Recommended
More Related Content
Similar to consent:gdpr
Similar to consent:gdpr (20)
More from Mathew Chacko
More from Mathew Chacko (18)
Recently uploaded
Recently uploaded (20)
consent:gdpr
- 1. CONSENT UNDER THE GDPR: PRELIMINARY THOUGHTS
- 2. ARTICLE 29 WORKING PARTY Independent advisory body set up under Article 29 of the 1995 Directive that advises, provides recommendations, and promotes application of data protection laws Comprises of DP authorities from each member state, European Data Protection Supervisor, and the European Commission
- 3. ARTICLE 6 ARTICLE 5 ARTICLE 4(11) CONSENT IN THE GDPR
- 4. ARTICLE 6 LAWFULNESS OF PROCESSING CONSENT PERFORMANCEOF A CONTRACT COMPLIANCEWITH A LEGAL OBLIGATION PROTECTIONOFVITAL INTERESTS PUBLIC INTEREST LEGITIMATE INTEREST
- 6. ARICLE 4(11) CONSENT “Consent” means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- 7. CONSENT FREELYGIVEN When is consent not valid? If a data subject has no real choice; If a data subject feels compelled to consent; If a data subject will endure negative consequences if they do not consent.
- 8. CONSENT FREELYGIVEN Is there an imbalance of power? Assess whether performance of a contract is conditional upon processing of personal data that is unnecessary for performance. Consent should be given for each of multiple purposes aka ”granularity”. Data subjects should have the right to refuse or withdraw consent without the threat of detriment.
- 9. CONSENT SPECIFIC This aims to ensure a degree of user control and transparency. Specify the purpose for the intended processing.This satisfies Article 5 and safeguards against Function Creep. Ensure Granularity in consent requests.
- 10. CONSENT INFORMED Minimum Requirements Controller’s identity Purpose of each processing operation for which consent is sought Type of data that is being collected and used Existence of right to withdraw consent Automation processes and risks
- 11. CONSENT INFORMED How do you provide information? Ensure you use clear and plain language. Do not use long privacy policies. Avoid drafting pitfalls like “I know that…”
- 12. CONSENT UNAMBIGUOUS INDICATION It means the data subject is signifying their agreement to processing of personal data through an active motion or declaration. Written Statement are great. A blanket acceptance of general terms and conditions is not. Click fatigue is a problem.
- 13. EXPLICIT CONSENT
- 14. EXPLICIT CONSENT When is it required? Explicit consent is required when serious data protection risks arise: for example, while processing special categories of data or transferring data to third countries without adequate safeguards. In such scenarios, a high level of individual control over personal data is appropriate.
- 15. EXPLICIT CONSENT How do you obtain it? Get a written statement of the data subject… and make them sign it. Implement a two-step verification process. Get the data subject to send an “I Accept” email. Obtain explicit consent through a telephone conversation – provided that the information provided is intelligible and clear. Get the data subject to sign through an electronic signature.
- 16. ADDITIONAL CONDITIONS If processing is based on consent, controllers should be able to demonstrate that data subjects have consented. As long as a data processing activity lasts, controllers should be able to prove that a data subject has consented to processing. After processing ends, proof of consent should be kept no longer than necessary. WP29 Recommends: Refresh the consent exercise at appropriate intervals.
- 17. ADDITIONAL CONDITIONS Data subjects should be able to withdraw consent in the same in the same manner and as easily as they give it. There should be no detriment to the data subject while withdrawing consent.
- 18. FOR MORE DETAILS, PLEASE REACH OUT TO: mathew@spiceroutelegal.com aadya.misra@spiceroutelegal.com