Consent Record Type
https://publicschema.org/vocab/consent-record-type
Distinguishes the two roles a consent record can serve according to ISO/IEC TS 27560:2023, a controller's internal working record and a receipt issued to the data subject.
Values
| Code | Label | Standard code | Definition |
|---|---|---|---|
internal_record | Internal record | The controller's authoritative record of the lawful basis for processing. It is maintained internally and is not required to be shared with the data subject. Supports compliance audits and lifecycle management. | |
receipt | Receipt | An artefact derived from the internal record and delivered to the data subject as proof of what was agreed. The receipt is a snapshot of the terms at the time of agreement and is the basis for the Consent Receipt Verifiable Credential pattern. It must remain readable to the data subject even after the underlying record is updated. |
Referenced by this vocabulary
- Kantara ANCR WG Kantara Initiative
- Kantara Consent Receipt v1.1 Kantara Initiative, 2018
Other references
- ISO/IEC TS 27560:2023 - Privacy technologies: Consent record information structure superset Section 6 of ISO/IEC TS 27560 defines the distinction between controller-held records and receipts delivered to data subjects.