Consent is only one of several lawful bases for data processing available under the EU General Data Protection Regulation. The others — fulfilling a contract and legitimate interest being the most popular — are often preferred to consent because consent can be withdrawn by the data subject at any time.
Nonetheless, sometimes consent is the most appropriate — or only — basis for personal data processing. For example, although GDPR Recital 47 explicitly states that direct marketing may be based on legitimate interest, the ePrivacy Directive and the member state law implementing it (such as the U.K.’s Privacy and Electronic Communication Regulations) generally mandate the use of consent for email marketing and cookies.
The GDPR requires consent to be opt-in. It defines consent as “freely given, specific, informed and unambiguous” given by a “clear affirmative action.” It is not acceptable to assign consent through the data subject’s silence or by supplying “pre-ticked boxes.”
Consent for email marketing — Success!
The IAPP, like many organizations, invites new customers and members to enjoy some of our content or other products for free to sample the goods. Ideally, the potential new customer or member enjoys the experience and decides to return for more.
To help this person in their decision, the IAPP might send them an email. But do we have their consent to do so? Under U.S. and Canadian email marketing laws, the IAPP does not always need opt-in consent, although it must always allow the customer to unsubscribe or opt out of future messages. Given the GDPR’s opt-in standards, the IAPP decided — along with many other companies globally — to convert to an opt-in standard for receiving email messages about IAPP news and events and to apply this to everyone globally.
Clique aqui e leia a matéria completa.