Overview#
Consent Receipts is a record of a consent provided to an individual at the point in a person agrees to the sharing of data (usually Sensitive Data).Consent Receiptss purpose is to capture the Privacy Policy and its purpose for sharing Personal data so it can be easily used by Entities to communicate and manage consent and sharing of Sensitive Data once it is provided. [1]
Consent Receipts is a Kantara Initiative
Minimum Viable Consent Receipt [2]#
The Minimum Viable Consent Receipt (MVCR) is used to create Consent Receipts that puts people in the control of personal data.The MVCR is a specification for creating an open standard for dynamic consent, proof of consent, privacy icons and kitemarks
Consent Receipts and General Data Protection Regulation#
General Data Protection Regulation (GDPR) implies:- Valid consent must be explicit for data collected and purposes data used
- Data Controller MUST be able to prove Consent
Consent Receipts Details [1]#
Consent Receipts is presented in a JSON Web Token which is signed by JSON Web Signature. To find more information- GitHub Repo: https://github.com/KantaraInitiative/CISWG/issues
- Meeting Notes: Meetings and Minutes
- Known Implementations:
- Consent Receipt v0.7 test api on display at ConsentReceipt.org
- Consent Receipt API - Documentation
Consent Receipts and Personal Health Records#
Consent Receipts could be a possibility for providing Personal Health Record information to End-UserConsent Receipt Transaction Details#
Administrative fields for the consent transaction and the metadata for the overall Consent Receipt.| Field Name | Definition | Guidance | Required |
|---|---|---|---|
| Version | The version of this specification a receipt conforms to. | The value MUST be “KI-CR-v1.0.0” for this version of the specification. | MUST |
| Jurisdiction | Jurisdiction(s) applicable to this transaction. | This field MUST contain a non-empty string describing the jurisdiction(s). | MUST |
| Consent Timestamp | Date and time of the consent transaction | MUST include a time zone or indicate UTC. Presentation to end users SHOULD consider localization requirements. | MUST |
| Collection Method | A description of the method by which consent was obtained. | Collection Method is a key field for context and determining what fields MUST be used for the Consent Receipt. | MUST |
| Consent Receipt ID | A unique number for each Consent Receipt. | For example, UUID-4 RFC 4122 | MUST |
| Public Key | The PII Controller’s public key. | MAY |
Consent Transaction Parties#
| Field Name | Definition | Guidance | Required |
|---|---|---|---|
| PII Principal ID | PII Principal provided identifier. E.g. email address, claim, defined/namespace. | Consent is not possible without an identifier. | MUST |
| PII Controller | Name of the initial PII controller who collects the data. This entity is accountable for compliance over the management of PII. | The PII Controller determines the purpose(s) and type(s) of PII processing. There may be more than one PII Controller for the same set(s) of operations performed on the PII. In this case, the different PII Controllers SHOULD be listed, and it MUST be listed for Sensitive PII with legally required explicit notice to the PII Principal. | MUST |
| On Behalf | Acting on behalf of a PII Controller or PII Processor. | For example, a third-party analytics service would be a PII Processor on behalf of the PII Controller, or a site operator acting on behalf of the PII Controller. | MAY |
| PII Controller Contact | Contact name of the PII Controller | Name and/or title of the DPO. | MUST |
| PII Controller Address | The physical address of PII controller. | Address for contacting the DPO in writing. | MUST |
| PII Controller Email | Contact email address of the PII Controller | The direct email to contact the PII Controller regarding the consent. e.g., DPO, CPO, privacy contact. | MUST |
| PII Controller Phone | Contact phone number of the PII Controller. | The business phone number to contact the PII Controller regarding the consent. e.g., DPO, CPO, administrator. | MUST |
Data, collection, and use #
This section specifies services, personal information categories, attributes, PII confidentiality level, and PII Sensitivity.| Field Name | Definition | Guidance | Required |
|---|---|---|---|
| Privacy Policy | A link to the Privacy Policy and applicable terms of use in effect when the consent was obtained and the receipt was issued. | If a Privacy Policy changes, the link SHOULD continue to point to the old Privacy Policy until there is evidence of an updated consent from the PII Principal. | MUST |
| Service | The service or group of services being provided for which PII is collected. | The name of the service for which consent for the collection, use and disclosure of PII is being provided. This field MUST contain a non-empty string.MUST | |
| Purpose | A short, clear explanation of why the PII item is required. | This field MUST contain a non-empty string. | MAY |
| Purpose Category | The reason the PII Controller is collecting the PII. | Example Purpose Categories currently in use can are available on the Kantara Consent & Information Sharing Work Group (CISWG) Wiki page (http://kantarainitiative.org/confluence/display/infosharing/Appendix+CR+-+V.9.3+-+Example+Purpose+Categories) | MUST |
| Consent Type | The type of the consent used by the PII Controller as their authority to collect, use or disclose PII. | The field MUST contain a non-empty string and the default value is “EXPLICIT”. If consent was not explicit, a description of the consent method MUST be provided. | MUST |
| PII Categories | A list of defined PII categories. | PII Category should reflect the category that will be shared as understood by the PII Principal. In Appendix B there is an example of a defined list as supplied by a PII Controller. | MUST |
| Primary Purpose | Indicates if a purpose is part of the core service of the PII Controller. | Possible values are TRUE or FALSE | MAY |
| Termination | Conditions for the termination of consent. | Link to policy defining how consent or purpose is terminated. | MUST |
| Third Party Disclosure | Indicates if the PII Controller is disclosing PII to a third party. | Possible values are TRUE or FALSE. | MUST |
| Third Party Name | The name or names of the third party the PII Processor may disclose the PII to. | MUST be supplied if Third Party Disclosure IS TRUE. | MUST if Third Party Disclosure is TRUE |
| Sensitive PII | Indicates whether PII is sensitive or not sensitive. | Possible values are TRUE or FALSE. A value of TRUE indicates that data covered by the Consent Receipt is sensitive, or could be interpreted as sensitive, which indicates that there is policy information out-of-band of the Consent Receipt.MUST | |
| Sensitive PII Category | Listing the categories where PII data collected is sensitive. | The field MUST contain a non-empty string if Sensitive PII is TRUE. See section 7.2 for common sensitive PII categories that have specific consent notice requirements | MUST if Sensitive PII Level is TRUE |
More Information#
There might be more information for this subject on one of the following:- [#1] - Consent Receipt Specification - based on information obtained 2016-05-15
- [#2] - Consent Receipts - based on information obtained 2016-05-15
- [#2] - An Interoperable Personal Data Receipt Ecosystem in Practice - based on information obtained 2019-08-26
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!