Consent receipt management systems and related methods
First Claim
Patent Images
1. A computer-implemented data processing method for managing a consent receipt under a transaction, the method comprising:
- providing a user interface for initiating a transaction between an entity and a data subject;
receiving, from a computing device associated with the data subject via the user interface, a request by the data subject to initiate a transaction between the entity and the data subject, wherein the transaction is related to the processing of one or more pieces of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction;
in response to receiving the request;
generating, by a consent receipt management system, a unique consent receipt key; and
initiating a virtual browsing session on a consent receipt capture server;
accessing a webpage hosting the user interface using a virtual browser during the virtual browsing session;
scanning the webpage to identify the user interface;
capturing the user interface in an unfilled state;
electronically storing a unique subject identifier associated with the data subject, the unique consent receipt key, a unique transaction identifier associated with the transaction, and the capture of the user interface in computer memory;
electronically associating the unique subject identifier, the unique consent receipt key, the unique transaction identifier, and the capture of the user interface;
in response to receiving the request, optionally transmitting a consent receipt to the data subject, the consent receipt comprising at least the unique subject identifier and the unique consent receipt key;
identifying one or more triggering events related to the transaction, wherein the triggering event is selected from the group consisting of;
a passage of a particular amount of time from the generation of the unique consent receipt key that was generated in response to the data subject requesting to initiate the transaction between the entity and the data subject;
one or more changes to a purpose of the processing of the one or more pieces of personal data under the transaction;
one or more changes to a privacy policy associated with the transaction; and
one or more changes to one or more rules that govern the transaction; and
automatically causing the unique consent receipt key to expire in response to identifying the one or more triggering events.
2 Assignments
0 Petitions
Accused Products
Abstract
A consent receipt management system is configured to: (1) automatically cause a prior, validly received consent to expire (e.g., in response to a triggering event); and (2) in response to causing the previously received consent to expire, automatically trigger a recapture of consent. In particular embodiments, the system may, for example, be configured to cause a prior, validly received consent to expire in response to one or more triggering events such as: (1) a passage of a particular amount of time since the system received the valid consent (e.g., a particular number of days, weeks, months, etc.); (2) one or more changes to a purpose of the data collection for which consent was received; (3) one or more changes to a privacy policy associated with the consent; (4) one or more changes to one or more rules that govern the collection or demonstration of validly received consent; etc.
950 Citations
8 Claims
-
1. A computer-implemented data processing method for managing a consent receipt under a transaction, the method comprising:
-
providing a user interface for initiating a transaction between an entity and a data subject; receiving, from a computing device associated with the data subject via the user interface, a request by the data subject to initiate a transaction between the entity and the data subject, wherein the transaction is related to the processing of one or more pieces of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction; in response to receiving the request; generating, by a consent receipt management system, a unique consent receipt key; and initiating a virtual browsing session on a consent receipt capture server; accessing a webpage hosting the user interface using a virtual browser during the virtual browsing session; scanning the webpage to identify the user interface; capturing the user interface in an unfilled state; electronically storing a unique subject identifier associated with the data subject, the unique consent receipt key, a unique transaction identifier associated with the transaction, and the capture of the user interface in computer memory; electronically associating the unique subject identifier, the unique consent receipt key, the unique transaction identifier, and the capture of the user interface; in response to receiving the request, optionally transmitting a consent receipt to the data subject, the consent receipt comprising at least the unique subject identifier and the unique consent receipt key; identifying one or more triggering events related to the transaction, wherein the triggering event is selected from the group consisting of; a passage of a particular amount of time from the generation of the unique consent receipt key that was generated in response to the data subject requesting to initiate the transaction between the entity and the data subject; one or more changes to a purpose of the processing of the one or more pieces of personal data under the transaction; one or more changes to a privacy policy associated with the transaction; and one or more changes to one or more rules that govern the transaction; and automatically causing the unique consent receipt key to expire in response to identifying the one or more triggering events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeOneTrust LLC
-
Original AssigneeOneTrust LLC
-
InventorsBarday, Kabir A., Brannon, Jonathan Blake, Beaumont, Richard A., Mannix, John
-
Primary Examiner(s)Chavis, John Q
-
Application NumberUS16/278,119Publication NumberTime in Patent Office485 DaysField of Search717101US Class CurrentCPC Class CodesG06F 15/76 Architectures of general pu...G06F 16/95 Retrieval from the webG06F 21/552 involving long-term monitor...G06F 21/577 Assessing vulnerabilities a...G06F 21/604 Tools and structures for ma...G06F 21/6245 Protecting personal data, e...G06F 21/6263 during internet communicati...G06Q 10/1053 Employment or hiringH04L 63/108 when the policy decisions a...
