dmleong
commented
7 years ago From https://medium.com/mydata/consent-lost-gdpr-and-found-eprivacy-e85cf881ffb
An underlying issue is “opt-out” consent compared to “opt-in”. The old directive left scope for the interpretation that opt-out consent was sufficient — that consent was assumed unless otherwise indicated. Since the GDPR requires a statement or clear affirmative action, consent has to be opt-in — no response means no consent.
Opt-in > opt-out. Let's write a section on this