What is consent?
- Processing of personal data cannot begin until valid consent is obtained.
- Valid consent is any freely given, specific, informed and unambiguous indication of the user’s agreement to the processing of personal data.
- Consent is only valid if the user can withdraw it.
- There are special requirements for children, especially for social media and services with content specifically targeting children under 16.
- Consent must be stored for documentation (in case of inspection by the DPA).
What are the requirements for consent?
1) No data processing before consent is obtained
2) Consent must be freely given
- Consent is based on implicit consent, i.e.” “if you use the site, you accept cookie”.
- Any undue pressure on or influence on the user’s free will to consent.
- Silence, pre-ticked boxes, or inactivity are used to collect consent. This does not suffice as an unambiguous indication and therefore cannot constitute consent.
3) Consent must be specific
4) Consent must be informed
- The identity of the data controller (the website).
- The purpose of data processing.
- Which data is being processed.
- Information about how to withdraw consent.