Consent receipt management and automated process blocking systems and related methods

US 10,726,158 B2
Filed: 09/04/2019
Issued: 07/28/2020
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for automating processing of data of one or more data subjects, the method comprising:

providing, by one or more processors, to the one or more data subjects, a user interface for initiating a transaction between an entity and each respective data subject of the one or more data subjects;

receiving, by one or more processors, a plurality of requests to initiate a plurality of transactions, each of the plurality of transactions comprising a respective transaction between the entity and a respective data subject of the one or more data subjects;

in response to receiving each of the plurality of requests, generating, by one or more processors, a plurality of consent receipts, each of the plurality of consent receipts comprising a unique respective consent receipt key, the unique respective consent receipt key comprising an indication of consent by each of the one or more data subjects to the processing of one or more pieces of personal data;

electronically storing and associating, by one or more processors, each unique respective consent receipt key, a unique identifier for the respective data subject, and a unique transaction identifier associated with the respective transaction of the plurality of transactions in computer memory;

receiving an indication that a data system associated with the entity has processed a new piece of personal data associated with a particular data subject of the one or more data subjects as part of a particular transaction of the plurality of transactions;

in response to receiving the indication that the data system has processed the new piece of personal data, determining, based on the plurality of consent receipts, whether the particular data subject has provided the indication of consent for the processing of the new piece of personal data as part of the particular transaction;

in response to determining that the particular data subject has provided the indication of the consent, automatically processing the new piece of personal data; and

in response to determining that the particular data subject has not provided the indication of the consent, automatically taking an action selected from the group consisting of;

automatically ceasing processing of the new piece of personal data;

identifying a legal basis for processing the new piece of personal data absent the indication of the consent, and, in response to identifying the legal basis, automatically processing the new piece of personal data; and

prompting the particular data subject to provide the indication of the consent.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automated process blocking system may be configured to automatically block one or more processes based on received user consent data. For example, a particular data subject may provide consent for an entity to process particular data associated with the data subject for one or more particular purposes. The system may be configured to: (1) determine that one or more entity systems are processing one or more pieces of personal data associated with a data subject; (2) identify at least one process for which the one or more pieces of personal data are being processed; (3) determine, using a consent receipt management system, whether the data subject has provided consent for the processing of the one or more pieces of personal data for the at least one process; and (4) in response to determining that the data subject has not provided valid consent, automatically blocking the processing.

Citations

13 Claims

1. A computer-implemented data processing method for automating processing of data of one or more data subjects, the method comprising:
- providing, by one or more processors, to the one or more data subjects, a user interface for initiating a transaction between an entity and each respective data subject of the one or more data subjects;
  
  receiving, by one or more processors, a plurality of requests to initiate a plurality of transactions, each of the plurality of transactions comprising a respective transaction between the entity and a respective data subject of the one or more data subjects;
  
  in response to receiving each of the plurality of requests, generating, by one or more processors, a plurality of consent receipts, each of the plurality of consent receipts comprising a unique respective consent receipt key, the unique respective consent receipt key comprising an indication of consent by each of the one or more data subjects to the processing of one or more pieces of personal data;
  
  electronically storing and associating, by one or more processors, each unique respective consent receipt key, a unique identifier for the respective data subject, and a unique transaction identifier associated with the respective transaction of the plurality of transactions in computer memory;
  
  receiving an indication that a data system associated with the entity has processed a new piece of personal data associated with a particular data subject of the one or more data subjects as part of a particular transaction of the plurality of transactions;
  
  in response to receiving the indication that the data system has processed the new piece of personal data, determining, based on the plurality of consent receipts, whether the particular data subject has provided the indication of consent for the processing of the new piece of personal data as part of the particular transaction;
  
  in response to determining that the particular data subject has provided the indication of the consent, automatically processing the new piece of personal data; and
  
  in response to determining that the particular data subject has not provided the indication of the consent, automatically taking an action selected from the group consisting of;
  
  automatically ceasing processing of the new piece of personal data;
  
  identifying a legal basis for processing the new piece of personal data absent the indication of the consent, and, in response to identifying the legal basis, automatically processing the new piece of personal data; and
  
  prompting the particular data subject to provide the indication of the consent.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented data processing method of claim 1, the method further comprising, in response to determining that the particular data subject has not provided the indication of the consent:
    - determining the legal basis for processing the new piece of personal data absent the indication of the consent; and
      
      in response to determining the legal basis for the processing, automatically processing the new piece of personal data.
  - 3. The computer-implemented data processing method of claim 1, the method further comprising:
    - determining a risk level of processing the new piece of personal data; and
      
      automatically processing the new piece of personal data in response to determining that the risk level is below a particular level.
  - 4. The computer-implemented data processing method of claim 3, the method further comprising automatically ceasing processing the new piece of personal data in response to determining that the risk level is above a particular level.
  - 5. The computer-implemented data processing method of claim 1, wherein automatically taking the action comprises automatically ceasing processing of the new piece of personal data.

