Post by account_disabled on Dec 21, 2023 3:27:18 GMT
Aunder the GDPR does not need to be explicit it just needs to be unambiguous. After several debates the proposal of the European Parliament that if the processing is based on the data subjects consent this consent must be explicit i.e. optin was abandoned in the compromise text of the GDPR. Instead the explicit consent requirement applies when consent is relied upon in the context of the processing of sensitive personal data as is the case in todays directive. The GDPR expressly defines the term data subject consent to require it to always be unambiguous.
It also sets out other requirements which include the need for consent to be country email list i informed ii freely given iii be expressed by clear affirmative action and iv be clearly distinguishable from other aspects. considered legally valid if there is a significant imbalance between the position of the data subject and the controller. Additional requirements are also set out in relation to obtaining the consent of minors. Also several types of data such as biometric data are included in the category of sensitive data the processing of which requires explicit consent.
In addition the GDPR requires companies to demonstrate that they have effectively obtained consent from users which could impose a significant burden on businesses. Given the new more demanding conditions on consent the ability to rely on the basis of legitimate interests will be crucial from a business perspective. During the drafting process of the GDPR the Commission and the Parliament suggested that the data of natural persons can only be processed i for a purpose for which they have been approved or ii for such legitimate interests pursued by the controller or relevant third parties as individuals might reasonably expect. On the other hand the Council proposed a more businessoriented approach which would allow both the controllers and the persons authorized by them to process the data with the justification of legitimate interests even for.
It also sets out other requirements which include the need for consent to be country email list i informed ii freely given iii be expressed by clear affirmative action and iv be clearly distinguishable from other aspects. considered legally valid if there is a significant imbalance between the position of the data subject and the controller. Additional requirements are also set out in relation to obtaining the consent of minors. Also several types of data such as biometric data are included in the category of sensitive data the processing of which requires explicit consent.
In addition the GDPR requires companies to demonstrate that they have effectively obtained consent from users which could impose a significant burden on businesses. Given the new more demanding conditions on consent the ability to rely on the basis of legitimate interests will be crucial from a business perspective. During the drafting process of the GDPR the Commission and the Parliament suggested that the data of natural persons can only be processed i for a purpose for which they have been approved or ii for such legitimate interests pursued by the controller or relevant third parties as individuals might reasonably expect. On the other hand the Council proposed a more businessoriented approach which would allow both the controllers and the persons authorized by them to process the data with the justification of legitimate interests even for.