This presentation describes the concept of Personal Data Receipts, also known as Consent Receipts, developed by the Kantara Initiative Consent & Information Sharing Working Group. We have assembled a non-commercial Privacy Control Panel system and are showing it at conferences throughout 2019!
Today, online service providers get information from or about you so that they can provide services. New privacy and data protection regulations have been coming into effect, which increase the requirement for notice, transparency and accountability when your data is collected and processed. Service providers are required to keep records about their terms of service and your agreement.
At their core, these regulations embody variations of the OECD basic principles of privacy protection which suggest the obligations of providers and the rights of the individual.
There are very few tools available to the individual internet user to help them understand, manage and control their online information.
This creates a power imbalance if one wants to go back later and exercise rights with respect to data – because you probably don’t remember who, what, where, when and how the service provider got your information.
There’s a solution!
Imagine if the service provider offered you a “Personal Data Receipt”. This receipt would include timestamps, the contents of the privacy notice you saw, what data was collected for what purposes, conditions like ‘delete-by-date’ instructions, and other useful facts. Just like a store checkout receipt, if there’s an issue later on or if you want to look back to see what you did last year, you can open up the receipt and take action.
In 2018, Kantara Initiative published the “Consent Receipt Specification v1.1” which is an interoperable Personal Data Receipt specification tailored to a specific legal basis for processing. This demo shows real products in action working with these receipts.