What is "consent" ?
Consent is one of the legal bases provided by the GDPR. The processing relies on the agreement of the data subject. The individual agrees to have their data processed for a specific purpose.
The data controller must be able to demonstrate that the individual's consent was validly obtained. The data controller may keep a record of consents for this purpose.
The criteria for consent
Consent, as a manifestation of the data subject's will, must meet the following criteria:
Freely given: The consent must be given without coercion or influence on the individual's choice.
Specific: It applies only to a predetermined single purpose.
Informed: this criterion aligns with the obligation to inform the individuals about the processing and to be transparent.
Unambiguous: meaning that consent must be a positive action.
Special cases
Consent for minors
For minors under the age of 15, consent is only valid if the consent of the person holding parental authority has been obtained.
For minors over the age of 15, their consent is valid on the same basis as that of an adult.
Explicit Consent
This concerns cases where consent is required in addition to other obligations under the GDPR. This is notably the case for processing sensitive data or for enabling fully automated decision-making. In these situations, explicit consent is necessary.
Focus on the Right to Withdraw Consent
The data controller must always ensure that data subjects can withdraw their consent at any time, easily and free of charge. This is the "right to withdraw consent."