Why Consent

Is Consent mandatory? The question is legit and we're happy that you ask. As one of the legal bases under Art. 6 GDPR, Consent is definitely very important. Therefore there are a number of factors that make Consent indeed mandatory.

Ultimately, the decision of if and where you will rely on consent as a legal basis under GDPR, can be made upon a risk assessment. We put together the key elements which we consider as massive arguments pro Consent.

Consent Driving Factors To Consider

The following factors should be considered when you make your decision as to whether you will rely on consent or not



Big vendors like Google, Facebook and many iab vendors make Consent a mandatory as part of their terms.



If non-compliant, data subjects, NGO’s, consumer organizations and competitors have the right to sue you.


Legal interpretation

As a Controller, you have to decide on which legal basis you rely for processing personal data.


Data Authorities

Data authorities all over Europe have started to publish statements on how and where Consent applies.

Factor 1 - Vendors

If you want to continue using the services of certain vendors, you will have to be able to proof consent to them


Google EU User Consent Policy

When you use certain Google products, like DoubleClick, Adsense or Firebase, Google enforces their EU user consent policy.

In conclusion, you cannot use the Google services unless you have obtained a proper informed consent of your users – BEFORE you start tracking.

Learn more
EU User Consent Policy
EU User Consent Policy Help
Google Adsense EU User Consent Policy
Google Analytics Advertising Features EU User Consent Policy
Google Analytics for Firebase EU User Consent Policy



Facebook Custom Audiences Terms

Requires Consent - The advertiser is the controller and therefor responsible for obtaining the Consent

Learn more
Learn More at Facebook’s GDPR Center

Facebook Custom Audiences Terms 1
Facebook Custom Audiences Terms 2

iab Vendors

The TradeDesk Terms

There are more than 400 vendors supporting the iab Consent & Transparency Framework, e.g. Criteo, Adition or Taboola. Certain vendors will only serve your ads, if you can transfer the consent technically, which means you will need a CMP that supports the technical format of the iab Framework.

Learn more
iab Consent & Transparency Framework
Complete iab Vendor List

iab Vendors - The TradeDesk Terms

Factor 2 - Complaints

If you want to continue using the services of certain vendors, you will have to be able to proof consent to them

Data Subjects

Data Subject Can File A Complaint In Case Of A Data Violation

Filing a complaint is very easy and possible online on the website of the responsible data authority.

Learn more
File a complaint with the Bavarian Data Protection Authority


Competitors Can File A Complaint In Case Of A Data Violation

NGOs / Consumer Organizations

Data Protection Activist Max Schrems (Noyb.Eu) Sued Facebook, Google, WhatsApp For € 8 Billion Because Of „Forced Consent“. His Next Target Is „Ficticious Consent“

Factor 3 - Data Protection Authorities

Data Protection Authorities are legally bind to investigate every complaint filed

Concrete Requirement

The British Data Protection Authority, ICO Is Very Clear On The Use Of Cookies And The Need Of Consent For That

Random Audit

Many Data Protection Authorities Are Actively Auditing Your GDPR-Compliance

Usercentrics GmbH does not provide legal advice. The contents of the above article are not to be understood as legally binding. The article constitutes the opinion of Usercentrics.

Newsletter icon
Legal Update
Always up-to-date: With our legal update, we keep you up to date with the latest trends around data protection.
Whitepaper Cookie Consent Management for Enterprises in accordance with GDPR
New Whitepaper
Checklists and practical tips for the correct handling of cookies and user identifiers according to GDPR.