Logo European Date Protection Supervisor
RSS Feed
Home | Sitemap | Legal notice
The EDPS Supervision Consultation Cooperation
  Members & Mission
  Data protection
  Legislation
  Q&A
  Glossary
  Press & News
  Publications
  Events
  Human Resources
  Data Protection Officer
  Contact
  Links
  Legal notice
 
 
04 May 2012

Annual Conference of European data protection Commissioners in Luxembourg - Resolution on the European data protection reform
24 April 2012

ACTA measures to enforce IP rights in the digital environment could threaten privacy and data protection if not properly implemented. Please read our press release and opinion.
18 April 2012

EDPS calls for data protection safeguards before public sector information containing personal data can be re-used. See our press release and the opinion.
30 March 2012

Newsletter 32

28 March 2012

EDPS Opinion on the proposal for a decision on serious cross-border threats to health

News
News
 
print Print friendly

6) Legitimate reasons for processing of personal data



What is "unambiguous consent"?

Consent is an important term in data protection legislation: "unambiguous consent" is one of the criteria that can legitimise the processing of personal data.

Consent can be given orally, in writing or in any other appropriate form. Before a data subject can be considered to freely have given consent to a specific processing operation, he or she must receive sufficient information to be able to understand the scope and consequences of consent, including the advantages and/or disadvantages of the processing. 

Apart from having to be given freely, consent must be specific and there may be no doubts as to whether it was given or not. Moreover, consent is strictly linked to the processing that the data subject was informed of. It can not be extended by someone else thereafter, and consent can thus never be given to something the data subject was not aware of. It can in principle be withdrawn without retroactive effect.

When is it allowed to process personal data without consent?

Article 5 of Regulation (EC) No 45/2001 lays down the conditions for lawful processing of personal data by the EC institutions and bodies. Consent is but one of these conditions. It may be lawful to process personal when this is necessary for each of the following other (legitimizing) reasons:

  • for the performance of a task carried out in the public interest;
  • for compliance with a legal obligation to which the controller is subject;
  • for the performance of a contract to which the data subject is party;
  • to protect the vital interests of the data subject.

Is it unlawful to process certain kinds of personal data?

Regulation (EC) No 45/2001 prohibits the processing of data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and of data concerning health or sex life. There are a limited number of exceptions to the prohibition, including express consent by the data subject (Article 10 of the Regulation).

Certain processing operations, although not prohibited, may present specific risks to the rights and freedoms of data subjects by virtue of their nature, their scope or their purposes - they shall therefore be subject to prior checking by the EDPS. Such processing operations include the processing of data relating to:

  • suspected offences, offences, criminal convictions or security measures; as well as
  • processing operations intended to evaluate personal aspects relating to the data subject, including his or her ability, efficiency and conduct.