Press "Enter" to skip to content

The 10 Privacy Principles of PIPEDA – Consent

Last updated on January 30, 2016

The third principle of the 10 Privacy Principles of PIPEDA is Consent.


The principle of Consent states that the knowledge and consent of individuals are required when an organization collects, uses, or discloses personal information, and it must be in such a way that the individual clearly understands.

For example, if an organization offers application forms which require personal information, it may not use ambiguous wording to trick individuals into giving their consent for purposes they cannot reasonably understand. It must be clear and concise.

An organization also can not refuse to provide a product or service to an individual if that individual refuses to provide personal information that is not required or related to the product or service (e.g. drivers licenses for product returns).

Exceptions to the Principle

Consent is not required when it is impossible or impractical to seek it, such as for legal, medical, or security reasons.

If information is being collected for the purpose of the prevention of fraud or for law enforcement, it may not be required.

Also, if the individual is a minor, seriously ill, or mentally incapacitated, it may not be appropriate or possible to seek consent.

Different Types of Consent

There are different types of consent that an organization may obtain. These include explicit, implicit, and opt-out consent. Consent may be provided verbally, in writing, or inferred from an individual’s actions.

Consent may also be given by an individual’s authorized representative, such as a legal guardian, lawyer, or through the power of attorney.

Withdrawing Consent

Individuals can withdraw consent at any time, subject to any legal or contractual restrictions and reasonable notice. The organization must notify the individual about the implications of withdrawing consent.

Compliance with Other Principles

The principle of Consent is closely linked with other principles. For example, every time an organization asks an individual for consent to provide personal information, it should also identify the purposes for which it is being collected.

NEXT PRINCIPLE: Limiting Collection
BACK TO: 10 Privacy Principles of PIPEDA


Comments are closed, but trackbacks and pingbacks are open.