General Data Protection Regulation (GDPR) in the European Union (EU) and European Economic Area (EEA):
Posted: Sat May 24, 2025 8:57 am
Core Principle: Requires explicit, freely given, specific, informed, and unambiguous consent for processing personal data, including phone numbers for marketing.
Key Requirements:
Explicit Consent: Pre-checked boxes are forbidden. Consent must be a clear affirmative action.
Granular Consent: If you process a phone number for multiple purposes (e.g., marketing AND transactional), you might need separate consent for each purpose.
Right to Withdraw Consent: Individuals have the right to withdraw south africa phone number list consent at any time, and it must be as easy to withdraw as it was to give.
Right to Erasure (Right to Be Forgotten): Individuals can request their data be deleted.
Transparency: Provide comprehensive information in your privacy policy about data processing, purpose, retention, and individual rights.
Lawful Basis: Consent is just one lawful basis; for transactional messages, contractual necessity or legitimate interest might apply, but for marketing, consent is usually required.
Personal Information Protection Law (PIPL) in China:
Core Principle: Similar to GDPR, it requires clear consent and provides individuals with comprehensive rights regarding their personal information.
Key Requirements:
Informed Consent: Personal information processors must obtain the individual's "separate consent" for marketing purposes, particularly for sensitive personal information or cross-border transfers.
Right to Access, Correct, Delete: Individuals have robust rights over their data.
Data Minimization: Only collect data that is necessary for the stated purpose.
Cross-border Transfer Rules: Strict rules apply if you transmit personal information collected in China outside of China.
Key Requirements:
Explicit Consent: Pre-checked boxes are forbidden. Consent must be a clear affirmative action.
Granular Consent: If you process a phone number for multiple purposes (e.g., marketing AND transactional), you might need separate consent for each purpose.
Right to Withdraw Consent: Individuals have the right to withdraw south africa phone number list consent at any time, and it must be as easy to withdraw as it was to give.
Right to Erasure (Right to Be Forgotten): Individuals can request their data be deleted.
Transparency: Provide comprehensive information in your privacy policy about data processing, purpose, retention, and individual rights.
Lawful Basis: Consent is just one lawful basis; for transactional messages, contractual necessity or legitimate interest might apply, but for marketing, consent is usually required.
Personal Information Protection Law (PIPL) in China:
Core Principle: Similar to GDPR, it requires clear consent and provides individuals with comprehensive rights regarding their personal information.
Key Requirements:
Informed Consent: Personal information processors must obtain the individual's "separate consent" for marketing purposes, particularly for sensitive personal information or cross-border transfers.
Right to Access, Correct, Delete: Individuals have robust rights over their data.
Data Minimization: Only collect data that is necessary for the stated purpose.
Cross-border Transfer Rules: Strict rules apply if you transmit personal information collected in China outside of China.