Conditions for Consent
Description
Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented; consent must be freely given, specific, informed, and unambiguous.
⚠️ Risk Impact
GDPR consent standards are materially higher than older consent regimes. Pre-checked boxes, bundled consent, and dark patterns all fail Article 7.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as high-severity findings with remediation guidance.
🔧 Remediation
Granular consent (separate purposes, separate checks). Records of consent (timestamp, scope, mechanism). Easy withdrawal (same effort as giving). No pre-checked boxes.
💀 Real-World Attack Scenario
Google was fined €50M by CNIL (2019) for invalid consent — consent for personalized ads was 'bundled' with other consents + couldn't be withdrawn easily.
💰 Cost of Non-Compliance
Google CNIL: €50M. Article 7 violations across EU: €100M+ aggregate.
📋 Audit Questions
- 1.Consent UX walkthrough?
- 2.Granular per-purpose?
- 3.Withdrawal mechanism (same effort)?
- 4.Consent records retained?
⚡ Common Pitfalls
- ⛔Pre-checked boxes (now explicitly prohibited)
- ⛔Bundled consent that can't be unbundled
- ⛔Dark patterns nudging acceptance
📈 Business Value
Strong consent UX is both compliance + customer trust.
⏱️ Effort Estimate
UX redesign + records system
EchelonGraph integrates with consent management platforms (OneTrust, TrustArc)
🔗 Cross-Framework References
Automate GDPR Art7 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →