{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T02:31:10Z","timestamp":1760149870507,"version":"build-2065373602"},"reference-count":47,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2023,9,19]],"date-time":"2023-09-19T00:00:00Z","timestamp":1695081600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"the city of Vienna under Digital Humanism programme","award":["MA7\u2013742558\/19","V 759-N"],"award-info":[{"award-number":["MA7\u2013742558\/19","V 759-N"]}]},{"name":"FWF Austrian Science Fund","award":["MA7\u2013742558\/19","V 759-N"],"award-info":[{"award-number":["MA7\u2013742558\/19","V 759-N"]}]},{"name":"Internet Foundation Austria","award":["MA7\u2013742558\/19","V 759-N"],"award-info":[{"award-number":["MA7\u2013742558\/19","V 759-N"]}]},{"name":"FWF Elise Richter and netidee SCIENCE programmes","award":["MA7\u2013742558\/19","V 759-N"],"award-info":[{"award-number":["MA7\u2013742558\/19","V 759-N"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>The General Data Protection Regulation (GDPR) identifies consent as one of the legal bases for personal data processing and requires that it should be freely given, specific, informed, unambiguous, understandable, and easily revocable. Unfortunately, current technical mechanisms for obtaining consent often do not comply with these requirements. The conceptual consent request framework for mobile devices that is presented in this paper, addresses this issue by following the GDPR requirements on consent and offering a unified user interface for mobile apps. The proposed conceptual framework is evaluated via the development of a City Explorer app with four consent request approaches (custom, functionality-based, app-based, and usage-based) integrated into it. The evaluation shows that the functionality-based consent, which was integrated into the City Explorer app, achieved the best evaluation results and the highest average system usability scale (SUS) score. The functionality-based consent also scored the highest number of SUS points among the four consent templates when evaluated separately from the app. Additionally, we discuss the framework\u2019s reusability and its integration into other mobile apps of different contexts.<\/jats:p>","DOI":"10.3390\/info14090515","type":"journal-article","created":{"date-parts":[[2023,9,19]],"date-time":"2023-09-19T23:17:20Z","timestamp":1695165440000},"page":"515","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Conceptual Consent Request Framework for Mobile Devices"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6551-6567","authenticated-orcid":false,"given":"Olha","family":"Drozd","sequence":"first","affiliation":[{"name":"Department of Information Systems and Operations Management, Vienna University of Economics and Business, Welthandelsplatz 1, 1020 Vienna, Austria"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6955-7718","authenticated-orcid":false,"given":"Sabrina","family":"Kirrane","sequence":"additional","affiliation":[{"name":"Department of Information Systems and Operations Management, Vienna University of Economics and Business, Welthandelsplatz 1, 1020 Vienna, Austria"}]}],"member":"1968","published-online":{"date-parts":[[2023,9,19]]},"reference":[{"key":"ref_1","unstructured":"Kranig, T. (2019). Report of the Bavarian State Office for Data Protection Supervision, Bavarian State Office for Data Protection Supervision. Technical Report."},{"key":"ref_2","unstructured":"European Data Protection Board (2021). Belgian DPA Imposes \u20ac50,000 Fine on Family Service, European Data Protection Board."},{"key":"ref_3","unstructured":"European Data Protection Board (2021). Norwegian DPA: Order to Improve Solutions for Consent, European Data Protection Board."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"897","DOI":"10.1038\/ejhg.2012.282","article-title":"Broad consent versus dynamic consent in biobank research: Is passive participation an ethical problem?","volume":"21","author":"Steinsbekk","year":"2013","journal-title":"Eur. J. Hum. Genet."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Costante, E., Sun, Y., Petkovi\u0107, M., and den Hartog, J. (2012, January 15). A Machine Learning Solution to Assess Privacy Policy Completeness: (Short Paper). Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, WPES \u201912, Raleigh, NC, USA.","DOI":"10.1145\/2381966.2381979"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Fabian, B., Ermakova, T., and Lentz, T. (2017, January 23\u201326). Large-Scale Readability Analysis of Privacy Policies. Proceedings of the International Conference on Web Intelligence, WI \u201917, Leipzig, Germany.","DOI":"10.1145\/3106426.3106427"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Maler, E. (2015, January 21\u201322). Extending the Power of Consent with User-Managed Access: A Standard Architecture for Asynchronous, Centralizable, Internet-Scalable Consent. Proceedings of the 2015 IEEE Security and Privacy Workshops, San Jose, CA, USA.","DOI":"10.1109\/SPW.2015.34"},{"key":"ref_8","unstructured":"Schaub, F., Balebako, R., Durity, A.L., and Cranor, L.F. (2015, January 22\u201324). A Design Space for Effective Privacy Notices. Proceedings of the Eleventh USENIX Symposium on Usable Privacy and Security, SOUPS \u201915, Ottawa, ON, Canada."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Friedman, B., Howe, D.C., and Felten, E. (2002, January 10). Informed consent in the Mozilla browser: Implementing value-sensitive design. Proceedings of the 35th Annual Hawaii International Conference on System Sciences, Big Island, HI, USA.","DOI":"10.1109\/HICSS.2002.994366"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Kelley, P.G., Bresee, J., Cranor, L.F., and Reeder, R.W. (2009, January 15\u201317). A \u201cNutrition Label\u201d for Privacy. Proceedings of the 5th Symposium on Usable Privacy and Security, SOUPS \u201909, Mountain View, CA, USA.","DOI":"10.1145\/1572532.1572538"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Reeder, R.W., Bauer, L., Cranor, L.F., Reiter, M.K., Bacon, K., How, K., and Strong, H. (2008, January 5\u201310). Expandable Grids for Visualizing and Authoring Computer Security Policies. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, Florence, Italy.","DOI":"10.1145\/1357054.1357285"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Railean, A., and Reinhardt, D. (2018, January 3\u20136). Let There Be LITE: Design and Evaluation of a Label for IoT Transparency Enhancement. Proceedings of the 20th International Conference on Human\u2013Computer Interaction with Mobile Devices and Services Adjunct, Mobile HCI \u201918, Barcelona, Spain.","DOI":"10.1145\/3236112.3236126"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Habib, H., Zou, Y., Yao, Y., Acquisti, A., Cranor, L., Reidenberg, J., Sadeh, N., and Schaub, F. (2021, January 8\u201313). Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts. Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, Yokohama, Japan.","DOI":"10.1145\/3411764.3445387"},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"18","DOI":"10.1109\/MCOM.2005.1497545","article-title":"Giving notice: Why privacy policies and security breach notifications are not enough","volume":"43","author":"Cranor","year":"2005","journal-title":"IEEE Commun. Mag."},{"key":"ref_15","unstructured":"Jesus, V., Silva, C., Barraca, J.P., Rosner, G., Nehme, A., Waqas, M., and Aguiar, R.L. (2021, January 1\u20132). Permission and Privacy Challenges in Alternate-Tenant Smart Spaces. Proceedings of the Open Identity Summit 2021, Copenhagen, Denmark."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Drozd, O., and Kirrane, S. (2019, January 26\u201329). I Agree: Customize Your Personal Data Processing with the CoRe User Interface. Proceedings of the 16th International Conference on Trust and Privacy in Digital Business, TrustBus 2019, Linz, Austria.","DOI":"10.1007\/978-3-030-27813-7_2"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"H\u00f6lbl, M., Rannenberg, K., and Welzer, T. (2020, January 21\u201323). Privacy CURE: Consent Comprehension Made Easy. Proceedings of the 35th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2020, Maribor, Slovenia.","DOI":"10.1007\/978-3-030-58201-2"},{"key":"ref_18","first-page":"1","article-title":"Improving mobile app selection through transparency and better permission analysis","volume":"5","author":"Liccardi","year":"2014","journal-title":"J. Priv. Conf."