What is consent?
Article 4(11) defines consent as any freely given, specific, informed, and unambiguous indication of an individual’s wishes regarding the processing of their personal data. Consent is one of the six lawful bases for data processing outlined in Article 6 of the GDPR, and its purpose is to give individuals control over their data.
Characteristics of consent
To be considered valid under the GDPR, consent must have several characteristics, including being given with affirmative action, being distinguishable from other matters, and being specific and granular. Additionally, the individual must be informed of the processing purpose, and there should be no influence or repercussions that can affect the individual’s choice.
It must be given with affirmative action, and processing purpose needs to be thoroughly explained to the individual.
- There should be no influence or repercussions that can affect an individual’s choice.
- It needs to be distinguishable from other matters
- Consent can be given as a written statement, including the electronic form or oral form,
- It needs to be given in an easily accessible form and clear and understandable language.
- The data subject should be able to withdraw consent as easily as it was given without negative consequences for the data subject.
- Consent should be an expression of the data subjects’ real choice.
- Consent requires a positive opt-in, which means the methods of default consent are non-compliant.
- Make sure it is specific and granular
- Giving consent should not be a precondition for the service you provide
Consent should also be an explicit indication of the individual’s wishes, and the data subject should be able to withdraw consent as easily as it was given, without any negative consequences.
It must be given in an easily accessible form and clear and understandable language. It’s essential to note that consent cannot be assumed from silence or inaction, and pre-ticked boxes or implied consent are not considered valid under GDPR. Finally, giving consent should not be a precondition for the service provided.