Consent receipt management systems and related methods
First Claim
1. A computer-implemented data processing method for managing a consent receipt under a transaction, the method comprising:
- providing a user interface for initiating a transaction between an entity and a data subject;
receiving, from a computing device associated with the data subject via the user interface, a request by the data subject to initiate a transaction between the entity and the data subject, wherein the transaction is related to the processing of one or more pieces of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction;
in response to receiving the request;
generating, by a consent receipt management system, a unique consent receipt key; and
initiating a virtual browsing session on a consent receipt capture server;
accessing a webpage hosting the user interface using a virtual browser during the virtual browsing session;
scanning the webpage to identify the user interface;
capturing the user interface in an unfilled state;
electronically storing a unique subject identifier associated with the data subject, the unique consent receipt key, a unique transaction identifier associated with the transaction, and the capture of the user interface in computer memory;
electronically associating the unique subject identifier, the unique consent receipt key, the unique transaction identifier, and the capture of the user interface;
in response to receiving the request, optionally transmitting a consent receipt to the data subject, the consent receipt comprising at least the unique subject identifier and the unique consent receipt key;
identifying one or more triggering events related to the transaction, wherein the triggering event is selected from the group consisting of;
a passage of a particular amount of time from the generation of the unique consent receipt key that was generated in response to the data subject requesting to initiate the transaction between the entity and the data subject;
one or more changes to a purpose of the processing of the one or more pieces of personal data under the transaction;
one or more changes to a privacy policy associated with the transaction; and
one or more changes to one or more rules that govern the transaction; and
automatically causing the unique consent receipt key to expire in response to identifying the one or more triggering events.
2 Assignments
0 Petitions
Accused Products
Abstract
A consent receipt management system is configured to: (1) automatically cause a prior, validly received consent to expire (e.g., in response to a triggering event); and (2) in response to causing the previously received consent to expire, automatically trigger a recapture of consent. In particular embodiments, the system may, for example, be configured to cause a prior, validly received consent to expire in response to one or more triggering events such as: (1) a passage of a particular amount of time since the system received the valid consent (e.g., a particular number of days, weeks, months, etc.); (2) one or more changes to a purpose of the data collection for which consent was received; (3) one or more changes to a privacy policy associated with the consent; (4) one or more changes to one or more rules that govern the collection or demonstration of validly received consent; etc.
950 Citations
8 Claims
-
1. A computer-implemented data processing method for managing a consent receipt under a transaction, the method comprising:
-
providing a user interface for initiating a transaction between an entity and a data subject; receiving, from a computing device associated with the data subject via the user interface, a request by the data subject to initiate a transaction between the entity and the data subject, wherein the transaction is related to the processing of one or more pieces of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction; in response to receiving the request; generating, by a consent receipt management system, a unique consent receipt key; and initiating a virtual browsing session on a consent receipt capture server; accessing a webpage hosting the user interface using a virtual browser during the virtual browsing session; scanning the webpage to identify the user interface; capturing the user interface in an unfilled state; electronically storing a unique subject identifier associated with the data subject, the unique consent receipt key, a unique transaction identifier associated with the transaction, and the capture of the user interface in computer memory; electronically associating the unique subject identifier, the unique consent receipt key, the unique transaction identifier, and the capture of the user interface; in response to receiving the request, optionally transmitting a consent receipt to the data subject, the consent receipt comprising at least the unique subject identifier and the unique consent receipt key; identifying one or more triggering events related to the transaction, wherein the triggering event is selected from the group consisting of; a passage of a particular amount of time from the generation of the unique consent receipt key that was generated in response to the data subject requesting to initiate the transaction between the entity and the data subject; one or more changes to a purpose of the processing of the one or more pieces of personal data under the transaction; one or more changes to a privacy policy associated with the transaction; and one or more changes to one or more rules that govern the transaction; and automatically causing the unique consent receipt key to expire in response to identifying the one or more triggering events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification