Skip to main content

Consent Management

User consent refers to an individual granting permission to a third-party (such as an application or website) to collect and/or access their personal information.

Obtaining user consent ensures that sensitive data isn’t shared without the individual’s knowledge and approval, and that this data is handled according to privacy laws and regulations.

For example, a healthcare provider might offer patients a mobile app where they can keep track of their immunizations. In order to use the app, the patient must give the app permission to access this information by clicking a box that says “I give consent for this application to access my immunization records”.

User consent must be both explicit and informed.

  • Explicit consent requires clear agreement from the user. For example, the user could be required to sign a consent form or check a box that says “I give consent for my information to be shared”.
  • Informed consent means the user understands exactly what they are consenting to. The user must be given a clear and comprehensive explanation of how their personal data will be used, including what information will be shared, who it will be shared with, and how it will be used.

The Federated Privacy Exchange (FPX) product provides authorization and consent management. FPX consists of several core components: the Authorization Server, Wallet and Navigator, and Resource Servers.

FPX consent management simplifies the process to collect, store, and manage user consent.

  • User consent can be built into your user flows, such as sign-up and login flows. As part of these flows, users should be required to provide consent to share data with the Client application before proceeding.
  • Users should also be given the ability to revoke their consent at any time. Once consent is revoked, the Client will no longer have access to the data previously shared by the user.
  • FPX records all activities related to a user providing, denying, or revoking consent. This includes specific details about which resources the user has consented to share and the extent of access the user has agreed to.

FPX ensures that the user’s consent decision is strictly enforced:

  • The Client is only allowed to access resources if the user has given their consent.
  • The Client’s access is restricted to the specific data that the user has provided consent for.
  • The Client is no longer allowed to access resources if the user revokes their consent.

Creating FPX Client Applications

You can use the FPX Wallet and Navigator apps to provide Client applications to your users.

  • The Wallet can be used to provide web apps, while the Navigator can be used to provide mobile apps for Android and iOS.
  • The Wallet and Navigator allow you to easily build consent into your user flows. This includes allowing the user to:
    • Provide consent for a Client to access their personal information (i.e. resources).
    • Select the source (i.e. Resource Server) for the resources that will be shared with the Client.
    • Revoke consent for a Client to access resources.