CONSENT FATIGUE IN CONVERSATIONAL AI: MICRO-DESIGN REMEDIES FOR OVEREXPOSED USER

Authors

  • Shweta Chaturvedi Master of Laws Dhirubhai Ambani University School of Law

DOI:

https://doi.org/10.69980/ephijer.v10i1.184

Keywords:

Consent Fatigue, AI systems, human-computer interaction

Abstract

The operationalisation of informed consent in conversational AI systems has produced a paradox: the more assiduously platforms comply with notification obligations, the less meaningful individual consent becomes. Repeated exposure to privacy prompts, disclosure notices, and permission requests within chatbot and voice assistant interfaces engenders a condition this article terms 'consent fatigue'—a cognitive and behavioural disposition characterised by habituated disengagement from the very disclosures designed to protect user autonomy. Drawing upon a mixed-methods study involving one hundred and twenty-seven participants across varied demographic groups, this article investigates the relative efficacy of micro-design interventions—including icon-based cues, adaptive frequency controls, and contextual micro-prompts—in ameliorating consent fatigue without sacrificing regulatory compliance. The findings demonstrate a statistically significant inverse correlation between traditional text-heavy consent mechanisms and user comprehension, and a correspondingly significant improvement in both engagement and understanding under icon-based and adaptive designs. The article argues that current regulatory frameworks under the GDPR and the California Consumer Privacy Act (CCPA) are inadequate to the human-computer interaction realities of conversational AI, and proposes a revised consent design standard grounded in cognitive load theory, behavioural economics, and user-centred legal design.

References

1.Regulation (EU) 2016/679 (GDPR), Art 7(2); Recital 32.

2.California Consumer Privacy Act of 2018, Cal Civ Code ss 1798.100-1798.199 (CCPA), s 1798.120.

3.Aleecia McDonald & Lorrie Faith Cranor, 'The Cost of Reading Privacy Policies' (2008) 4 I/S: A Journal of Law and Policy for the Information Society 543, 561.

4.Lorrie Faith Cranor, 'Necessary but Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice' (2012) 10 Journal on Telecommunications and High Technology Law 273, 277.

5.GDPR (n 3), Art 4(11) (definition of consent); Art 7(1) (conditions for consent).

6.Omri Ben-Shahar & Carl Schneider, 'More Than You Wanted to Know: The Failure of Mandated Disclosure' (Princeton University Press 2014) 20-22.

7.Florian Schaub et al., 'A Design Space for Effective Privacy Notices' (2015) Symposium on Usable Privacy and Security 1, 8.

8.BJ Fogg, 'Persuasive Technology: Using Computers to Change What We Think and Do' (Morgan Kaufmann 2003) 30.

9.Daniel Kahneman, 'Thinking, Fast and Slow' (Farrar, Straus and Giroux 2011) 41-44.

10.Alessandro Acquisti, Leslie John & George Loewenstein, 'What Is Privacy Worth?' (2013) 42 Journal of Legal Studies 249, 258.

11.Sven Ove Hansson, 'Ethics of Risk: Ethical Analysis in an Uncertain World' (Palgrave Macmillan 2013) 81.

12.George Loewenstein et al., 'Warning: You Are About to Be Nudged' (2015) 1 Behavioral Science and Policy 35, 38.

13.Jonathan Zittrain, 'Engineering an Election' (2014) 127 Harvard Law Review Forum 335, 338.

14.Luciano Floridi et al., 'An Ethical Framework for a Good AI Society: Opportunities, Risks, Principles, and Recommendations' (2018) 28 Minds and Machines 689, 703.

15.Cliff Lampe & Paul Resnick, 'Slash(dot) and Burn: Distributed Moderation in a Large Online Conversation Space' (2004) Proceedings of CHI 543, 546.

16.Article 29 Data Protection Working Party, 'Guidelines on Consent under Regulation 2016/679' (2018) WP259rev.01, 13.

17.Alessandro Acquisti, 'Nudging Privacy: The Behavioral Economics of Personal Information' (2009) 3 IEEE Security and Privacy 82, 85.

18.Shoshana Zuboff, 'The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power' (PublicAffairs 2019) 238-240.

19.Mark MacCarthy, 'New Directions in Privacy: Disclosure, Unfairness and Externalities' (2011) 6 I/S: A Journal of Law and Policy for the Information Society 425, 442.

20.Tal Zarsky, 'Incompatible: The GDPR in the Age of Big Data' (2017) 47 Seton Hall Law Review 995, 1012.

21.Woodrow Hartzog, 'Privacy's Blueprint: The Battle to Control the Design of New Technologies' (Harvard University Press 2018) 59-62.

22.Andrew Selbst & Solon Barocas, 'The Intuitive Appeal of Explainable Machines' (2018) 87 Fordham Law Review 1085, 1097.

23.Helen Nissenbaum, 'Privacy in Context: Technology, Policy, and the Integrity of Social Life' (Stanford University Press 2010) 193.

24.Thaler Richard & Cass Sunstein, 'Nudge: Improving Decisions About Health, Wealth, and Happiness' (Yale University Press 2008) 6-8.

25.European Data Protection Board, 'Guidelines 05/2020 on Consent under Regulation 2016/679' (2020) paras 13-15.

26.GDPR (n 3), Art 25 (data protection by design and by default).

27.Federal Trade Commission, 'Privacy and Security Update' (FTC 2022) 4.

28.Peter Swire & Kenesa Ahmad, 'Foundations of Privacy Law' (West Academic Publishing 2012) 205.

29.Sonia Livingstone, 'On the Mediation of Everything: ICA Presidential Address 2008' (2009) 59 Journal of Communication 1, 7.

30.Julie Cohen, 'Configuring the Networked Self: Law, Code, and the Play of Everyday Practice' (Yale University Press 2012) 116.

31.Ryan Calo, 'Against Notice Skepticism in Privacy (and Elsewhere)' (2012) 87 Notre Dame Law Review 1027, 1040.

Downloads

Published

2026-04-15

Issue

Vol. 10 No. 1 (2026): International Journal of Educational Research (ISSN: 2208-2204)

Section

Articles