This server provides a consent receipt generation API. The API consists of a single endpoint:
http://consentreceipt.0pn.org/api/
This endpoint accepts HTTP POST
requests with input in the form of JSON (application/json
) documents and output in the form of a signed JSON Web Token (application/jwt
).
The API takes in a JSON document describing the consent transaction for which the receipt is to be generated. This object includes artifacts such as the presiding jurisdiction for the consent action, an identifier for the party consenting. The output of the API is a signed JSON Web Token (JWT) whose payload consists of all of the input data as well as several additional fields. This JWT is digitally signed by the server.
Field Name | Data Type | Description | Example Input | Required | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Section 1: CR Header |
---- | This is the first section of the receipt | ---- | ||||||||||||||||||||||||||||||||||||
jursidiction |
string. ISO two-letter country code if applicable, otherwise free text | This is the legal jurisdiction under which the processing of personal data occurs | US |
✓ | |||||||||||||||||||||||||||||||||||
iat |
number. Integer number of seconds since 1970-01-01 00:00:00 GMT | Timestamp of when the consent was issued | 1435367226 |
✓ | |||||||||||||||||||||||||||||||||||
moc |
Method of collection | Is used to describe how the consent was collected i.e. webform opt in, or implicit, verbal, etc. | web form |
✓ | |||||||||||||||||||||||||||||||||||
iss |
string. HTTPS URL | This is the URI or Internet location of processing, i.e., one party-two party or three | http://www.consentreceipt.org/ |
✓ | |||||||||||||||||||||||||||||||||||
jti |
string. | Unique identifier for this consent receipt |
|
✓ | |||||||||||||||||||||||||||||||||||
sub |
string. | Subject provided identifier, email address - or Claim, defined/namespaced | example@example.com |
✓ | |||||||||||||||||||||||||||||||||||
Section 2: Data Controller |
---------- | This section has the data controller, contact and privacy service information | ---------- | ||||||||||||||||||||||||||||||||||||
data_controller |
object |
The identity and company of the data controller and any party nominated to be data controller on behalf of org The object contains information of the data controller in the following fields:
|
{"on_behalf": true, "contact": "Dave Controller", "company": "Data Controller Inc.", "address": "123 St., Place", "email": "dave@datacontroller.com", "phone": "00-123-341-2351"} |
✓ | |||||||||||||||||||||||||||||||||||
policy_uri |
string. HTTP URL | the internet and immediately accessible privacy policy of the service referred to by the receipt | http://example.com/privacy |
✓ | |||||||||||||||||||||||||||||||||||
Section 3: Purpose Specification |
------------- | List Purpose | ------------- | ||||||||||||||||||||||||||||||||||||
purpose |
array of string's arrays. | Explicit, Specific and Legitimate: interpreted here as: 'Naming the Service' and 'Stating the Active Purpose ' see Appendix A these requirements | [Bob’s store, delivery, ]or [[" CISWG Membership", "Join"]] |
✓ | |||||||||||||||||||||||||||||||||||
Section 4: Sensitive Personal Information |
------------- | List 3rd Party Sharing Activities | ------------- | ||||||||||||||||||||||||||||||||||||
sensitive |
array of strings. | In many jurisdictions their are additional notice and administrative requirements for the collection, storage and processing of what are called Sensitive Personal Information Categories. These are Sensitive in the business, legal, and technical sense, but not specifically in the personal context. This list of categories are required in some jurisdiction, but, the actual notice and purpose requirements are out the scope of the MVCR. | ["health"] |
✓ | |||||||||||||||||||||||||||||||||||
Section 5: Information Sharing |
------------- | Sharing information with 3rd parties, what categories, with whom, and how information is shared | ------------- | sharing |
object |
This refers to the sharing of personal information collected about the individual, with another external party by the data controller (service provider). Should list categories of PII shared, from above list and under what purpose. Sharing is also a container for listing trust marks and trust protocols. The object contains information of the sharing in the following fields:
|
{party_name: "3rd Party Name or/3rd Party Category"} |
