~ COnSeNT 2021 ~

1st International Workshop on
Consent Management in Online Services, Networks and Things

co-located with 6th IEEE EuroS&P
September 7, 2021

Keynote Speaker

Dr Johnny Ryan FRHistS
Dr. Ryan spoke on "Consent ‘spam’ and the undermining of European data protection law"

View Recording (YouTube)

Panel Discussion

Does Consent work? If not Consent, what else?
With panelists: (alphabetical)
Armand Heslot (CNIL)
Irene Kamara (Tilburg university)
Mark Lizar (Kantara Initiative)
Robin Berjon (New York Times)
Rob van Eijk (Future of Privacy Forum)
Townsend Feehan (IAB Europe)

View Recording (YouTube)


IEEE Xplore


7 September 10:00--16:00 CEST Conference Room B (Zoom)



Workshop Registration

COnSeNT 2021 is co-located with IEEE Euro S&P 2021. Registration information can be found on the IEEE Euro S&P website. Below is a verbatim copy of the registration details for informative purposes (please ensure on conference website for up to date information).

Workshop Author (IEEE Member) EUR 190
Workshop Author (Non-Member) EUR 200
Virtual Conference & Workshop Attendee (IEEE Member) EUR 50
Virtual Conference & Workshop Attendee (Non-Member) EUR 60
Virtual Conference & Workshop Attendee (Student) EUR 35


The keynote will be by the amazing Dr Johnny Ryan FRHistS on Consent ‘spam’ and the undermining of European data protection law.

Dr. Ryan is a Senior Fellow at the Irish Council for Civil Liberties, and a Senior Fellow at the Open Markets Institute. He is focused on surveillance, data rights, competition/anti-trust, and privacy. He is former Chief Policy & Industry Relations Officer at Brave, the private web browser. Dr Ryan led Brave’s campaign for GDPR enforcement, and liaised with government and industry colleagues globally. His regulatory interventions and expert commentary has appeared in media such as The New York Times, The Economist, Die Zeit, Wired, Le Monde, and the front page of The Financial Times. Protocol published a profile about some of his work. (text from Dr. Ryan's profile in ICCL)

View Recording (YouTube)


COnSeNT2021 will feature a panel discussing: Does Consent work? If not Consent, what else? featuring a line-up of academics, industry practioners, and authorities. Our panelists are: (in alphabetical order)

Armand Heslot (CNIL): Armand is Head of the technology experts department at the CNIL (the French Data Protection Authority). He represents CNIL at the Technology subgroup of the EDPB.

Irene Kamara (Tilburg university): Dr. Irene Kamara is an Assistant Professor of Cybersecurity Governance at Tilburg University. She is an expert in standardisation, with a doctoral thesis exploring the interplay between standardisation and the regulation of the right to protection of personal data. She has prior experience working as a trainee at EDPS, CEN and CENELEC, and is a member of member of the ENISA Experts List.

Mark Lizar (Kantara Initiative): Mark Lizar is the CEO & Founder of the OpenConsent Group, and is a co-inventor of the Kantara Consent Receipt specification. Mark is active in Canadian standards, conformance and the Kantara Initiative as an International Liaison and previously Co-Chair of the Consent and Information Sharing WG and Vice Chair of the Leadership Council.

Robin Berjon (New York Times): Robin Berjon is the VP of Data Governance at New York Times. He is an expert in Web technology and its standardisation with almost two decades’ worth of experience in developing and driving standardisation efforts, primarily in W3C, and notably as the Editor of the HTML Specification. He is a co-author of the Global Privacy Control specification.

Rob van Eijk (Future of Privacy Forum): Dr. Rob van Eijk serves as the Future of Privacy Forum’s Managing Director for Europe. Prior to this, Dr. van Eijk obtained a PhD focusing on online advertising (real-time bidding) and has worked at the Dutch Data Protection Authority (DPA) for nearly 10 years. He worked within the Article 29 Working Party in multi-stakeholder negotiations of the World Wide Web Consortium on Do Not Track.

Townsend Feehan (IAB Europe): Townsend Feehan is CEO of Interactive Advertising Bureau (IAB) Europe - the EU-level association for the digital marketing and advertising ecosystem conducting research and development of standards and specifications powering much of the online advertising ecosystem. Prior to joining IAB Europe, Townsend worked for Microsoft Legal & Corporate Affairs in Brussels.

