[go: up one dir, main page]

IE20190191A1 - Digital user consent preferences and control - Google Patents

Digital user consent preferences and control Download PDF

Info

Publication number
IE20190191A1
IE20190191A1 IE20190191A IE20190191A IE20190191A1 IE 20190191 A1 IE20190191 A1 IE 20190191A1 IE 20190191 A IE20190191 A IE 20190191A IE 20190191 A IE20190191 A IE 20190191A IE 20190191 A1 IE20190191 A1 IE 20190191A1
Authority
IE
Ireland
Prior art keywords
consent
user
data
personal data
preferences
Prior art date
Application number
IE20190191A
Inventor
Finnerty Emma
Davies Martin
Original Assignee
Finnerty Emma
Davies Martin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Finnerty Emma, Davies Martin filed Critical Finnerty Emma
Priority to IE20190191A priority Critical patent/IE20190191A1/en
Publication of IE20190191A1 publication Critical patent/IE20190191A1/en

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides users of the internet with a method to define their personal data consent preferences in one location that can then be used by all websites (or mobile applications or data controllers) that the user subsequently visits. This invention will remove the need for a user to define their personal data consent preferences every time they visit a new website (or mobile application). This invention also includes a method to keep a record of what personal data consent preferences a user has defined for each website visited, which is timestamped and digitally signed, and a method to easily change these personal data consent preferences for one or more websites, as desired by the user. <Figure 2>

