Blog details

Withdrawal of Consent Should be Easy

Withdrawal of Consent Should be Easy

Withdrawal of consent requests could have dire consequencesfor your company if they are not immediately and seamlessly processed.

Withdrawal of consent should be just as easy as giving consent.  So says the President of the Polish Data Protection Authority. This assessment came as a result of the review of practices by company ClickQuickNow.

According to the investigation the mechanism utilized by ClickQuickNow for processing requests for withdrawal of consent did not result in a quick withdrawal but rather involved the use of a link included in the commercial information. After the link was set up, messages addressed to the person interested in withdrawing consent were misleading, the EDPD article reports. Additionally, the company required that individuals who submitted consent removal requests must state the reason for withdrawing consent. Failure to provide this reason resulted in the discontinuation or the process of withdrawing.

It was further noted that ClickQuickNow also processed the data of subjects who were not its customers and from whom they had received objections to processing their personal data, without any legal basis.

These practices by ClickQuickNow were direct violations of the GDPR, particularly Articles 7(3), 12(2) and 17. It was further asserted that ClickQuickNows practices violated the principles of lawfulness, fairness and transparency of the processing of personal data, specified in the GDPR. As a results of these violations, the Polish DPA has levied an administrative fine of PLN 201,000 (Approximately EUR 47,000) on ClickQuickNow. Further the Polish DPA  mandated that ClickQuickNow adjusts its means of processing withdrawal of consent requests and deletes the data of data subjects who are not its customers and objected to the processing of the personal data concerning them.

What mechanisms does your company have to action an individuals request for withdrawal of consent? Are your practices easy and seamless? If not, this could result in severe consequences. Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.

Prev post
Hash como técnica de seudonimización de datos personales
November 13, 2019
Next post
Los mecanismos de retirada del consentimiento deberían ser sencillos
November 15, 2019

Leave a Comment