Child pages
  • CISWG Research: Consent in the wild
Skip to end of metadata
Go to start of metadata

Assessing Terms for Authorisation;

Including Consent, Permission and Agreement

How to Participate

Discussion should be directed on the (c)ISWG list (or on a call if time permits). comments can be provided on this page (in comment box below), suggest improvements or ask for clarification on this survey with the aim to start inviting people to use the survey prior to MyData 2019 Sept 24.  

Design of assessment -  To make this easy, the survey is narrowly scoped and focused on just collecting data to review, in order to set a basis for follow up research (if applicable). 

CISWG Research:

Inviting all members to participate in research by any of the following means;

  1. fill in this survey for your own organisation's service,
  2. use this assessment on a service you are working on,
  3. use the survey to do an assessment on a service you are interested in, 
  4. share this survey t community as a tool to assess authorisation advocate it's use

Assessment (Survey) Summary

This is a short survey focused on assessing the terms used authorisations, consent based interaction, in permissions and agreements.

This is for identifying the terminology and taxonomy in an specific service - it is for the identification of terms used in authorisations for personal information sharing and permission-ing in identity management, covering contract, all types of agreements  and consent.  

The results of this research will be correlated by industry, authorisation format,  the context,  and specifically the legal  justification. 

This results will be summarised in contrast to the consent receipt format with the aim of contributing towards the further  development of works. 

Kantara Consent Receipt, v1.1 - including glossary

CISWG Terminology Assessment:  link to thsurvey/assessment,  

link to GICS codes excel sheet (preferred codes to use in the survey to identify industry codes for this assessment - GICS_structure_formatted.xlsx

Thank You Contributors: 

  • Mark Lizar
  • Paul Knowles
  • Jan Lindquist
  • Harshvardhan Pandit
  • Oscar Santolalla
  • Vitor Jesus
  • Joss Langford
  • Sal D'Agostino
  • Robert Lapes


The Kantara Initiative Consent & Information Sharing WG, has produced the Consent Receipt Specification, and is now working on a broader Personal Data Processing Receipt Specification.  

The consent receipt that has been a basis for developing a single digital privacy record and receipt format to standardise privacy and information sharing transparency.  The consent receipt format has been adopted by other standards efforts and is championed as a tool for transparency and interoperability in identity management. 

The objective of this survey is to collect and audit the use of terms in the authorisation and permission-ing of personal data processing and to contrast practice against the consent receipt format. The survey will aim is to assess the actual use of terms, and their interpretation from those who use them. As well as to consider a consent centric interpretation of all the various legal justifications for processing personal data.

More information (like how to join this WG or mailing list can be found on the Kantara CISWG Wiki)

Survey Sections

  • Respondent/ Organisation Information
  • Context of Data Collection
  • Terms Used for the Authorisation of Data Capture 
  • Additional Questions Relevant to Quality of Authorisation

Research & Discussion

  • Conformance to best practice
  • Security & Privacy Risks, surveillance and dark patterns. e.g. → identification of the malicious and benign mis use of transparency. 
  • Terms: Legal, Technical, Business,
    • Deeper Sub-Topics - (of keen interest to review) Contract Vs Privacy, Governance Vs platform permissions, data trusts

Links to research to help inform this study

Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds

Dark pattern research:

  • No labels