This Eclass characterizes the concept of consent to the use/purpose of the privacy-relevant data (personal data) relates to. In many prviacy usecases, data subjects have to consent to the processing of their personal data. In some jurisdictions, consent is implied (e.g. default opt-in). Some use/purpose also does not require consent. This PrivacyDSL supports consenting to specific uses (the same uses that the data processor's "use" pertains to).
This EClass forms the root of the Consent concept."Consent: The free indication of the Data Subject's wish to explicitly accept a specific processing operation concerning their personal data, of which the Data Subject was informed beforehand by the entity empowered to decide on that processing (the Data Controller). It is enough for written "proof" of consent to be available, i.e. for the consent to be noted, transcribed, entered by the Data Controller and/or the Data Processor and/or a Person Tasked with Processing in a register, instrument or minutes � unless the processing operation concerns "sensitive" data, in which case the data subject has to give written consent (e.g. by undersigning a form). Some types of processing may be performed without the Data Subject's consent under the terms of Section 24 of Italy's Data Protection Code." (source)
| Name | Type | Cardinality | Description |
|---|---|---|---|
| Duration | EInt | 0..1 | Specifies the time duration of the consent in UTC format as EString. TO-DO: This is work in progress. We will need to define more advanced temporal semantics, e.g. time windows; we also need to define consent that does not live for a certain time, but is rather linked to certain events, e.g. the end of the purpose) |
| consentName | EString | 0..1 | Specifies a descriptive plaintext name for the consent. |
| Name | Target | Containment | Cardinality | Opposite | Description |
|---|---|---|---|---|---|
| consentToFurtherProcessing | InformationUse | Yes | * | Specifies the further use(s)/purpose(s) ("further processing") the consent explicitly pertains to.
The term "further processing" is used here to describe the additional use/purpose, as opposed to "primary" use/purpose.
Explicit consent for further processing: "explicit consent will be given when data subjects sign a consent form that clearly outlines why a data controller wishes to collect and further process personal data" (source1, source2) |
|
| consentToUse | InformationUse | Yes | * | Specifies the primary use(s)/purpose(s) the consent pertains to. The term "primary" is used here to describe the original use/purpose, as opposed to "further processing". | |
| information | Information | Yes | * | Specifies the (one or more) privacy-relevant information ("personal data") the consent (or withdrawal of consent) relates to. Personal Data: " Any information concerning natural persons that are or can be identified also by way of other items of information – e.g., via a number or an ID code. For instance, personal data is one's first or last name, address, Tax ID as well as a picture, the recording of one's voice or one's fingerprint, or medical, accounting or financial information relating to that person." (source) |
|
| withdrawConsent | InformationUse | Yes | * | Specifies specific uses/purposes the data subject withdraws consent to. The obvious semantics are that the duration of the consent automatically adjusts to end when the data subject withdraws consent. Withdrawing Consent: "Individuals who have consented should be able to withdraw their consent, preventing further processing of their data. This is confirmed also under the ePrivacy Directive for specific data processing operations based on consent, such as the processing of location data other than traffic data." (source) |