The system must enable the users to revoke whatever consent they have granted.
Systems usually request information from the users or collect it based on their interactions with the application. Regulations demand that none of these collections occur without the user’s consent and that this consent be demonstrable afterwards. Regulations also demand that the user be allowed to revoke, at any given time, whatever consent they may have granted regarding the collection and processing of their information.
Directive 2002/58/EC (amended by E-privacy Directive 2009/136/EC). Art. 6: Traffic data.(3) Users or subscribers shall be given the possibility to withdraw their consent for the processing of traffic data at any time.
GDPR. Art. 7: Conditions for consent.(3). The data subject shall have the right to withdraw his or her consent at any time.
GDPR. Art. 18: Right to restriction of processing.(1). The data subject shall have the right to obtain from the controller restriction of processing.
GDPR. Art. 21: Right to object.(1). The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.