The GDPR lands in the UK

In January the UK’s data protection authority –  the Information Commissioner’s Office (ICO) – issued its first formal account, an overview, of how it was interpreting the GDPR and how it saw matters proceeding from there. I’m sorry I didn’t blog about it at the time. I missed it in amongst everything else that was going on that month.

On Thursday of this week the ICO published a consultation document on a key part of the GDPR – the issue of consent.

It opens with the definition of consent taken from the GDPR itself (Article 4, 11)

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

That should be easy then.

Anyway, the specific point about children is made in the paper on page 27

We’ll be developing further specific guidance on children’s privacy. It will include more detail on identifying an appropriate lawful basis for processing children’s data, and issues around age verification and parental authorisation. (emphasis added).

Comments are sought on the draft and the closing date is 31st March. I’m guessing that drafting the specific guidance referred to will take a little longer than that but, either way, the starting gun has gone off.

About John Carr

John Carr is one of the world's leading authorities on children's and young people's use of digital technologies. He is Senior Technical Adviser to Bangkok-based global NGO ECPAT International, Technical Adviser to the European NGO Alliance for Child Safety Online, which is administered by Save the Children Italy and an Advisory Council Member of Beyond Borders (Canada). Amongst other things John is or has been an Adviser to the United Nations, ITU, the European Union, the Council of Europe and European Union Agency for Network and Information Security and is a former Board Member of the UK Council for Child Internet Safety. He is Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Age verification, Consent, Default settings, E-commerce, Regulation, Self-regulation. Bookmark the permalink.