top of page

ISO/IEC TS 27560

ISO/IEC TS 27560:2023 — Privacy technologies — Consent record information structure

(first edition)

Abstract

ISO/IEC TS 27560 "specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. [ISO/IEC TS 27560] provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the: provision of a record of the consent to the PII principal; exchange of consent information between information systems; management of the life cycle of the recorded consent.”


[Source: ISO/IEC TS 27560:2023]

Introduction

This Technical Specification specifies an interoperable, open and extensible information structure for recording and potentially sharing PII Principals' (data subjects') consent to data processing.

Scope

In addition to the specification, the standard provides requirements and recommendations on the use of consent receipts and consent records associated with a PII Principal’s data processing consent to support the:

  • Provision of a record of the consent to the PII Principal;

  • Exchange of consent information between information systems; and

  • Management of the lifecycle of the recorded consent.


The standard does not specify an exchange protocol for receipts and records, nor an exact data structure for such exchanges.

Structure

Main sections:

  • 5: Overview of consent records and consent receipts

  • 6: Elements of a consent record and consent receipt

  • Annex A: Examples of consent records and receipts

  • Annex B: Example of consent record life cycle

  • Annex C: Performance and efficiency considerations

  • Annex D: Consent record encoding structure

  • Annex E: Security of consent records and receipts

  • Annex F: Signals as controls communicating PII principal's preferences and decisions

  • Annex G: Guidance on the application of consent receipts in the context of privacy information management systems

  • Annex H: Mapping to ISO/IEC 29184

Status

The first edition was published as a Technical Specification in 2023.


ISO made the downloadable standard free of charge in 2025 to encourage uptake and so promote the sharing of privacy consents.  See https://www.iso.org/standard/80392.html 

Commentary

If only ISO would release all the infosec standards free of charge, encouraging everyone to improve security for all.

This page last updated:

19 November 2025

© 2025 IsecT Limited 

 

  • Link
  • LinkedIn
bottom of page