What is valid consent?
The GDPR sets a high standard for consent, which must be unambiguous and involve a clear affirmative action (an opt-in).
It specifically bans pre-ticked opt-in boxes. It also requires distinct (‘granular’) consent options for distinct processing operations. Consent should be separate from other terms and conditions and should not generally be a precondition of signing up to a service.
Consent must be freely given; this means giving people genuine ongoing choice and control over how you use their data.
Consent should be obvious and require a positive action to opt in. Consent requests must be prominent, unbundled from other terms and conditions, concise and easy to understand, and user-friendly.
Consent must specifically cover the controller’s name, the purposes of the processing and the types of processing activity.
Explicit consent must be expressly confirmed in words, rather than by any other positive action.
There is no set time limit for consent. How long it lasts will depend on the context. You should review and refresh consent as appropriate.
Make your consent request prominent, concise, separate from other terms and conditions, and easy to understand. Include:
- the name of your organisation;
- the name of any third party controllers who will rely on the consent;
- why you want the data;
- what you will do with it; and
- that individuals can withdraw consent at any time
Keep records to evidence consent – who consented, when, how, and what they were told.
Make it easy for people to withdraw consent at any time they choose. Consider using preference-management tools.
Keep consents under review and refresh them if anything changes. Build regular consent reviews into your business processes.
Kontakt
Ich hoffe, Sie finden dies nützlich. Wenn Sie einen EU-Vertreter benötigen, Fragen zur DSGVO haben oder eine SAR- oder Regulierungsanfrage erhalten haben und Hilfe benötigen, können Sie sich jederzeit an uns wenden. Wir helfen Ihnen immer gerne...
GDPR Lokales Team.
Recent blogs
The Future of Finance: Adapting to AI and Data Privacy Laws
The rapidly evolving landscape of financial technology is witnessing a significant transformation w
Navigating the Contradictions: Automated Decision-Making and Regulatory Legislation in AI Systems
The Dilemma of Automated Decision-Making At the heart of AI systems lies the promise of aut
How to Implement the New AI Law in Your Company
The implementation of the AI Act marks a significant stride towards responsible and fair use of art