in light of calls to update the GDPR - and make it easy for Small Business, by derogating the ROPA, record requirements for small businesses in the EU, i reached out to ask, why not implement consent receipts instead? (To the person who put consent receipts in the EU Digital Markets Act in the first place)
His response was to send him an email with this as an alternative approach so that he can share this with the EU Justice Department team.
As a part of my response, I would like to update them on how far the Consent Receipt work has evolved in the last 6 years into Standard Operational Transparency record information structure, that can be used for international consent record based information flows. (International Consent which was the objective of the work)
Mentioning how the Kanatara Consent Receipt work was
- Used and is in use by industry
- Adopted into:
- ISO/IEC 27560: 2023 About to become an open standard (in 2025 Fall)
- Extending the open and free to access ISO/IEC 29100 - privacy framework (recently updated)
- TPI Benchmark for Valid Consent, coming out (next week Tbc)
- Conv 108+ being ratified(next month Tbc)
To add to this, would there be any objections to making the ANCR
Controller Identification Record. Spec (On the ANCR Wiki) publicly accessible so I can include it in my response ?
Best Regards,
Mark