical manners 5 . In this paper, we will only focus on distributed consent in particular and evaluate, in a mathematical model, its potential to increase the general privacy of online social networks. We aim to cover the latter data privacy concerns in future work. Failures of individual consent in the online world Consent is an expressed action that facilitates an agreed upon initiative of another party. Consent, in this context, should not be mistaken for a state of mind or an attitudinal event 6, 7 . It is an autonomous act that must meet certain criteria in order to be considered a valid action. The legitimacy of consent hinges on a number of criteria 8 : arXiv:2006.16140v1 [physics.soc-ph] 29 Jun 2020