Consent is a cornerstone of lawful and ethical personal data processing in modern information systems, and all main data protection regulations, such as the General Data Protection Regulation (GDPR), require that valid consent be obtained from data subjects before their personal data is processed. Yet, existing privacy-aware modelling approaches offer limited support for explicitly representing consent-related concepts. To address this gap, we present ConsentML, a modelling language tailored for the formal and visual representation of consent and its interactions among key stakeholders. The language supports the engineering of consent-centric requirements by aligning legal, organisational, and technical perspectives. A case study in the financial domain illustrates its applicability in modelling dynamic consent flows, enforcing purpose limitation, and strengthening accountability across organisational boundaries. The results demonstrate that ConsentML facilitates stakeholder communication through visual abstractions, supports compliance-by-design, and enhances the automation of consent management within complex, adaptive data ecosystems.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

ConsentML: A Modelling Language for Dynamic Consent Modelling

  • Samuel Opoku Daniels,
  • Haralambos Mouratidis

摘要

Consent is a cornerstone of lawful and ethical personal data processing in modern information systems, and all main data protection regulations, such as the General Data Protection Regulation (GDPR), require that valid consent be obtained from data subjects before their personal data is processed. Yet, existing privacy-aware modelling approaches offer limited support for explicitly representing consent-related concepts. To address this gap, we present ConsentML, a modelling language tailored for the formal and visual representation of consent and its interactions among key stakeholders. The language supports the engineering of consent-centric requirements by aligning legal, organisational, and technical perspectives. A case study in the financial domain illustrates its applicability in modelling dynamic consent flows, enforcing purpose limitation, and strengthening accountability across organisational boundaries. The results demonstrate that ConsentML facilitates stakeholder communication through visual abstractions, supports compliance-by-design, and enhances the automation of consent management within complex, adaptive data ecosystems.