✓ | |||||||||||||||||||||||||||||||
Section 6: Optional Or In Review |
------------- | ------------- | ------------- | ||||||||||||||||||||||||||||||||||||
notice |
string. HTTP URL | Link to the short notice enables usability and layered policy. to provide enhanced transparency about data collection and information sharing practices | http://example.com/shortnotice |
✓ | |||||||||||||||||||||||||||||||||||
scopes |
string. space separated string values | What you’re allowed to do on the service (these can be tied to legal / business / technical layers) | read update |
The output JWT is signed using the RS256
algorithm defined in JSON Web Signatures. The server's public key is published in JSON Web Key format at:
An example input to the API is the following JSON object:
{ "jurisdiction" : "US", "iat": 1443282118, "moc": "web form", "iss": "http://www.consentreceipt.org/", "jti": "cba37edd4e223a44ea0197498663af81c0d68cdf7b5f13975096e34435339e51f86b6bf674f9725632b6f451b4a78c2fb09d3fcd38c978f004fcf99e65bdceab", "sub" : "example@example.com" , "data_controller" : {"on_behalf": true, "contact": "Dave Controller", "company": "Data Controller Inc.", "address": "123 St., Place", "email": "dave@datacontroller.com", "phone": "00-123-341-2351"}, "policy_uri" : "http://example.com/privacy" , "purpose" : [["Bob's Store", "delivery", "financial"]], "sensitive" : ["health"] , "sharing" : {sharing:"financial",party_name: "demographic", purpose: "delivery"}, "notice" : "http://example.com/shortnotice" , "scopes" : "read update" }
This produces output like the following signed JWT:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdXJpc2RpY3Rpb24iOiJVUyIsIm1vYyI6IndlYiBmb3JtIiwic3ViIjoiZXhhbXBsZUBleGFtcGxlLmNvbSIsIm5vdGljZSI6Imh0dHA6Ly9leGFtcGxlLmNvbS9zaG9ydG5vdGljZSIsInBvbGljeV91cmkiOiJodHRwOi8vZXhhbXBsZS5jb20vcHJpdmFjeSIsImRhdGFfY29udHJvbGxlciI6eyJvbl9iZWhhbGYiOnRydWUsImNvbnRhY3QiOiJEYXZlIENvbnRyb2xsZXIiLCJjb21wYW55IjoiRGF0YSBDb250cm9sbGVyIEluYy4iLCJhZGRyZXNzIjoiMTIzIFN0LiwgUGxhY2UiLCJlbWFpbCI6ImRhdmVAZGF0YWNvbnRyb2xsZXIuY29tIiwicGhvbmUiOiIwMC0xMjMtMzQxLTIzNTEifSwicHVycG9zZSI6W1siQm9iJ3MgU3RvcmUiLCJkZWxpdmVyeSIsImZpbmFuY2lhbCJdXSwic2Vuc2l0aXZlIjpbImhlYWx0aCJdLCJzaGFyaW5nIjp7InNoYXJpbmciOlsiZmluYW5jaWFsIl0sInBhcnR5X25hbWUiOiJkZW1vZ3JhcGhpYyIsInB1cnBvc2UiOiJkZWxpdmVyeSJ9LCJzY29wZXMiOiJyZWFkIHVwZGF0ZSIsImp0aSI6ImNiYTM3ZWRkNGUyMjNhNDRlYTAxOTc0OTg2NjNhZjgxYzBkNjhjZGY3YjVmMTM5NzUwOTZlMzQ0MzUzMzllNTFmODZiNmJmNjc0Zjk3MjU2MzJiNmY0NTFiNGE3OGMyZmIwOWQzZmNkMzhjOTc4ZjAwNGZjZjk5ZTY1YmRjZWFiIiwiaWF0IjoxNDQzMjgyMTE4LCJpc3MiOiJodHRwOi8vd3d3LmNvbnNlbnRyZWNlaXB0Lm9yZy8ifQ.LNY1NdOQg06iI003Mbi56_cnzd3VY7_hO6sn79z65OPXbEU06Budr8juV9HR_EHSCq9C5ungou02b2r15Imp7beIkXJzoVZMdX-_nK-BwaP4hu128TabCUkMAYq0Egk2IQVJV4tsrAjJMbC_l8rE8UDpWDPPNSoV40PCR12_vYeuvTn6Pe8LL9xwcPX0Gz57amqrp4bcs_MUaVfL6L6QH7cPv3MZAnSWBrgGevcQh6m0X0b4jonasyr63falMl3AlCSzSZgwf33ZaPoH8Ioo6zMPEgTtw0EWnSVSBl8Tp06KAqdhFbZ0SPg6DSQoGcNS-vihJDDqmsV_gLv1RmFqQQ
The header portion of the JWT contains:
{ "alg": "RS256", "typ": "JWT" }
The payload portion of the JWT contains:
{ data_controller: { address: "123 St., Place", company: "Data Controller Inc.", contact: "Dave Controller", email: "dave@datacontroller.com", on_behalf: true, phone: "00-123-341-2351", }, iat: 1443282118, iss: "http://www.consentreceipt.org/", jti: "cba37edd4e223a44ea0197498663af81c0d68cdf7b5f13975096e34435339e51f86b6bf674f9725632b6f451b4a78c2fb09d3fcd38c978f004fcf99e65bdceab", jurisdiction: "US", moc: "web form", notice: "http://example.com/shortnotice", policy_uri: "http://example.com/privacy", purpose:[["Bob's Store", "delivery", "financial"]], scopes: "read update", sensitive: ["health"], sharing: { party_name: "demographic", purpose: "delivery", sharing: ["financial"] }, sub: "example@example.com" }
# | Descriptions | Short Code | Notes |
---|---|---|---|
1 | Enabling us to carry out the core functions of our site/app/services | Core Function |
|
2 | Providing contracted or requested services to you. | Contracted Service |
|
3 | Delivering physical goods to you. | Delivery |
|
4 | Communicating with you about information or services you specifically request. | Contact Requested |
|
5 | Providing you with a personalized experience of our site/app/service. | Personalized Experience |
|
6 | Communicating with you about our other services you may be interested in. | Marketing |
|
7 | Communicating with you about the services of third parties you may be interested in. | Marketing Third Parties |
