The Information Commissioner’s Office has said it received over 300 responses to its public consultation to its draft GDPR consent guidance paper.
In a blog on the ICO’s website, Jo Pedder, interim head of policy and engagement at the data protection watchdog, said the “significant response” to the consultation showed that the “issue of consent surrounding the use of data has proved to be increasingly high-profile recently” with the impending implementation deadline for the EU’s General Data Protection Regulation.
Pedder said that the consultation, which closed on the 31 March 2017, had received “more than 300 responses from across a variety of sectors, along with interested members of the public”.
In her blog, Pedder also said that the guidance around consent was the ICO’s “first piece of detailed, topic-specific GDPR guidance” and said it would be publishing more draft guidance in the future.
The ICO published a discussion paper on data profiling under GDPR earlier in April, and called on stakeholders and interested members of the public to make submissions on the topic. Submissions for consultation on profiling close on 28 April.
Pedder said that the “hard work of analysing the feedback is under way” and will feed into the final version of the guidance. She said that the ICO is “working towards having a final version of our GDPR Consent guidance for publication in June”, although that may be dependent on “developments at European level”.
A spokeswoman for the ICO was unable to confirm how many charities or voluntary sector organisations had made submissions as part of the consent consultation.
Guidance has ‘insufficient clarity’ says NCVO
In its response to the ICO’s guidance on consent, the National Council for Voluntary Organisations said that the document “lacks the level of clarity required for regulatory guidance” and would “benefit from further detail in relation to a number of issues”.
NCVO’s response was published in a blog on its website written by Elizabeth Chamberlain, head of policy and public services at the umbrella body.
She wrote that “the current draft [of the guidance] does not provide a clear distinction or explanation between what the ICO will require as a matter of legal compliance, and what instead the ICO recommends as good practice”.
Chamberlain also said there was the potential for confusion with regards to the ICO’s use in the draft guidance of the expression “opt-in”. She said that GDPR “requires clear affirmative action, and this does not need to be expressed as an opt-in box”.
In Fundraising Magazine
She said that NCVO thought the final guidance would benefit from further detail in relation to issues around “the mechanisms that organisations will need to put in place for individuals to withdraw their consent easily”; when consent “needs to be refreshed and what is the duration of consent” and around how specifically “the purposes need to be defined for obtaining consent for different processing operations”.
Civil Society News reported last week that the Fundraising Regulator had also called on the ICO to make an “urgent amendment” to the guidance around its wording regarding the Fundraising Preference Service.