#EDPB-Guidelines-03-2022 (1 article)

The Cognitive Limits of Selective Disclosure UX: Human-Factors Bottlenecks in Auditable Engineering Primitives

The eighteenth article in the civic-proof series (F3). Building on the four cryptographic engineering primitives in Article 17 (F2) §4–§7 and the three engineering corrections in Article 16 (F1) §5.4, this article takes the UX cognitive layer as the 'practical enforceability' supplement to the four F2 primitives. Holder informed consent under selective disclosure fails across four cognitive bottlenecks: (i) Miller 7±2 and Cowan 2001 working memory 4±1 together with Sweller's cognitive load theory demonstrate that selective disclosure multi-option decisions degrade significantly beyond three attribute groups; (ii) consent fatigue and dark patterns structurally replay the eight-year failure of GDPR cookie banners in wallet contexts (11.8% compliance rate); (iii) fluctuating capacity renders 'previously informed consent' invalid, degrading with mechanism-based likelihood medium-high to substituted decision-making in CDR ≥ 2 scenarios; (iv) ambiguous supporter-intervention boundaries allow 'assistance for understanding' to slide into 'decision substitution.' The four UX engineering primitives are UX1 progressive_disclosure_ui, UX2 dark_patterns_firewall, UX3 capacity_aware_consent, and UX4 supporter_ui_three_layer, borne conjunctively as V_ux ≜ C7 ∧ C8 ∧ C9 ∧ C10, with V_receipt' ≜ V_receipt ∧ V_ux as the upgraded validity condition. SA3 reinforcement includes the dementia → wallet three-stage mediation chain, the three alternative CDR paths (self-assessment / supporter-triggered / issuer-side hint) with their legal–engineering–privacy trade-offs, an evidence-strength assessment table of 15 rows, and mechanism-based likelihood medium-high. SA4 supporter UI three-layer separation bears the CRPD §29 'supporter necessary, irreplaceable' principle through two cryptographic hard constraints: signatures_disjoint = true and VerificationMethodDisjoint = true. Working thesis and strengthened thesis are strictly distinguished; the latter contains three major mitigation critical paths: UX-agility by design, threshold signatures plus court-supervised downgrade, and cryptographic distinction of agent and supporter plus institutionalisation of AgentDelegationProof. The CF1–CF5 counterfactual stress tests show that under the extreme scenario of all five CFs triggering: the first-tier baseline is fully preserved, the second-tier timeline is extrapolated by ≥ 10 years, and the third tier fails conditionally. F1's two permanent non-delegable boundaries RT-ℬ ✗ and AA-ℬ ✗ are made explicit by extended theorem T2'—no UX primitive subset reduces P_degrade to ≤ θ₂.