Description

Title Digital User Consent Preferences and Control.
Field of the Invention The present invention relates to a digital user consent preferences system and application.
Background to the Invention
[0003] When a user is browsing the internet, many websites (or mobile applications or data controllers) will ask permission of the user to process the user’s personal data. The user may define their personal data consent preferences on the website (or mobile application), giving each individual website (or mobile application or data controller) permission to process or not to process their personal data.
[0004] In many cases, the websites (or mobile applications or data controllers), will ask consent of the user to process the user’s personal data each time the user visits the website (or mobile application).
[0005] In some cases, the user may define their personal data consent preferences (or consent) as to how the website (or mobile application or data controller) can process their data, and within the session, the user may be re-directed to a different website (or mobile 20 application or data controller) which may also ask consent of the user to process the users personal data.
[0006] In many instances, there is a set of common purposes that websites (or mobile applications or data controllers) request personal data consent preferences from users who visit their web address (or mobile application).
[0007] Users of the internet must repeatedly advise many websites (or mobile applications or data controllers) on how the website (or mobile application or data controller) can process their personal data and there is no consistency across websites (or mobile applications or data controllers) on how the personal data consent preference options are presented.
[0008] As a consequence of these requests for consent to use a user’s personal data (driven mainly by privacy legislation, e.g. GDPR) the user experience of the internet has deteriorated.
[0009] As a user browses the internet, and provides personal data consent options to websites (or mobile applications or data controllers), there is no automated method of remembering what personal data consent preferences a user has given to what website 11/11/2019 (or mobile applications or data controller). The user can only fully avail of the ‘right to be forgotten’ as set out in the GDPR legislation if they can remember what websites (or mobile applications or data controllers) have permission to use their personal data in the first place.
[0009] There is no simple automated functionality for a user to request to be forgotten from one or more websites (or mobile applications or data controllers)
[0010] Also, as the user applies different personal data consent preferences to different websites (or mobile applications or data controllers), there is no automated method of remembering what personal data the user has given websites (or mobile applications or 10 data controllers) consent to use, and there is no automated simple method of exchanging or changing those personal data consent preferences.
[0011] There is no automated functionality for a user to request a Data Subject Access Request (DSAR) from one or more websites (or mobile applications or data controllers) [0012] From a Data Controller point of view, where the data controller is a small company 15 with limited resources, keeping track of the user’s personal data consent preferences over time could become very expensive and onerous.
THE SOLUTION / SUMMARY OF THE INVENTION
[0013] The present invention seeks to provide a solution to these problems by providing a 20 system, methods and functionality that would allow a user of the internet to specify, manage and edit their personal data and/or sensitive personal data consent preferences for one or more websites (or mobile applications or data controllers) in a secure location; and these personal data consent preferences can be sent to or accessed by websites (or mobile applications or data controllers) that the user accesses, and remove/reduce the 25 need for the websites (or mobile applications or data controllers) using their own functions and/or methods to ask for user consent.
[0014] Furthermore, the processing tool that enables a user of the internet to specify, manage and edit their personal data consent preferences, can be linked to the user, regardless of what type of digital processor they are using. This would mean that the user 30 does not need to redefine their personal data consent preferences for each device they use to browse the internet.
[0015] The present invention supports the user to exercise their right to be forgotten, in line with GDPR guidelines, as it provides a method to keep a record of what companies a user has given their data to in the first place, and a function to help the user put a request 35 into a website (or mobile application or Data Controller) to be forgotten.
[0016] Another aspect of this invention is that it provides functionality to the user to place a request into any website (or mobile applications or data controllers) asking them for a data subject access request (DSAR) as is the users right in line with the GDPR regulation 11/11/2019 in Europe and CCPA regulation in America.
[0017] This invention introduces an industry wide standardised language and method of managing users personal data consent preferences and removes ambiguity for the processing of Personal Information (PI) for both online users and data controllers, because all online interfaces (or data controllers) will receive a standardised set of data for a user’s personal data consent preferences, and all users will use the same language and options through the invention interface. Included within this standardisation is the Consent Master Log (the CML), which is a standardised list of the personal data consent preference options that are available to users to define their consent options, and the Consent History Log (the CHL), both of which are timestamped and digitally signed, the latter being a standardised list of every instance of the personal data consent preferences that a user has given to every website (or mobile application or data controller).
[0018] The invention provides a function to allow a data controller to retrospectively request one or more instances of one or more users personal data consent preferences at a given point and time. This request can be processed for one or more users associated with the data controllers online system, or for an anonymised dataset of a wider user group, giving additional support to data controllers to help them implement the GDPR regulation (or other similar data privacy regulation), and analytical information on their user preferences compared to peers.
