Consent is a very important concept in law, particularly in the context of data protection. When collecting personal information from people, it is almost always better to get their voluntary, informed, and explicit consent beforehand. This is simple enough to understand when the agreement is happening face-to-face, or through a written document. But, what about when the agreement is online? What kinds of electronic consent exist that you can use in an online context? And are these mechanisms acceptable under data protection law?
What is electronic consent?
With written documents, consent usually occurs through signing a document with a hand-written signature. This signature shows you who signed the document, and confirms that that person agreed with whatever was written on the document (if they didn’t, they wouldn’t have signed it). Electronic consent works on the same principle – it can be any mechanism that confirms who the person is and that they agree to the terms.
Many data protection laws (such as the POPI Act or GDPR) don’t require any specific form of consent. As long as the consent is informed and the data subject gives it voluntarily, it is acceptable. It is obviously very important then to make sure that all of your documents and website content describes what you intend to do with the information that you collect.
Consent is not always cut and dry. Sometimes, consent will last forever – such as in a sale agreement. Other times, consent is something that you can revoke – such as in a revocable licence. It is important to figure out where your current situation lies on the continuum of consent, particularly when you are dealing with data protection.
For this reason, we recommend being clear about what you intend to do with your customers’ or visitors’ personal information. This involves drafting clear contracts and privacy policies that make it clear what information you are collecting and what you intend to do with it. These should follow the best practice methods, like the ICO Privacy Notice Code of Practice. This has been updated recently to be in line with the GDPR.
How can you consent electronically?
There are different ways to get electronic consent, but the most common of these are:
- Browse-wrap (or web-wrap) agreement – this is where a website contains terms that a visitor to the website can find easily (usually linked at the bottom of the page), which say that the visitor must accept these terms if they want to visit the website. By simply browsing on the website, a visitor is agreeing to these terms.
- Click-wrap agreement – this is where a website will only regard a visitor as agreeing to their terms (or a certain part of their terms) if they click a button that says that they agree. This can be in many forms, such as an ‘I agree’ button or check-box on a page where the visitor has to submit information to the website.
- Double opt-in – this is where a click-wrap agreement sends a separate email to the visitor’s email address. A visitor must click the confirmation link in the email before they are regarded as consenting to the terms of the website.
Actions you can take
- Understand what kind of information you should give your visitors and customers when drafting contracts by using our consent and disclosures guide.
- Understand the kind of consent that your situation requires by asking us to guide you.