Everyone here seems to be unaware of article 7, section 3:
>The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.
Are there some semantic games being played here whereby the initial “Accept vs Customize” dark pattern dialogs don’t count as “withdrawing” consent because no consent has been given at that point? I.e. the annoying path of clicking Customize isn’t actually the withdrawal process, but is just the method of gaining acceptance?
They're definitely trying that as a loophole, but it won't hold up. "No action/response" can't count as consent, and so if you never granted it, then they don't yet have it to begin with and aren't allowed to collect.
> Silence, pre-ticked boxes or inactivity should not therefore constitute consent.
> If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