Statement of Invention
[0019] Part 1 - There is a system with a user interface that has a list of personal information types and a list of purposes that these personal information types might be used for by websites (or mobile applications or data controllers) and a list of geographical locations that the users personal data might be sent to. This may be referred to as a Consent Master Log (CML). There is a function on the user interface that allows the user define: a) what personal information types they would allow websites (or mobile applications or data controllers) to use; b) what purposes they would allow websites (or mobile applications or data controllers) to use and c) what geographical locations they would like their data to be used in. These settings that the user can define are referred to in this document as ‘general settings’, and are default settings that can apply to any websites (or mobile applications) they visit.
[0020] Part 2 - In addition to the general settings mentioned in Part 1 above, the user can 35 also apply ‘specific settings’ that would apply to any specific websites (or mobile applications or data controllers). In this part, there is a function on the user interface that allows the user define a) what personal information types they would allow websites (or 11/11/2019 mobile applications or data controllers) to use; b) what purposes they would allow websites (or mobile applications or data controllers) to use; c) what geographical locations they would like their data to be used in and d) the web address of the specific website (or mobile application) the user wishes these settings to apply to.
[0021] Part 3 - There is a function on the user interface that would allow the user amend, save or delete any of the users defined personal data consent preferences for personal information types, geographical locations and purposes. There is a method to timestamp and digitally sign and save all the users defined preferences for personal information types, geographical locations and purposes. This will be saved into a log, which may be referred to as a Consent History Log (CHL), with a new instance of the CHL created every time the users preferences is amended in anyway, and an updated instance of the users personal data consent preferences list (i.e. the Consent Master Log (CML)) is transmitted to the corresponding Data Controller, to evidence the modifications to the personal data consent preferences.
[0022] Part 4 - There is a method of pushing or pulling a user’s defined preferences for personal information types, geographical locations and purposes that can be read by all websites (or mobile applications or data controllers).
[0023] Part 5 - There is a method whereby the embodiment of this system can identify if a website (or mobile application or data controller) is requesting an additional personal data consent preference from the user, that is not already listed in the Consent Master Log (CML), and in this scenario, there is a function to dynamically update the Consent Master Log (CML) to include this new option, and to ask the user define what is their personal data consent preferences for this new piece of personal data.
[0024] Part 6 - There is functionality available in the system that allows the user submit additional personal data requests to one or more websites (or mobile applications or data controllers) regarding the usage of the user’s personal data. This includes submitting DSARs, exercising the right to be forgotten, and a method of storing these requests in a time-stamped and digitally-signed format for future reference.
Brief description of the drawings Figure 1. Logic Flow: User sets their personal data consent preferences using proposed system.
Figure 2. Logic Flow: Website interaction with system, triggered when the user opens a webpage.
Figure 3. Execution System Components for Stage 1 - Applying Consent Preferences Figure 4. Execution System (part b - user interaction with other websites) Figure 5. Functions and methods of user interface display1 Figure 6. Functions and methods of user interface display2 Figure 7. Functions and methods of user interface display3 Figure 8. Functions and methods of user interface display4 Figure 9. Functions and methods of user interface display 5 Figure 10. Sample Certification Authority Structure for digitally signing code, Consent Master List (CML) and Consent History Logs (CHL) etc 11/11/2019 Detailed description MOST IMPORTANT PREFERRED ASPECTS
[0025] Preferably, the system which allows the user define their preferences is an application (mobile app), but other methods (i.e. website or embedded into operating software) could be used as an alternative.
[0026] Preferably, the user interface is intuitive for the user to define their personal data consent preferences, such as a visual map aid to help the user define where they would allow their personal data be sent to/shared with; and a method that would allow the user select and ‘drag’ their data preferences, for each data field, into a ‘red’ area to indicate no consent given or into a ‘green’ area to indicate that consent is given.
[0027] Preferably, once the user had defined their personal data consent preferences, websites (or mobile applications or data controllers) can read these preferences as the user browses, and without any interruption required to the user.
[0028] Preferably, a user can get a report at any time giving the user a breakdown of what sites they visited, what sites used their pre-defined personal data consent preferences, 25 and which preferences were used for what purposes, and what sites used their own methods of getting the users personal data consent preferences, and what sites did not request any personal data consent.
[0029] Preferably, when a user clicks into a website (or mobile application), there is a visual indication immediately that tells the user whether the website (or mobile application or data controller) is using their personal data consent preferences or not. This could be in the form of a logo, similar to the system the user has defined their preferences in.
[0030] In other embodiments, websites (or mobile applications or data controllers) can also use this system to confirm that the user is not a robot, removing the need for a user to enter random generated information to confirm they are not a robot.