View Recording (YouTube)

Call for papers

Data Protection and privacy regulations are currently amongst the most prominent changes across the globe, and have triggered a change in how consent is obtained and used for Personal Data management. At the forefront, there’s the EU General Data Protection Regulation (2016) which brought dramatic changes to the Internet as we know it, and influence other regulationss such as the California Privacy Rights Act in 2020.

Regulations, such as the GDPR, dictate where consent is required, it is 'valid' only when obtained before processing data of an individual, and meets a number of requirements: it must be freely given, prior to any data collection, informed, specific, unambiguous, readable and accessible and revocable.

Pursuant to such requirements, both research and industry move towards the direction of increasing transparency, accountability, privacy by design to ensure the required legal compliance. This has led to standardized user centric consent solutions such as the Consent Receipt Specification (Kantara, 2018), the Internet Advertising Bureau’s Transparency and Consent Framework standard (IAB TCF, 2019), ISO/IEC 29184 Online privacy notices and consent (2020), and the Global Privacy Controls (GPC, 2020). Such efforts are aimed to comply with regulations and provide user empowerment.

Consent Management as a discipline is only now becoming prominent as an emerging fruit of the many challenges across various domains - legal, technological, sociological, usability, privacy, and security. The current implementation of consent and its management in the Internet is still in its infancy when handling multiple requirements stemming from users, devices, businesses, publishers, consent management platforms, content providers, third-parties, regulators, and information itself. Furthermore, new uses of personal data, including business models and a data-driven economiy, require clarity on the topic of Consent.

The COnSeNT Workshop will offer an international forum for researchers and practitioners, across all areas, to exchange and bring perspectives, lessons learned and new insights to the state of the art and practice of Consent Management. It will provide a forum to share, discuss, and present novel ideas and solutions related to the areas of Consent, and its impact and relevance to the larger domains of privacy and security.

We welcome technical, tecno-legal or socio-technical papers, work-in-progress reports, industry insights and multi-disciplinary perspectives describing advances in all areas related to Consent including, but not limited to:

  • Security and Trust of current Consent practices
  • Network Protocols for Consent management
  • Non-repudiation and Demonstrability of Consent
  • Threat and Adversary modelling in Consent
  • Consent Notices and User behaviour
  • Novel technical approaches to collecting and managing Consent
  • Data-driven Economies and Consent
  • Use of dark patterns in consent collection
  • Personal Data Economics and Models
  • Usability in Consent
  • Large-scale capture of Consent
  • Accountability and Demonstration of Consent
  • Consent management platforms
  • Behavioral economics and Consent
  • Consent in IoT and embedded devices
  • Machine Learning Approaches to Consent
  • Assistive technologies for Consent
  • Incorporating Human-centric technologies for consent
  • Consent management through browser signalling
  • Uniformization of consent across different laws and regulations
  • Visualisation techniques for consent
  • Standards and Frameworks for information and processes associated with Consent


Program Chairs

Programme Committee

  • Aurelie Pols (DPO CDP mParticle)
  • Beatriz Esteves (Uni Politécnica de Madrid)
  • Celestin Matte (Independent Researcher, FR)
  • Christine Utz (Ruhr-Universität Bochum, DE)
  • Daniel Woods (University of Innsbruck, AU)
  • Dave Lewis (Trinity College Dublin, IE)
  • Edoardo Celeste (Dublin City University, IE)
  • Elena Montiel (Uni Politécnica de Madrid)
  • Gilad Rosner (IoT Privacy Forum, UK)
  • Irene Kamara (Tilburg university, NL)
  • Joao Paulo Barraca (Uni. de Aveiro Portugal, PT)
  • Julien Rossi (Uni. catholique de l'Ouest;
    Uni. de technologie de Compiègne, FR)
  • Khaled Mahbub (Birmingham City University, UK)
  • Kovila Coopamootoo (Newcastle University, UK)
  • Mark Josephs (Birmingham City University, UK)
  • Marija Slavkovik (University of Bergen, NO)
  • Martin Degeling (Horst Goertz Institute for IT Security)
  • Maximilian Hils (University of Innsbruck, AU)
  • Michael Toth (Inria, FR)
  • Midas Nouwens (Aarhus University, DK)
  • Nataliia Bielova (Inria, FR)
  • Soheil Human (WU Vienna, AU)
  • Victor Rodriguez-Doncel (Uni Politécnica de Madrid)
  • Vladlena Benson (Aston University, UK)

Submission Instructions

Submissions Closed The workshop is no longer accepting submissions. Information below is for archival purposes only.

