The GDPR lands in the UK

In January the UK’s data protection authority –  the Information Commissioner’s Office (ICO) – issued its first formal account, an overview, of how it was interpreting the GDPR and how it saw matters proceeding from there. I’m sorry I didn’t blog about it at the time. I missed it in amongst everything else that was going on that month.

On Thursday of this week the ICO published a consultation document on a key part of the GDPR – the issue of consent.

It opens with the definition of consent taken from the GDPR itself (Article 4, 11)

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

That should be easy then.

Anyway, the specific point about children is made in the paper on page 27

We’ll be developing further specific guidance on children’s privacy. It will include more detail on identifying an appropriate lawful basis for processing children’s data, and issues around age verification and parental authorisation. (emphasis added).

Comments are sought on the draft and the closing date is 31st March. I’m guessing that drafting the specific guidance referred to will take a little longer than that but, either way, the starting gun has gone off.

About John Carr

John Carr is a member of the Executive Board of the UK Council on Child Internet Safety, the British Government's principal advisory body for online safety and security for children and young people. In the summer of 2013 he was appointed as an adviser to Bangkok-based ECPAT International. Amongst other things John is or has been a Senior Expert Adviser to the United Nations, ITU, the European Union, a member of the Executive Board of the European NGO Alliance for Child Safety Online, Secretary of the UK's Children's Charities' Coalition on Internet Safety. John has advised many of the world's largest internet companies on online child safety. In June, 2012, John was a appointed a Visiting Senior Fellow at the London School of Economics and Political Science. More: http://johncarrcv.blogspot.com
This entry was posted in Age verification, Consent, Default settings, E-commerce, Regulation, Self-regulation. Bookmark the permalink.