App-specific document required
To consent or not to consent?
Where no statutory permission is granted to process certain user data, consent is required. Such consent will only be effective if the data subject is informed (prior informed consent). That implies that users must be informed in an easily comprehensible way about the nature, scope and purpose of the collection, processing and use of their personal data. Under German law, such consent must be separately declared, so the according language cannot be buried in the fine print of any terms of service.
In the next installment: Privacy by Design.