Ticking time-bomb in the EDPB Guidelines on consent?

An old issue each privacy pro learnt by heart: "risk of negative consequences (e.g. substantial extra costs)" for data subject = no freely-given consent.  Substantial. But what if extra costs are not substantial? What if, say, 10$ turns into 11$ if you refuse to consent? Is it ok?  At leats, German watchdog seems to say … Continue reading Ticking time-bomb in the EDPB Guidelines on consent?

Belgian data protection watchdog sends controversial ‘message’ with regard to non-profit data controllers.

An interesting GDPR enforcement case came from Belgium in late May. Imagine that a data controller is sending unsolicited postal communications and ignoring data subject rights to object (Article 21) and to be forgotten (Article 17). On top of that, it misidentified legal basis and relied on the legitimate interest instead of consent (of course, … Continue reading Belgian data protection watchdog sends controversial ‘message’ with regard to non-profit data controllers.

MDM and Article 6

I am sure you are not using consent for the legal basis of mobile device management (MDM) used across your organisation? If you are check out this article.

Employer fined for employee fingerprints

Why I love this case is that it really emphasises on the use of consent in the employer/employee relationship.

Nelsonian blindness and Consent

A really great post on Panopticon legal blog (again :-)) Apparently Optical Express (OE) has been sending SMS messages to individuals who had not opted-in to this service. In fact 4,600 registered concern on OEs marketing practices. It's pretty interesting as OE seems to be blind to the fact that they have not received explicit … Continue reading Nelsonian blindness and Consent