The third principle of the 10 Privacy Principles of PIPEDA is Consent.
Consent
The principle of Consent states that the knowledge and consent of individuals are required when an organization collects, uses, or discloses personal information, and it must be in such a way that the individual clearly understands.
For example, if an organization offers application forms which require personal information, it may not use ambiguous wording to trick individuals into giving their consent for purposes they cannot reasonably understand. It must be clear and concise.
An organization also can not refuse to provide a product or service to an individual if that individual refuses to provide personal information that is not required or related to the product or service (e.g. drivers licenses for product returns).
Exceptions to the Principle
Consent is not required when it is impossible or impractical to seek it, such as for legal, medical, or security reasons.
If information is being collected for the purpose of the prevention of fraud or for law enforcement, it may not be required.
Also, if the individual is a minor, seriously ill, or mentally incapacitated, it may not be appropriate or possible to seek consent.
Different Types of Consent
There are different types of consent that an organization may obtain. These include explicit, implicit, and opt-out consent. Consent may be provided verbally, in writing, or inferred from an individual’s actions.
Consent may also be given by an individual’s authorized representative, such as a legal guardian, lawyer, or through the power of attorney.
Withdrawing Consent
Individuals can withdraw consent at any time, subject to any legal or contractual restrictions and reasonable notice. The organization must notify the individual about the implications of withdrawing consent.
Compliance with Other Principles
The principle of Consent is closely linked with other principles. For example, every time an organization asks an individual for consent to provide personal information, it should also identify the purposes for which it is being collected.
NEXT PRINCIPLE: Limiting Collection
BACK TO: 10 Privacy Principles of PIPEDA