6. A consent receipt management and automated process blocking system comprising:
- one or more processors; and
  
  computer memory that stores one or more consent records associated with a unique subject identifier, each of the one or more consent records being associated with a respective transaction of a plurality of transactions involving a respective data subject and an entity, wherein the consent receipt management and automated process blocking system is configured for;
  
  receiving an indication that one or more computer systems are attempting to process one or more pieces of personal data associated with a data subject;
  
  determining a purpose of processing the one or more pieces of personal data;
  
  accessing the one or more consent records;
  
  determining, based at least in part on the purpose of the processing and the one or more consent records, whether the data subject has provided valid consent to the processing of the one or more pieces of personal data for the purpose;
  
  in response to determining that the data subject has provided the valid consent, automatically processing the one or more pieces of personal data for the purpose;
  
  in response to determining that the data subject has not provided the valid consent, at least temporarily blocking the processing of the one or more pieces of personal data;
  
  providing, by the one or more processors, to one or more data subjects, a user interface for initiating a transaction between the entity and each respective data subject of the one or more data subjects;
  
  receiving, by the one or more processors, a plurality of requests to initiate the plurality of transactions, each of the plurality of transactions comprising the respective transaction between the entity and a respective data subject of the one or more data subjects;
  
  in response to receiving each of the plurality of requests, generating, by the one or more processors, a plurality of consent receipts, each of the plurality of consent receipts comprising a unique respective consent receipt key, the unique respective consent receipt key comprising an indication of consent by each of the one or more data subjects to the processing of the one or more pieces of personal data;
  
  electronically storing and associating, by the one or more processors, each unique respective consent receipt key, a unique identifier for the respective data subject of the one or more data subjects, and a unique transaction identifier associated with the respective transaction of the plurality of transactions in computer memory;
  
  receiving an indication that a data system associated with the entity has processed a new piece of personal data associated with a particular data subject of the one or more data subjects as part of a particular transaction of the plurality of transactions;
  
  in response to receiving the indication that the data system has processed the new piece of personal data, determining, based on the plurality of consent receipts, whether the particular data subject has provided the indication of consent for the processing of the new piece of personal data as part of the particular transaction;
  
  in response to determining that the particular data subject has provided the indication of the consent, automatically processing the new piece of personal data; and
  
  in response to determining that the particular data subject has not provided the indication of the consent, automatically taking an action selected from the group consisting of;
  
  automatically ceasing processing of the new piece of personal data;
  
  identifying a legal basis for processing the new piece of personal data absent the indication of the consent, and, in response to identifying the legal basis, automatically processing the new piece of personal data; and
  
  prompting the particular data subject to provide the indication of the consent.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The consent receipt management and automated process blocking system of claim 6, wherein the system is further configured for:
    - in response to determining that the particular data subject has not provided the valid consent, identifying the legal basis for processing the one or more pieces of personal data for the purpose; and
      
      in response to identifying the legal basis, automatically processing the one or more pieces of personal data for the purpose.
  - 8. The consent receipt management and automated process blocking system of claim 6, wherein the system is further configured for, in response to determining that the particular data subject has not provided the valid consent, prompting the particular data subject to provide the valid consent.
  - 9. The consent receipt management and automated process blocking system of claim 6, wherein the system is further configured for, in response to determining that the particular data subject has not provided the valid consent:
    - determining a risk level for processing the one or more pieces of personal data for the purpose absent the valid consent; and
      
      in response to determining that the risk level is below a threshold risk level, automatically processing the one or more pieces of personal data for the purpose without the valid consent.
  - 10. The consent receipt management and automated process blocking system of claim 6, wherein the system is further configured for:
    - enabling the particular data subject to withdraw the valid consent for the purpose;
      
      receiving, from the particular data subject, a request to withdraw the valid consent for the purpose; and
      
      in response to receiving the request to withdraw the valid consent for the purpose, modifying the one or more consent records to store an indication of the withdrawn valid consent.
  - 11. The consent receipt management and automated process blocking system of claim 10, wherein the system is further configured for:
    - receiving the indication that one or more computer systems are attempting to process the one or more pieces of personal data associated with the particular data subject for the purpose;
      
      in response to receiving the indication that one or more computer systems are attempting to process the one or more pieces of personal data associated with the particular data subject, determining, based on the one or more consent records, whether the particular data subject has withdrawn the valid consent for the purpose; and
      
      in response to determining that the particular data subject has withdrawn the valid consent for the purpose, at least temporarily blocking the processing of the one or more pieces of personal data.
  - 12. The consent receipt management and automated process blocking system of claim 11, wherein the system is further configured for, in response to determining that the particular data subject has withdrawn the valid consent for the purpose, prompting the particular data subject to re-consent to the processing of the one or more pieces of personal data for the purpose.
  - 13. The consent receipt management and automated process blocking system of claim 12, wherein the system is further configured for:
    - in response to prompting the particular data subject to re-consent to the processing of the one or more pieces of personal data for the purpose, receiving an indication that the particular data subject has reconsented to the processing of the one or more pieces of personal data for the purpose; and
      
      in response to receiving the indication that the particular data subject has reconsented to the processing of the one or more pieces of personal data for the purpose, automatically processing the one or more pieces of personal data for the purpose.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Brannon, Jonathan Blake, Hill, Casey, Jones, Kevin, Beaumont, Richard A.
Primary Examiner(s)
Plecha, Thaddeus J

Application Number

US16/560,963
Publication Number

US 20200004988A1
Time in Patent Office

328 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/901   Indexing; Data structures t...

G06F 16/904   Browsing; Visualisation the...

G06F 21/32   using biometric data, e.g. ...

G06F 21/60   Protecting data

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

Consent receipt management and automated process blocking systems and related methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Consent receipt management and automated process blocking systems and related methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links