Submitted papers must be in English, unpublished, and must not be currently under review for any other publication.

Submissions must follow the official IEEE Conference Proceedings format: LaTeX, Template Instructions, IEEE Template Repository

Regular papers: Full papers must be at most 6 single-spaced, double column pages. Papers that do not meet the size and formatting requirements will not be reviewed. Accepted papers will be presented at the workshop and published in IEEE Xplore.

Discussion papers: We also welcome early stage results, novel ideas and propositions, position statements, and extended abstracts, and other forms of work to foster discussion and exploration of the topics related to consent. For this, we invite shorter pages up to 4 pages in the same format as regulat papers. These papers must also be double blind and will be peer reviewed, but not published as part of the proceedings. We will instead make them available through the website before the event.

The review process is double-blind / anonymous. Papers must be anonymised prior to submission for review by removing any identifying information. Non-anonymised papers will be rejected without reviews..

All papers must be in PDF format and submitted through EasyChair.

Key dates for Regular Papers

  • submission deadline: 11 June 2021 AoE (extended)
  • notification by: 1 July 2021
  • camera-ready by: 14 July 2021
  • authors registration: by 31 July 2021

EasyChair Submissions Link

📰 Updates/News 📰

04-June-2021 Discussion paper update: We welcome position paper, extended abstracts, etc. to foster interaction and discussion at the workshop. These will be peer-reviewed, but not published in proceedings. Deadline is 16-JUL.
04-June-2021 Panel Announcement: We are delighted to announce Townsend Feehan, CEO of IAB Europe will be part of the panel.
01-June-2021 Deadline extension: The deadline for submissions has been extended from 31-MAY to 11-JUN AoE.
10-May-2021 Deadline extension: The deadline for submissions has been extended from 15-MAY to 31-MAY AoE.
10-May-2021 Panel Announcement: COnSeNT will now have a panel in the latter half of the day on the topic of "Does Consent work? If not Consent, what else?". We have four amazing experts confirmed for the panel: Hielke Hijmans (Data Protection Authority, Belgium), Mark Lizar (Kantara Initiative), Robin Berjon (New York Times), and Rob van Eijk (Future of Privacy Forum). More information and experts TBA.
22-July-2021 Discussion papers cancelled: We had planned to keep a session dedicated to discussing extended abstracts, position and discussion papers. We have decided to remove this section to avoid "zoom-fatigue" and instead end the workshop earlier.
22-July-2021 Discussion papers cancelled: Programme changed; accepted papers added to agenda. Layout changed.
25-July-2021 Descriptions added: The website now has paper abstracts, details of keynote and panel including members.
02-August-2021 Change in Panel: Due to conflicts of interest of panelists, the panel has been changed.
18-August-2021 Change in Panel: Armand Heslot (CNIL) has agreed to be on the panel.
06-September-2021 Venue details: Added link to Zoom Room and Slack Channel.
06-September-2021 Preprints: Added links to preprints for papers.
07-September-2021 Update paper 49 authors and title
07-September-2021 ~ COnSeNT 2021 ~ was a success!
08-September-2021 Preprint, Slides: Updates for papers 37, 48, 49, 59
09-September-2021 Preprint: Updates for paper 37, 58
20-September-2021 Keynote and Panel Recordings: Added links to YouTube recordings.
04-November-2021 Proceedings: Added links to proceedings volume and individual publications.

Funding Acknowledgements: This work has received funding under European Union's Horizon 2020 research and innovation programme under NGI TRUST Grant#825618 for Project#3.40 Privacy-as-Expected: Consent Gateway; Irish Research Council Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790; The ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant # 13/RC/2106_P2.

Designed by BootstrapMade     v20210303-2101