meaningful purpose and other context information needs to be available to the user #548
Description
This discussion paper suggests that purpose information could just be a link to a privacy policy and that (only if the user requests it), the purpose could be indicated to the user by having them open a browser to a privacy policy page.
An optional link to a privacy policy that would have to be opened in a separate browser instance is an extraordinarily ineffective way of communicating the purpose of a request for extremely sensitive information. Privacy policies are not written for users to understand them, users are inundated with these uninformative documents and do not read them and if it requires an extra click, and takes the user entirely out of the context of either the relying party or the wallet, it will be even more confusing and less likely to be interpreted.
If the intent is to provide the user with the purpose of information being requested (and other important context for making a decision) in the wallet unit, then a design that actually communicates that information so it can be presented to the user is important. If the intent is for the wallet unit not to provide context or explanation to the user, then you could keep the privacy policy link but just drop any pretense in the documentation that this is communicating purpose information to the user. Whether EU regulation and the ARF intend for purpose and other context to be communicated in the wallet for consent-gathering, or whether those are obligations on the relying party prior to initiating a wallet request, are important considerations for the design of other parts of the ecosystem, so this would really benefit from being clearly defined.
Guidance on asking for permission and gaining informed consent are well-established areas of work in user experience design and data protection law. No such guidance would indicate that the way to make a user informed about a highly sensitive action is to include a link to a privacy policy document somewhere. If additional documentation is necessary, let us know and we can provide links to relevant research.