Documentation

Table of Contents

What are the different types of consent?

The protection of personal data has become a top priority for most users, and for companies as well. Ignoring it can affect the company’s reputation and imply other liabilities. For this reason, it is important to understand the different types of consent and how they play an important role in the protection of personal data.

Short on time? Jump to:

👀 In this post, we will explore the key aspects of the different types of consent and how they can help you to comply with the law.

types of consent

There are several different types of consent: express consent, informed consent, implied consent, granular consent, opt-in consent, opt-out consent and withdrawable consent. Continue reading for the full breakdown and examples below.

Expressed consent, also known as explicit, direct, or active consent, occurs when someone explicitly agrees to the collection, use, or sharing of their personal data.

In this particular case, the user must take an active action to allow consent, for example by clicking on “Accept” or “Allow on a cookie banner, or agreeing to a privacy policy.

For example:

  • When you first visit a website, usually there is a pop-up asking for your permission to use cookies, and it requests your consent to install them.
  • When signing up for a new app, you may be prompted to agree to the app’s privacy policy, outlining the app’s use of personal data.

👉 Expressed consent is crucial in data privacy, as it’s directly mentioned under laws such as the GDPR. It is also important to note that express consent should be obtained through clear and unambiguous communication so that individuals fully understand what they are agreeing to.

Collecting cookie consent? Check out this cookie consent forms examples and make sure you are doing in the right way.

Informed consent means that individuals are fully aware of what they are consenting to before they give their permission. This includes clear explanations about what data is collected, how it will be used, who it will be shared with, and the potential consequences of consenting.

For example:

  • When a user is asked to agree to a privacy policy or terms of service, the information provided must be easy to understand and comprehensive, so the user knows exactly what they’re agreeing to.

👉 Informed consent is a cornerstone of many data protection laws, including the GDPR. It ensures transparency and empowers individuals to make knowledgeable decisions about their data.

When a user’s actions imply that they agree to the collection, use, or sharing of their personal data without directly agreeing to it, then we talk about implied consent, also known as indirect or passive consent.

For example:

  • A user visits an e-commerce site and adds items to their shopping cart. As a result, the website processes their personal data, such as their name, address, and payment information, to complete the transaction. The person implicitly consents to the processing of their data to fulfil the purchase.

In this case, the website must provide clear information about the data processing activities, including the types of personal data processed, the purposes for the processing, and the person’s rights in relation to their data.

👉 Note that relying exclusively on implied consent may be illegal, depending on your circumstances and which laws apply to you.

Granular consent means giving individuals control over specific aspects of data processing, rather than a blanket “yes” or “no” to everything. This allows users to consent to some uses of their data but not others.

For example:

  • Allowing marketing emails but not sharing data with third parties.
  • Consenting to location tracking but opting out of personalized ads.

👉 Providing granular consent options respects user preferences more precisely and enhances trust by avoiding overreaching data collection.

Opt-In consent refers to a situation in which a user actively chooses to agree to the collection, use, or sharing of their personal data.

For example,

  • When signing up for a newsletter, a user may be asked if they would like to receive marketing emails. If the user agrees, this is an example of opt-in consent.
  • When an app asks for permission to access a user’s location data, the user must choose to allow or deny this request.

Opt-In Consent gives individuals a clear and active choice in the use of their personal data, and is a key aspect of data privacy and is the process used under European and other data protection rules.

Under EU law (both GDPR and Cookie Law/ePrivacy), even when consent is given, people have the right to opt out and should always be informed of how they can do that.

👉 It’s important to note that opt-in consent should be obtained through clear and concise communication, so that individuals fully understand what they are agreeing to and can make an informed decision.

Opt-out consent refers to a situation in which an individual is automatically enrolled in the collection, use, or sharing of their personal data, but has the option to withdraw consent.

For example:

  • When a customer creates an account with a website, they may be automatically enrolled in the site’s marketing emails, but can choose to opt out and stop receiving them*.
  • When an app collects data for analytics purposes, the user may be given the option to opt out of this data collection in the app’s settings.

*Note that this type of consent is typically not allowed under most European laws, though it is allowed currently under most US data privacy laws.

Opt-out consent (also called passive consent) assumes that individuals consent to the use of their personal data unless they take action to opt out.

👉 It’s important to note that clear communication is still crucial in opt-out consent, as individuals should be fully informed of what they are consenting to and how they can opt out if they so choose.

👀 Check out this article to learn more about what means to opt-in and opt-out.

Withdrawable consent recognizes that individuals should have the ongoing right to change their mind and revoke their consent at any time, without penalty or difficulty.

For example:

  • A user who initially agrees to receive newsletters can unsubscribe at any moment.
  • An app user who granted location access can later disable it in settings.

👉 Data protection laws often require that it be just as easy to withdraw consent as it was to give it. Making withdrawal straightforward ensures respect for users’ autonomy and builds confidence in your privacy practices.

As already mentioned, it is essential to understand the different types of consent in order to better process personal data and protect your customers’ personal data, make sure that you are aligned with the legal requirements that apply to you.

Whether it be express, implied, opt-in, or opt-out consent, it is important to obtain clear and informed consent in all data privacy matters. The power of consent lies in giving individuals control over their personal data and enabling them to make informed decisions.

As you can read in this post, managing consent is not simple and easy, it can be quite difficult to know the right things to do.

Our solution simplifies this process by helping you to create your cookie banner with the 👉 Privacy Controls and Cookie Solution.

  • The automatic configuration based on location will make it all easier (and quicker) and help you to comply with all the laws that apply to you and preventively block scripts prior to opt-in consent for European users.
  • All the best practices to boost consents are default settings for your cookie banner.
  • Easily store proofs of users’ preferences; and manage consent and privacy preferences for each of your users with the Privacy Controls and Cookie Solution.
  • And you have the freedom to customize everything as you like.

Create your own cookie consent banner for free

Generate a cookie banner

About us

iubenda

Cookie consent management for the ePrivacy, GDPR and CCPA

www.iubenda.com

Still have questions?

Attend one of our free webinars Email us Live chat