Skip to main content

← Back to glossary

Term · 7. Security & Standards

Consent

IDM/IGA Domain
Standards GDPR CCPA

Definition

Voluntary, specific, informed, unambiguous indication that a data subject agrees to processing of their personal data (GDPR Art. 4(11)). Must be granular, freely-given, easily withdrawable. Consent receipt provides proof. Foundation for lawful processing under GDPR, CCPA, PDPA-SG.

Application
Implementations: consent management platforms (OneTrust, TrustArc, Cookiebot, DataGrail), consent receipt records, granular consent UX (separate purposes), easy withdrawal mechanisms. Critical for CIAM and marketing analytics.
Standards & regulations
  • ISO/IEC 29184:2020 «ISO/IEC 29184:2020 specifies requirements for online privacy notices and for requesting and obtaining consent in online environments, including when using social media. It also provides guidance for b»
  • I‑D.vcon-consent-00 «This document defines a consent attachment type for Virtualized Conversations (vCon) that enables automated consent detection, structured consent recording, and the expression of consent-related requi»
  • I‑D.howe-vcon-lawful-basis-02 «Under regulations like the GDPR, there are six lawful bases for processing personal data. Consent is unique in that it is a permission granted by the data subject for a specific purpose and can be wit»
  • W3C DPV CG-FINAL-dpv-20240801 «dpv:Consent: Consent of the Data Subject for specified process or activity. Consent in DPV is a specific legal basis representing information associated with consent rather than only given consent, in»
Sources

Related terms

← Back to glossary  ·  Open in main list