26 Jan 2018

DIGITALEUROPE’s response to public consultation on Article 29 Working Party draft guidelines on consent under Regulation 2016-679

DIGITALEUROPE’s response to public consultation on Article 29 Working Party draft guidelines on consent under Regulation 2016-679


DIGITALEUROPE welcomes the opportunity to provide comments on the draft guidelines on consent under Regulation 2016/679 published by Article 29 Working Party (WP29). We were closely engaged in the legislative debate and provided input throughout the process. This involvement provided us with insight into the intentions behind specific provisions. Our members include digital companies with headquarters or significant presence in the EU and European national trade associations, representing large, medium and small companies in the technology sector from across the continent.

While the GDPR has further strengthened alternative grounds for the lawful processing of personal data, it is essential that consent standards remain practical and applicable by all in industry, especially given the disproportionate emphasis that the European Commission’s proposal for an ePrivacy Regulation puts on consent. It is therefore important that the standard is not only considered in terms of how it can be practically implemented but that it is also relevant and appropriate to current and emerging technologies, and how a user interfaces with these types of services.

With this in mind, we are concerned that the requirements regarding the lawful capturing of consent specified in the draft guidance document will be so difficult in practice to obtain that they risk removing consent as a viable legal ground on which to process personal data, which we assume is not the intention of the WP29.

DIGITALEUROPE welcomes the emphasis that the WP29 puts on other legal bases and we have consistently advocated for sufficient space for other legal grounds, such as legitimate interest and contract.

The freedom to conduct business, including contractual freedom, is an essential part of how our marketbased economy operates and also individual autonomy. It should be up to companies to define the conditions under which they offer their services, the features they integrate and which of these they make optional to their users as well as the most appropriate way to monetize a given service. As long as a company is compliant with the law, can be held accountable, follows a risk based approach, provides transparency and control to its users and integrates privacy in its design process, it should be left to decide how it differentiates itself in a market and what products and features it offers to its users. Indeed, privacy settings and control tools are increasingly becoming market differentiators. Consent or restrictive interpretation of other legal bases should not be used to limit innovation or step into product design and development

Back to Data privacy
View the complete Policy Paper
Our resources on Data privacy
19 Jun 2024 Publication & Brochure
The EU's Critical Tech Gap: Rethinking economic security to put Europe back on the map
09 Feb 2024 resource
The GDPR six years in: from harmonisation to alignment
15 Jan 2024 resource
DIGITALEUROPE’s response to the public consultation on a reporting scheme for data centres in the EU
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.