fbpx

Download free GDPR compliance checklist!

Tag Archives for " consent "

German court decides that GDPR consent can be tied to receiving advertising

On June 27, 2019, the High Court of Frankfurt decided that a consent for data processing tied to a consent for receiving advertising can be considered as freely given under the GDPR.

The claimant’s consent had been obtained in connection with his participation in a sweepstakes contest. The court decided that bundling consent for advertising with the participation in a sweepstakes contest does not prevent it from being “freely given”. According to the court, “freely given” consent is a consent that is given without “coercion” or “pressure”.

Source: Participation in a raffle of consent to future e-mail advertising

Fingerprint case highlights importance of biometric policies and consent

An unfair dismissal case has highlighted the need for companies to update policies and procedures and to obtain full consent before using biometric data in the workplace.

The Fair Work Commission in Australia found that Superior Wood employee’s dismissal for refusing to use a fingerprint scanner was unfair because the company did not have a privacy policy in place; it didn’t obtain consent before collecting sensitive information, and it failed to issue a privacy collection notice.

Full article: Fingerprint case highlights importance of biometric policies and consent

Dutch DPA Issues Opinion on Use of Cookie Walls

Recently, the Dutch Data protection Authority has taken the position that the use of so-called “cookie walls,” whereby website access is made conditional upon the provision of consent to tracking cookies, is not compliant with the EU General Data Protection Regulation (GDPR).

According to the Dutch SA, use of online tracking technology is one of the most invasive data processing activities considering that virtually everyone is active on the internet and therefore potentially subject to online tracking. It is therefore key to obtain valid consent from website users before engaging in any tracking activity. nd such consent shall meet GDPR requirements.

Source: Dutch Supervisory Authority Opines on Use of Cookie Walls

Denmark Data Protection Auth. on GDPR & Voice Recordings

The Denmark Data Protection Authority (DPA) ruled on April 11, 2019, that affirmative consent is required when companies record customer telephone calls.

In this case company provided disclosures to its customers that calls may be recorded for training purposes, but did not offered a mechanism for customers to opt-in or opt-out of the recording. DPA rejected the company’s arguments that its recording practices served a legitimate interest, such as the improvement of its customer service, and concluded that the company’s telephone recording practices violated the GDPR.

Source: Denmark Data Protection Auth. on GDPR & Voice Recordings

Facebook Custom Audience illegal without explicit user consent, Bavarian Data Protection Authority rules

Online shops and marketers routinely share customer data with Facebook to reach them with targeted advertising.

Turns out: in many cases this is illegal. A ground-breaking decision by a German Data Protection Authority recently ruled that matching customers’ email addresses with their Facebook accounts requires their explicit consent.

Source: Facebook Custom Audience illegal without explicit user consent, Bavarian Data Protection Authority rules – netzpolitik.org

Even ticking a box does not necessarily mean consent is freely given

Digiday spoke to Giovanni Buttarelli, European data protection supervisor, to hear whether media and advertising businesses have done enough to comply. He believes Google and Facebook must work harder to achieve compliance.

Full article: Giovanni Buttarelli on state of GDPR adoption: ‘Even ticking a box does not necessarily mean consent is freely given’ – Digiday

Association of German Supervisory Authorities issues paper on broad consent for research

On April 3, 2019, the Association of German Supervisory Authorities (“Datenschutzkonferenz” or “DSK”) issued a paper  on the interpretation of “broad consent” for scientific research in Recital 33 of the GDPR and the interplay with the definition of consent and the principle of purpose limitation.

According to the DSK, broad consent should only be used in exceptional circumstances when it is not possible to establish at the outset the expected scope of the research. Moreover, the DSK suggests that a broad consent can be fixed at a later stage of the research by narrowing down the scope of the research once that scope is clearer – i.e., deliberately not using the obtained flexibility.

Ful article: Association of German Supervisory Authorities issues paper on broad consent for research

Notice and Choice Are No Longer a Choice

How many applications do you have on your phone? Average people have around 80. For each of those applications, you gave the company behind it your consent to use your data, and likely in a variety of ways. It’s nearly impossible to remember what personal data use you consented to for each one.

Watch Nuala’s illustrative opening statement for more on why we must move beyond the “notice and choice” model for personal privacy protections.

Source: Notice and Choice Are No Longer a Choice

How opt-in consent really works

Consent is only one of several lawful bases for data processing available under the EU General Data Protection Regulation. Nonetheless, sometimes consent is the most appropriate — or only — basis for personal data processing.

The GDPR requires consent to be opt-in. It defines consent as “freely given, specific, informed and unambiguous” given by a “clear affirmative action.” It is not acceptable to assign consent through the data subject’s silence or by supplying “pre-ticked boxes.”

Full article: How opt-in consent really works

IAB Europe to release updated consent framework

The Interactive Advertising Bureau (IAB) Europe is incorporating feedback from publishers, including Google, as it preps the latest version its Transparency and Consent Framework (TCF) later this year.

Google, which has continued to postpone its official alignment with the General Data Protection Regulation (GDPR) consent tool, said it will officially integrate the framework as a recognized TCF vendor after the release.

Source: Exclusive: IAB Europe to release updated consent framework later this year, Google to sign on – MarTech Today

1 2 3 8
>