Received this from my child’s summer school for them to be able to participate in an activity.
I am no lawyer, but from what I know you are always able to revoke consent.
> Article 7(3): “The data subject shall have the right to withdraw his or her consent at any time.”
Of course not. I crossed out all their consents, and hand written in the free space that I do not consent.
If you do the same keep a copy of it and get ready to go to war
It is a consent form and so there is no issue per se of GDPR compliance. If you were to consent you are practically saying its ok to take those photos and use them as they wish. Also note that there is no outlined duration of the length of time during which the content may be used. Seeing as you have little control of what content will be created and how it will be used I would be careful about granting consent.
Side note: I find it shitty that schools partake in these activities because it’s likely that most parents would just sign and consent so if you don’t you’re put in the uncomfortable spot of leaving your child out of something while everyone else is joining in.
What happening is here based on my information is the exploitation of children.
Also: Hello, this is Bing. I can help you find information about GDPR consent form requirements.
Based on the consent form you provided, it may not be compliant with the GDPR for the following reasons:
– The consent is not specific and granular enough. The form asks for a blanket consent for various purposes and types of processing, without giving separate options for each one. This may violate Article 7 (2) and Recital 32 of the GDPR, which require consent to be specific and informed¹⁵.
– The consent is not freely given. The form does not state that the consent can be withdrawn at any time, nor does it explain how to do so. This may violate Article 7 (3) and Recital 42 of the GDPR, which require consent to be revocable and easy to withdraw¹⁵.
– The consent is not clear and concise. The form uses complex and legalistic language, which may not be easy to understand for the parent or guardian. This may violate Article 7 (2) and Recital 32 of the GDPR, which require consent to be clear and plain¹⁵.
To make the consent form more compliant with the GDPR, you may want to consider the following suggestions:
– Use opt-in boxes or other affirmative actions to indicate consent, rather than a signature.
– Provide separate options for each purpose and type of processing, and allow the parent or guardian to choose which ones they agree to.
– Include the name of your organisation and any other controllers who will rely on the consent, as well as the contact details of your data protection officer or representative.
– Explain why you need the data, what you will do with it, how long you will keep it, and who you will share it with.
– Inform the parent or guardian that they can withdraw their consent at any time, and provide them with a simple and accessible way to do so.
– Use clear, plain and concise language that is easy to understand.
You can find more information about GDPR consent requirements and examples on these websites²³⁴. I hope this helps. 😊
4 comments
Received this from my child’s summer school for them to be able to participate in an activity.
I am no lawyer, but from what I know you are always able to revoke consent.
> Article 7(3): “The data subject shall have the right to withdraw his or her consent at any time.”
Of course not. I crossed out all their consents, and hand written in the free space that I do not consent.
If you do the same keep a copy of it and get ready to go to war
It is a consent form and so there is no issue per se of GDPR compliance. If you were to consent you are practically saying its ok to take those photos and use them as they wish. Also note that there is no outlined duration of the length of time during which the content may be used. Seeing as you have little control of what content will be created and how it will be used I would be careful about granting consent.
Side note: I find it shitty that schools partake in these activities because it’s likely that most parents would just sign and consent so if you don’t you’re put in the uncomfortable spot of leaving your child out of something while everyone else is joining in.
What happening is here based on my information is the exploitation of children.
Also: Hello, this is Bing. I can help you find information about GDPR consent form requirements.
Based on the consent form you provided, it may not be compliant with the GDPR for the following reasons:
– The consent is not specific and granular enough. The form asks for a blanket consent for various purposes and types of processing, without giving separate options for each one. This may violate Article 7 (2) and Recital 32 of the GDPR, which require consent to be specific and informed¹⁵.
– The consent is not freely given. The form does not state that the consent can be withdrawn at any time, nor does it explain how to do so. This may violate Article 7 (3) and Recital 42 of the GDPR, which require consent to be revocable and easy to withdraw¹⁵.
– The consent is not clear and concise. The form uses complex and legalistic language, which may not be easy to understand for the parent or guardian. This may violate Article 7 (2) and Recital 32 of the GDPR, which require consent to be clear and plain¹⁵.
To make the consent form more compliant with the GDPR, you may want to consider the following suggestions:
– Use opt-in boxes or other affirmative actions to indicate consent, rather than a signature.
– Provide separate options for each purpose and type of processing, and allow the parent or guardian to choose which ones they agree to.
– Include the name of your organisation and any other controllers who will rely on the consent, as well as the contact details of your data protection officer or representative.
– Explain why you need the data, what you will do with it, how long you will keep it, and who you will share it with.
– Inform the parent or guardian that they can withdraw their consent at any time, and provide them with a simple and accessible way to do so.
– Use clear, plain and concise language that is easy to understand.
You can find more information about GDPR consent requirements and examples on these websites²³⁴. I hope this helps. 😊
Source: Conversation with Bing, 11/08/2023
(1) How should we obtain, record and manage consent? | ICO. https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/consent/how-should-we-obtain-record-and-manage-consent/.
(2) Consent – General Data Protection Regulation (GDPR). https://gdpr-info.eu/issues/consent/.
(3) Consent | ICO. https://ico.org.uk/for-organisations-2/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/.
(4) GDPR consent must be actively given by the data subject. https://www.gdpreu.org/the-regulation/key-concepts/consent/.
(5) GDPR Consent Examples, Definitions & How To Guide – Termly. https://termly.io/resources/articles/gdpr-consent-examples/.