How is "consent" defined under GDPR?

The correct definition of "consent" under GDPR is that it refers to any indication of the data subject's wishes signifying agreement to data processing. This definition captures the essence of consent as being more comprehensive than merely expressed permission or prior authorization. Consent under GDPR must be freely given, specific, informed, and unambiguous, which means that it can take various forms as long as it clearly indicates the individual's willingness to allow their personal data to be processed.

The understanding that consent is an indication of the wishes of the data subject emphasizes the active role of the individual in the process, ensuring that they are able to understand and agree to the specific terms of data processing. This aligns with the GDPR’s aim for transparency and informed decision-making.

While expressed permission, lawful agreement, and prior authorization may reflect aspects of consent, they do not capture its full breadth and may misrepresent the nuanced and explicit nature required by the GDPR.