Most people do not remember the first time they were asked to upload an identity document online. It did not feel dramatic. It was not controversial. It was just another box to tick.
Upload your ID. Take a selfie. Click continue.
At some point, this stopped feeling like a request and became a requirement. Not because laws suddenly changed, but because refusal quietly stopped being an option.
This is what consent fatigue looks like.
Consent fatigue happens when people are asked to make the same "choice" over and over again, under time pressure, with no real alternative. Each individual request feels small. Reasonable, even. But over time, the cumulative effect is that people stop engaging critically at all. They comply because opting out means exclusion.
You can see this everywhere. To access a platform, to join a competition, to post content, to use a professional network, and to comment on a forum. The message is always the same: comply, or you do not get to participate.
While the process shows consent granted, the reality is that it is being extracted under pressure, not truly given.
Meaningful consent requires three things: understanding, choice, and the ability to refuse without penalty. Most digital identity flows today fail all three. The implications of handing over identity data are rarely explained. Alternatives are rarely offered. And refusal almost always means losing access.
Over time, this continuous exposure shapes behavior. Gradually, people become numb to the process. They stop asking who is collecting their data, where it is stored, how long it will be kept, or who it might be shared with. Identity disclosure fades into background noise, something endured rather than truly agreed to.
This is not because people do not care about privacy. It is because the cost of caring has been made too high.
What makes this especially troubling is that identity data is not neutral. It carries a risk that persists long after the moment of consent. Documents get reused. Databases get breached. Companies change ownership. Jurisdictions shift. Data that was collected for one purpose quietly finds its way into another.
And when something goes wrong, individuals are often told they "agreed" to it.
This is where the current approach to digital identity fails: Consent gained through exhaustion is not true consent. Compliance achieved by exclusion is not a real choice. Convenience that lacks protection does not lead to genuine empowerment.
There is a difference between enabling participation and coercing disclosure. Between asking for proof and demanding exposure. Between systems designed to respect people and systems designed to extract from them.
To make digital identity work, we must recognize that more clicks do not mean true consent. We need systems that request less, allow refusals, and minimize risk to users.
Until then, we will keep calling it consent while people quietly experience it as something else entirely.