Professional Documents
Culture Documents
Comparison and Implied Consent
Comparison and Implied Consent
Abbreviations
Without raining much eyebrows at the time of getting consent for our products we can resort
to implied consent. Below is recital of GDPR recognising implied consent as valid consent.
For example, other affirmative opt-in methods might include signing a consent statement,
oral confirmation, a binary choice presented with equal prominence, or switching technical
settings away from the default.
The key point is that all consent must be opt-in consent, i.e a positive action or indication –
there is no such thing as ‘opt-out consent’. Failure to opt out is not consent as it does not
involve a clear affirmative act. You may not rely on silence, inactivity, default settings, pre-
ticked boxes or your general terms and conditions, or seek to take advantage of inertia,
inattention or default bias in any other way. All of these methods also involve ambiguity –
and for consent to be valid it must be both unambiguous and affirmative. It must be clear that
the individual deliberately and actively chose to consent.
The idea of an affirmative act does still leave room for implied methods of consent in some
circumstances, particularly in more informal offline situations. The key issue is that there
must still be a positive action that makes it clear someone is agreeing to the use of their
information for a specific and obvious purpose. However, this type of implied method of
indicating consent would not extend beyond what was obvious and necessary.
For our application a simple pop-up will work whereby the user will be provided with the
privacy policy of the company and s/he will have to tick the box to express his/her consent to
it. This will be an express consent to our privacy policy.
The following notice is attached with the Amazon Echo speakers selling online.
1
Recital 32 GDPR.
Since our offline product will, at first, be distributed freely we can have such similar notices
printed and packed along with the product. This will be to fulfil our duty of giving the user a
reasonable chance to know our privacy policy. The continuance to use our product from
thereon will constitute an implied consent to privacy policy.
We may add certain features to our product to show our strong commitment towards the
privacy of users. It may include a simple light to indicate recording of voice by the device.
Other user-friendly features serving the same purpose may be used.
We also need to ensure that users can freely withdraw the consent. The PDP Bill has
introduced the concept of a “consent manager”, who is a data fiduciary tasked with enabling
the data principals to manage their consent, through an interoperable platform. Thus, a
customer can write to data fiduciary, either directly or to the consent manager, to exercise her
rights of confirmation, access, correction, erasure, and data portability. The withdrawal of
consent can also take place through the consent manager. How will this work in practice will
become clear only when further regulations come in this regard.