Countdown To GDPR Compliance
In Recital 32 we are given more details on this:
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Article 4 of the GDPR defines consent as follows:
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
For website owners these lines are very important “Silence, pre-ticked boxes or inactivity should not therefore constitute consent.” And “When the processing has multiple purposes, consent should be given for all of them.”
“Silence, pre-ticked boxes or inactivity should not therefore constitute consent.”
“When the processing has multiple purposes, consent should be given for all of them.”
This means that it is now necessary to gain consent for every way in which you gather and use the persons data, so consent for one type of cookie does not carry over and apply to consent for other types of cookies. I will cover consent further in a future article, so be sure to check back for that.
The GDPR does not stop there however, in Article 7(3) it goes on to state that consent once given should be as easy to withdraw as it was to give.
- The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.”
- What GDPR Means For Website Owners
- GDPR What Are Cookies and Why Do I need a Cookie Notice On My Website
- Cookie Control – The Right to Choose
- Add A Consent Tick Box to Your Data Gathering Forms For GDPR Compliance
Disclaimer: GDPR is a serious topic and can have financial & legal ramifications for business owners that do not correctly comply. As I am not a legal professional I make no claim that this article or subsequent articles definitively covers everything that website owners should know, as such I would highly recommend that you do further research on the topic and seek legal advice should you deem it necessary. You should not rely on the contents of this article as legal proof of anything and I accept no responsibility or liability for its accuracy.