Version 4 (modified by Dominic König, 4 years ago) ( diff )


Consent Tracking


Storing and processing of personally identifiable data (PID) may require explicit consent by the person in question. The Consent Tracking framework provides the means to request and track such consent.

Data Model

Types of Data Processing

The auth_processing_type table records types of data processing that require consent. Each processing type is identified by a unique code, which can be used to hard-code filters and consent checks throughout the application.

Consent Options

The auth_consent_option table holds a short title for each processing type (e.g. "Store my personal data") and an explanation what exactly that means. These two are used to request consent from the user, so formulations may be subject to legal requirements and guidelines.

Once a user has consented (or declined to consent) to a consent option, title and explanations can no longer be changed.

If they must be changed, e.g. for legal reasons or because the application has changed with regard to this type of data processing, then a new consent option for this processing type must be created, and the old version be marked as obsolete. Consent recorded for obsolete consent options will no longer be valid, thus, after such a change, the user must be asked for their consent again.

Consent Record


Managing Consent Options


Requesting Consent

Embedding the Widget


Mandatory Consent Options


Post-processing the Widget


Checking for Consent





Consent Expiry


Verifying Integrity


Note: See TracWiki for help on using the wiki.