PrivacyControl
Adeguamento GDPR - Privacy
  • Who we are
  • Our Services
    • Legal assistance – Privacy violation
    • Privacy Consulting
  • qUOTES
  • Customer Area
    • Notice Board
    • File
      • My Files
        • Update file
      • Create file
    • Pages
      • My pages
        • Update page
      • Create page
    • My account
      • Account details
      • Edit profile
      • Logout
  • English
    • Italian
  • FAQ
  • BLOG
  • Partners
  • Events
The Privacy Consent GDPR 679/16 and Legislative Decree 101/18

The Privacy Consent GDPR 679/16 and Legislative Decree 101/18

Obtaining and managing the consent of the interested parties

Pursuant to article 6 of European Regulation 679/2016, consent represents one of the conditions of lawfulness on which personal data processing activities can be based.

in particular, the most severe, precise, but also optimal basis for data processing (as regards the data controller) is the existence of at least one legal provision (recital 39, 40, 41, article 6, paragraph 1 ), which requires (i.e. justifies) the data processing activity. It is mandatory that the controllers / processors provide the specifications of the legal act and its numbered extract before or at the time of data collection.

Article 4 of the GDPR defines consent as “any manifestation of free, specific, informed and unequivocal will of the interested party, with which the same expresses his consent, through unequivocal declaration or positive action, that the personal data concerning him are being processed”.

CALL US NOW FOR INFORMATION ON THE NEW EUROPEAN PRIVACY POLICY!

Requirements for consent in accordance with the GDPR

     

  • In order to process the data, consent must be obtained in advance . After the deadline, it must be obtained again. The controller cannot specify a minimum period for the treatment and impose it on the interested parties, who can withdraw their consent at any time.
  •  

  • The method used must ensure that the data subject is well informed about the processing (i.e. that all information is expressed in clear and unambiguous language). Consent must also be obtained before the subject accepts the precise type of treatment (here the accuracy requirement is very strict) mentioned in the consent form. It also requires positive action (therefore implicit or passive consent is not compliant).
  •  

  • The mechanism also depends on the context . Since there is a requirement that consent must be given freely, it will not be considered valid if the interested party does not have a free and genuine choice, or is unable to withdraw or refuse consent without detriment (which could occur in certain situations, such as in the workplace, or in government-citizen relationships).

Article 7 of the Regulation and WP 259 clarify the procedures to be followed in order to obtain a correct and valid acquisition of consent. The request for consent must be presented to the interested party:

     

  • in an understandable and easily accessible form;
  •  

  • using simple and clear language.

In the event that you need to acquire consent for the purpose of carrying out a treatment , you must:

     

  • submit the relevant request distinctly from the others and prepare methods of acquiring consent that guarantee its authenticity.

Specific contexts: data of minors

In order to better protect minors deemed more vulnerable and conditional, the ’art. 8 of the GDPR establishes that : “ if article 6, paragraph 1, letter a) applies, as regards the direct offer of information society services to minors, the processing of data the personal rights of the minor is permissible where the minor is at least 16 years old. If the minor is under the age of 16, this treatment is lawful only if and to the extent that this consent is given or authorized by the owner of parental responsibility. Member States can establish by law a lower age for these purposes as long as not less than 13 years “.

The GDPR does not specify how to verify the age of the person concerned and how to collect the parent’s consent in case it is ascertained that it is facing a minor. 

WP29 recommends a proportionate approach that does not harm the minimization principle and that evaluates, on a case by case basis, the risks inherent in the treatment and the technological means available.

If users claim to be over 16 years of age, it will be the duty of the owner to verify that this statement is true so as not to incur illegal treatment. If the user declares, on the contrary, to be under the age of 16, the owner can accept this declaration without further checks, but must obtain the authorization of the parents and verify that the person providing the consent is holder of parental responsibility . In low-risk cases, the verification of parental responsibility via e-mail may be sufficient, on the contrary, in high-risk cases, it may be appropriate to ask for more evidence that can demonstrate, at the very least, the reasonable efforts made by the owner to verify that consent is authorized by parent.

CALL US NOW FOR INFORMATION ON THE NEW EUROPEAN PRIVACY POLICY!

Task of public interest or connected to the exercise of public powers

When the execution of a task performed in the public interest or connected to the exercise of public powers with which the controller is invested requires the processing of personal data, it is allowed pursuant to recital 45; article6, paragraph 1, letter e), of the GDPR.

Although authorization is granted by default, the processing performed on this basis may be subject to objection by the interested parties. This is formally recognized, so as to allow the review of the specifics of the situation. In essence, it gives the interested party the opportunity to question the controller’s public interest definition. The objection may or may not be accepted, but it must be considered and answered in a timely manner.

The interested party always has the right to withdraw his consent at any time : the possibility to withdraw the consent must be guaranteed with the same ease with which it was granted.

As anticipated, the Working Group – Art. 29 has prepared a useful contribution on the matter, consisting of the “Guidelines on consent pursuant to the 2016/679 regulation”, amended on April 10, 2018 .

We have published the full version , in Italian, of the aforementioned guidelines on our blog, available at the following address:

www.privacycontrol.it/consenso

Source: The sun 24 hours;

Do not take unnecessary risks waiting for the last moment to adapt, in case of non-compliance with the privacy obligations, the European Privacy Regulation provides for administrative fines of up to € 20,000,000 or up to 4% of your turnover if greater than this amount.

Verification votes, the communication must be done immediately and in front of the class DPO: eminently legal profile

Related Posts

adeguamento gdpr privacy control

BLOG, News

GDPR: WHAT IT IS AND WHY COMPANIES SHOULD ADJUST US

data protection officer profilo giuridico privacy control

BLOG, News

DPO – Data Protection Officer: the data protection officer

gpdr trattamento dati dipendenti azienda privacy control

BLOG, News

GDPR: the processing of employee data by the employer

Recent Posts

  • adeguamento gdpr privacy controlGDPR: WHAT IT IS AND WHY COMPANIES SHOULD ADJUST US
  • data protection officer profilo giuridico privacy controlDPO – Data Protection Officer: the data protection officer
  • gpdr trattamento dati dipendenti azienda privacy controlGDPR: the processing of employee data by the employer
  • cyberbullismo gdpr privacy controlData protection of minors and cyberbullying: what changes with the GDPR
  • Data Protection Officer: because you need an autonomous and independent figure

Vuoi rimanere aggiornato sui temi Privacy & Cybersecurity?

PrivacyControl
Links
  • Facebook
  • Youtube
  • linkedin
© PrivacyControl 2022
Privacy Control, brand di Privacycert Lombardia srl • Pass. Don seghezzi, 2, 24122 Bergamo (BG)
P.IVA 04224740169 • Cap. Sociale 10.000,00 € I.V. • REA N. 445875 • Privacy policy
Tutte le immagini e i contenuti presenti in questo sito sono coperti da copyright. Condizioni di Vendita

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

Privacy Control Logo Trasparente
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)

Please enable Strictly Necessary Cookies first so that we can save your preferences!

Cookie Policy

Per maggiori informazioni leggi la nostra Cookie Policy