In accordance with the CDR standards;
- Is there a distinction between ‘expired’ and ‘revoked’ consents?
- Is it mandatory, to show both states on a dashboard? If yes, are we allowed to decide the state name for each of the states?
Yes, the standards distinguish between ‘expired’ and ‘revoked’ consent as per below:
- Expired – A consent organically moves into a past without a consumer withdrawing explicitly and is no longer valid.
- Revoked – A consumer goes to the dashboard and clicks on the button to remove consent.
There are no rules or standards that prescribe the exact language for these states, although the CX Guidelines (see DH dashboards) recommend some approaches and recommendations.
The knowledge base article Withdrawal of authorisation discusses aspects of revoking consent.