Synthesia

The provider exhibits a high overall compliance risk (score 0.86), primarily due to gaps in consent granularity, insufficient documentation of legitimate interest assessments, and weaknesses in cookie consent logging. Key risks include potential violations of GDPR's lawful basis requirements (Articles 6-7), ePrivacy Directive's cookie rules, and EU AI Act's transparency obligations for automated decision-making. While the provider demonstrates strong adherence to data subject rights (DSAR fulfillment) and technical security measures, critical improvements are needed in consent management frameworks, automated decision disclosures, and third-party accountability mechanisms.