In the context of privacy, consent refers to when a consumer knowingly gives a company permission to process their personal data. 

, often a pop-up asking you to ‘Accept’ or ‘Reject’ tracking, is one of the most common examples of consent management.

 have different approaches to the concept of consent.

The GDPR was foundational in developing the modern data consent framework. Laying out clear requirements for consent in 

, the GDPR states consent must be “freely given, specific, informed, and unambiguous.”

 goes on to outline four conditions for valid consent.

There must be clear documentation that a user provided consent.

When requesting consent, the process and language must be straightword, easy to understand, and accessible. A 

 process that’s difficult or confusing invalidates consent.

A consumer may withdraw consent at any point and the process for doing so must be easy.

Consent may not be tied to fulfilling a contract, unless data processing is necessary for completing specific contractual clauses.

Obtaining valid consent is taken very seriously under the GDPR, with some of the 

 being issued due to problems in a company’s consent management process.

Under the CCPA, sites may place cookies without first obtaining consent. However, users must be able to opt out of cookie tracking at any point. This 

 consent regime is often seen in the form of a “Do not sell my information” link in a website’s footer menu.

 don’t require cookie consent, many organizations under these laws still use cookie banners to minimize risk from third-party advertising.

Article 28

Article 30

Article 32

Article 6 

Article 9

Authorized Agents

California Consumer Privacy Act

California Privacy Protection Agency

California Privacy Rights Act

Colorado Privacy Act

Consent 

Dark Patterns

Data Controller

Data Mapping

Data Processor

Data Subject

Data Subject Access Request

Do Not Track

Do not sell/Do not share 

Facebook Limited Data Use

GDPR Personal Data

GDPR Principles

GDPR Rights

General Data Protection Regulation

Global Privacy Control

Gramm-Leach-Bliley Act

HIPAA

LGDP (Brazil's Privacy Law)

Personally Identifiable Information

Preference Management

Pseudonymization

Record of Processing Activities

Schrems II

Tracking Cookies

Utah Consumer Privacy Act 

Verifiable Consumer Request 

Virginia Consumer Data Protection Act

Field Trips Episode 3, with Max Schrems (Part 2)

Transcend offers data governance solutions that help companies achieve privacy compliance through powerful data mapping and data discovery, automated data subject requests, and simple cookie consent, all with industry leading security.

Consent

GDPR Consent

CCPA Cookie Consent