top of page

Getting to “yes” (designing the framework for data subject’s consent)

Currently reading up on the GDPR, in particular on how consent from the data subject may be obtained via a website or app. Based on the opinion of experts (I am basing the conclusion on the fact that they have IAPP certifications, so their “expertise” is qualified by that fact), it seems that a note saying “By clicking the link, you consent to the collection and processing of your information” might not be enough. It appears that consent under the GDPR requires an affirmative action. Expert opinion is that there should be a separate button or clickable element through which the user can explicitly signify consent. Just the “enter” or “continue to content” or similar would not suffice.

I am thinking back to our project team discussions the past few months and this really reinforces my realization that you cannot comply with the Data Privacy Act by just making adjustments at the end of app development. The best approach is via privacy by design. Read more about it here:


I am Cecilia Soria, a Privacy Attorney. This blog is where I share news and insights as I continue to learn more about privacy.


bottom of page