Consent FAQ

  • When we talk about consent, we’re talking about the obligation any organization has to ask you for permission to use your personal data. Consent is the act of agreeing to have your personal data used for specific purposes. Those purposes must always be clearly explained to you.
  • When giving your consent you can detail the terms, or conditions, that your consent is dependent on. For example, how long your data can be accessed for, and whether it can be shared with third parties.
  • A company needs to ask for your consent before they use any of your personal data. There are certain exceptions, which are outlined in the section below, What does GDPR say about consent.
  • For the citizens of the European Union, General Data Protection Rules, also known as GDPR, are applied to the control and processing of all personal data. Companies and organiations must have consent from the individual before holding their personal data.

    California also recently passed the California Consumer Privacy Act, CCPA, providing its citizens the right to know how their data will be used, processed and shared and given them the right to opt out.

    To learn more about data protection regultaions please visit the CNIL website on data protection around the world.

  • In defining consent, GDPR says, "Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her."

    On processing data based on consent, GDPR says, “In order for processing to be lawful, personal data should be processed on the basis of the consent of the data subject concerned or some other legitimate basis.”

    There are certain exceptions when asking for consent may not be needed. They include:

    • Processing is necessary to fulfil a contract to you have agreed.
    • There is a legal obligation to process the data.
    • Processing the data is necessary to save somebody’s life.
    • Processing is necessary for the public interest.

Consent is your right

Your personal data belongs to you. Therefore, you have the right to determine what companies can do with your data.

How your data is being used and misused

Today's world is exploding with data. Data on what we buy. Data on who we know and where we've been. Data on the most intimate aspects of our lives.

With everthing we do online, we leave a vapor trail of data behind us.

As we sign up for more and more services, each company leverages the data about us. Every one of our actions results in a data point. When these data points are combined into a data sets, an exteremely accurate profile is created and updated, as it follows you online.

This can be used to help improve the services you use, or it can be used to advertise products you may, or may not, want. It can be sold to other companies who may target you during an election, or use that information to develop new pharmaceuticals.

In any case, whether the output is positive or negative, you're often not asked or aware of how your personal information is used. And you most definitely do not profit from any of this activiity.

New laws for the digital landscape

As a response, the European Union implemented the General Data Protection Regulations (GDPR) in May of 2018. GDPR gives people enhanced protections against unnecessary data collection, and seeks to redress the imbalance of power by clearly defining the individual as the owner of their personal data.

The European Union is not the only jurdistion put data rights into law. California’s Consumer Privacy Act, or CCPA, became effective from January 2020, allowing state residents to reclaim their right to access and control their personal data. The new law lets users request a copy of any data a company holds on them, delete the data when they no longer want the company to have it, and demand that their data isn’t sold to third parties.

Specifying the terms of consent

We offer an encrypted file transfer service that enables you to send any document, picture or file to another party with specific rules reflecting the options you consent to.

When you specify certain basic terms of consent, you may not always be able to strictly enforce those terms, but you are signalling your ownership of the data. You are saying, I know my rights, this data belongs to me. And I decide how and what it can be used for.

This is just the start. Our vision is to develop a privacy hub where individuals and organisations can access, store and manage large sets of personal data in their own data rooms. Only when you can securely store and manage your data, can you truly own your personal data and effectively give your consent.

Interested in learning about data encryption?

Read about why encryption matters