Privacy

Consent

A freely given, specific, informed, and unambiguous indication of agreement to data processing.

Consent is one of the six legal bases for processing personal data under the GDPR. It must be a clear affirmative act — silence, pre-ticked boxes, or inactivity do not constitute valid consent.

  • Freely given — no imbalance of power, no bundling with unrelated services
  • Specific — covers a defined purpose, not a blanket authorisation
  • Informed — the data subject knows who is collecting data and why
  • Unambiguous — requires a clear affirmative action (opt-in, not opt-out)
  • Setting non-essential cookies or tracking pixels
  • Sending marketing emails
  • Processing sensitive data (health, biometric, etc.)
  • Sharing data with third parties for their own purposes

Data subjects must be able to withdraw consent as easily as they gave it. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

Defined in GDPR Article 4(11). Conditions in Article 7.

Related Terms

Personal DataPrivacy

Any information that can identify a living individual, directly or indirectly.

Legitimate InterestPrivacy

A legal basis for processing data when the controller's interest outweighs the data subject's rights.

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

Legal BasisLegal

The lawful ground under which personal data may be processed — the GDPR defines six possible bases.

CookieTechnical

A small text file stored by your browser that lets websites remember information between page visits.

Children's PrivacyCookie