Today, there is high adoption of digitalization. Transactions of all natures happen online, leaving behind data trails, letting companies “store” or retain user data with them for marketing or value-addition purposes. With that said, there needs to be some control for users, establishing a system of consent that lets them decide what happens with their personal data. The General Data Protection Regulation, or GDPR, regulates the exercise of consent in the EU, synchronizing user consent with companies’ usage of their data.

Let’s understand the GDPR, consent, and types of consent better.

GDPR, short for General Data Protection Regulation, is a set of compliance instructions put in place to regulate the usage of internet users’ personal data based on the consents they have provided. In tow, consent isn’t simply purely that. There are six basal natures of consent, each with its own set of governance laws, compliance, and regulatory mandates. It becomes a bit complex to put them into operation in such a scenario.

Data Subject RIghts

However, with the mounting concerns regarding privacy and Edelman’s trust indices dipping each coming year, putting consent machinery into motion for their digital deployments has become paramount for organizations.

Types of Consent

Let’s understand the six major types of consent.

Informed Consent

The consent obtained after informing the consumer of the outcomes of granting consent – the full extent of impacts and consequences – is informed consent. Only when an organization has informed the user of such entailments, and the user has comprehended the research presented and granted consent can it be called informed consent. It also has legal implications concerning the competence of a person to give informed consent with regards to their mental capacity and health.

Implied Consent

Users sometimes participate in data-centric activities, such as polls, surveys, marketing interviews, etc. These data collection methods usually function on implied consent, which is considered granted once participation has been secured from the user. This form of consent is known as implied consent, and on a normal day, the users remain anonymous.

However, some marketing surveys or interviews may be needed to secure users’ opt-in/opt-out consent as well.

Explicit Consent

This form of consent forms a legal base for the organizations to act upon where further perusal of consumer data is concerned. The consumers are presented with a decision – whether to permit the use of the data they provide or not, in clear terms – before an organization begins to collect their data. This is also known as direct consent or express consent.

Active Consent

Active consent can be considered as explicit consent in a different form. The user receives a statement that clearly defines what is to entail if they agree to the data use, and thereupon they must take an active decision whether to accept or reject it.

Passive Consent

This consent is yet another form of implied consent; you can consider this to be consent in camouflage. The user is said to have consented to certain data use upon participation unless they clearly or explicitly state otherwise or straight out disagree. In cases where the law requires consumers’ explicit consent, passive consent could fall short of compliance.

Opt-Out Consent

The type of cookie consent you usually come across when visiting websites presents you with an opt-out option – usually “Decline cookies” or “Stop storing cookies.” This form of consent is Opt-in/Opt-out consent. An action by the user is normally required to stop the organization from using consumer data for marketing purposes.


Consent today goes hand-in-hand with global compliance laws enforced by authorities to safeguard consumer rights and protect their personal data. It is thus important for organizations to stay compliant.