Consent receipt management systems and related methods

US 10,440,062 B2
Filed: 02/15/2019
Issued: 10/08/2019
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for managing a consent receipt under a transaction, the method comprising:

providing a user interface for initiating a transaction between an entity and a data subject;

receiving, from a computing device associated with the data subject via the user interface, a request to initiate a transaction between the entity and the data subject;

in response to receiving the request;

generating, by a consent receipt management system, a unique consent receipt key; and

initiating a virtual browsing session on a consent receipt capture server;

accessing a webpage hosting the user interface using a virtual browser during the virtual browsing session;

scanning the webpage to identify the user interface;

capturing the user interface in an unfilled state;

electronically storing, in computer memory;

(1) a unique subject identifier associated with the data subject, (2) the unique consent receipt key, (3) a unique transaction identifier associated with the transaction, and (4) the capture of the user interface;

electronically associating the unique subject identifier, the unique consent receipt key, the unique transaction identifier, and the capture of the user interface;

in response to receiving the request, transmitting a consent receipt to the data subject, the consent receipt comprising at least the unique subject identifier and the unique consent receipt key;

providing a consent receipt management portal; and

displaying, to the data subject, via the consent receipt management portal, the transmitted consent receipt.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A consent receipt management system may, for example, be configured to track data on behalf of an entity that collects and/or processes persona data related to: (1) who consented to the processing or collection of personal data; (2) when the consent was given (e.g., a date and time); (3) what information was provided to the consenter at the time of consent (e.g., a privacy policy, what personal data would be collected following the provision of the consent, for what purpose that personal data would be collected, etc.); (4) how consent was received (e.g., one or more copies of a data capture form, webform, etc. via which consent was provided by the consenter); (5) when consent was withdrawn (e.g., a date and time of consent withdrawal if the consenter withdraws consent); and/or (6) any other suitable data related to receipt or withdrawal of consent.

610 Citations

20 Claims

1. A computer-implemented data processing method for managing a consent receipt under a transaction, the method comprising:
- providing a user interface for initiating a transaction between an entity and a data subject;
  
  receiving, from a computing device associated with the data subject via the user interface, a request to initiate a transaction between the entity and the data subject;
  
  in response to receiving the request;
  
  generating, by a consent receipt management system, a unique consent receipt key; and
  
  initiating a virtual browsing session on a consent receipt capture server;
  
  accessing a webpage hosting the user interface using a virtual browser during the virtual browsing session;
  
  scanning the webpage to identify the user interface;
  
  capturing the user interface in an unfilled state;
  
  electronically storing, in computer memory;
  
  (1) a unique subject identifier associated with the data subject, (2) the unique consent receipt key, (3) a unique transaction identifier associated with the transaction, and (4) the capture of the user interface;
  
  electronically associating the unique subject identifier, the unique consent receipt key, the unique transaction identifier, and the capture of the user interface;
  
  in response to receiving the request, transmitting a consent receipt to the data subject, the consent receipt comprising at least the unique subject identifier and the unique consent receipt key;
  
  providing a consent receipt management portal; and
  
  displaying, to the data subject, via the consent receipt management portal, the transmitted consent receipt.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented data processing method of claim 1, wherein:
    - the transaction comprises processing, by the entity, one or more pieces of personal data associated with the data subject; and
      
      the user interface displays information identifying the one or more pieces of personal data.
  - 3. The computer-implemented data processing method of claim 2, wherein the consent receipt comprises a mechanism for the data subject to withdraw consent for the entity to process the one or more pieces of personal data.
  - 4. The computer-implemented data processing method of claim 3, wherein the mechanism comprises a hyperlink in the consent receipt transmitted to the data subject.
  - 5. The computer-implemented data processing method of claim 1, further comprising:
    - identifying one or more privacy notices associated with the transaction; and
      
      associating the one or more privacy notices with the consent receipt.
  - 6. The computer-implemented data processing method of claim 1, wherein the capture of the user interface comprises one or more screen shots.
  - 7. The computer-implemented data processing method of claim 1, wherein the capture of the user interface comprises one or more pieces of computer code associated with the user interface.

8. A computer-implemented data processing method for managing a consent receipt under a transaction, the method comprising:
- providing a user interface for initiating a transaction between an entity and a data subject;
  
  receiving a request to initiate a transaction between the entity and the data subject;
  
  in response to the request, generating, by a third party consent receipt management system, a unique consent receipt key;
  
  receiving, from the data subject, a unique subject identifier;
  
  receiving, at a third party data repository server, an indication that a piece of personal data has been processed for the data subject as part of the transaction;
  
  in response to receiving the indication, electronically storing, on the third party data repository server, a copy of the piece of personal data and the unique subject identifier;
  
  electronically associating the copy of the piece of personal data and the unique subject identifier on the third party data repository server;
  
  electronically storing, in computer memory, the unique subject identifier, the unique consent receipt key, and a unique transaction identifier associated with the transaction;
  
  electronically associating the unique subject identifier, the unique consent receipt key, and the unique transaction identifier;
  
  in response to receiving the request, transmitting a consent receipt to the data subject, the consent receipt comprising at least the unique subject identifier and the unique consent receipt key;
  