[0031] In another embodiment, this invention may be expanded on and used as a method for data controllers to request data directly from the user and bypass third party data brokers. 11/11/2019
[0032] Preferably over time, this invention can be used for more than just the user visiting websites (or mobile applications). In a different embodiment, the user could have their preferences set on a card with pin and chip (or biological security) that could be presented during a transaction payment, or in an office. This could then be interpreted and used by a data controller, saving time for the user in filling out forms.
[0033] It should be appreciated that all combinations of the foregoing concepts and additional concepts discussed in greater detail below (provided such concepts are not mutually inconsistent) are contemplated as being part of the inventive subject matter disclosed herein. In particular, all combinations of claimed subject matter appearing at the end of this disclosure are contemplated as being part of the inventive subject matter disclosed herein. It should also be appreciated that terminology explicitly employed herein that also may appear in any disclosure incorporated by reference should be accorded a meaning most consistent with the particular concepts disclosed herein.
[0034] Other systems, processes and features will become apparent to those skilled in the art upon examination of the following diagrams and detailed description. It is intended that all such additional systems, processes and features included within this description, be within the scope of the present invention, and be protected by the accompanying claims. DETAILED DESCRIPTION
[0035] The following disclosure relates to processes, embodiments, system, methods and functions that will enable a simplified method for users to define their digital personal data consent preferences for all websites (or mobile applications or data controllers) to use. [0036] Various examples of the disclosure are described in detail below. While specific implementations are described, it should be understood that this is done for illustration purposes only. Other components and configurations may be used without parting from the spirit and the scope of the disclosure. When specific method examples are discussed, the various steps of the method examples can be implemented in different orders, combinations or permutations, including additional steps, or excluding specific steps.
[0037] Figure 1 and Figure 2 represent two distinct independent process flow elements of the invention, which combined, demonstrates the end to end process flow of the invention. There is a natural split of these 2 process flows because Figure 1 is a process flow of the user defining their personal data consent preferences, and Figure 2 is a process flow of a website (or mobile application) being visited by the user and how the website (or mobile application or data controller) will collect the users personal data consent preferences as defined in the process followed in figure 1.
[0038] The following steps in figure 1, from [100] to [104] describes the process flow of stage 1 of the invention.
[0039] In step 100 the user downloads the app or system that offers a facility for the user 11/11/2019 to define their personal data consent preferences. In a preferred embodiment, the system is a mobile application (app), but it could also be presented in another form, such as a website that they log onto, or a component embedded onto their personal device for use. [0040] 101 is the process of the user logging into the system. If the user is accessing the system for the first time, they will be presented with an option to register, or logon, or create a unique reference consent ID, and the system will generate a unique user consent ID for that user. In another embodiment, the system will automatically recognise a new user (perhaps through biometric information such as voice or fingerprint), and create a registration on their behalf. If the user had already registered, they will use the system functionality to log in. In another embodiment, the system will recognise the user through biometric information, and there will be no need for the user to physically log in.
[0041] Step 102 gives the user the capability to define or edit or delete their personal data consent preferences via a user interface, and to specify if these settings are for general use, as general settings, or if they are for a specific website (or mobile application or data controller), as specific settings. In each of these instances, the personal data consent preferences can consist of any chosen variation (within the limits of the system) that the user wishes.
[0042] The user interface referred to in step 102 above provides a list of personal information data types that a website (or mobile application or data controller) might use, a list of uses for the personal information data types that a website (or mobile application or data controller) might apply, and a list of geographical locations that personal data could be sent to by a website. These are the options the user can choose from to define their personal data consentpreferences. In another embodiment, the interface may use images or icons that represent the same data sets. In another embodiment, the system may verbally provide the list of choices available to the user to define their personal data consent preferences.
[0043] In another embodiment of 102, the user might define and edit their personal data consent preferences in another manner, such as verbally, via voice recognition embedded in the system.
[0044] In another embodiment of 102, Artificial Intelligence (Al), Machine Learning (ML), or other suitable means may also be used in order to update the CML list, based on preexisting CML answers, and/or in combination with the CHL. However, the user always gets the final choice, thereby control is never relinquished from the Data Owner.
[0045] In step 103 the user saves their personal data consent preferences which can be shared with and used by any website (or mobile application or data controller), or a specific website (or mobile application or data controller) where defined by the user. When the user saves their personal data consent preferences, the detail will be saved to a secure database. The user saves their personal data consent preferences using a button 11/11/2019 function or in another manner, such as verbally, via voice recognition embedded in the system.
