Explicit Consent under Data Protection Law


Explicit consent has been defined as consent that relates to a specified issue, declared by free will and based on information.

The definition provides that not all kinds of consent will suffice under the Data Protection Law. The data subject must know for what he/she is providing consent, and must express his/her consent clearly. For example, consent obtained in English from non-English speakers in Turkey would not be considered to be explicit consent. Further, implied consent is not regarded as lawful under the Data Protection Law. However, the Data Protection Law does not envisage any form requirement to obtain consent from data subjects. Therefore, there is no need to collect explicit consent in writing, but on-line mechanisms will also be sufficient.

The explicit consent necessitates informing data subjects of the identity of the data controller, the purpose of the data processing, the persons to whom the data will be transferred, and for which purposes, the method and legal grounds for the collection of personal data, as well as the rights of the data subject. Therefore, consent mechanisms must be accompanied with information on data processing to be held valid. 

Consent may be obtained for a specific purpose. Consent that is to be obtained for a vague or general purpose is not considered to be valid. Consent must be freely given; therefore, employee consent mechanisms must be handled very diligently. Data subjects may withdraw their consent at any time during the data processing. Upon withdrawal of consent, data controllers cannot continue data processing in principal; however, exceptions to this principle exist exceptionally for certain sectors.

Find more insights

Share