According to European Union (EU) privacy laws, personal data can only be collected under what condition?

Under European Union privacy laws, specifically the General Data Protection Regulation (GDPR), the principle of user consent is fundamental to the legality of data collection. This regulation mandates that personal data can only be collected when there is explicit consent from the individual whose data is being collected. This means that organizations must inform users about what data is being collected and how it will be used, allowing them to make an informed decision to grant permission before any collection takes place.

User permission is crucial because it empowers individuals, placing control over their personal information in their hands. This consent must be unambiguous, freely given, specific, informed, and revocable at any time, ensuring that individuals have a say in how their data is handled. By aligning data collection practices with the need for user permission, organizations can build trust with consumers and ensure compliance with stringent EU privacy regulations.