Incorrect. This was a much discussed and debated issue during the drafting of the Regulation, but “ unambiguous ” was the word selected for the final version (Article 4, paragraph 11). Explicit consent is only required when dealing with sensitive data. Sensitive personal data includes many types of information concerning a person’s race and ethnic origin, societal activities, political or religious beliefs, criminal background, health status, sexual orientation, and need for social care. If the information is not sensitive, “ unambiguous ” consent is acceptable, which contributes to so-called “ implied consent ”, where the individual’s actions are sufficient indication of consent to data processing.