Consent Management

From MgmtWiki
Revision as of 14:17, 22 July 2018 by Tom (talk | contribs) (Context)

Jump to: navigation, search

Full Title or Meme

The process of acquiring, refreshing, managing and deleting user consent to access their personal information and other resources.

Context

The primary consideration is the collection of consent from the user, also the need for Recovery, Redress and simple maintenance by the user must be addressed as well.

The EU has already addressed the collection of consent in some guidance.[1] The following is a quote from paragraphs 42 and 43 of the GDPR.

Where processing is based on the data subject's consent, the controller should be able to demonstrate that the data subject has given consent to the processing operation. In particular in the context of a written declaration on another matter, safeguards should ensure that the data subject is aware of the fact that and the extent to which consent is given. In accordance with Council Directive 93/13/EEC1 a declaration of consent pre-formulated by the controller should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms. For consent to be informed, the data subject should be aware at least of the identity of the controller and the purposes of the processing for which the personal data are intended. Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.

In order to ensure that consent is freely given, consent should not provide a valid legal ground for the processing of personal data in a specific case where there is a clear imbalance between the data subject and the controller, in particular where the controller is a public authority and it is therefore unlikely that consent was freely given in all the circumstances of that specific situation. Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations despite it being appropriate in the individual case, or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.

Problems

Solutions

References

  1. EU Commission, How should my consent be requested? https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens/how-my-personal-data-protected/how-should-my-consent-be-requested_en