Data Subject’s Consent as a Legal Basis for Processing Personal Data after the General Data Protection Regulation
Laajala, Sini (2017-02-06)
Data Subject’s Consent as a Legal Basis for Processing Personal Data after the General Data Protection Regulation
Laajala, Sini
(06.02.2017)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto
Kuvaus
Siirretty Doriasta
Tiivistelmä
This master’s thesis analyzes the development of data subject’s consent as a legal basis due to the General Data Protection Regulation (GDPR). The research method of this master’s thesis is legal dogmatic. The provisions of the GDPR are analyzed against the provisions of the Data Protection Directive (DPD). The focus of the research is on defining whether the GDPR will change data subject’s consent as a legal basis for processing personal data in comparison to the situation under the DPD.
The requirements for a valid consent provided for in the GDPR have previously to a quite large extent existed in the opinions of the Article 29 Working Party, the case law of the Court of Justice of the European Union and legal literature. Nevertheless, the GDPR changes data subject’s consent as a legal basis through at least two mechanisms. Firstly, the context in which the requirements for a valid consent are interpret has changed, inter alia, as the GDPR emphasizes protection of data subject’s rights and sets forth strong accountability and transparency principles. Secondly, the GDPR clarifies and makes legally binding more requirements for a valid consent in comparison to the DPD. For example, it explicitly forbids the use of opt-out based consents and provides data subjects with the right to withdraw consent at any time. Thus, the GDPR tightens the requirements for a valid consent and data controllers need to ensure that all consents they base their processing on meet these GDPR’s requirements.
The requirements for a valid consent provided for in the GDPR have previously to a quite large extent existed in the opinions of the Article 29 Working Party, the case law of the Court of Justice of the European Union and legal literature. Nevertheless, the GDPR changes data subject’s consent as a legal basis through at least two mechanisms. Firstly, the context in which the requirements for a valid consent are interpret has changed, inter alia, as the GDPR emphasizes protection of data subject’s rights and sets forth strong accountability and transparency principles. Secondly, the GDPR clarifies and makes legally binding more requirements for a valid consent in comparison to the DPD. For example, it explicitly forbids the use of opt-out based consents and provides data subjects with the right to withdraw consent at any time. Thus, the GDPR tightens the requirements for a valid consent and data controllers need to ensure that all consents they base their processing on meet these GDPR’s requirements.