[00464] In step 104, the system will time-stamp and digitally-sign the user’s general and/or specific settings and link them to a unique user reference.
[0047] The following steps in Figure 2, from 201 to 208, describes the process flow of stage 2 of the invention. These steps are of most relevance if the user has completed stage 1 of the process as set out in steps 100 to 104.
[0048] In step 201 the user navigates into a website (or mobile application)p on their computer/mobile device.
[0049] Step 202, is decision logic performed by, or on behalf of, the website (or mobile application) that the user has visited. In this step, the website (or mobile application) which the user is visiting needs to know if it requires user data for any purpose (including required for functioning of website (or mobile application or data controller), analytics or advertising.
IF
[0050] The website (or mobile application or data controller) wants to use the users personal data THEN
[0051] Step 204, is decision logic performed by, or on behalf of, the website (or mobile application or data controller) that the user has visited, whereby the website (or mobile application or data controller) needs to identify if the user has already defined their personal data consent preferences. To check this, the website (or mobile application or data controller) may identify a tag on the user device, pull a unique reference code from that if it exists, and then validate this against a secure database. The personal data consent preferences may be linked to the tag, or saved in the device memory or saved in the secure database.
IF
[0052] The user has saved predefined general settings or specific settings for the website/mobile app session which the user is now visiting THEN
[0053] In step 205, the website (or mobile application) pulls the user’s personal data consent preferences (either from mobile device memory, or a secure database, or from a tag), for use in the current session, (note: This can also be pushed from the mobile app of this invention)
[0054] In another embodiment, the website (or mobile application or data controller) may first share the data they want to process with the system via the secure database or other means, and then may only receive relevant personal data consent preferences based on the datasets they want to process 11/11/2019
[0055] Any websites (or mobile applications or data controllers) that use the pre-defined personal data consent preferences will be recorded/stored (along with time stamped and digitally signed personal data consent preferences set at that time) for future reference by the user/data controller, and will enable the user directly link back to the company to revoke those preferences if desired.
ELSE
[0056] In step 207, the mobile app identifies that a new persona data consent preference has been requested, and notifies this to the user. This new piece of data can be dynamically added to the personal data consent preferences master log of the mobile app.
[0057] In step 208, the mobile app then gives the user an opportunity to define their personal data consent preferences for this new piece of information. The user’s personal data consent preferences are then saved to the Consent Master Log (CML) and timestamped and digitally signed.
END IF ELSE
[0058] In step 203, the user browses the website (ormobile application), and no personal user information should be used for the duration of that website (ormobile application) session.
[0059] In another embodiment of this invention, in step 203, the mobile app blocks movement of any personal data to such websites (or mobile applications or data controllers) END IF
[0060] There may be instances, as processes evolve, that websites (or mobile applications or data controllers) require more personal data. Ideally, in this scenario, these additional personal information data fields can be added to the system (of this invention). However, if this is not possible, or simply not completed due to time constraints, then the websites (or mobile applications or data controllers) could rely on a hybrid of pulling predefined personal data consent preferences first, and then offering the user an additional (but smaller) set of personal data consent requests.
[0061] Figure 3 is a system diagram that shows interaction flow between the user 301, the user interface 303 of the invention and the back-end server 311 of the invention. This representation, for example only, is set on a mobile device 302, but the interaction flow could happen on any computer system or device as technology progresses, including the ‘internet of things’.
[0062] Steps 305 to 309 represents a set of potential functions available to the user 301 via the user interface 303. If a user goes into any of these functions, information can be passed over/back 310 across the network from the web service server 311 depending on 11/11/2019 the function the user has selected.
[0063] The web service server 311 is a component of this invention, and its processor 312 can do any, but not limited to) of the following functions: □ Save user preference information □ Modify user preference information per user requests □ Generate a unique user consent ID for new users □ Validate unique user consent ID’s for existing users and other websites (or mobile applications or data controllers) as required □ Pull user preferences from the database 313 that are associated with a unique user consent ID □ Push user preferences that are associated with a unique user consent ID to any website (or mobile application or data controller) that requests it.
[0064] Figure 4 is a system diagram that shows interaction flow between the user 401, the 15 User Consent Preferences System (406, 407, 412, 413 and 414) and other websites (or mobile applications or data controllers). This representation, for example only, is set on a mobile device 402, but the interaction flow could happen on any computer system or device as technology progresses, including the ‘internet of things’.
[0065] 412 is a web service server (A) that is the host of the User Consent Preferences System. 415 is a webservice server or servers (B) that is the host of any other website (or mobile application) that a user 401 decides to visit.
[0066] For the purpose of this example, it is assumed that the user 401 opens, or already has opened, the user personal data consent preferences application (app) 407 on their device 402, and their unique consent ID and/or preferences are saved onto the device 402.
