Consent and GDPR
When you are asked to consent to a data controller’s use of your personal data this implies the controller is relying on “consent” as the legal basis for such use.
Consent may not be used as the legal basis for processing your personal data if:
- you do not have a free choice
- you have not been provided relevant privacy information (what personal data may be used, how, and why)
- refusing consent may have a negative impact on you (this is the case where consent is a condition of receiving the service you want)
- there is an imbalance of power between the person and the organisation requesting the consent. This is likely when the organisation is a public authority
- GDPR provides a more appropriate basis for processing (such as for processing by public authorities in the exercise of their tasks)
The council does not generally request consent for using your personal data as, in accordance with the rules above, it is not a valid legal basis for processing involved in carrying out our official functions and tasks.
We will, however, request your consent for us to provide the actual support service we are offering you. This choice should also be informed by relevant privacy information. Therefore, we will always tell you about how and why we will use your information to provide the service before you decide whether you agree to receive it.