What is consent?

Article 4(11) of the GDPR states that consent is any freely given, specific, informed, and unambiguous expression of the individual’s choices regarding the processing of his or her personal data for one or more specific purposes.

Consent is one of the 6 lawful bases for data processing further described in Article 6 of the GDPR.

The purpose of consent is to give individuals control over their data.

Characteristics of consent

For the GDPR consent to be valid, it must have certain characteristics:

➡️ It must be given with affirmative action, and processing purpose needs to be thoroughly explained to the individual.
➡️ There should be no influence or repercussions that can affect an individual’s choice.
➡️ It needs to be distinguishable from other matters
➡️ Consent can be given as a written statement, including the electronic form or oral form,
➡️ It needs to be given in an easily accessible form, and clear and understandable language.
➡️ The data subject should be able to withdraw consent as easily as it was given without negative consequences for the data subject.
➡️ Consent should be an expression of data subjects’ real choice.
➡️ Consent requires a positive opt-in, which means the methods of default consent are non-compliant.
➡️ Make sure it is specific and granular
➡️ Giving consent should not be a precondition for the service you provide

All glossaries
Scroll to Top