},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Liccardi, I., Pato, J., Weitzner, D.J., Abelson, H., and De Roure, D. (2014, January 2\u20135). No Technical Understanding Required: Helping Users Make Informed Choices about Access to Their Personal Data. Proceedings of the 11th International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MOBIQUITOUS \u201914, London, UK.","DOI":"10.4108\/icst.mobiquitous.2014.258066"},{"key":"ref_20","unstructured":"Goldberg, I., and Atallah, M.J. (2009, January 5\u20137). A Comparative Study of Online Privacy Policies and Formats. Proceedings of the 9th International Symposium on Privacy Enhancing Technologies, PETS 2009, Seattle, WA, USA."},{"key":"ref_21","unstructured":"Kumar, P. (2016, January 17\u201319). Privacy Policies and Their Lack of Clear Disclosure Regarding the Life Cycle of User Information. Proceedings of the AAAI Fall Symposium Series, Arlington, VA, USA."},{"key":"ref_22","unstructured":"Council, N.C. (2018). DECEIVED BY DESIGN: How Tech Companies Use Dark Patterns to Discourage Us from Exercising Our Rights to Privacy, Norwegian Consumer Council. Technical Report."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Utz, C., Degeling, M., Fahl, S., Schaub, F., and Holz, T. (2019, January 11\u201315). (Un)Informed Consent: Studying GDPR Consent Notices in the Field. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201919, London, UK.","DOI":"10.1145\/3319535.3354212"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Nouwens, M., Liccardi, I., Veale, M., Karger, D., and Kagal, L. (2020, January 25\u201330). Dark Patterns after the GDPR: Scraping Consent Pop-Ups and Demonstrating Their Influence. Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, CHI \u201920, Honolulu, HI, USA.","DOI":"10.1145\/3313831.3376321"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Matte, C., Bielova, N., and Santos, C. (2020, January 17\u201321). Do Cookie Banners Respect my Choice?: Measuring Legal Compliance of Banners from IAB Europe\u2019s Transparency and Consent Framework. Proceedings of the 2020 IEEE Symposium on Security and Privacy, San Francisco, CA, USA.","DOI":"10.1109\/SP40000.2020.00076"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Sanchez-Rola, I., Dell\u2019Amico, M., Kotzias, P., Balzarotti, D., Bilge, L., Vervier, P.A., and Santos, I. (2019, January 9\u201312). Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control. Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, Asia CCS \u201919, Auckland, New Zealand.","DOI":"10.1145\/3321705.3329806"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"126","DOI":"10.2478\/popets-2019-0023","article-title":"4 Years of EU Cookie Law: Results and Lessons Learned","volume":"2019","author":"Trevisan","year":"2019","journal-title":"Proc. Priv. Enhancing Technol."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Traverso, S., Trevisan, M., Giannantoni, L., Mellia, M., and Metwalley, H. (2017, January 21\u201323). Benchmark and comparison of tracker-blockers: Should you trust them?. Proceedings of the 2017 Network Traffic Measurement and Analysis Conference (TMA), Dublin, Ireland.","DOI":"10.23919\/TMA.2017.8002898"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Carpineto, C., Lo Re, D., and Romano, G. (2016, January 24). Automatic Assessment of Website Compliance to the European Cookie Law with CooLCheck. Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society, WPES \u201916, Vienna, Austria.","DOI":"10.1145\/2994620.2994622"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2753\/MIS0742-1222240302","article-title":"A Design Science Research Methodology for Information Systems Research","volume":"24","author":"Peffers","year":"2007","journal-title":"J. Manage. Inf. Syst."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-0-387-36060-7_1","article-title":"Action research","volume":"Volume 13","author":"Checkland","year":"2007","journal-title":"Information Systems Action Research: An Applied View of Emerging Concepts and Methods"},{"key":"ref_32","unstructured":"Article 29 Data Protection Working Party (2018). Article 29 Working Party Guidelines on Consent under Regulation 2016\/6791, Directorate General Justice."