The Office of the Data Protection Authority of the Bailiwick of Guernsey has issued concise guide on the definition of consent.

This is helpful not only for GDPR, but also for understanding and implementing consent under the new U.S. State privacy laws.

It is worth noting that it is important to refresh consent. While the law does not set a time limit for when consent “expires,” it is up to you to ensure you review and refresh consent as appropriate given your circumstances. How long consent lasts will depend on the context, and your retention policy periods.

Note: The FTC recently told Inmarket they needed to refresh consent for precise geolocation every 6 months. CPRA, however, does not allow you to refresh consent after an opt out before 12 months.