Mar 16, 2017
The EU General Data Protection Regulation (GDPR) imposes new stricter rules on end user consent as a basis for processing personal data. Nevertheless, it is necessary that also the users themselves take reasonable efforts to control their personal data and privacy. Although it is the responsibility of a data controller to make the information concerning the consent and processing of personal data easily available to the user, a user also needs to get acquainted with information to be able to make informed decisions. For example, if the user ticks a box next to a writing: “I hereby give my consent for X Oy to process my personal data for identifying my personal interests and target more suitable advertisements to me”, it can be regarded as a consent. This can be assumed to be an expression of consent, even in the case that the user would not have read the Privacy Policy or the text of the tick box by which the consent is collected.
The GDPR in general approaches end user consent from the perspective that the user is provided with sufficient information concerning the processing of personal data. If all requirements for a valid consent are met, the processing of personal data can be based on the consent of the user. Additionally, the GDPR provides the user with a right to withdraw consent any time and therewith can limit possible harms done by given consents.
It is important for users to familiarize themselves with available information, to be able to execute their rights. In case the information presented raises some doubts relating to the protection of personal data or privacy, the user should seek other options for the service or contact the data controller to receive more information.
Here are three guidelines to help the user to avoid unpleasant surprises while registering into a service:
Read also the first and second part of the series “End User Consents Under the GDPR”.
Writer
Sini Mickelsson, Privacy Specialist
sini.mickelsson@privaon.com
www.privaon.com