Alessandro L. Piana Bianco
Strategic Innovation & Design — EU / MENA
← Glossary

Consent and control

Consent and control is the UX of permissions with consequences: purpose, scope, retention, revocation, and auditability. It’s not a checkbox; it’s the user’s ability to make an informed decision—and change it later.

Definition

  • Consent is the user granting permission for a specific purpose under specific conditions.
  • Control is what happens after consent: visibility, manageability, and the ability to revoke or adjust without punishment.
  • In digital identity and AI systems, consent and control must be designed as an ongoing relationship, not a one-time event.

Why it matters

  • Trust-sensitive contexts demand legibility: users need to understand what data is used and why.
  • Regulation often specifies requirements, but UX determines whether compliance is usable or hostile.
  • With agentic AI, control extends to actions: what the agent is allowed to do, not just what it can see.
  • Poor consent design creates downstream cost: disputes, regulator complaints, and brand damage that no conversion uplift can justify.
  • In practice, this is where many digital programs fail: the concept is understood, but the operating discipline is missing.

Common failure modes

  • Bundled consent: one “agree” for multiple purposes (users can’t make meaningful choices).
  • Dark patterns: making refusal painful or hiding revocation.
  • No state visibility: users can’t see what they allowed, when, or what changed.
  • Over-legalised copy: correct but unreadable, leading to uninformed consent.
  • No delegation model: enterprises need role-based consent (who can approve on behalf of whom).

How I design it

  • Design consent as a system of states: requested → granted → active → paused → revoked, with receipts and timestamps.
  • Make purpose explicit and separable: one purpose per toggle when feasible; otherwise, clear grouping with rationale.
  • Provide a control center: permissions, retention, exports, deletion, and revocation—without punishment.
  • Surface trust cues: why the permission is needed, what improves with it, what still works without it.
  • Align with governance: role-based access, delegation, and auditability for organisations.
  • Treat consent as a product capability: instrument it, run experiments responsibly, and evolve the pattern with evidence.
  • Treat it as a repeatable pattern: define it, test it in production, measure it, and evolve it with evidence.

Related work

Proof map claims

Case studies

See also

Contact

Let’s discuss a leadership role, advisory work, or a complex product challenge.

Email a@pianabianco.com
LinkedIn linkedin.com/in/apianabianco