How to ensure compliance with global consent requirements?

Global Consent Heat Map

With data protection regulators increasingly focused on legal compliance with consent and cookies, organizations that have not recently assessed their consent practices are encouraged to do so immediately. Our experts at Securiti have published the State of Global Consent Requirements Q4 2021, a global consent heat map of consent and cookie requirements covering 47 jurisdictions (including European Union) and demarcating opt-in and opt-out regimes for each. With this Whitepaper, you can identify regulatory guidance specific to your jurisdiction and ensure compliance with all applicable legal requirements in relation to consent-based data processing.

It covers:

• Geographic map demarcating opt-in and opt-out jurisdictions
• Total 47 Jurisdictions covered including European Union (with 41 opt-in and 6 opt-out jurisdictions)
• Meanings of Consent and Consent as a Lawful Ground of Processing
• Specific Cookie Consent Requirements

Highlights:

This Whitepaper includes the following 2021 Regulatory Updates:

• Russian Amendments to the Federal Law on Personal Data
  The Amendments to the Federal Law on Personal Data require organizations to obtain data subject’s separate consent for publicly disseminated personal data. Consent in all cases must be freely given, specific, informed, and Conscientious.
• Singapore’s Advisory Guidelines on the Personal Data Protection Act for Selected Topics
  In its Revised Advisory Guidelines (revised 4 October 2021), the Personal Data Protection Commission Singapore clarifies that while consent may be reflected in the way a user configures his/her browser settings, the mere failure of an individual to actively manage his/her browser settings does not imply that the individual has consented to the collection, use, and disclosure of his/her personal data by all websites for their stated purpose.
• China’s Personal Information Protection Law
  China’s Personal Information Protection Law (comes into effect in November 2021) is based on an opt-in consent regime, requiring consent to be clear, voluntary, and informed. Specific and separate consent is required for the processing of sensitive personal data, providing personal data to a third party, or transferring personal data outside China.

• Finland’s Guidance on the Use of Cookies
  In its updated Guidance, the Finnish Transport and Communications Agency provides examples of cookies for which consent is required and clarifies that “legitimate interests” is not an appropriate legal basis for the use of non-essential cookies.

• German draft Federal law for Telecommunications and Telemedia
  The draft German new Federal Act regulating Data Protection and Privacy Protection in Telecommunications and Telemedia (comes into effect in December 2021) requires data controllers to obtain data subjects’ consent prior to the use of non-essential cookies and display clear and understandable information about the use of cookies on cookie consent banners.

• Italy’s updated Guidance on the Use of Cookies
  In its updated Guidance, the Italian data protection authority emphasizes that consent should apply to all processing activities carried out for the same purpose or purposes - if the processing has multiple purposes, consent should be given for all of these.

• French CNIL’s updated FAQs on its Guidance on Cookies
  In its updated FAQs, the CNIL emphasizes a granular approach requiring organizations to collect separate consent for separate cookie purposes.
• Danish DPA’s Quick Guide on Cookies
  In its updated Quick Guide, the Danish DPA emphasizes the use of equal “accept” and “reject” buttons on cookie consent banners.
• Singapore’s Personal Data Protection Act Amendments
  The amendments to Singapore’s Personal Data Protection Act introduce “deemed consent by contractual necessity” and “deemed consent by notification” to allow organizations to collect, use, and disclose personal data.

Compliance Action Items for Organizations:

1. Identify which privacy regulations apply to your data subjects and determine whether you should implement an opt-in or opt-out cookie consent banner.
2. Determine which data processing activities require you to obtain consent from data subjects as per your applicable privacy law.
3. Find out how consent is defined in the applicable privacy law and whether consent should be explicit or implied.
4. Find out exceptions to obtaining consent that apply to your specific data processing activity.
5. Ensure compliance with specific cookie guidance relevant to your jurisdiction.

How Securiti can Help?

Securiti’s Universal Consent Management solution enables organizations to capture users’ consent and facilitate consent revocation for consent-based data processing effectively and automatically.

Securiti’s Cookie Consent Management solution enables organizations to build cookie consent banners as per applicable legal requirements with cookie auto-blocking, periodic scanning, and preference center features.

Ask for a DEMO to understand how Securiti can help you comply with GDPR and a whole host of other global privacy laws and regulations, with ease

Frequently Asked Questions (FAQs)