Informed Consent in the Digital Age

"Informed consent" entered modern law as a medical doctrine: the principle that a competent person should not be operated on, treated, or studied without first being told, in language they can understand, what is going to happen and why. From medicine it migrated into research ethics, then into data protection, and finally into the everyday digital economy — newsletter sign-ups, cookie banners, marketing forms, app onboarding flows. Somewhere on that journey, it lost most of its meaning.

On a lot of online forms, "consent" is now a single pre-ticked checkbox under a 4,000-word legal notice, presented seconds before the respondent gets the thing they actually came for. That is not consent in any meaningful sense. It is a liability shield with the word "consent" stamped on it. This article walks through what genuine informed consent requires, what nFADP, GDPR, and sectoral frameworks actually demand, where most online forms fall short, and how to design consent flows that respect the respondent and hold up to scrutiny.

Where the Doctrine Comes From

The modern concept of informed consent crystallised in three places, each leaving a fingerprint on what it requires today.

• Medical practice — the post-war shift from "the doctor decides" to a patient who is told the diagnosis, the proposed treatment, the risks, the alternatives, and the consequences of refusal, and then chooses. This is where the substantive criteria of capacity, voluntariness, information, and comprehension come from.
• Research ethics — the Nuremberg Code, the Declaration of Helsinki, ICH-GCP, the Common Rule, and the Swiss Human Research Act all formalised consent for studies involving human participants. This is where the procedural expectations of written documentation, witness signatures, and ethics-committee review come from.
• Data protection — the GDPR (EU), the nFADP (Switzerland), and analogous frameworks in the UK, California, Brazil, and elsewhere imported "consent" as one possible legal basis for processing personal data, with their own definitions of what counts. This is where the contemporary requirement for granular, freely-given, withdrawable, demonstrable consent comes from.

All three lineages converge on the same insight: a meaningful "yes" requires the person to understand what they are saying yes to, to be free to say no, and to be able to change their mind. Anything that erodes one of those conditions erodes the consent.

The Four Pillars of Informed Consent

Across medical, research, and data-protection traditions, valid consent requires four conditions. They are easy to remember, hard to satisfy, and they apply just as much online as in a clinic.

1. Capacity

The person must be legally and cognitively able to consent. Adults are presumed to have capacity unless something specific suggests otherwise. Minors typically do not, and consent is given by a parent or guardian — sometimes accompanied by the child's assent. Capacity is also temporary: someone in acute distress, under sedation, or unable to read the language of the form may not have capacity at that moment, even if they would have it tomorrow.

2. Voluntariness

Consent must be freely given. Coercion, undue influence, and structurally unequal power relationships all undermine it. "You can refuse, but then you don't get the service" is not voluntary if the service is essential. Employees, patients, students, and tenants frequently sit in unequal relationships where the appearance of free choice is misleading. Regulators take this seriously: tied consent ("agree or you cannot proceed" when refusal does not actually need to block access) is one of the most-cited GDPR enforcement themes.

3. Information

The respondent must be told, in advance, what they are consenting to. For data-protection consent, this typically means: who the controller is, what data will be collected, for what purposes, who will have access, where it will be stored, how long it will be kept, what rights the respondent has, and how to withdraw. For research consent, it also covers the procedure, the risks and benefits, and the alternatives. "You can read the privacy policy if you want" is not the standard.

4. Comprehension

Information that the respondent cannot understand is not information for the purposes of consent. Plain language, the respondent's language, and a presentation that fits the medium all matter. A 4,000-word legal notice in English on a phone screen is not comprehensible for most respondents in most contexts. Comprehension is the criterion that online forms most consistently fail on.

What the Major Frameworks Actually Require

Different frameworks describe the same four pillars in different vocabulary. The implementations differ in detail. Here is a short reference for the frameworks Schweizerform users most frequently encounter.

Where Online Forms Typically Fail

1. The pre-ticked box

GDPR explicitly invalidates pre-ticked consent boxes; nFADP and most analogous frameworks reach the same result via the requirement of an affirmative action. Yet pre-ticked boxes still appear constantly — "send me marketing", "share my data with partners", "include me in research" — because the conversion rate is higher when the default is yes. This is the single most-litigated, most-fined consent failure pattern of the past five years. It is also one of the easiest to fix.

2. Bundled consent

A single checkbox covering multiple distinct purposes — "I agree to the terms, the privacy policy, marketing communications, and the use of my data for research" — collapses the granularity that consent is supposed to provide. The respondent cannot say yes to one purpose and no to another. Regulators read this as failure of the "specific" requirement; users read it as a takeover of agency.

3. The 4,000-word legal notice

Privacy notices written by lawyers for lawyers fail the comprehension test by design. Studies consistently show that fewer than five per cent of respondents read them; of those who do, fewer than half can answer basic questions about what they agreed to. The notice may protect the controller in court — until a regulator argues that an incomprehensible notice is no notice at all.

4. "Consent" used where another legal basis applies

Many controllers ask for consent for processing that is actually justified by contract, legal obligation, or legitimate interest. Asking for consent unnecessarily creates two problems: it implies the respondent could refuse (which is misleading if the processing is going to happen anyway under another basis), and it gives the respondent an apparent right to withdraw that the controller cannot honour. Pick the right legal basis up front; only ask for consent when consent is the right basis.

