Consent Receipts


Consent Receipts is a record of a consent provided to an individual at the point in a person agrees to the sharing of data (usually Sensitive Data).

Consent Receiptss purpose is to capture the Privacy Policy and its purpose for sharing Personal data so it can be easily used by Entities to communicate and manage consent and sharing of Sensitive Data once it is provided. [1]

Consent Receipts is a Kantara Initiative

Minimum Viable Consent Receipt [2]#

The Minimum Viable Consent Receipt (MVCR) is used to create Consent Receipts that puts people in the control of personal data.

The MVCR is a specification for creating an open standard for dynamic consent, proof of consent, privacy icons and kitemarks

Consent Receipts and General Data Protection Regulation#

General Data Protection Regulation (GDPR) implies:

Consent Receipts Details [1]#

Consent Receipts is presented in a JSON Web Token which is signed by JSON Web Signature. To find more information

Consent Receipts and Personal Health Records#

Consent Receipts could be a possibility for providing Personal Health Record information to End-User

Consent Receipt Transaction Details#

Administrative fields for the consent transaction and the metadata for the overall Consent Receipt.
Field NameDefinitionGuidanceRequired
VersionThe version of this specification a receipt conforms to.The value MUST be “KI-CR-v1.0.0” for this version of the specification.MUST
JurisdictionJurisdiction(s) applicable to this transaction.This field MUST contain a non-empty string describing the jurisdiction(s).MUST
Consent TimestampDate and time of the consent transactionMUST include a time zone or indicate UTC. Presentation to end users SHOULD consider localization requirements.MUST
Collection MethodA description of the method by which consent was obtained.Collection Method is a key field for context and determining what fields MUST be used for the Consent Receipt.MUST
Consent Receipt IDA unique number for each Consent Receipt.For example, UUID-4 RFC 4122MUST
Public KeyThe PII Controller’s public key. MAY

Consent Transaction Parties#

Field NameDefinitionGuidanceRequired
PII Principal IDPII Principal provided identifier. E.g. email address, claim, defined/namespace.Consent is not possible without an identifier.MUST
PII ControllerName of the initial PII controller who collects the data. This entity is accountable for compliance over the management of PII.The PII Controller determines the purpose(s) and type(s) of PII processing. There may be more than one PII Controller for the same set(s) of operations performed on the PII. In this case, the different PII Controllers SHOULD be listed, and it MUST be listed for Sensitive PII with legally required explicit notice to the PII Principal.MUST
On BehalfActing on behalf of a PII Controller or PII Processor. For example, a third-party analytics service would be a PII Processor on behalf of the PII Controller, or a site operator acting on behalf of the PII Controller.MAY
PII Controller ContactContact name of the PII ControllerName and/or title of the DPO.MUST
PII Controller AddressThe physical address of PII controller.Address for contacting the DPO in writing.MUST
PII Controller EmailContact email address of the PII ControllerThe direct email to contact the PII Controller regarding the consent. e.g., DPO, CPO, privacy contact.MUST
PII Controller PhoneContact phone number of the PII Controller.The business phone number to contact the PII Controller regarding the consent. e.g., DPO, CPO, administrator.MUST

Data, collection, and use #

This section specifies services, personal information categories, attributes, PII confidentiality level, and PII Sensitivity.
Field NameDefinitionGuidanceRequired
Privacy PolicyA link to the Privacy Policy and applicable terms of use in effect when the consent was obtained and the receipt was issued.If a Privacy Policy changes, the link SHOULD continue to point to the old Privacy Policy until there is evidence of an updated consent from the PII Principal.MUST
ServiceThe service or group of services being provided for which PII is collected.The name of the service for which consent for the collection, use and disclosure of PII is being provided. This field MUST contain a non-empty string.MUST
PurposeA short, clear explanation of why the PII item is required.This field MUST contain a non-empty string.MAY
Purpose CategoryThe reason the PII Controller is collecting the PII.Example Purpose Categories currently in use can are available on the Kantara Consent & Information Sharing Work Group (CISWG) Wiki page (http://kantarainitiative.org/confluence/display/infosharing/Appendix+CR+-+V.9.3+-+Example+Purpose+Categories)MUST
Consent TypeThe type of the consent used by the PII Controller as their authority to collect, use or disclose PII.The field MUST contain a non-empty string and the default value is “EXPLICIT”. If consent was not explicit, a description of the consent method MUST be provided.MUST
PII CategoriesA list of defined PII categories.PII Category should reflect the category that will be shared as understood by the PII Principal. In Appendix B there is an example of a defined list as supplied by a PII Controller.MUST
Primary PurposeIndicates if a purpose is part of the core service of the PII Controller.Possible values are TRUE or FALSEMAY
TerminationConditions for the termination of consent.Link to policy defining how consent or purpose is terminated.MUST
Third Party DisclosureIndicates if the PII Controller is disclosing PII to a third party.Possible values are TRUE or FALSE.MUST
Third Party NameThe name or names of the third party the PII Processor may disclose the PII to.MUST be supplied if Third Party Disclosure IS TRUE.MUST if Third Party Disclosure is TRUE
Sensitive PIIIndicates whether PII is sensitive or not sensitive.Possible values are TRUE or FALSE.
A value of TRUE indicates that data covered by the Consent Receipt is sensitive, or could be interpreted as sensitive, which indicates that there is policy information out-of-band of the Consent Receipt.MUST
Sensitive PII CategoryListing the categories where PII data collected is sensitive.The field MUST contain a non-empty string if Sensitive PII is TRUE. See section 7.2 for common sensitive PII categories that have specific consent notice requirementsMUST if Sensitive PII Level is TRUE

More Information#

There might be more information for this subject on one of the following: