What makes consent valid under the GDPR?

Article 4(11) and Article 7 require consent to be freely given, specific, informed, and unambiguous, expressed by a clear affirmative action. It must also be as easy to withdraw as to give, and the controller must be able to demonstrate that consent was obtained.

Is consent the right legal basis for AI processing?

Not always. Consent is one of six lawful bases. For some AI processing, legitimate interests or contractual necessity may fit better. If you rely on consent it must meet every condition; if it does not, you should reconsider the basis rather than weaken the standard.

What is granular consent?

Bundling several processing purposes into a single tick-box is not valid. Granular consent means offering separate, independent choices for distinct purposes — for example using data to provide a service versus using it to train or fine-tune an AI model.

Why does withdrawal matter so much?

Article 7(3) gives data subjects the right to withdraw consent at any time, and it must be as easy to withdraw as it was to give. A flow that takes one click to opt in but requires an email to opt out fails this test.

Does this tool store my answers?

No. The audit runs entirely in your browser. Your answers and the resulting report are never transmitted to us or any third party.

AI User Consent Audit Tool

If you rely on consent to process personal data through AI systems, that consent has to clear a high bar. The GDPR requires it to be freely given, specific, informed, and unambiguous, with withdrawal as easy as opting in — and you must be able to prove it. This tool walks you through the conditions for valid consent, scores each one based on how your flow actually behaves, and produces a report that flags exactly where you fall short.

How it works

You answer a focused checklist covering five dimensions: granularity (separate choices per purpose), clarity (plain-language, no pre-ticked boxes), freely-given nature (no service conditioned on unnecessary consent), the withdrawal mechanism (as easy as opting in), and documentation (records you can produce on demand). Each answer is scored, weak areas are flagged with specific remediation notes, and you get an overall rating. The audit is entirely local — nothing you enter leaves the browser.

Tips and notes

Unbundle your purposes. A single “I agree” for service delivery and model training is the most common failure — split them.
Kill pre-ticked boxes. Silence, inactivity, or a pre-checked box is not valid consent; require a clear affirmative action.
Make opt-out symmetric. If opting in is one click, opting out must be too.
Keep records. You must be able to demonstrate when, how, and to what each user consented — re-run this audit after any flow change.

AI User Consent Audit Tool

AI user consent audit

How it works

Tips and notes