Implementing ISO/IEC TS 27560:2023 Consent Records and Receipts for GDPR and DGA
Harshvardhan J. Pandit, Jan Lindquist, Georg P. Krog
TL;DR
This paper explores implementing ISO/IEC TS 27560:2023 for creating interoperable, machine-readable consent records and receipts to support GDPR compliance and EU Data Governance Act requirements.
Contribution
It demonstrates how to implement ISO/IEC TS 27560:2023 using the Data Privacy Vocabulary for enhanced interoperability and compliance support.
Findings
Implemented consent records using DPV for interoperability
Showed alignment with GDPR and DGA requirements
Facilitated machine-readable consent management
Abstract
The ISO/IEC TS 27560:2023 Privacy technologies - Consent record information structure provides guidance for the creation and maintenance of records regarding consent as machine-readable information. It also provides guidance on the use of this information to exchange such records between entities in the form of 'receipts'. In this article, we compare requirements regarding consent between ISO/IEC TS 27560:2023, ISO/IEC 29184:2020 Privacy Notices, and the EU's General Data Protection Regulation (GDPR) to show how these standards can be used to support GDPR compliance. We then use the Data Privacy Vocabulary (DPV) to implement ISO/IEC TS 27560:2023 and create interoperable consent records and receipts. We also discuss how this work benefits the the implementation of EU Data Governance Act (DGA), specifically for machine-readable consent forms.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data