Consent Receipt 1.0 Specification Improves Digital Privacy for Consumers and Businesses Including GDPR-ready Overlays for Parental Consent and Advertising
WAKEFIELD, Mass., USA – June 20, 2017 – Kantara Initiative released today the first open, global consent receipt specification for use with the European Union’s (EU) General Data Protection Regulation (GDPR). Kantara’s Consent Receipt 1.0 (CR 1.0) allows businesses dealing with EU-based companies to demonstrate they meet the notice requirements of GDPR scheduled to be enforced on May 25, 2018. The specification is available today and free for download.
Kantara’s CR 1.0 specification provides a common standard digital format for providing a record to consumers about privacy and what people have consented to. The creation and implementation of this standardized format will promote consistent, machine and human understandable consent practices, support consent management interoperability between systems internationally and enable proof of scalable consent.
In addition, Planning is well advanced for the first GDPR-ready consent receipt overlays for Verified Parental Consent and Advertising Technology. Future consent receipt specification updates will include these and subsequent GDPR-ready overlays in Kantara’s newly created Consent Management Best Practices Work Group launching soon.
“Until CR 1.0 there was no effective privacy standard or requirement for recording consent in a common format and providing people with a receipt they can reuse for data rights. Individuals could not track their consents or monitor how their information was processed or know who to hold accountable in the event of a breach of their privacy,” said Colin Wallis, executive director, Kantara Initiative. “CR 1.0 changes the game. A consent receipt promises to put the power back into the hands of the individual and, together with its supporting API — the consent receipt generator — is an innovative mechanism for businesses to comply with upcoming GDPR requirements. For the first time individuals and organizations will be able to maintain and manage permissions for personal data.”
About Consent Receipts And GDPR
A consent receipt is a notice created from a record of consent provided to an individual the moment a person agrees to the collection, use and sharing of personal information. Its purpose is to decrease the reliance on privacy policies and enhance the ability for people to share and control personal information. CR 1.0 can be used by people to communicate consent and the sharing of personal information once it is provided. Much like a retailer giving a customer a cash register receipt as a personal record of a purchase transaction, an organization using CR 1.0 will create a record of a consent transaction and give it to the individual. This transaction record is called a consent receipt. CR 1.0 is an essential specification for meeting the proof of consent requirements of GDPR to enable international transfer of personal information in a number of applications.
Kantara’s CR 1.0 is the first of a series of specifications planned for release by Kantara this year that go beyond the consent requirements of GDPR. GDPR harmonizes data privacy laws across Europe to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. Organizations doing business in the EU will be required to follow GDPR rules and regulations.
About Kantara Initiative
Kantara Initiative provides real-world innovation and development of specifications and conformity assessment programs for the digital identity and personal data ecosystems. Beyond its flagship eID-assisting Identity Assurance Trust Framework, developing initiatives including Identity Relationship Management, User Managed Access (EIC Award Winner for Innovation in Information Security 2014), Identities of Things, and the Consent Receipt, Kantara Initiative connects a global, open, and transparent leadership community, including CA Technologies, Digi.me, Experian, ForgeRock, Internet Society, Nomura Research Institute, and SecureKey Technologies. More information is available at https://kantarainitiative.org/
Follow Kantara Initiative on Twitter — @KantaraNews
For further information:
Bob Olson, Virtual, Inc.