Consent Record Schema
Supported Usecases
The schemas are designed to support a variety of use cases and be extensible enough to allow external dependencies for extensible support.
Example Usecases:
Data Collection:
Purpose Key: DATA_COLLECTION
Agreement Kind: CONSENT_V1
DataRef: Optional
Product License
Agreement Kind: TOS_V1
Purpose Key: LEGAL_COMPLIANCE
Data Distribution
Agreement Kind: LICENSE_V1
Purpose Key: ATTRIBUTION_ANALYTICS, MODE_TRANING
TOS or Policy:
Agreement Kind: CONSENT_V1
Purpose Key: TOS_V1
Terms Ref: ipfs link
Agreement
An agreement is something two parties decide upon, it could be in any format, from a text file to a pdf or even an image, the agreement must clearly define the terms which both parties agreed on.
Data Schema Consent
Schema Version
Not Required Explicity, Implicit Contract Versioning
Agreement Id
ID/Ref of Agreement onchain
Required
Consent Signature
Signed by supplier of consent, more on this later
Required
Supplier DID
The DID of the person providing consent
Required
This could be anything from a url, to a hash, to an internal ID of the collected Data if any data is collected
Optional, Can be used if any data is being shared
disclosed
This flag tells if the data ref is disclosed openly or if It is encrypted or authorization is required
Optional, only needed with dataref, default false, encrypted by default
validityEnd
This signifies the validity period of the consent, this can either be 0 showing no expiry or a timestamp of expiry date
Required by default 0
revocationRef
This is refrence to an external record of revocation. This could be a sperate contract or schema housing revocation data.
Optional (Revocation eligibility is governed by agreement schema)
Data Schema Agreement
Each Agreement has a id or hash of it.
Agreement Kind
Legal/Operational Frame e.g CONSENT_V1, LICENSE_V1 etc
Required
Purpose Key
How the data will be used
E.g: EMAIL_MARKETING, ATTRIBUTION_ANALYTICS, MODEL_TRAINING, ADS_PERSONALIZATION
Optional, if there is an external defined agreement and single field can't define the purpose then this field can be omited for greater terms in terms ref But this has high priority
Terms Ref
This could be a terms url, or an ipfs id where terms can be viewed or hash if terms provided offchain starts with: http, ipfs, 0x
Optional, Not required if the purpose and other fields are enough for the legal uses
Terms Hash
This would be hash of the terms so terms ref can be verified incase it is external web2 url
In case of IPFS terms this is not required, otherwise if terms are present this must exists
conditionsRef
A hash of conditions that should bet met for rewarding consent
Optional, in case of permission this is a hash of platform-verification
Counter Party DID
The DID of the party to whom consent is being provided to
Required
Revocation Eligibility
This field tells if consent once given can be revoked or not, while governing few mechanisms for revocation
Required
revokeGracePeriodSeconds
This field governs when the consent can be revoked if it is revokable
Optional (Required if revocation is set for eligibility)
Consent Signature
This will be end product signature which will be derived by the supplier using the following fields
Agreement Data
kind, purpose, termsref, conditionsref, counterpartydid
Payout Amount
Validity end
Agreement Kind (max: 32 chars)
It is the single, versioned key that states the legal/operational frame (e.g., "this record is a consent" vs "this record is a license").
e.g
CONSENT_V1 (consent for data collection/access/tracking)
LICENSE_V1 (useage rights on collected/drived data)
DATA_SHARING_CONTRACT_V1 (contract governing disclosure/transfer)
MODEL_TRAINING_LICENSE_V1 (rights to use data for model training)
USAGE_RIGHTS_V1 (generic usage rights without transfer)
TOS_V1 (terms of service acceptance)
DPA_V1 (data processing agreement, B2B controller–processor)
Purpose Key (Multi) (max: 32 chars)
It’s the controlled vocabulary key (or keys) stating the intended use(s) of the data.
MODEL_TRAINING (data will be used for model training)
REWARD_FULFILLMENT ()
LEGAL_COMPLIANCE
AD_PERSONALIZATION
PRODUCT_ANALYTICS
ATTRIBUTION_ANALYTICS
EMAIL_MARKETING
THIRD_PARTY_DISCLOSURE
RECOMMENDATIONS
PERSONALIZATION
DATA_COLLECTION
Data Ref
The purpose of data ref for Permission is to have a record of data that is used in processing. This could be hash of the data which is collected, or a url which points to the data which will be shared, or points to the web page where this data can be managed.
ConditionsRef
This will be a hash value, which use is upto the implementer. Its primary focus is to tell the conditions which should be met for the supplier before they are eligible for gaining the payout.
For Permission: Condition Ref ⇒ 'platform_verified' ⇒ hash
Once it is signed by the platform DID, a user can perform withdraws through the governing withdraw contract
ConditionsRef is an extra field which doesn't directly affect consent hence, it can be used by others as required
Revocation Eligibility
Revocation eligibility is an enumeration with the following values:
Unrevokable: Consent cannot be revoked once given.
Instantly Revokable: Consent can be revoked immediately by the user.
RevokableAfterGracePeriod: Consent can be revoked only after a specified grace period has elapsed. For this type, there will be an additional field called
revokeGracePeriodSecondsthat dictates the duration of the grace period before revocation can occur.
Questions:
When can the consent be revokable?
Supplier can only revoke consent if the agreement supports it, it could either be instantly revokable or revokable after certain grace period depending on the agreement.
Last updated