CONSENT AS A LEGAL BASIS FOR PROCESSING OF PERSONAL DATA

While the principles encompassed by the General Data Protection Regulation (GDPR) were mostly welcomed, one of them, namely the consent, caused prolonged controversy among privacy scholars, human rights advocates and business world due to their pivotal impact on the way personal data would be handled under the new legal provisions and the drastic consequences of enforcing these new requirements in the era of big data and internet of things. In this work, we firstly review all controversies around the new stringent definitions of consent in reference to their implementation impact on privacy and personal data protection, and secondly, we evaluate existing legislation in terms of fulfilling the practicalities for the implementation and effective integration of the new requirements.For the reasons explained above, consent is far removed from an easy option under the GDPR. Greater specification around what is meant by consent has brought with it more detailed and onerous obligations. Additionally, sometimes may first wish to look closely at the other legal grounds available to establish whether there is an available alternative to the consent path. In addition, given the extensive lengths that a data controller now has to go to demonstrate a valid consent according new legislation, it is important to see what further steps may be needed to distinguish such a consent from one that is explicit. For this and other reasons, the arguments around what makes consent effective are unlikely to be put to bed by the GDPR and it remains a rough-edged concept to tackle.