What is Informed Consent?
Informed consent is consent that provides the controller’s identity, the purpose of each of the processing operations for which consent is sought, what (type of) data will be collected and used, the existence of the right to withdraw consent, information about the use of the data for automated decision-making where relevant, and on the possible risks of data transfers due to absence of an adequacy decision and of appropriate safeguards.
If consent is relied upon by multiple (joint) controllers or if the data is to be transferred to or processed by other controllers, these organizations should all be named.
Processors do not need to be named as part of the consent requirements, although to comply with Articles 13 and 14 of the GDPR, controllers will need to provide a full list of recipients or categories of recipients including processors.
Under the GDPR, informed consent means, among other things, that specific information must be provided by a controller with each separate consent request about the data that is processed for each purpose. Specificity is a requirement on both sides of the consent interaction. The general rule is: The controller must provide specific information in the consent request in order for the data subject to provide specific consent. This is necessary in order to make data subjects aware of the impact of the different choices they have. Specificity in the consent request enables data subjects to give specific consent.
See WP29 Guidelines on Consent Under Regulation 2016/679