Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


The Consent Receipt v1.2 is specified for devoting scalable and dynamic data processing controls and authorizations with privacy rights.  It is based on the OECD Guidelines on the Protection of Privacy and the Transborder Flows of Personal Data and is apart of a body of work for privacy standards and assurance for developed over the 20 + years.  These guidelines adopted an international version of Fair Information  Practices, which many privacy legislation is based upon. It has guided the harmonization of privacy law internationally, is closely tied with the Council of Europe and CoE 108+, and importantly it provides the framework for ISO/IEC 29100, which is interpreted as a security framework extension to encompass the scope of privacy in information technology.  

The OECD guidelines are formalized with  the ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework, for common terms and definitions, further made accessible as it is released as A Public  ISO Document.   Providing a mature and common semantic framework to refer to the privacy stakeholder relationships in  create a record of a privacy notice that is owned by the Individual called the Consent Receipt. 

The Consent Receipt Specifications relies on International interpretation of Privacy Principles that are widely adopted as a foundation for National privacy legislation in the International OECD Guidelines, to which the conformance record, that is the Consent Receipt (a Privacy Notice Record) can be assessed by applying both the standardized controls and structures specified in the ISO/IEC 29184:2020 Online Privacy Notice and Consent standard, or in context (by context) with legislated privacy law like the v1.2 is a record of a Privacy Notice interaction and is specified using the OECD Privacy Principles and ISO/IEC 29100 which is a free ISO/IEC standard for this type of purpose to of use to be possible. 

The Consent Receipt itself is generated upon interacting with a Privacy Notice so that a person can capture evidence of a service notice, and be used to assess conformance to privacy law, or with  ISO/IEC 29184:2020 Online Privacy Notice and Consent standard, which in Appendix D has published the Consent Notice Receipt v1.1, which means it is eligible record or proof of Notice, with more authority than Terms and Conditions.    And, it can be used to demonstrate evidence of consent  for EU (GDPR)  General Data Protection Regulation .  Or conversely with a legal standard, for example Canadaand Canada's Meaningful Consent standardlaw

Consent by Design 

The Consent Receipt v1.2 is referred to as a Consent by Design specification as the default receipt legal justification is consent. The default legal justification can be changed to any valid legal justification for processing personal data provided by a notice, notification or disclosure.  The  Consent Receipt is a digital twin or capture of the notice of processing in which the legal justification (if not consent) must be presented for the notice to comply with this specification.  ]