Many people seem to believe that having their customers pressing “Agree” button is good enough to collect their “consent”. That’s actually not the case. Obtaining privacy consent has very high bar partly because that is the exception mechanism that you can resort to only when other lawful bases for the processing of personal data does not work. This session will briefly touch on other lawful bases and what is needed for potentially valid consent, then goes on to explain the requirements for privacy notice and consent process set out in “ISO/IEC 29184 Online privacy notices and consent”. ISO/IEC 29184 is an international standard that has been in making for the last 5 years. Stakeholders involved in the discussion included data protection authorities around the globe, technical community, lawyers, and businesses. It sets out the requirements for 1) What are needed to be in a privacy notice, 2) What are needed to be done in obtaining the consent, 3) What are needed to be done in the maintenance of privacy notices. For any business that wants to respect customer privacy, this document provides excellent guidance on what needs to be followed. (Privacy, Standards, Architecture & Deployment, Consumer Identity, User Experience, Vision & Strategy, Nat Sakimura)