ACP user privacy consent

Description of the ACP user privacy consent

It is crucial that a service provider gives the users control over their personally identifiable information (PII) with a proper granularity. The single privacy policy approval is usually not enough to comply with privacy regulations, such as GDPR.

Even if a service provider decides to use the privacy-policy-only approach, the user consent approving the policy needs to be captured and stored properly.

ACP provides tools to set up and manage user consents according to privacy standards.

ACP allows to

  • Create granular consents that have been identified by the organization as required and make them available for the user in the privacy checkup,
  • Define which consents are optional and which are mandatory as required to use a core service,
  • Enforce the access to the core service and optional services by including consent grant checks in access rules expressed as authorization policies,
  • Store consent grants along with the metadata required for the GDPR-compliant statement,
  • Manage the consent versioning.