Kantara Initiative Releases an Open, Global Consent Receipt Specification; Meets GDPR Requirements, Free For Download
June 2017 by Marc Jacob
Kantara Initiative released an open, global consent receipt specification for use with the European Union’s (EU) General Data Protection Regulation (GDPR). Kantara’s Consent Receipt 1.0 (CR 1.0) allows businesses dealing with EU-based companies to demonstrate they meet the notice requirements of GDPR scheduled to be enforced on May 25, 2018. The specification is available today and free for download.
Kantara’s CR 1.0 specification provides a common standard digital format for providing a record to consumers about privacy and what people have consented to. The creation and implementation of this standardized format will promote consistent, machine and human understandable consent practices, support consent management interoperability between systems internationally and enable proof of scalable consent.
In addition, Planning is well advanced for the first GDPR-ready consent receipt overlays for Verified Parental Consent and Advertising Technology. Future consent receipt specification updates will include these and subsequent GDPR-ready overlays in Kantara’s newly created Consent Management Best Practices Work Group launching soon.
About Consent Receipts And GDPR
A consent receipt is a notice created from a record of consent provided to an individual the moment a person agrees to the collection, use and sharing of personal information. Its purpose is to decrease the reliance on privacy policies and enhance the ability for people to share and control personal information. CR 1.0 can be used by people to communicate consent and the sharing of personal information once it is provided. Much like a retailer giving a customer a cash register receipt as a personal record of a purchase transaction, an organization using CR 1.0 will create a record of a consent transaction and give it to the individual. This transaction record is called a consent receipt. CR 1.0 is an essential specification for meeting the proof of consent requirements of GDPR to enable international transfer of personal information in a number of applications.
Kantara’s CR 1.0 is the first of a series of specifications planned for release by Kantara this year that go beyond the consent requirements of GDPR. GDPR harmonizes data privacy laws across Europe to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. Organizations doing business in the EU will be required to follow GDPR rules and regulations.