4. Obstacles to Seamless Rights Exercise: The Syncing
Snare
Risk: Non-Compliance with Articles 25 and 7.3 of the
GDPR
The process of withdrawing your consent should be straightforward.
However, the platform’s settings don’t sync across devices, forcing you
to opt out on each device separately. This complicates matters and runs
afoul of Articles 25 and 7.3 of the GDPR, which mandate that withdrawing
consent should be as easy as giving it.
(PLATFORM) Does this functionality sync between web and mobile
devices? This setting does not sync across browsers or devices.
You will have to enable it in each device.
Article 25.2 EU GDPR: The controller shall implement
appropriate technical and organisational measures for ensuring that, by
default, only personal data which are necessary for each specific
purpose of the processing are processed. That obligation applies to the
amount of personal data collected, the extent of their processing, the
period of their storage and their accessibility. In particular, such
measures shall ensure that by default personal data are not made
accessible without the individual’s intervention to an indefinite number
of natural persons.[2]
Article 7.3 EU GDPR: The data subject shall have the
right to withdraw his or her consent at any time . The
withdrawal of consent shall not affect the lawfulness of processing
based on consent before its withdrawal. Prior to giving consent, the
data subject shall be informed thereof. It shall be as easy to
withdraw as to give consent.[2]
Best Practices: Streamline Consent Across
Devices
The user experience should be consistent across all devices. When
consent is withdrawn on one device, this choice should be universally
applied to all other platforms. This is not just a hallmark of good
design but is also in line with GDPR’s Articles 25 and 7.3, which call
for an uncomplicated withdrawal process.