Consent and the GDPR
ConsentConsent of the data subject within the meaning of the GDPR means a clear affirmative act establishing the freely given, specific, informed and unambiguous indication that the data subject agrees to the processing of his or her personal data. Freely given consent means that the data subject has a genuine or free choice or is able to refuse or withdraw consent without detriment. For consent to be informed, the data subject needs to be aware of the identity of the controller and the purpose of processing.Consent needs to be given to all processing activities, which can be done for example by a written statement (including by electronic means) or an oral statement. If the data subject needs to give consent by electronic means, the request for consent has to be clear, concise and not unnecessarily disruptive. This type of consent can be given for example by ticking a box when visiting a website, choosing certain technical settings or any other statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing. Pre-ticked boxes or inactivity by the data subject do not constitute consent. This means that an app company for example needs to think about how to request consent in a manner that complies with the GDPR and how to demonstrate this to the supervisory authority upon request.Where processing is based on consent, Article 7 determines that the controller needs to be able to demonstrate that the data subject has given consent to the processing activities. Furthermore, the request for consent needs to be presented in a clearly distinguishable form. This means that it cannot be buried within a contract or other written document. It needs to be presented in clear and plain language in an intelligible and easily accessible form which is clearly distinguishable from other matters (within a contract or other written document) and may not contain unfair terms. The data subject has the right to withdraw his or her consent at any time.Do you have examples from you own experience where you have been asked to give consent to a data controller to process your data? Feel free to discuss these situations with other learners on the discussion board.
Protecting Health Data in the Modern Age: Getting to Grips with the GDPR
Our purpose is to transform access to education.
We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.
We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.