Please add your name so clarification can be sought, and initials . If the comment pertains to the wider spec, a comment to the page is probably mroe useful.
|A level down the receipt-id so several receipts can be linked to each other under a generic transaction. |
This is to support transactions and context; alternatively, a “previous-receipt-id” so that receipts can be linked together and establish an underlying context of referrals.
|Use case - site the id's of a consent receipt for breach notification - |
|VJ||authz-token||which should be kept fairly secret between the Controller and Subject that allows the receipt to be used as a bearer token that uniquely identifies and authorises the bearer as owner of the personal data.|
|VJ||control-url||to provide a recorded point of contact to the Data Controller. I am imagining a URL that Subjects can use to, e.g., request deletion of their personal data or simply to revoke consent. It does not have to be a URL, of course, and could some other locator or identifier|