How usable is consent withdrawal on the Web? UI requirements and expert evaluation

The GDPR stipulates that data subjects have the right to withdraw their consent at any time, requiring that it is as easy to withdraw as to give consent. Prior research has studied the usability of consent requests, however, usability of consent withdrawal has received less attention. This ongoing work analyses consent withdrawal from a usability lens using the Privacy Choice Evaluation Framework. An interdisciplinary team of experts (with HCI, CS and legal background) applied this framework to identify usability violations, i.e., potential gaps in the 'ease-of-use' of consent withdrawal interfaces. In future work, we are conducting an expert evaluation of top-200 websites to measure the prevalence of these usability violations, as well as a legal analysis of these usability violations. Based on this analysis, our goal is to propose usable and lawful interface recommendations for consent withdrawal on the web.