Research area

Opt-in Layer

Consent as granular, revocable tokens. Local-first architectures. User-driven data flows that providers and customers can verify and reset themselves — including withdrawal from data-marketplace participation at any time.

The Opt-in Layer research explores how a service booking platform can offer meaningful, transparent and user-driven control over personal data. We investigate consent not as a single checkbox at signup, but as a continuous protocol that runs alongside every interaction — granular enough to apply per-action, revocable in one tap, and verifiable at any time.

This work connects directly to our active Ethical Data Economy theses: users grant consent for specific data marketplace participation, and that consent must be withdrawable at any point — including after data has already been encoded into the cryptographic contribution layer. Meaningful consent requires three things in concert: a UX that doesn't impose cognitive overload, an architecture that doesn't leak by default, and revocability that holds through cryptographic encodings.

Thesis in this area

User-Centered Consent Flow

Thesis 01

User-Centered Consent Flow

KTH, Royal Institute of Technology2026Completed

The thesis designs and prototypes a user-centered consent flow aligned with dynamic consent principles: lifecycle-based design, a centralized dashboard for reviewing and modifying past decisions, a history view for transparency and accountability, and structured interfaces using purpose categorization and dropdown controls.

The prototype was evaluated through criteria-based assessment combined with user testing involving fifteen participants. Findings: strong performance on transparency and absence of manipulative design, with users particularly valuing the dashboard for reviewing past decisions. Cognitive load emerged as the binding scalability constraint — as data categories, processing purposes and third-party actors grow, users perceive even hierarchically-structured prototypes as increasingly hard to manage.

The thesis concludes that scalability requires moving beyond interface design to systemic data practices: the consent UI cannot rescue an architecture that demands too many decisions from the user. Meaningful consent requires the architecture itself to ask less of the user in the first place.

Across the work in this area

Key themes

Dynamic consent — lifecycle-based, not a one-time signup checkbox

User-centered consent flow design: purpose categorization, dashboard, history view

Cognitive load as the binding scalability constraint in consent UX

Privacy-by-design architectural principles for centralized data sharing

GDPR-aligned system components for a social booking platform

Privacy-engineering techniques: anonymization, differential privacy, synthetic data

Consent withdrawal in cryptographically-encoded data marketplaces

Local-first architectures reducing unnecessary data exposure

Collaborate on this area

Related research areas

Privacy-Preserving AI

Mapping vague intent into structured booking, then matching it against the right service — all without storing raw histories. Joint intent extraction, probabilistic reasoning, statistical aggregates, differential privacy, synthetic data.

Ethical Data Economy

Cryptographically verifiable, incentivized data contribution — Merkle-tree-based proof-of-concept where users own their data, choose what to share, and earn rewards for participation. Built on the FACT principles.

All research areas