In fact, many organizations still associate the requirement for consent with whether the consumer gets something (or not), which obviously means that consent is not given voluntarily. An example is a motorists` association that offers its members the opportunity to obtain a replacement vehicle as part of roadside assistance only if drivers who wish to receive the replacement vehicle as part of their membership agree to the tracking of their data and the tracking of their driving behaviour by telematics. In such a case, consent is not the best approach and is not permitted because consent is not given voluntarily. WP29`s consent guidelines give an example that makes it more tangible and allows you to think of several similar. In other words, as stated in the first paragraph of Article 7 of the GDPR on the conditions of consent, it is for the controller to prove that the data subject has consented and, moreover, the non-admission or withdrawal of consent does not imply voluntary consent. Many countries outside the EU do not have regulations as strict to protect personal data as the GDPR. Therefore, such transfers must be legitimised, for example, by an adequacy decision of the European Commission, the implementation of approved binding corporate rules or the explicit consent of the data subject. Make sure that a legal basis for the data transfer is secured before it takes place. Or, as stated in recital 32 of the GDPR: “Consent should cover all processing activities carried out for the same purposes or purposes. Where processing has several purposes, consent should be given for each of them. The G29 guidelines on consent recall that an imbalance of power can also occur in the employment context (which does not exclude consent in this context) and in other situations. Article 13 of the GDPR deals in more detail with the information that must be provided when personal data are collected from the data subject, regardless of the legal basis for the lawful processing.

However, due to uncertainty about data protection standards abroad, many countries restrict the offshore transfer of personal data. Such transfers may be permitted in certain circumstances or where data protection standards are considered adequate in a third country. This is particularly sensitive when it comes to personal data for national identification, civil registration and voter registration systems. In addition to cross-border data transfer, the legal framework may also include rules on regional or international interoperability or mutual recognition of their identification systems. Let`s go back to consent and specific consent. You may have noticed the use of the term “explicit.” Explicit here refers to the purpose of data processing. This is not the same as express consent; However, this is again (in addition to early drafts of the GDPR text) a sign of how the line can be lowercase. In other words, if this transparency is lacking both in terms of functions and processing (including obtaining consent), then there is no compliance and cannot be demonstrated. Although the term “voluntarily given” is not explicitly mentioned, the second paragraph of article 7 provides that if consent is given in the context of a written statement that also relates to other matters, consent must be given in a manner that clearly distinguishes from those other matters in a very clear manner and language.

In other words, consent cannot be considered voluntary if, when necessary, it is hidden in the statement and/or is unclear and, above all, indistinguishable. We have already covered the legal bases under which you can collect/process personal data, but we mention this here because one of the myths of the GDPR persists that you can only process their data with the consent of the natural person concerned, also known as the data subject. It`s not true. If the purpose of the data processing activity for which consent was given has changed, a new consent is required. Where several operations pursue exactly the same objective, the consent should cover all processing activities carried out for the same purpose(s). Specific consent is also closely related to the element of informed consent that comes next and, as mentioned earlier, the requirement of free consent or voluntary consent and granularity.