A guide: how to integrate consent receipt libraries into your solutions

About Consent Receipts

With GDPR, the need to have proper personally identifiable data (PII)-managing processes in place became a necessity. Consent from the individual is needed in many cases, when PIIs are processed and consent receipts are a transparent way to record a given consent in a standardized way.

Having a consent receipt is good for both sides — the individual and the data controller. It is a record of an agreement about the usage of PIIs that both parties can refer to. Additional solutions can also be offered on top of consent receipts, paving a path towards a more advanced data economy services.

Datafund specialises in developing these solutions, so you don’t have to. Consent receipts were implemented according to the Kantara specification, funded by the Sitra fund. And they are now available to you for free as an in-development open source project.

Kantara is developing the specification further and we plan to update it, when a new version is accepted. In addition to providing a Kantara compliant consent receipt, we have also added decentralised Swarm storage and blockchain signing of the transactions to the packages. The signing features offer proof-of-consent, which is not legally required, but should become standard from our point of view. Swarm’s decentralised storage also allows the consent receipts to be immediately stored in a secure and always-on storage, where the individual and the data controller can access them as needed.

Available Consent Receipt related Packages

Consent Receipt Generator:

• GitHub; npm.js

Consent Receipt Viewer:

• GitHub; npm.js

Consent Receipt Summary Viewer:

• GitHub; npm.js

A helper library for working with Consent Receipts on the blockchain:

• GitHub; npm.js

Sample React and integration for using consent on the blockchain:

• GitHub

Sample node.js API server implementation for generating consent token (JWT):

• GitHub

Consent Receipt Suite Demo app demonstrating functionalities of the generator, viewer, blockchain transactions and Swarm storage:

• GitHub; Web link; Swarm

The resources above contain the packages available in the consent receipt suite, that you can use and integrate into your application. Each one can be used individually, but together they offer all the functionalities.

The main packages are in the form of React components that can be easily included in your software.

The objective of this how-to is to give you enough of an overview of the packages and how they fit together so you can use them in your own software.

Consent Receipt Generator

With the Consent Receipt Generator you can edit the contents of the consent receipt.

Consent Receipt Viewer

The Consent Receipt Viewer enables the display of a human-readable consent receipt from the JSON data.

Consent Receipt Summary Viewer

The Consent Receipt Summary Viewer displaya the most important summary data of several consent receipts at once, in a tabular view.

DataReceipt.js

Is a helper library for working with Consent Receipts on the blockchain. It encapsulates the creation of FDS accounts, creation of Consent Receipts JWT tokens, sending over Swarm, decoding and verifying tokens with additional layer to support Consent Manager smart contract and consent signing and verification of Consent smart contract on blockchain. It sits on top of fds.js.
Consent Manager smart contract creates Consent contracts and acts as interface to them.

See details on GitHub.

Sample React and integration for using consent on the blockchain

A sample how to initialize fds.js and datareceipt.js. Sample consent is generated, signed and sent to another account. It’s meant as a simplified reference implementation.

Sample node.js API server implementation for generating consent token (JWT)

API server implementation is an example of a server for signing a proposed consent receipt and turning it into a consent receipt JWT. It runs in Node.js environment. NOTE: Due to security weakness this implementation should not be used in a production environment as-is. Consider it a reference implementation. Putting a private key in a .js script is NOT considered secure!

Consent Receipt Suite Demo

The Consent Receipt Suite Demo is a reference implementation of all the modules bundled into one application. It is meant for demos.

Contains all modules, editor, generator, summary viewer, consent viewer and uses uses datareceipt.js and fds.js.

Decentralised consent receipt generator and viewer

To deploy it yourself
run npm run build

then upload it to Swarm through a gateway (if you aren’t running your own Swarm node)
swarm.exe --bzzapi https://swarm.fairdatasociety.org --defaultpath index.html --recursive up .\build\

The latest one is available at: https://swarm.fairdatasociety.org/bzz:/821873b204bcfbcb33dc44a5caff691675b7a468d47bca82fa3f6e2470b39f9f/#/

Putting it all together

The modules can be used independently or in concert. The Sample Demo app was constructed with intent to demonstrate usability and as a reference implementation.

If you encounter an issues, have any questions open an issue on GitHub at https://github.com/datafund/dr-editor-sample.

References / additional information

• TLDR: Consent Receipt Suite — what is it about … ?
• Datafund Github
• Datafund webpage
• Kantara initiative
• Kantara initiative consent receipt specification
• Sitra Finnish Innovation Fund
• Sitra on Fair data economy
• Fair Data Society webpage
• Fair Data Society Github
• Fairdrop personal storage Dapp (test version)
• Chattie chat Dapp (test version)
• Chattie Dapp Howto blog