This document discusses consent under the GDPR and provides preliminary thoughts on the requirements for valid consent. It summarizes that consent must be freely given, specific, informed, and unambiguous. Consent must be an affirmative action by the data subject and cannot be inferred from silence or pre-checked boxes. Controllers must be able to demonstrate valid consent was obtained and maintain records of consent. Explicit consent is required for sensitive data processing or third country transfers.