Following a medical scare, I recently had an implantable loop recorder fitted to monitor my heart on an ongoing basis. The procedure itself was very straightforward, with the device fitted under local anaesthetic by an eminent cardiologist. However, I was somewhat surprised when recovering in a hospital bed to be asked to sign a form authorising a third-party provider to collect personal data and then share it with my doctor.

I suggested to the nurse that it seemed strange to not have this conversation before the invasive process of fitting the device. She responded that I could choose not to sign up to the service and just pop into hospital every few days to have the captured data downloaded. Obviously, this isn’t the approach that was presented to me when the procedure was originally discussed.

This set me thinking about informed consent, particularly when we consider connected devices. We are all used to ignoring the 30 pages of terms and conditions associated with a new digital service.  How do we deal with consent for the service associated with a new device?


The new General Data Protection Regulation (GDPR) that will become law in May requires users to give consent for the collection of their sensitive personal data through a formal agreement rather than an assumption of acceptance. Whilst the regulation provides clarity on roles and responsibilities, it does not directly address at which stage of an interaction a user should be asked to consent to their data being used in a specific way.

In the case of my medical implant, it is clear that the service offered can’t be delivered without the data flowing from the device, via a service provider to the doctor. Since this is the case, wouldn’t it be more appropriate for the consent to be sought before the procedure, at the same time as the clinical consent?

It isn’t just in the field of medical technology that informed consent becomes a key issue. Many cars are now 4G connected and require a user to accept terms and conditions before they can use the online services. Since such add-ons can cost hundreds or thousands of pounds, it must become part of the design of the digital service that users don’t consent at the point of first use but at the point they commit to purchase the vehicle.

At Cambridge Consultants, our (digital) service design specialists help clients understand the interactions between users and technology at all stages through the life of a service. We help clients understand not only how to make a market-beating service with great user experience but also the regulatory issues that need to be addressed.

Paul Beastall
Director, Technology Strategy

Paul Beastall is a Consulting Director and leads Cambridge Consultants’ telecommunications consulting and digital services activities. He has worked for both telecom operators and product development organisations, typically working at the interface between engineering and commercial functions. As a consultant, most of his work has focused on the impact of technology changes on users, business cases or regulation.