I have come to obtain your consent

Home / Uncategorized / I have come to obtain your consent

“I HAVE COME TO OBTAIN YOUR CONSENT”

Not the opening lines from the next Bond film, but the opening gambit of a doctor at my bedside in hospital where I was awaiting surgery.

Consent should not be “obtained”, it should be freely given.

Although we have come to understand the need for consent in medicine, and the need for it to be informed, we have made less progress in giving people meaningful options. Maybe there aren’t any, but lets not pretend we are offering choice where there is none.

Now lets translate this into consent to process and share my personal information.

In my view, consent is “obtained” when:
1. The user is presented with a tick box which you must tick before being able to access the resource
2. The user is offered a terms and conditions box, with thousands of words to read, often on a mobile phone

Consent is more likely to be freely given, when the product or service attempts to:
1. Offer meaningful choices.
2. Attempts to explain the implications of those choices in an accessible, concise and meaningful way.

Up till now, this was just a nice to have, but on 25 May 2018, but the General Data Protection Regulation (GDPR) comes into force in both EU and UK laws. At its core, is a strengthening of the rules around “obtaining” consent, intended to give individuals choice and control over their data on an ongoing basis.

Here are the new Ten Commandments of consent under GDPR

1. All information about how your personal information will be used must that be clear, transparent, and in plain language
2. There is a need to monitor and manage consent, and this invalidates older consents which are non-GDPR compliant.
3. Users need to positively opt-in; consent by default is not sufficient, and pre-ticked boxes have been explicitly banned.
4. Any descriptions must show the implications of what is being agreed to.
5. Consent must be a genuine choice, and cannot be a condition of service.
6. Every specific operation must have a consent mechanism that is prominent, concise, and easy to understand.
7. Any third parties who rely on the consent should also be clearly named.
8. Consent mechanisms must be given for each data item and each collection method.
9. It must be easy for people to withdraw consent at any time, and individuals must be made aware of this from the outset.
10. Automated processing such as AI will need to be explained in such a way that it can be understood by an average person.

The challenge to do this in a way which is clear, concise and accessible, is considerable. So are the penalties for non-compliance.

is being agreed to.
5. Consent must be a genuine choice, and cannot be a condition of service.
6. Every specific operation must have a consent mechanism that is prominent, concise, and easy to understand.
7. Any third parties who rely on the consent should also be clearly named.
8. Consent mechanisms must be given for each data item and each collection method.
9. It must be easy for people to withdraw consent at any time, and individuals must be made aware of this from the outset.
10. Automated processing such as AI will need to be explained in such a way that it can be understood by an average person.

The challenge to do this in a way which is clear, concise and accessible, is considerable. So are the penalties for non-compliance.

Leave a Reply

Your email address will not be published. Required fields are marked *