1) Consent obtained directly in apps that embed Vectaury as an SDK, using Vectaury's CMP (Consent Management Platform). You can see it in action in this video:
Both are found to be failing — the second one in very interesting ways. Keep reading!
1) The consent is not informed;
2) The consent is not specific;
3) The consent is not affirmative.
Given the high-risk nature of the processing and its opacity, this isn't even a very strict interpretation.
You cannot pass consent to another controller through a contractual relationship. BOOM
This is huge.
Also, Google has said they won't use a clear definition of valid consent. This shows they will have to.
That might be a fight for another day 😊🤗