Profile Title: Notice and Consent record information structure v1.01
This work extends ISO/IEC 27560:2023 by standardizing notice & consent record interoperability artefacts.
It defines a minimum common information structure + identifiers enabling exchange/validation across implementations.
It does not replace controller internal governance records (RoPA) — those may be profiles.
Compatibility / lineage notes:
This work extends ISO/IEC 27560:2023 by standardizing notice & consent record interoperability artefacts.
It defines a minimum common information structure + identifiers enabling exchange/validation across implementations.
It does not replace controller internal governance records (RoPA) — those may be profiles.
License: RF-RAND IPR License
This profile extends ISO/IEC TS 27560:2023 (consent record information structure) to specify a machine readable online notice record and a corresponding notice receipt that provides durable evidence of notice disclosure.
It supports layered and sequenced notices, notifications, and disclosures. Stage 1 requirements are legal basis agnostic. When the lawful basis is consent, Stage 2 authorization can be represented as a TS 27560:2023 consent receipt specialisation.
Interaction with an online notice record results in a notice receipt, which may be either:
Receipts are designed to be detectable and reusable to reduce repetitive notice prompts and repetitive consent prompts, and to mitigate dark patterns associated with prompt fatigue. The profile is designed to complement existing physical signs and web policy pages by providing a standardized notice record that can be extended by context and external codes of conduct or codes of practice.
By standardizing notice version references and receipt exchange, the profile supports cross border transparency and dispute resolution, including material change signaling through the notice event log.