Why Consent
Is Consent mandatory? The question is legit and we're happy that you ask. As one of the legal bases under Art. 6 GDPR, Consent is definitely very important. Therefore there are a number of factors that make Consent indeed mandatory.
Ultimately, the decision of if and where you will rely on consent as a legal basis under GDPR, can be made upon a risk assessment. We put together the key elements which we consider as massive arguments pro Consent.
Denis Brediceanu
22. Oct 2018
Consent Driving Factors To Consider
The following factors should be considered when you make your decision as to whether you will rely on consent or not
Vendors
Big vendors like Google, Facebook and many iab vendors make Consent a mandatory as part of their terms.
Complaints
If non-compliant, data subjects, NGO’s, consumer organizations and competitors have the right to sue you.
Legal interpretation
As a Controller, you have to decide on which legal basis you rely for processing personal data.
Data Authorities
Data authorities all over Europe have started to publish statements on how and where Consent applies.
Factor 1 - Vendors
If you want to continue using the services of certain vendors, you will have to be able to proof consent to them
Google EU User Consent Policy
When you use certain Google products, like DoubleClick, Adsense or Firebase, Google enforces their EU user consent policy.
In conclusion, you cannot use the Google services unless you have obtained a proper informed consent of your users – BEFORE you start tracking.
Learn more
EU User Consent Policy
EU User Consent Policy Help
Google Adsense EU User Consent Policy
Google Analytics Advertising Features EU User Consent Policy
Google Analytics for Firebase EU User Consent Policy
Facebook Custom Audiences Terms
Requires Consent - The advertiser is the controller and therefor responsible for obtaining the Consent
Learn more
Learn More at Facebook’s GDPR Center
iab Vendors
The TradeDesk Terms
There are more than 400 vendors supporting the iab Consent & Transparency Framework, e.g. Criteo, Adition or Taboola. Certain vendors will only serve your ads, if you can transfer the consent technically, which means you will need a CMP that supports the technical format of the iab Framework.
Learn more
iab Consent & Transparency Framework
Complete iab Vendor List
Factor 2 - Complaints
If you want to continue using the services of certain vendors, you will have to be able to proof consent to them
Data Subjects
Data Subject Can File A Complaint In Case Of A Data Violation
Filing a complaint is very easy and possible online on the website of the responsible data authority.
Learn more
File a complaint with the Bavarian Data Protection Authority
Competitors
Competitors Can File A Complaint In Case Of A Data Violation
NGOs / Consumer Organizations
Data Protection Activist Max Schrems (Noyb.Eu) Sued Facebook, Google, WhatsApp For € 8 Billion Because Of „Forced Consent“. His Next Target Is „Ficticious Consent“
Factor 3 - Data Protection Authorities
Data Protection Authorities are legally bind to investigate every complaint filed
Concrete Requirement
The British Data Protection Authority, ICO Is Very Clear On The Use Of Cookies And The Need Of Consent For That
Random Audit
Many Data Protection Authorities Are Actively Auditing Your GDPR-Compliance
Usercentrics GmbH does not provide legal advice. The contents of the above article are not to be understood as legally binding. The article constitutes the opinion of Usercentrics.