Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

R312. Allow user consent revocation

This document contains the details of the security requirements related to the management and protection of data privacy in the organization. This requirement establishes the importance of allowing the user to revoke their consent regarding the collection of their information.


The system must enable the users to revoke whatever consent they have granted.


Systems usually request information from the users or collect it based on their interactions with the application. Regulations demand that none of these collections occur without the user’s consent and that this consent be demonstrable afterwards. Regulations also demand that the user be allowed to revoke, at any given time, whatever consent they may have granted regarding the collection and processing of their information.


  1. Directive 2002/58/EC (amended by E-privacy Directive 2009/136/EC). Art. 6: Traffic data.(3) Users or subscribers shall be given the possibility to withdraw their consent for the processing of traffic data at any time.

  2. GDPR. Art. 7: Conditions for consent.(3). The data subject shall have the right to withdraw his or her consent at any time.

  3. GDPR. Art. 18: Right to restriction of processing.(1). The data subject shall have the right to obtain from the controller restriction of processing.

  4. GDPR. Art. 21: Right to object.(1). The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her.

Service status - Terms of Use