Page tree
Skip to end of metadata
Go to start of metadata


  • Consent Notice Receipt lifecycle 
    • Notice of risk for adv transparency to mitigate
    • Notice of azcknolwdledge of rights (for the acknowledged risks)

Use Case points 

  • Privacy Shield Replacement
  • decentralized risks management 
  • enhancing or upgrading existing T&C's with receipt framework 

Items to cover

  • conformance framework 
    • code of conduct
      • Regulator approved (GDPR Adequacy - Industry & Sector )
    • code of practice
      •  certification

A consent by design protocol 

Types of consent processing Notice receipt type extensions https://openconsent.atlassian.net/l/c/82LahUFw 

Extending the Notice Receipt Fields by purpose. 

  1. ANCR (Explicit Consent Receipt)- added designation to the notice receipt ID to indicate explict record of consent for a purpose
    1. All subsequent receipt - link to 
  2. Implied - processing receipt for when an ANCR receipt is implied - 
  3. Expressed by action (should link ANCR receipt)
  4. Directed - when a consent notice receipt is a privacy agreement for future consent to a Controller
  5. Altruistic - a consent notice receipt privacy agreement without a specifically identified controller for processing (usually a data trust) 

LifeCycle Framework : a Walk through outline

  • A notice receipt  captures the record entity relationship and indicate an active relationship  with a Controller notice - indicating the status of the controller and risk assurance provided by  the notice for processing - (risk assurance must be independent / notarized - to provide assurance) 
  • This can then be extended -  (rather then  combined ) with a consent receipt  CR v1.1 for consent purpose specification
    • Identifies purpose_cat - if any legally sensitive (special) categories exist (y/n)
      • The scheme Must be frame from industry and sector best practice .
        • categories have different rule frameworks for processing personal data which are consistent internationally and specified in ISO 29100
      • e.g. explicit notice and consent is required for  sensitive personal data category types are processed by this purpose (unless legal exemption exists)
      • Purpose Cat = Defined by a Scheme - which is defined by industry code and sector code
    • Any required attribute names
    • Deletion, expiry rights, controls, actions, security 
    • The purpose specification provides a notice that,
    • The purpose name 
    • The purpose description
    • The personal data/info categories 
    • The treatment of the data
    • Link to - send the receipt with a notice to withdraw consent (or manage its lifecycle)

The initial consent_notice receipt can be turened into an ANCR with a consent notice that provides required legal information,  *e.g, privacy by design

  • Anchor receipt is base receipt for active state receipt event systems''
    • notice receipt (of anytime used, kept and collect by the person) 
      • Manually - 3 options: 
        • Track the analytics of the service and its performance
        • 1. Print - mail - address - (with corresponding email) - snail mail - written and notarized by the OPN Registrar service
        • 2.  Send Notice via an OPN notice receipt
        • 3.  We have 
    • This receipt can then be used by the person to provide a context profile (used for permissions and preferences) 
  • Consent Notice Receipt Types
    • Consent Notice Receipt
    • Implied Notice Receipt
    • Expressed Notice Receipt 
    • Consent Directive
    • Altruistic Consent 
    • Anchor Notice Receipt 
  • No labels