  providing a consent receipt management portal; and
  
  displaying, to the data subject, via the consent receipt management portal, the transmitted consent receipt.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The computer-implemented data processing method of claim 8, the method further comprising:
    - in response to receiving the request to initiate the transaction between the entity and the data subject;
      
      initiating a virtual browsing session on a consent receipt capture server;
      
      accessing a webpage hosting the user interface using a virtual browser during the virtual browsing session;
      
      scanning the webpage to identify the user interface; and
      
      capturing the user interface; and
      
      electronically associating the unique subject identifier, the unique consent receipt key, the unique transaction identifier, and the captured user interface.
  - 10. The computer-implemented data processing method of claim 9, wherein:
    - the transaction comprises processing, by the entity, one or more pieces of personal data associated with the data subject; and
      
      the user interface displays information identifying the one or more pieces of personal data.
  - 11. The computer-implemented data processing method of claim 10, wherein the consent receipt comprises a mechanism for the data subject to withdraw consent for the entity to process the one or more pieces of personal data.
  - 12. The computer-implemented data processing method of claim 11, wherein the mechanism comprises a hyperlink in a consent receipt transmitted to the data subject.
  - 13. The computer-implemented data processing method of claim 9, further comprising:
    - providing a user interface for creating a new transaction;
      
      receiving a request to create a new transaction, the request comprising one or more transaction definitions; and
      
      in response to receiving the request, generating a piece of computer code associated with the new transaction for placement in a location in which consent from a data subject will be requested as part of the new transaction.
  - 14. The computer-implemented data processing method of claim 13, wherein the one or more transaction definitions are selected from the group consisting of:
    - (1) a unique transaction identifier associated with the new transaction;
      
      (2) an identity of one or more controllers of the entity that is engaging in the transaction with the data subject;
      
      (3) one or more links to a privacy policy associated with the transaction;
      
      (4) a listing of one or more data types for which consent to process will be provided;
      
      (5) one or more methods used to collect data for which consent to process will be provided;
      
      (6) a description of a service provided as part of the transaction;
      
      (7) one or more purposes of the processing;
      
      (8) a jurisdiction associated with the transaction; and
      
      (9) a legal basis for the collection of personal data as part of the transaction.
  - 15. The computer-implemented data processing method of claim 13, wherein the one or more transaction definitions comprise a listing of one or more data types for which consent to process will be provided.
  - 16. The computer-implemented data processing method of claim 13, wherein the one or more transaction definitions comprise one or more methods used to collect data for which consent to process will be provided.
  - 17. The computer-implemented data processing method of claim 13, wherein the one or more transaction definitions comprise a description of a service provided as part of the transaction.

18. A computer-implemented data processing method for managing a consent receipt under a transaction, the method comprising:
- providing a user interface for initiating a transaction between an entity and a data subject;
  
  receiving a request to initiate a transaction between the entity and the data subject;
  
  in response to the request;
  
  initiating the transaction; and
  
  generating, using one or more consent receipt generation means, a unique consent receipt key;
  
  receiving, from the data subject, a unique subject identifier;
  
  electronically storing, in computer memory using one or more electronic storage means, the unique subject identifier, the unique consent receipt key, and a unique transaction identifier associated with the transaction;
  
  electronically associating the unique subject identifier, the unique consent receipt key, and the unique transaction identifier;
  
  in response to receiving the request, transmitting a consent receipt to the data subject, the consent receipt comprising at least the unique subject identifier and the unique consent receipt key, wherein;
  
  the transaction is a first transaction; and
  
  the computer-implemented data processing method further comprises;
  
  providing a user interface for creating a new transaction;
  
  receiving a request to create the new transaction, the request comprising one or more transaction definitions with a unique transaction identifier associated with the new transaction; and
  
  in response to receiving the request, using one or more computer code generation means to generate a piece of computer code, associated with the new transaction, for placement in a location in which consent from a data subject will be requested as part of the new transaction.
- View Dependent Claims (19, 20)
- - 19. The computer-implemented data processing method of claim 18, further comprising:
    - providing a consent receipt management portal using one or more consent receipt portal provision means;
      
      displaying, to the data subject, via the consent receipt management portal, each of one or more consent receipts provided by the data subject; and
      
      providing one or more consent modification means via the consent receipt management portal.
  - 20. The computer-implemented data processing method of claim 18, wherein the new transaction is the first transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Brannon, Jonathan Blake, Beaumont, Richard A., Mannix, John
Primary Examiner(s)
Deng, Anna C

Application Number

US16/277,568
Publication Number

US 20190215344A1
Time in Patent Office

235 Days
Field of Search

717101
US Class Current
CPC Class Codes

H04L 63/0245   Filtering by information in...

H04L 63/0407   wherein the identity of one...

H04L 63/0414   during transmission, i.e. p...

H04L 63/10   for controlling access to d...

H04L 63/205   involving negotiation or de...

H04L 67/02   based on web technology, e....

H04L 67/535   Tracking the activity of th...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04W 12/02   Protecting privacy or anony...

Consent receipt management systems and related methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

610 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Consent receipt management systems and related methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

610 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links