fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " consent "

Even ticking a box does not necessarily mean consent is freely given

Digiday spoke to Giovanni Buttarelli, European data protection supervisor, to hear whether media and advertising businesses have done enough to comply. He believes Google and Facebook must work harder to achieve compliance.

Full article: Giovanni Buttarelli on state of GDPR adoption: ‘Even ticking a box does not necessarily mean consent is freely given’ – Digiday

Association of German Supervisory Authorities issues paper on broad consent for research

On April 3, 2019, the Association of German Supervisory Authorities (“Datenschutzkonferenz” or “DSK”) issued a paper  on the interpretation of “broad consent” for scientific research in Recital 33 of the GDPR and the interplay with the definition of consent and the principle of purpose limitation.

According to the DSK, broad consent should only be used in exceptional circumstances when it is not possible to establish at the outset the expected scope of the research. Moreover, the DSK suggests that a broad consent can be fixed at a later stage of the research by narrowing down the scope of the research once that scope is clearer – i.e., deliberately not using the obtained flexibility.

Ful article: Association of German Supervisory Authorities issues paper on broad consent for research

Notice and Choice Are No Longer a Choice

How many applications do you have on your phone? Average people have around 80. For each of those applications, you gave the company behind it your consent to use your data, and likely in a variety of ways. It’s nearly impossible to remember what personal data use you consented to for each one.

Watch Nuala’s illustrative opening statement for more on why we must move beyond the “notice and choice” model for personal privacy protections.

Source: Notice and Choice Are No Longer a Choice

How opt-in consent really works

Consent is only one of several lawful bases for data processing available under the EU General Data Protection Regulation. Nonetheless, sometimes consent is the most appropriate — or only — basis for personal data processing.

The GDPR requires consent to be opt-in. It defines consent as “freely given, specific, informed and unambiguous” given by a “clear affirmative action.” It is not acceptable to assign consent through the data subject’s silence or by supplying “pre-ticked boxes.”

Full article: How opt-in consent really works

IAB Europe to release updated consent framework

The Interactive Advertising Bureau (IAB) Europe is incorporating feedback from publishers, including Google, as it preps the latest version its Transparency and Consent Framework (TCF) later this year.

Google, which has continued to postpone its official alignment with the General Data Protection Regulation (GDPR) consent tool, said it will officially integrate the framework as a recognized TCF vendor after the release.

Source: Exclusive: IAB Europe to release updated consent framework later this year, Google to sign on – MarTech Today

Company closure and 4-year ban for director after marketing regulation breach

A director of a lead generating service has been banned for four years after failing to ensure his company complied with text message regulations.

Lad Media Limited sent over 393,000 SMS messages were sent to members of the public, including to individuals whom had withdrawn their consent regarding the receipt of marketing texts or calls.

Irrespective of Lad Media’s claim that the illegal marketing had not been their fault, but was instead due to the actions of third parties, the ICO imposed a fine of £20,000.

Source: Company closure and 4-year ban for director after marketing regulation breach

Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates

Last August French privacy regulator CNIL cited two French location-intelligence companies (Fidzup and Teemo) as non-compliant with GDPR consent rules (as well as French privacy law).

Teemo then worked cooperatively with CNIL to develop specific consent language around third-party use of location data. Surprisingly, but the opt-in rates were 70%. Teemo says that transparency gives consumers a sense of control and they respond positively as a result.

Source: Data location vendor worked with GDPR regulator on data consent model, yielding 70% opt-in rates – MarTech Today

How to avoid consent fatigue

Consent requests combined with the obligation of transparency aims to give back control to individuals over the use of their personal data.

However, the frequency of interactions with organizations that collect personal data makes it tedious, if not practically impossible, for individuals to process the information contained within a consent format, in particular, where organizations unduly use bundled consents to a broader range of operations.

Source: How to avoid consent fatigue

Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

Data Protection Authority (DPA) of the German state of Bavaria announced it was considering fining a number of companies under the GDPR for their website cookie practices.

None of these companies appear to be in Google-style tech industries. The Bavarian DPA’s action potentially signals that cookies, user tracking, and online advertising are not a ‘tech industry issue,’ but instead a priority issue for companies irrespective of their industry – and one that can carry GDPR fine risk.

Full article: Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

1 2 3 7
>