User Consent

Explicit permission that individuals grant for specific data processing activities, representing a freely given, specific, informed, and unambiguous indication of their wishes. Under GDPR Article 4(11), consent requires a clear affirmative action—pre-ticked boxes, inactivity, or silence don't constitute valid consent. For consent to be valid, it must be: freely given (without coercion, with genuine choice, and not conditional on accepting unnecessary processing), specific (separate consent for different purposes), informed (provided after receiving clear information about processing), and unambiguous (through statements or clear affirmative actions). Organizations must be able to demonstrate consent was obtained and should: use clear, plain language in consent requests, separate consent requests for different purposes, avoid pre-ticked boxes, make withdrawal as easy as granting consent, maintain records of when and how consent was obtained, and periodically refresh consent when processing or purposes change. While consent is one legal basis for processing, it's not always the most appropriate—alternatives like legitimate interests or contract necessity may be more suitable for many business activities.