gdpr-valid-consent

Installation
SKILL.md

Implementing GDPR-Valid Consent

Overview

Valid consent under the GDPR is defined in Article 4(11) as "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her." Article 7 sets out the conditions for consent, and Recital 32 clarifies that silence, pre-ticked boxes, or inactivity do not constitute consent.

The Court of Justice of the European Union (CJEU) reinforced this in Case C-673/17 (Planet49 GmbH, October 1, 2019), ruling that pre-ticked checkboxes do not constitute valid consent for placing cookies, and that consent must be specific to each processing purpose.

The Five Requirements of Valid Consent

1. Freely Given (Article 7(4), Recitals 42-43)

Consent is not freely given if:

  • There is a clear imbalance between the data subject and the controller (e.g., employer-employee relationships, public authority-citizen relationships)
  • Consent is bundled as a non-negotiable condition of a service (the "conditionality test" under Article 7(4))
  • The data subject suffers detriment for refusing or withdrawing consent
  • There is no genuine choice or the individual feels compelled to consent
Installs
9
GitHub Stars
187
First Seen
May 26, 2026
gdpr-valid-consent — mukul975/privacy-data-protection-skills