What are the responsibilities of Data Holders (DHs) and Accredited Data Recipients (ADRs) in connection with the consent types:
- Use Disclosure
- Direct Marketing
The technical standards deal only with the collection and authorisation aspect of a consent. Data Holders have no obligations, implementation impacts, or even a requirement for knowledge of the other consent types. There are CX standards that may apply to the other ADR consent types, but these have no bearing on DH implementations.
ADRs deal with the following
Collection consent (which corresponds to the DH's authorisation to disclose)
- Use consent
- Direct marketing consent
- De-identification consent
- AP Disclosure consent
DHs deal with the following
- Authorisation (which corresponds to the ADR's collection consent)
When a consumer withdraws an authorisation with a DH (or it expires), the collection consent with the ADR also expires - but any other consent types with the ADR could remain active (e.g. ongoing use, direct marketing consent etc.).
When a consumer withdraws a collection consent with an ADR (or it expires), the authorisation with the DH also expires - but other consent types with the ADR could similarly remain active.