|
8 | Providing the information to third parties to deliver our services on our behalf. | Sharing for Delivery |
|
9 | Providing the information to third parties to enable them to communicate with you about their own services you may be interested in. | Sharing for Marketing |
|
10 | Providing the information to third parties to enable them to deliver or improve their own services to you. | 3rd Party Sharing for Core Function |
Service delivery dependent? Or for improved non dependent service deliver? |
11 | Providing the information to third parties to enable them to deliver or improve their own services to others. | 3rd Party Sharing for ... |
|
12 | Complying with our legal obligations for record keeping. | Legally Required Data Retention |
Is jurisdiction assumed? |
13 | Complying with our legal obligations to provide the information to law enforcement or other regulatory/government bodies. | Required by Law Enforcement or Government |
|
14 | Protecting your vital and health interests. | Protecting Your Health |
|
15 | Protecting our legitimate interests, yours or those of a third party. | Protecting Our Interests |
Is self interest a valid purpose? |
16 | Measure or improve our performance or the delivery of our services. | Improve Performance |
# | Category | Description of Category | |
---|---|---|---|
1 | Biographical |
General information like Name, DOB, Family info (mother’s maiden name), marital status. Historical data like educational achievement, general employment history. | |
2 | Contact |
Contact – (Address, Email, Telephone Number, etc.) | |
3 | Biometric |
Biometric – (Photos, fingerprints, DNA. General physical characteristics – height, weight, hair colour. Racial/ethnic origin or identification - whether self-identified or not) | |
4 | Social Contact |
Communications/Social – (Email, message and phone records – both content and metadata. Friends and contacts data.) | |
5 | Network/Service |
Network/Service – (Login ids, usernames, passwords, server log data, IP addresses, cookie-type identifiers) | |
6 | Health |
Health – (Ailments, treatments, family doctor info. X-rays and other medical scan data) | |
7 | Financial |
Financial – (This includes information such as bank account, credit card data. Income and tax records, financial assets/liabilities, purchase/sale of assets history.) | |
8 | Official ID |
Official/Government Identifiers – (This includes any widely recognized identifiers that link to individual people. Examples include National Insurance, ID card, Social security, passport and driving license numbers, NHS number (UK). Just the numbers rather than data associated with them.) | |
9 | Social Benefit Data |
Social Services/Welfare – (Welfare and benefits status and history) | |
10 | Judicial Data |
Judicial – (Criminal and police records, including traffic offenses.) | |
11 | Asset Data |
Property/Asset – (Identifiers of property – license plate numbers, MAC addresses for mobiles, other device identifiers. Not financial assets. Could include digital assets like eBook and digital music data) | |
12 | HR Data |
Human Resources – (Records held about employees/ members/ students not elsewhere defined. Incl. HR records such as job title, attendance/disciplinary records. Salary - as opposed to income.) | |
13 | Mental Health |
Psychological/Attitudinal – (Inc. religious, political beliefs, sexual orientation and gender identity – though not genetic gender which is Biometric. Traits and personality measures or assessments, but not psychological health - which is health data). | |
14 | Membership |
Membership – (Political, trade union affiliations, any other opt-in organizational/group membership data - third party organizations only. Includes name of employer when not held by employer. Could extend to online platform membership. Some might be more sensitive than others – may want a separate category) | |
15 | Behavioral |
Behavioral – (Any data about the behavior, habits or movements of an individual - electronic or physical. Location, browser/search history, web page usage (analytics), energy usage (smart meters), login history, calendar data, etc.) | |
16 | Profiling |
Profile – (Marketing and social segmentation data. Any categorization that impacts information presented or decisions made about an individual. This might be observed or derived data (algorithmic) or volunteered by the individual. Profile data is often generated from behavioral data). |