CONSENT IN THE DECISION-MAKING PRACTICE OF THE SLOVAK DPA

Abstract

Consent in personal data regulation presents one of the legal bases that legitimizes personal data processing realised by the controller. Despite the controller’s frequent referral to consent as a legal basis for such processing, the fulfilment of legal conditions for valid consent provision can prove challenging to many controllers. In this regard, the paper examines the existing decision-making practice of the national data protection authority – the Office for Personal Data Protection of the Slovak Republic – concerning the deficiencies regarding data subject’s consent provision that resulted in the initiation of administrative proceedings before this office and in the issuance of sanctions for the infringement of the applicable regulation on consent provision.