[0067] A user then enters a website (or mobile application) 403 of their choosing. For the purpose of this example, an assumption is made that the website (or mobile application) 403 the user is visiting wishes to use the users personal information and is equipped to interact with the User Consent Preferences System.
[0068] The website (or mobile application) 403 that the user has entered, requests the unique consent ID from the device memory 406. It then passes this to the web service server 405 via 410. The processor 416 that sits on web service server B 415, will then communicate via requests & responses in 409 with the web service server A 412 to check if this is a valid unique consent ID. If it is, then the processor 413 will push OR the processor 416 will pull the user’s personal data consent preferences from the database 414, and the processor 416 will save this into database 417 for use for the duration of the users 401 visit. The website (or mobile application or data controller) 402 should then process user data in accordance with the users predefined personal data consent 11/11/2019 preferences.
[0069] In another embodiment of this example, the processor 416 will not need to validate the user consent ID or interact with web server A 412 to pull user personal data consent preferences information for the user 401. Instead, it will recognise a format on the device and pull the predefined personal data consent preferences directly from the memory 406.
[0070] In another embodiment of this example, the processor 416 will use the user unique consent ID to confirm that the user is not a robot, removing the need for the website (or mobile application) 403 that the user is visiting to request a validating action from the user for same (e.g. what letters/pictures do you see?)
[0071] 5 to 9 are sample functions, methods and screenshots of the invention in app format in accordance with some embodiments of this invention.
[0072] In a further embodiment of this invention, this app could be used as a one stop shop to submit user access requests, request to be forgotten, specific and immediate request to opt-out without having to re-visit the website (or mobile application) to trigger 15 the action.
CONCLUSION
[0073] While various inventive embodiments have been described and illustrated herein, those of ordinary skill in the art will readily envision a variety of other means and/or structures for performing the function and/or obtaining the results and/or one or more of 20 the advantages described herein, and each of such variations and/or modifications is deemed to be within the scope of the inventive embodiments described herein. More generally, those skilled in the art will readily appreciate that all parameters, dimensions, materials and configurations described herein are meant to be exemplary and that the actual parameters, dimensions, materials and/or configurations will depend upon the specific application or applications for which the inventive teachings is/are used. Those skilled in the art will recognise, or be able to ascertain using no more than routine experimentation, many equivalents to the specific inventive embodiments described herein. It is, therefore, to be understood that foregoing embodiments are presented by way of example only and that, within the scope of the appended claims and equivalents thereto, inventive embodiments may be practiced otherwise than as specifically described and claimed. Inventive embodiments of the present disclosure are directed to each individual feature, system, article, material, kit and/or method described herein. In addition, any combination of two or more features, systems, articles, materials, kits and/or methods, if such features, systems, articles, materials, kits and/or methods are not mutually inconsistent, in included within the inventive scope of the present disclosure.
[0074] The above-described embodiments can be implemented in any of numerous ways. For example, embodiments may be implemented using hardware, software or a combination thereof. When implemented in software, the software code can be executed 11/11/2019 on any suitable processor or collection of processors, whether provided in a single computer or distributed among multiple computers.
[0075] Further, it should be appreciated that a computer may be embodied in any number of forms, such as a rack-mounted computer, a desktop computer, a laptop computer or a tablet computer. Additionally, a computer may be embedded in a device not generally regarded as a computer but with suitable processing capabilities, including a Personal Digital Assistant (PDA), a smartphone or any other suitable portable or fixed electronic device.
[0076] Also, a computer may have one or more input and output devices. These devices can be used, among other things, to present a user interface. Examples of output devices that can be used to provide a user interface include printers or display screens for visual presentation of output and speakers or other sound generating devices for audible presentation of output. Examples of input devices that can be used for a user interface include keyboards, pointing devices such as mice, touchpads, and digitizing tablets. As another example, a computer may receive input information through speech recognition or another audible format.
[0077] Such computers may be interconnected by one or more networks in any suitable form, including a local area network or a wide area network, such as an enterprise network, an intelligent network (IN) or the internet. Such networks may be based on any suitable technology and may operate according to any suitable protocol and may include wireless networks or fibre optic networks.
[0078] The various methods or processes outlined herein may be coded as software that is executable on one or more processors that employ any one of a variety of operating systems or platforms. Additionally, such software may be written using any of a number of suitable programming languages and/or programming or scripting tools, and also may be compiled as executable machine language code or intermediate code that is executed on a framework or a virtual machine.
[0079] Also, various inventive concepts may be embodied as one or more methods, of which an example has been provided. The acts performed as part of the method may be ordered in any suitable way. Accordingly, embodiments may be constructed in which acts are performed in an order different than illustrated, which may include performing some acts simultaneously, even though shown as sequential acts in illustrative embodiments.

