What constitutes lawful consent under GDPR?

Lawful consent under the General Data Protection Regulation (GDPR) is characterized by a clear affirmative act by the individual. This means that consent must be given through a specific, informed acknowledgement that one agrees to the processing of personal data. The clarity of this affirmative action is critical; it can be provided in various forms, such as through a signature, ticking a checkbox, or any other explicit indication of consent.

This approach ensures that consent is not assumed or inferred from a lack of response or from casual agreements, making it more robust and protecting individuals' rights. The requirement for an affirmative act also helps organizations clearly demonstrate that consent has been granted, which is essential for compliance with the GDPR.

The emphasis on a clear affirmative act ensures that individuals are aware of what they are consenting to, including specific details about the processing of their data. It protects against vague or implicit forms of agreement, ensuring that individuals are empowered to make informed decisions about their personal information.