Resources (Downloads, Links etc.)
Consent Receipt Resources and links are provided here for ease of access and use. The consent receipt was developed in 2014 in conjunction with ISO/IEC 29184 Online privacy and Consent Standard,
The Consent Receipt primary function was to record any privacy notice or surveillance sign using the ISO/IEC 29100 Security & Privacy Techniques, (which is an open, free and accessible ISO/IEC Standard) as a generic framework for generating internationally neutral, notice records for generating consent (conformance) receipts.
Historically there has been a movement/need in the industry to withdraw consent from many service providers at once. The work here specifies an international information framework, that does so independently of the service provider (Resource Server (RS) in identity management), it also removes the need for intermediaries and in dynamic data exchange enabling people to consent to and transfer information and its processing across borders.
The ANCR workgroup was formed to supersede the Consent & Information Sharing Work Group, in order to complete the Notice Record for Consent Information structure in a manner that enables all of the previous implementers to update their specification version and is backwards compatible with Consent Receipt v1.1 (ISO/IEC 29184 Annex b), and mapping to (at this time) WD 5 of ISO/IEC 27560.
The (minimum viable) Consent Receipt v1, was written prior to the GDPR (and other global privacy laws) which has greatly help clarity current and usable consent record legal semantics and requirements,
ANCR Draft | Description | Contains | File | Link |
|---|---|---|---|---|
Consent Receipt V1.1 (Draft 0.8) | Consent Receipt Specification V1.1.0 Draft 8, final. (Free Download) | Developed as the minimum viable consent receipt and published by Kantara Feb 20, 2018
The draft of the Consent Receipt Specification was published in ISO 29184, and promoted to Standard by ISO/IEC and called ISO/IEC 27560 Consent Record information Structure. |  | |
Consent record information structure | ISO/IEC 27560 | Working draft (and other liaison docs) accessible through Kantara Liaison, contact LC or WG Chair or request to staff at kantarainitiative dot org Contains additional fields and structure definition inclusive of Consent Receipt v1.1
|
|
Activity, Articles and News
Date | Title | Published By | Description | Link or Document |
|
|---|---|---|---|---|---|
Dec, 2025 | Transparency Performance Indicators (TPIs) | IEEE (publication pending) | Paper as extended abstract |
|
|
Nov, 2025 | Transparency Performance Indicators – A User-Centric Methodology for Measuring the PII Controller Compliance and Conformance | IEEE International Symposium on Privacy Expectation (ISoPE) | Presentation |
|
|
Oct, 10, 2025 | Transparency Performance Indicators – A User-Centric Methodology for Measuring the PII Controller Compliance and Conformance | IEEE International Symposium on Privacy Expectation (ISoPE) | Presentation Abstract | The four Transparency Performance Indicators (TPIs) consist of: 1. The timing of the notice identifying the Personally Identifiable Information (PII) Controller., 2. The content of the notice has all the compulsory information. 3. Access to, and usability of security and privacy rights explicit in the notice. 4. Proof of contextual cryptographic authority and security. These measures are taken to determine whether notice is adequate for any and all processing purposes and justifications, and in particular it looks to determine whether there is a valid basis for consent. | Program – IEEE Symposium on Privacy Expectations (ISoPE) |
Aug 30, 2021 | NGI-Trust - Privacy as Expected Protocol Contributed to the ANCR WG | ANCR WG | The culmination of the Consent Receipt Specification is the conformity assessment framework that provides universal transparency and accountability for data processing by identity mangement systems, |
| |
June 16, 2020 | Blinding Identity Taxonomy | CISWG & ANCR WG | Blinding Identity Taxonomy aims to blind field data after capture for security of privacy and to protect the PII Principal |
| |
May 24, 2020 | CISWG/ ANCR WG - Privacy Workshop | ANCR WG | Showing off the latest work and multi-stake holder collaborations made possible through the consent receipt working effort |
| |
|
|
| What: Marketing Media and Privacy 2018 (followed by 2 workshops to mark 'Privacy Week')
| Details: https://openconsent.com/mmap18/ and https://kantarainitiative.org/events/?event_id1=7435 Presentations: Reports: |
|
Sept, 2018 | Privacy 2.0 : | CISWG | Consent Across Jurisdictions : EIC Presentation | |
|
May 24, 2018 | End of Privacy 1.0 |
| Launch of the W3C Data Privacy vocabulary Group, Co-Located at ODI London and MIT Media Labs |
| |
May 23, 2018 | Security Standards and The GDPR |
| Breakfast workshop Led by Sal D'Agostino and Mark Lizar - Security & Privacy |
| |
May 22, 2018 | MMAP |
| MMAP - (Marketing Media and Privacy) -Event @ IBM London |
|
|
March 21, 2018 | What is Consent Receipt? | Ubisecure | Article by a member of the CISWG, Ubisecure | https://www.ubisecure.com/data-protection/what-is-consent-receipt/ |
|
June 23, 2017 | Kantara Initiative Releases Consent Receipt Form for GDPR | Security Week | ""With less than one year before GDPR kicks in, the newswaves have been flooded in recent months with new surveys showing how ill-prepared business still remains. But while there is much news, there has been little in the way of practical technology solutions. The Kantara Initiative released one on Tuesday:" | https://www.securityweek.com/kantara-initiative-releases-consent-receipt-form-gdpr |
|
June 20, 2017 | Kantara Initiative Releases the First Open, Global Consent Receipt Specification | Kantara | Designed to provide a record to show a proof of Notice for GDPR compliant Consent, Free For Download |
| |
Nov 11, 2016 | Smart Health Privacy as a Service: Protecting the Individual in Healthcare Data Processing | Research Gate | Together, PRIAAS and MyData provide a holistic solution for consent delivery and management. Individuals have tools to manage their data as well as innovative services. Companies benefit from the new data-based business opportunities, and standardization enables interoperability and lowers the barrier for new companies and businesses to enter the healthcare-support market | http://jultika.oulu.fi/files/nbnfi-fe2016112930014.pdf |
|
Sept 13, 2014 | Usable Consent: Tracking and Managing Use of Personal Data with a Consent Receipt |
| This submission from the Kantara Initiative to Ubicomp by Mark Lizar & Mary Hodder was also presented by at HOT-Pets conference at Carnegie Mellon. | Published - https://dl.acm.org/doi/10.1145/2638728.2641681 |
|
| Addressing the Biggest Lie on the Internet |
| Open Notice (founding) Campaign for international and internet scale standards to Address the biggest lie on the Internet. Calling out that terms and conditions do not provide permission for informed consent. | https://kantarainitiative.org/wp-content/uploads/2014/10/Kantara-Consent-Receipt-Presentation.pdf |
|
Oct 1, 2014 | Minimum Viable Consent Receipt v0.5 | CISWG | The first significant Consent Receipt Specification Draft. Used in research to request consent receipts from organizations | |
|
October, 22 2012 | Opening up the Online Notice Infrastructure | W3C | Call to Action to Standards Organization address the biggest lie on the Internet |
| |
May, 15 2007 | Identity Trust WG @ Identity Commons |
| The initial workgroup, which started at IIW (internet identity world) |
|
\