Home Knowledge EU Opinion on Consent – Clarifies How Lawfully To Collect & Use Personal Data

EU Opinion on Consent – Clarifies How Lawfully To Collect & Use Personal Data

July 29, 2011
Partner
David Cullen

The EU Data Protection Commissioners’grouping called the Article 29 Working Party (the “Working Party”) hasgiven an opinion on the sometimes vexed question as to what exactlyconstitutes valid consent under EU data protection laws.

The Working Party advised, that in order for consent to be valid itmust be freely given, specific, informed and unambiguous. Consent is oneof several legal grounds for processing personal data.  Where consentis the basis to be relied upon, it must be given, by indication, before the processing of data begins.

In addition, companies must abide by the principles ofproportionality when dealing with data. This means that many companiesmay have to review their procedures to ensure information provided inorder to obtain consent is adequate and that mechanisms are in place toverify that valid consent was given. This is expected to result in thegreater use of dialogue boxes and tick boxes among online companies butthe options must not be pre-selected.

Essential Criteria:

  • Freely Given – Consent is given freely where there is no risk of deception or significant negative consequences for failing to give consent
  • Specific Consent – this is obtained where the exact purpose for processing the data is clearly communicated. Blanket consent, without specifying the exact purpose of process, is not acceptable
  • Informed – In order for consent to be informed, all necessary information in relation to the scope and purpose of the processing of the data must be directly communicated to the data subject in a clear manner, e.g. by the use of dialogue boxes in an online context
  • No Ambiguity – In order to avoid ambiguity, the individual must give consent by some form of indication i.e. there must be some positive act, such as ticking a box. Default internet browsing settings or pre- ticked boxes are not adequate methods to obtain valid consent

The following rules must also be observed for consent to be valid:

  • Timing – Consent must be obtained before the processing of data begins
  • Accountability – Even where a company has obtained valid consent, the principles of fairness, necessity, proportionality and quality must be observed e.g. data can only be retained and used for the purpose(s) it has been received

There are also helpful suggestions for dealing with the issues ofobtaining consent from children and others lacking legal capacity.

Contributed by David Cullen.

Recommended Insights

See all
Article and Insights
1
Feb 2024
Responsible Business Annual Report 2023
William Fry is pleased to launch its Responsible Business Annual Report 2023.
Article and Insights
2
Feb 2024
Digital Operational Resilience Act – second batch of technical standards launched for consultation
We focus on the second batch of draft implementation measures announced by the Eur...
WF_author_blank
Partner
John O’Connor
Article and Insights
2
Feb 2024
John Delaney Documents – Supreme Court Refuses Leave to Appeal
The Supreme Court has refused leave to appeal from a decision rejecting John Delan...
WF_author_blank
Partner
Deirdre O’Donovan
Article and Insights
24
Jan 2024
Cross-Examining Affidavit Evidence in Insolvency Cases
The High Court recently dismissed a petition seeking the winding up of a biofuel c...
WF_author_blank
Partner
Fergus Doorly
prev
next
See all