You may have recently received an email from Joomla asking you to renew your consent to the processing of your personal data. In certain times during the year, or when new privacy laws go into effect, consent renewal emails seem to flood all of our inboxes. Why do you need to renew your consent? Why is consent so important to privacy?
In this article, we will discuss the principle of consent under the General Data Protection Regulation (GDPR), explain how Joomla obtains your consent, and provide you with tips on how you can obtain consent for the processing of personal data.
GDPR protects the personal data of residents of the European Union by imposing restrictions on how personal data can be collected, requiring certain websites to have a Privacy Policy, and providing privacy rights to individuals. GDPR is a relatively unique privacy law in that it prohibits the collection and use of personal data unless an exemption, otherwise called a legal basis, applies. One of these exceptions occurs when the data subject has given consent to the processing of his or her personal data for one or more specific purposes. Therefore, obtaining proper consent is crucial to the ability to collect and process personal data under GDPR.
According to Recital 32 of GDPR, for consent to be valid, it must be given by “a clear affirmative act establishing a freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of his or her personal data, such as by a written statement, including by electronic means, or by an oral statement.” In order to be proper under GDPR, consent must meet the following criteria:
- The individual must have a real choice as to whether or not to allow the processing of their personal data;
- Consent must be granular, meaning that the purposes for which personal data will be processed must be specific;
- The individual must know what they are consenting to, meaning that you must have a Privacy Policy that makes specific disclosures; and
- Consent must be based on unambiguous indications of the wishes of the individual, meaning that the individual must take a clear action to consent. This essentially invalidates the use of pre-checked boxes or the assumption of consent if the user continues to use your website.
It is clear that consent is extremely important under GDPR if you want to process the personal data of residents of the European Union.