4. Obstacles to Seamless Rights Exercise: The Syncing Snare

Risk: Non-Compliance with Articles 25 and 7.3 of the GDPR

The process of withdrawing your consent should be straightforward. However, the platform’s settings don’t sync across devices, forcing you to opt out on each device separately. This complicates matters and runs afoul of Articles 25 and 7.3 of the GDPR, which mandate that withdrawing consent should be as easy as giving it.
(PLATFORM) Does this functionality sync between web and mobile devices?  This setting does not sync across browsers or devices. You will have to enable it in each device.
Article 25.2 EU GDPR:  The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.[2]
Article 7.3 EU GDPR:  The data subject shall have the right to withdraw his or her consent at any time . The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed  thereof. It shall be as easy to withdraw as to give consent.[2]

Best Practices: Streamline Consent Across Devices

The user experience should be consistent across all devices. When consent is withdrawn on one device, this choice should be universally applied to all other platforms. This is not just a hallmark of good design but is also in line with GDPR’s Articles 25 and 7.3, which call for an uncomplicated withdrawal process.