The CJEU Sets Its Standards For Obtaining A Valid GDPR Consent

The CJEU Sets Its Standards For Obtaining A Valid GDPR Consent

By Decision of 11 November 2020 (C-61/19), the Court of Justice of the European Union (CJEU) specified the conditions applicable to obtain a GDPR compliant consent. 

Indeed, the Court ruled that the data subjects’ consent to the processing of their personal data was not valid in the following cases:

where the controller (i.e., Orange România) pre-ticked the consent box referring to a clause contained in a contract and stating that the customer has consented to the collection and storage of their personal data (in this case, their identity document); or

where it was not clear as to whether individuals could refuse the processing operations without suffering any consequences on the possibility to conclude the service agreement; or

where the individuals’ freedom of choice could be affected by requiring the individuals to complete an additional form to refuse the processing of personal data

CJEU: The Judgement on the Validity of the Standard Contractual Clauses Expected on July 16, 2020

CJEU: The Judgement on the Validity of the Standard Contractual Clauses Expected on July 16, 2020

The Court of Justice of the European Union (“CJEU”) announced that it will deliver its judgement in the Schrems II case (case C-311/18) on July 16, 2020.

This judgement will determine whether the Standard Contractual Clauses (“SCCs”) are a valid personal data transfer mechanism under the General Data Protection Regulation (“GDPR”).

This mechanism being widely used by companies to transfer personal data outside of the EU, the decision is eagerly awaited.