Difference between revisions of "Consent"
(→Problems) |
(→The Process) |
||
| Line 12: | Line 12: | ||
===The Process=== | ===The Process=== | ||
In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation. Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance. | In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation. Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance. | ||
| − | |||
The Office of the Privacy Commissioner of Canada has published Guidelines for obtaining meaningful consent<ref>Privacy Commissioner of Canada, ''Guidelines for obtaining meaningful consent.'' https://www.priv.gc.ca/en/privacy-topics/collecting-personal-information/consent/gl_omc_201805/</ref> which "sets out practical and actionable guidance regarding what organizations should do to ensure that they obtain meaningful consent." | The Office of the Privacy Commissioner of Canada has published Guidelines for obtaining meaningful consent<ref>Privacy Commissioner of Canada, ''Guidelines for obtaining meaningful consent.'' https://www.priv.gc.ca/en/privacy-topics/collecting-personal-information/consent/gl_omc_201805/</ref> which "sets out practical and actionable guidance regarding what organizations should do to ensure that they obtain meaningful consent." | ||
Revision as of 11:07, 10 May 2019
Contents
Full Title or Meme
Consent is a process that the User undertakes at a Web Site to agree to some conditions of use of that site. Only some Artifact of the process can be used as proof that consent was freely given.
Context
Consent of users to actions in cyberspace has been found in a Privacy Policy or Terms of Service which in many countries take on legal weight as a Contract of Adhesion. That legal basis is now being reimagined in many legal jurisdictions.
Problems
- It's easy to say that the user should have control of their own data, it's hard to capture the fact. Facebook and Google refuse to provide their service is you don't given the consent to your entire life online. That is not a choice for most people that use the internet daily.
- "Consent, in its purest form, could easily become a dystopian stick to control citizens with," Susan Morrow, doesn't pull her punches as she argues that GDPR hasn't resolved the conflict between choice and consent. [1]
Solutions
The Process
In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation. Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.
The Office of the Privacy Commissioner of Canada has published Guidelines for obtaining meaningful consent[2] which "sets out practical and actionable guidance regarding what organizations should do to ensure that they obtain meaningful consent."
The Artifact
- One source for a Consent artifact is the Indian Government[3] this document has the XML format of a consent artifact. Note: crore = ten million; one hundred lakhs, especially of rupees, units of measurement, or people.
References
- ↑ Susan Morrow, 50 shades of privacy: Consent and the fallacy that will prevent privacy for all. (2019-05) Information Age https://www.information-age.com/consent-privacy-gdpr-privacy-by-design-default-123482351/
- ↑ Privacy Commissioner of Canada, Guidelines for obtaining meaningful consent. https://www.priv.gc.ca/en/privacy-topics/collecting-personal-information/consent/gl_omc_201805/
- ↑ Ministry of Electronics & Information Technology, Electronic Consent Framework Technology Specifications, Version 1.1 Government of India (undated, retrieved on 2019-04-09) http://dla.gov.in/sites/default/files/pdf/MeitY-Consent-Tech-Framework%20v1.1.pdf
External References
- FHIR Consent Fields could be helpful in creating consents.
