Data protection: Art. 29 Working Party guidelines on consent
EBF advisor: Hélène BENOIST
Article 29 Data Protection Working Party:
EBF’s comments on the article 29 working party guidelines on consent (wp259)
Publication date: 23 January 2018
- Supporting the clarifications on consent provided by the WP29. The European Banking Federation (EBF) welcomes the Article 29 Data Protection Authority (hereafter ‘WP29’) Guidelines on consent which is one of the central point of the General Data Protection Regulation (GDPR).
- Avoiding consent and information fatigue. The banking sector supports the main objectives of the GDPR, as to increased transparency regarding personal data processing and empowering data subjects. However, it is important to avoid overburdening data subjects with too much information on too many occasions. An appropriate level of granularity needs to be found that does not lead the data subject to be nudged and bothered constantly, as this risks causing them to disengage from data protection issues.
- A need to ensure a consistent consent framework. The framework for consent needs to reflect that each industry has particular challenges and differences that impact the appropriate manner in which to implement consent under the GDPR. For instance, certain provisions in these Guidelines raise questions as to the potential consequences on the lawfulness of consents given under the Second Payment Service Directive (Directive (EU) 2015/2366 – PSD2) and the Markets in Financial Instruments (Directive 2014/65/EU – MiFID II).
- Future-proofing and ensuring technology-neutrality. Tools, techniques and mechanisms constituting appropriate measures to obtain consent from the data subjects are constantly evolving. Therefore, it is important to take a technology-neutral approach in order to allow controllers to best assess the most efficient way to inform data subjects and obtain consent.