Kantara Consent Receipts – Communicating User Consent Between Data Controllers

From IIW

Kantara Consent Receipts – Communicating User Consent Between Data Controllers


Wednesday 4B

Convener: Andrew Hughes

Notes-taker(s): Andrew Hughes, AndrewHughes3000@gmail.com


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Andrew Hughes, AndrewHughes3000@gmail.com

Kantara Initiative Consent Receipt Specification – uses for interoperable communication.

The Kantara Initiative Consent Receipt (CR) Specification is a standard record format used to record information about a person’s consent to collect and process their personal data. By itself, the CR is not very interesting. However, widespread use of this common data format will enable interesting possibilities.

This picture shows the fields defined in the CR. The dots highlight interesting fields that would usually be recorded by any data controller that collects user consent.


IIW26 We 4B1.png


The main question discussed was what ways might consent receipts be used to enable interoperable communication of consent information or transmission of personal data.

We talked about ‘privacy dashboards’ that might show a person all the places where they consented to data collection. The dashboard might have buttons to ‘revoke’ consent, submit a Subject Access Request or other interesting activities.

In the case where one controller needs to communicate the consent they collected from a user to another controller, the CR might be constructed as a type of ‘message’ that is transmitted using a messaging system. Questions were: should these CR messages be routable? Should they have things like reply paths or senders in wrappers or headers?

We also discussed the concept where the CRs acted as ‘control plane’ that might be transmitted separately from the actual data when porting data from one controller to another.

The call to action is to watch the Consent work groups at kantarainitiative.org as we work on interoperability using the CR spec and build stuff.


IIW26 We 4B KantaraConsentReceipts2.png