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Nielsen, J. (1994, January 24\u201328). Enhancing the Explanatory Power of Usability Heuristics. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI \u201994, Boston, MA, USA.","DOI":"10.1145\/191666.191729"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Nielsen, J. (1992, January 3\u20137). Finding Usability Problems through Heuristic Evaluation. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI \u201992, Monterey, CA, USA.","DOI":"10.1145\/142750.142834"},{"key":"ref_35","unstructured":"Nielsen, J. (2021, June 30). Severity Ratings for Usability Problems. Available online: https:\/\/www.nngroup.com\/articles\/how-to-rate-the-severity-of-usability-problems\/."},{"key":"ref_36","unstructured":"Rebelo, F., and Soares, M. (2014). Advances in Ergonomics in Design, Usability & Special Populations: Part II, AHFE Conference."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"e18","DOI":"10.1016\/j.ijmedinf.2008.12.004","article-title":"Usability testing: A review of some methodological and technical aspects of the method","volume":"79","author":"Bastien","year":"2010","journal-title":"Int. J. Med. Inform."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"68","DOI":"10.26522\/brocked.v12i2.38","article-title":"The use of think-aloud methods in qualitative research: An introduction to think-aloud methods","volume":"12","author":"Charters","year":"2003","journal-title":"Brock Educ. J."},{"key":"ref_39","unstructured":"Seidman, I. (2013). Interviewing as Qualitative Research: A guide for Researchers in Education and the Social Sciences, Teachers College Press."},{"key":"ref_40","unstructured":"Van Someren, M., Barnard, Y., and Sandberg, J. (1994). The Think Aloud Method: A Practical Approach to Modelling Cognitive Processes, Academic Press."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"470","DOI":"10.1145\/503112.503114","article-title":"The State of the Art in Automating Usability Evaluation of User Interfaces","volume":"33","author":"Ivory","year":"2001","journal-title":"ACM Comput. Surv."},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Hartson, H.R., Castillo, J.C., Kelso, J., and Neale, W.C. (1996, January 13\u201318). Remote Evaluation: The Network as an Extension of the Usability Laboratory. Proceedings of the SIGCHI Conference on Human Factors in Computing System, CHI \u201996, Vancouver, BC, Canada.","DOI":"10.1145\/238386.238511"},{"key":"ref_43","unstructured":"Reis, H.T., and Judd, C.M. (2000). Handbook of Research Methods in Social and Personality Psychology, Cambridge University Press."},{"key":"ref_44","unstructured":"Benedek, J., and Miner, T. (2002, January 8\u201312). Measuring Desirability: New methods for evaluating desirability in a usability lab setting. Proceedings of the Usability Professionals Association Conference, Orlando, FL, USA."},{"key":"ref_45","doi-asserted-by":"crossref","unstructured":"Kurosu, M. (2009). Human Centered Design, Springer Berlin Heidelberg.","DOI":"10.1007\/978-3-642-02806-9"},{"key":"ref_46","first-page":"114","article-title":"Determining What Individual SUS Scores Mean: Adding an Adjective Rating Scale","volume":"4","author":"Bangor","year":"2009","journal-title":"J. Usability Stud."},{"key":"ref_47","unstructured":"Frik, A., Kim, J., Sanchez, J.R., and Ma, J. (May, January 29). Users\u2019 Expectations About and Use of Smartphone Privacy and Security Settings. Proceedings of the CHI Conference on Human Factors in Computing Systems, CHI \u201922, New Orleans, LA, USA."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/9\/515\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T20:53:47Z","timestamp":1760129627000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/9\/515"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,19]]},"references-count":47,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2023,9]]}},"alternative-id":["info14090515"],"URL":"https:\/\/doi.org\/10.3390\/info14090515","relation":{},"ISSN":["2078-2489"],"issn-type":[{"type":"electronic","value":"2078-2489"}],"subject":[],"published":{"date-parts":[[2023,9,19]]}}}