1. Types of Consent Informed Process, external review, informed about objectives etc.. Risk analysis, option to remove Simple Binary, 1 click, User Initiated v. data collector initiated Coerced Terms of Services, Social Good (assumed), Lack of Choice, Monopolies

2. Consent Requirements External Review 5 Independent, inclusive informed 3 External IRB 1 Self appointed IRB Time Bound 5 Time policy is automated & transparent 3 Time is tied to context 1 Time is based on policy User Bound 5 Impossible to vary from initial purpose w/o additional consent 3 Use variation with additional review 1 Flexible delineated use with declared parties Transparency 5 Individual has access to whatever they want 3 Publicly accessibility declaration of procedures 1 Publicly accessibility declaration of practices Penalties 5 Referred to regulatory body 3 Independent review (funding, data) 1 Public declaration and repair Enforcement 5 Expert system prohibits any out-of-bound activities 3 Capacity and capability building 1 Internal audit Risk 5 Independent, inclusive, informed 3 Published methodology 1 Best practices

3. Scale > What’s the Appropriate Level? Level 1 Level 2 Level 3 Level 4 Level 5