5. The withdrawal black hole

Consent must be as easy to withdraw as to give. In practice, opt-in is one click on a public form; opt-out is a phone call to support, an email to a generic address, or a hidden setting six menus deep. That asymmetry is itself a regulatory failure. Building withdrawal as a parallel, equally-frictionless flow — the same form, accessed via a token in every confirmation email, with the same number of clicks — is the simplest way to comply.

6. No record of what was actually consented to

Consent must be demonstrable. If a regulator asks "can you show me what this respondent actually saw and clicked on 14 March 2025?", the answer needs to be yes — including the version of the privacy notice in force at that moment, the specific options shown, and the timestamp. Many controllers retain only the final "yes" boolean, not the contextual record that proves the yes was informed.

7. Language mismatches

A French-speaking parent in Geneva consenting to their child's school camp via a German-only form is, technically, not giving informed consent — they cannot have understood. In multilingual jurisdictions like Switzerland and the EU, language failure is a comprehension failure, and it is non-trivially common.

Designing Consent That Actually Works

Once you have decided that consent is the right legal basis, and that you want consent the regulator and the respondent will both recognise, the design choices are not actually difficult. They are just disciplined.

Sector-Specific Consent Patterns

Healthcare and clinical practice

Treatment consent, research consent, and data-protection consent are three distinct things in clinical contexts and need to be kept distinct on the form. A patient consents to a procedure under medical-ethics rules; consents to participation in a study under research-ethics rules; consents to the use of their data for marketing or secondary research under data-protection rules. Bundling them is a category error that auditors will catch.

Research and clinical trials

Research consent is the most heavily proceduralised: written documentation, version-controlled information sheets, ethics committee approval, witness or assent signatures, and structured records of withdrawal. Online research consent is acceptable in many jurisdictions but typically requires equivalent rigour — usually meaning a longer, more deliberate flow than a marketing form, with no shortcuts.

Children and parental consent

Below the digital age of consent (13 in the US under COPPA, 13–16 in the EU depending on member state, similar bands in Switzerland), processing requires parental rather than child consent. Verifying that the consenting party is genuinely the parent without collecting disproportionate data on the parent is a real design problem. School and camp registrations typically piggy-back on the existing parent–institution relationship; consumer products often struggle.

Employment and HR

Employment is one of the contexts where consent is most often the wrong basis. The employer–employee relationship is structurally unequal, so freely-given consent is hard to argue. Employment-law processing, contract-performance processing, and legitimate-interest processing usually cover the operational needs without consent. Save consent for genuinely optional processing — voluntary wellness programmes, optional photo publication, optional secondary uses of training records.

Marketing and direct contact

Marketing consent is the territory regulators police most closely. Granular per channel (email, SMS, post), per purpose (newsletter, transactional, third-party), and per audience segment. Easy withdrawal, immediate effect. Soft opt-in ("existing customers for similar products") is permissible in some jurisdictions under conditions; do not treat it as universal.

Public-sector and citizen-facing forms

Public bodies most often process under legal-obligation or public-task bases, not consent. Asking for consent on a benefit application or a permit form usually misframes the basis — and creates a false implication that the citizen could refuse. Reserve consent for clearly optional public-sector processing such as opt-in citizen surveys, optional newsletter sign-ups, and optional research participation.

Where Encryption Fits Into the Consent Conversation

End-to-end encrypted forms are not a substitute for consent — they are a foundation that makes the consent more credible. Three reasons.

• Honest scope: when the form vendor cannot read the submission, the consent the respondent gives is genuinely about the relationship between respondent and controller, not a tacit consent to vendor-side processing the privacy notice fails to mention.
• Easier comprehension: a privacy notice that can credibly say "only authorised staff at our organisation can read your submission" is shorter, plainer, and more believable than one that has to enumerate sub-processors, vendor staff access, and lawful-demand chains.
• Easier withdrawal: when the form owner deletes a submission and we hold no keys, deletion is cryptographically final. Respondents who withdraw and want their data gone get a stronger answer than "we have flagged it for deletion in our systems".

Checklist Before Opening a Form That Asks for Consent

1. Is consent actually the right legal basis, or is the processing covered by contract, legitimate interest, or legal obligation?
2. Is each purpose its own checkbox, with no pre-ticked options?
3. Is the consent text written for the respondent, in their language, with a layered short summary plus link to the full notice?
4. Is withdrawal as easy as opt-in, with a clear pointer in every confirmation message?
5. Do you log what was shown, what was selected, and when — version-controlled and retrievable?
6. Is the form readable on a phone? Most consent flows are designed on a 27-inch monitor and read on a 6-inch screen.
7. If the audience includes minors, is parental consent verified without disproportionate data collection on the parent?
8. If the data is sensitive, are the technical safeguards (encryption, access control, retention) consistent with what the consent text promises?

The Bottom Line

Informed consent is not a checkbox; it is a four-condition test that the respondent had capacity, was free to refuse, was told what they were agreeing to, and could understand it. Online forms have made some of these conditions easier (logging, granularity, layered notices, instant withdrawal) and others harder (comprehension on small screens, language fragmentation, the flood of requests that trains respondents to click yes without reading).

The work of designing real consent in 2026 is mostly the work of designing for comprehension under realistic conditions: short, plain, granular, withdrawable, logged, in the respondent's language, paired with technical safeguards that match the promises being made. Done well, it is shorter to build than the bloated consent flows it replaces. Done badly, it is the source of most data-protection enforcement actions of the past five years.