Claims (10)

1. What is claimed is: 1. A computer implemented method for to give users of the internet more control of their personal data consent preferences (e.g. Consent) and to enhance their online experience by optimising the process of notifying online interfaces of their (the user’s) personal data consent preferences (e.g. Consent), the method comprising:: An interface to allow the user to define and manage their personal data consent preferences; A machine operation to save the users personal data consent preferences and to automatically notify any online interfaces (or data controllers) of the user’s personal data consent preferences as requested by the online interfaces; A machine operation and storage medium to track and save the user’s personal data consent preferences and identify what online interfaces have received with regards to the user’s personal data consent preferences at any given time; and A machine operation to notify any online interfaces (or data controllers) if the user decides to change their personal data consent preferences. 11/11/2019
2. The computer implemented method as claimed in claim 1 wherein: personal data consent preference options are stored in a list, like a Consent Master List (CML), and made available to the user to manage their personal data consent preference options via an interface. The CML is updated each time the user changes a personal data consent preference option and each instance of the CML is time stamped and digitally signed.
3. The computer implemented method as claimed in claim 1 wherein: the system uses pre-defined triggers, (e.g. monitoring of mobile communications), to recognise when an online interface (or data controller) is requesting consent for the use of a user’s personal data, and in response to this request, the system then automatically loads and reads the user consent list, such as a Consent Master List (CML), and verifies whether the consent is already predefined by the user.
4. The computer implemented method as claimed in claim 1 wherein: if a predefined personal data consent preference or preferences is requested by an online interface (or data controller) and verified, the system will automatically transmit a copy of the time-stamped and digitally signed user consent list, such as a Consent Master List (CML) to the online interface (or data controller), so that they can apply the user’s personal data consent preference options appropriately. 11/11/2019 5. 14. The computer implemented method As claimed in claim 13 wherein: a data controller can retrospectively request an instance or multiple instances of the users personal data consent list, such as the Consent History Log (CHL) for one or more users associated with their (the data controller) online system or more online systems (or more data controllers), via a ‘request for CHL’ function
5. The computer implemented method as claimed in claim 1 wherein: the system uses pre-defined triggers, (e.g. monitoring of mobile communications), to identify and actively prompt the user for instructions with regards to a newly encountered data privacy consent preference option or options, and in so doing the list of consent, such as a Consent Master List (CML) is dynamically updated to include this new personal data consent preference.
6. The computer implemented method as claimed in claim 5 wherein: if a data privacy consent preference option is newly encountered, a notification is sent to the user via an interface, and the user is presented with a method to update their privacy consent preference for this option, which will be timestamped and digitally signed in a list, such as the Consent History Log (CHL).
7. The computer implemented method as claimed in claim 1 further comprising : a time-stamped and digitally signed record of the users personal data consent preferences
8. The computer implemented method as claimed in claim 1 wherein: the users personal data consent preferences and a log of which online interfaces (or data controllers) have used these personal data consent preferences, are saved into a list, such as a Consent History Log (CHL), and each instance of the CHL is time-stamped and digitally signed. 11/11/2019
9. The computer implemented method as claimed in claim 1 wherein: a user will be automatically notified of a presence of at least one personal data consent request, as determined by the user of the system. 10. The computer implemented method as claimed in claim 1 wherein: a user has a method available, via the interface, to select and manage different personal data consent preferences for 2 or more online interfaces (or data controllers) or for groups of data controllers that fall into similar categories. 11. The computer implemented method as claimed in claim 1 wherein: the system provides the user with a simple method of withdrawing or modifying previously given personal data consent to one or more data controllers via the interface, whereby the data controller(s) are sent a revised instance of the user personal data preferences, pulled from the master list of user consent preferences, such as the Consent Master List (CML) through the system with the updated user personal data consent preferences and this personal data consent preference option will be saved accordingly to the CML and to a history list of user defined consent preferences, such as a Consent History Log (CHL). 12. The computer implemented method as claimed in claim 1 wherein: the system provides the user with a simple function to exercise their Right to be Forgotten with one or more data controllers via the interface, whereby the data controller(s) are sent a notification through the system that the user wishes to be forgotten by one or more data controller(s), and this personal data consent preference option will be saved accordingly to a master list of consent preferences, such as a Consent Master List (CML) and and to a history list of user defined consent preferences, such as a Consent History Log (CHL). 13. A computer implemented method to provide data controllers with a convenient and reliable method of verifying compliance with privacy obligations (Note: The onus resides with the Data Controller to prove personal data consent, therefore it is the responsibility of the Data controller to securely store and securely manage the CML instance, for as long as required), the method comprising an automated function to send the online interface (or data controller) a time-stamped instance of a user’s CML, containing the user’s personal data consent preferences, once requested.
10. On the system interface.
IE20190191A 2019-11-11 2019-11-11 Digital user consent preferences and control IE20190191A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
IE20190191A IE20190191A1 (en) 2019-11-11 2019-11-11 Digital user consent preferences and control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
IE20190191A IE20190191A1 (en) 2019-11-11 2019-11-11 Digital user consent preferences and control

