2 mins to read
Is Consent mandatory? The question is legit and we’re happy that you ask. As one of the legal bases under Art. 6 GDPR, Consent is definitely very important. Therefore there are a number of factors that make Consent indeed mandatory.
Ultimately, the decision of if and where you will rely on consent as a legal basis under GDPR, can be made upon a risk assessment. We put together the key elements which we consider as massive arguments pro Consent.
Consent Driving Factors To Consider
The following factors should be considered when you make your decision as to whether you will rely on consent or not
Factor 1 – Vendors
If you want to continue using the services of certain vendors, you will have to be able to proof consent to them
Google EU User Consent Policy
When you use certain Google products, like DoubleClick, Adsense or Firebase, Google enforces their EU user consent policy.
In conclusion, you cannot use the Google services unless you have obtained a proper informed consent of your users – BEFORE you start tracking.
Learn more
EU User Consent Policy
EU User Consent Policy Help
Google Adsense EU User Consent Policy
Google Analytics Advertising Features EU User Consent Policy
Google Analytics for Firebase EU User Consent Policy
Facebook Custom Audiences Terms
Requires Consent – The advertiser is the controller and therefor responsible for obtaining the Consent
Learn more
Learn More at Facebook’s GDPR Center
iab Vendors
The TradeDesk Terms
There are more than 400 vendors supporting the iab Consent & Transparency Framework, e.g. Criteo, Adition or Taboola. Certain vendors will only serve your ads, if you can transfer the consent technically, which means you will need a CMP that supports the technical format of the iab Framework.
Learn more
iab Consent & Transparency Framework
Factor 2 – Complaints
If you want to continue using the services of certain vendors, you will have to be able to proof consent to them
Data Subjects
Data Subject Can File A Complaint In Case Of A Data Violation
Filing a complaint is very easy and possible online on the website of the responsible data authority.
Learn more
File a complaint with the Bavarian Data Protection Authority
Competitors
Competitors Can File A Complaint In Case Of A Data Violation
NGOs / Consumer Organizations
Data Protection Activist Max Schrems (Noyb.Eu) Sued Facebook, Google, WhatsApp For € 8 Billion Because Of „Forced Consent“. His Next Target Is „Ficticious Consent“
Learn more
noyb.eu
Factor 3 – Data Protection Authorities
Data Protection Authorities are legally bind to investigate every complaint filed
Concrete Requirement
The British Data Protection Authority, ICO Is Very Clear On The Use Of Cookies And The Need Of Consent For That
Learn more
https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/
Random Audit
Many Data Protection Authorities Are Actively Auditing Your GDPR-Compliance
Usercentrics GmbH does not provide legal advice. The contents of the above article are not to be understood as legally binding. The article constitutes the opinion of Usercentrics.
Related Articles
South Africa’s Protection of Personal Information Act – an overview
South Africa’s POPIA is a data privacy law that preceded the GDPR by five years. We look at how...
Brazil’s General Data Protection Law / Lei Geral de Proteção de Dados (LGPD) – an overview
Brazil’s LGPD builds on existing Brazilian law and is influenced by the GDPR. We look at how it addresses...