3 Terminology

Terminology used within this specification.




technical implementation of all the content and process conditions as defined by the Data Policy for Consent Agreement creation, reading, updating and deletion, as well as for providing all necessary actors with the required operations

Consent Agreement

is the agreement to be signed by the Individual and the Data Controller as prescribed by Data Policy, based on which the Data Providing System may transmit the data to the Data Consuming System for the purposes described in the Consent Agreement.

Consent Record

is created when an individual signs a consent agreement. It represents a signed consent agreement.

Consent Reference

a unique identifier used to locate and verify the validity of the Consent Agreement.

Data Providers

is a legal entity that stores and provides access to an Individual's data, which requires the Individual's consent for processing (outside of its primary purpose/location).

Data Consumers

is a legal entity that requires the Individual's data from the Data Providers according to the consent of the Individual.

Data Disclosure Agreements

a Data Disclosure Agreement (DDA) exists between two organisations where one organisation acts as a Data Provider and the other as a Data Consumer. The DDA captures how data is shared between the two organisations and what role and obligation each party has.

Data Policy

is a formal description of the purpose, nature and extent of consent-based Personal Data processing, covering the configuration needs by Data Providing System and Data Consuming System and the conditions defined by law.

Data Processing Auditor

is an entity (a person or an organisation) verifying the legitimacy of Personal Data processing by Data Controllers and Data Processors based on the Data Policies and performed tasks. The entity is not to be confused with a data policy auditor that is independent of the actors involved in the operations of consent management and can engage directly with the Consent BB service operator.


the person giving consent (signing Consent Agreement); on behalf of the Individual,


is a person about whom the Personal Data is stored in an information system (a.k.a. “Data Subject”) and who agrees or not with the use of this data outside of its primary purpose/location.

Legal Entity

is an organisation (public or private) ​that has the rights and obligations to define standards for Personal Data processing. E.g. a public health authority

Personal Data

is any information that (a) can be used to identify the Individual to whom such information relates, or (b) is or might be directly or indirectly linked to the Individual (ISO(IEC 29100:2011)


are broadly defined as rules followed by any system: could be laws, bylaws, ​norms or architectures that​ regulate a given system. The term and definition is inspired by Lessig’s modalities of regulation: https://lessig.org/images/resources/1999-Code.pdf

Last updated

Copyright © 2024