Publications (1)

Publication Number Publication Date
IE20190191A1 true IE20190191A1 (en) 2021-07-07

Family

ID=76707873

Family Applications (1)

Application Number Title Priority Date Filing Date
IE20190191A IE20190191A1 (en) 2019-11-11 2019-11-11 Digital user consent preferences and control

Country Status (1)

Country Link
IE (1) IE20190191A1 (en)

Similar Documents

Publication Publication Date Title
US11106754B1 (en) Methods and systems for hyperlinking user-specific content on a website or mobile applications
US10776444B1 (en) Methods and systems for universal deep linking across web and mobile applications
US10592068B1 (en) Graphic composer for service integration
US12235917B2 (en) Methods and systems for generating custom content using universal deep linking across web and mobile applications
GB2559521A (en) Platform for the delivery of content and services to networked connected computing devices
US20110271201A1 (en) Decentralized Contextual Collaboration Across Heterogeneous Environments
US10943063B1 (en) Apparatus and method to automate website user interface navigation
US10747390B1 (en) Graphical composer for policy management
AU2014400621A1 (en) System and method for providing contextual analytics data
US20250238744A1 (en) System and method for leveraging a completeness graph
EP4320573A1 (en) Intelligent assistant content generation
US11836241B1 (en) Automatic update of user information
CN113515921A (en) Auxiliary generation method of patent text and electronic terminal
CN107430609A (en) For the generation of the new Shipping Options Page of browser of corporate environment
US11899734B2 (en) Extracting and populating content from an email link
WO2025168106A1 (en) Data processing method and related device
CN112083982B (en) Information processing method and device
JP2015146103A (en) CONTENT PROVIDING SYSTEM, SERVER DEVICE, TERMINAL DEVICE, CONTENT PROVIDING METHOD, AND PROGRAM
US20100057733A1 (en) Method, computer program product, and apparatus for enabling access to enterprise information
EP4121871B1 (en) Methods and systems for universal deep linking across web and mobile applications
IE20190191A1 (en) Digital user consent preferences and control
CN111367898B (en) Data processing method, device, system, electronic equipment and storage medium
KR20180060360A (en) Method and Apparatus of providing user-defined UI in administrative management program provided in cloud computing
US20160077727A1 (en) Online Protocol Community
US7636786B2 (en) Facilitating access to a resource of an on-line service

Legal Events

Date Code Title Description
FC9A Application refused sect. 31(1)