I have consent to process data, when do I need to ask the person again?
When you change what you use the data for
If you now want to use someone’s data for a different purpose from what you originally gathered consent for, you need to refresh that consent.
For example, if you gathered consent to send people marketing emails and you now want to use that data for a different purpose, you must ask for consent again.
After a certain amount of time
While there's no strict time limit to the validity of the consent given by a user, the ICO recommends that consent be refreshed every 2 years.
That said, we need to consider the context in which consent is given and what the individual would expect. If you tell a user that you will be processing their data for the next 3 events they will attend, then they will not expect you to process their data after that. In this scenario, the individual is not likely to expect you to continue processing their data so refreshing consent would be necessary.
What about cookies?
Consent for placing cookies on someone’s device is different. Again no strict requirement is in place but there are strong recommendations by the French and Irish regulators that cookie consent should be refreshed every 6 months.
That is the default setting for Privasee’s cookie banner.
What if they withdrew consent?
In that case, you can't use their data at all, therefore there's no consent to refresh.
What about children's data?
We’ve not developed this section of the blog yet! If you’d like our insight, feel free to reach out to email@example.com and reference this blog. We’ll be delighted to help you with this!