Lov om personvern
The circumstances for consent have been strengthened, as community will no longer be able to utilise long illegible terms and circumstances full of legalese, as the request for consent must be given in an intelligible and easily reachable form, with the purpose for data processing adhere to thatconsent – meaning it must be unambiguous.Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.Ã¢Â€Â‹Explicit consent is appropriate onlyfor processing sensitive personal data – in this context, nothing short of “opt in” will suffice. However, fornon-sensitive data, “unambiguous” consent will suffice.
A regulation is a binding legislative act. It must be applied in its entirety across the EU, while a directive is a legislative act that sets out a goal that all EU countries must achieve. However, it is up to the individual countries to choose how. It is crucial to note that the GDPR is a regulation, in contrast the the past legislation, which is a directive.
The discussions surrounding the one-stop-shop basis are among the most highly debated and are still confused as the standing positions are highly varied. The Commission text has a adequately simple and concise ruling in backing of the principle, the Parliament also promotes a lead DPA and adds more involvement from other concerned DPAs, the Council’s view waters down the capacity of the lead DPA even further. A more in depth analysis of the one-stop-shop policy debate can be found here.