• Cecilia Soria

Getting to “yes” (designing the framework for data subject’s consent)


Currently reading up on the GDPR, in particular on how consent from the data subject may be obtained via a website or app. Based on the opinion of experts (I am basing the conclusion on the fact that they have IAPP certifications, so their “expertise” is qualified by that fact), it seems that a note saying “By clicking the link, you consent to the collection and processing of your information” might not be enough. It appears that consent under the GDPR requires an affirmative action. Expert opinion is that there should be a separate button or clickable element through which the user can explicitly signify consent. Just the “enter” or “continue to content” or similar would not suffice.

I am thinking back to our project team discussions the past few months and this really reinforces my realization that you cannot comply with the Data Privacy Act by just making adjustments at the end of app development. The best approach is via privacy by design. Read more about it here: https://en.wikipedia.org/wiki/Privacy_by_design


20 views

Notes on the Present Future

Post
Categories
Archives

Thursday, 15 October 2020

I found an old favorite Medium post on the complications of enforcing the General Data Protection Regulation. If you'd like to nerd out o...

Tuesday, 13 October 2020

Interested in learning more about privacy, security, and data governance? You can still catch the few remaining hours to register for Tru...

Sunday, 30 August 2020

This is off-topic but I am sharing this tweet and urging you to check out the whole thread on Twitter. In the midst of all the debate, it...

©2020 by Cecilia Soria