Withdrawal of Consent Should be Easy
Withdrawal of consent requests could have dire consequencesfor your company if they are not immediately and seamlessly processed.
Withdrawal of consent should be just as easy as giving consent. So says the President of the Polish Data Protection Authority. This assessment came as a result of the review of practices by company ClickQuickNow.
According to the investigation the mechanism utilized by ClickQuickNow for processing requests for withdrawal of consent did not result in a quick withdrawal but rather involved the use of a link included in the commercial information. After the link was set up, messages addressed to the person interested in withdrawing consent were misleading, the EDPD article reports. Additionally, the company required that individuals who submitted consent removal requests must state the reason for withdrawing consent. Failure to provide this reason resulted in the discontinuation or the process of withdrawing.
It was further noted that ClickQuickNow also processed the data of subjects who were not its customers and from whom they had received objections to processing their personal data, without any legal basis.
These practices by ClickQuickNow were direct violations of the GDPR, particularly Articles 7(3), 12(2) and 17. It was further asserted that ClickQuickNow’s practices violated the principles of lawfulness, fairness and transparency of the processing of personal data, specified in the GDPR. As a results of these violations, the Polish DPA has levied an administrative fine of PLN 201,000 (Approximately EUR 47,000) on ClickQuickNow. Further the Polish DPA mandated that ClickQuickNow adjusts its means of processing withdrawal of consent requests and deletes the data of data subjects who are not its customers and objected to the processing of the personal data concerning them.
What mechanisms does your company have to action an individual’s request for withdrawal of consent? Are your practices easy and seamless? If not, this could result in severe consequences. Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.
Latest posts by Christine Chrycee Charlemagne (see all)
- Profiling and the GDPR —here’s what you need to know - December 13, 2019
- ICO launches consultation on draft right of access guidance - December 11, 2019
- ePrivacy Regulation Draft to be updated and presented at next EU Presidency - December 6, 2019