Charter (CMS)

WG NAME (and any acronym or abbreviation of the name):

Consent Management Solutions WG (Consent Management WG)


Consent Management Solutions are used to manage the full lifecycle of an individual’s consent for the processing of their personal data. That consent needs to be: freely given, specific, informed and unambiguous.

The purpose of the Consent Management Solutions WG is to produce a series of Recommendations and Technical Specifications. The Consent Management Solutions WG will gather common current practices from organizations that have implemented consent management solutions; to gather requirements from jurisdictional regulations related to consent management; to develop consensus requirements based on the best current practices to enable businesses to implement best practice, and to support the establishment of a Kantara conformity assessment scheme leading towards supplier declaration or certification against the requirements.

Due to impending deadlines for GDPR, PSD2 and other existing regulations in multiple jurisdictions, there is a market need for guidance and possibly product/service certification for compliant consent management solutions.


The initial scope of the WG is:

  • to collect documented current practices for management of privacy notice and

    consent from many sources;

  • to collect requirements from regulations in many jurisdictions;

to publish a Kantara Recommendation “Consent Management Solutions – Best Current Practices” which is to contain consensus best current practices as derived from the sources;

Once the initial scope is complete, additional publications will be scoped for production.


None planned in initial scope of the WG.


“Consent Management Solutions – Best Current Practices” anticipated ready for Ballot after WG launch, gap analysis and report before publication.


Chair: Jim Pasquale, 

Vice-Chair: Marco Venuti, iWelcome

Secretary: Andrew Hughes, ITIM Consulting

Editor: TBD


Anticipated audience or users of the work.

Organizations that collect personal information using individual consent for processing

  • Identity providers and credential providers; Customer Information and Access Management (CIAM) providers

  • Organizations in the ConsentTech, myData, “Internet of Me” spaces

  • Privacy and Information Commissioners, Regulators

  • Consent Management platform providers


  • The WG will operate long enough to publish v1.0 and v1.1 of the Best Current Practices publication; no less than 12 months.

  • Once additional publications are identified, the WG participants may choose to extend the WG duration.


The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara Initiative IPR Policy - Option Non-Assertion Covenant


Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.

  • Kantara Consent & Information Sharing WG

    • Consent Receipt Specification v1.0 and v1.1

    • (Draft) How to specify Purpose and Purpose Categories

  • Kantara UMA WG

    • UMA 2.0 Grant for OAuth 2.0 Authorization

    • Federated Authorization for UMA 2.0

  • IEC/ISO SC 27 WG 5 “Identity management and privacy technologies”

    • ISO/IEC 29100 “Privacy framework"

    • ISO/IEC AWI 29184 “Guidelines for online privacy notices and consent” (draft)

      General Data Protection Regulation

  • Article 29 Working Party: Guidance

  • Office of the UK Information Commissioner: Guidance

  • Office of the Privacy Commissioner of Canada: Guidance

  • NIST

    • Internal Report 8112: Attribute Metadata

CONTRIBUTIONS (optional): 

A list of contributions that the proposers anticipate will be made to the WG.

  • To be confirmed


Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members.

Jim Pasquale,,
Marco Venuti, iWelcome,
Andrew Hughes, Individual,