×

Warning message

The installed version of the browser you are using is outdated and no longer supported by Konveio. Please upgrade your browser to the latest release.

CAN/DGSI 133, Data Consent Management - Consent-Driven Approach to Data Access, Interoperability and Mobility

Technical Committee Review

This document specifies organizational requirements for managing individuals’ consent for the collection, use and disclosure of their data. It establishes processes for informing individuals, supporting their choices, maintaining accurate and current consent states, and enabling consent updates or withdrawal, recognizing that consent preferences evolve over time and require ongoing engagement responsive to changing context, expectations, trust and cultural norms. The specified requirements apply in both conventional and technology-intensive environments, including those that use artificial intelligence (AI) and other emerging technologies that may introduce new or changing data practices.

The document is not intended to prescribe how an organization should implement controls. Rather, the standard will guide organizations using jurisdiction and technology agnostic approaches due to differences across industries/sectors. AI and automated decision-making represent forms of data processing that may evolve over time. The consent framework should ensure users understand the categories of AI-related processing, the purposes for which their data may be used, and any potential impacts. User centric consent should support ongoing transparency, user choice, and the ability to modify preferences, even when underlying models change.

This document applies to all industries and sectors, including public and private companies, government entities, and not-for-profit organizations. It is technology-neutral and may be used with related standards such as ISO/IEC 27560, ISO/IEC 29184, CAN/DGSI 103-1, Kantara Consent Receipt, W3C DPV, W3C ODRL, HL7 FHIR Consent, IAB TCF 2.2, OASIS UMA 2.0 and IEEE 7002.

This document does not define data structures, consent receipts, signalling mechanisms, privacy vocabularies, domain-specific consent models or engineering methods, nor does it determine the legal validity of consent or prescribe specific technical implementations.

NOTE: Privacy protection in the private domain is based on a consent model while privacy protection in the public domain is based on a transparency model, so there is a need to acknowledge that the consent model does not have general applicability and that there are exceptions to consent.

DATE POSTED: April 21, 2026

DEADLINE FOR COMMENTS: June 5, 2026
File name:

-

File size:

-

Title:

-

Author:

-

Subject:

-

Keywords:

-

Creation Date:

-

Modification Date:

-

Creator:

-

PDF Producer:

-

PDF Version:

-

Page Count:

-

Page Size:

-

Fast Web View:

-
Choose an option Alt text (alternative text) helps when people can’t see the image or when it doesn’t load.
Aim for 1-2 sentences that describe the subject, setting, or actions.
This is used for ornamental images, like borders or watermarks.
Preparing document for printing…
0%

Click anywhere in the document to add a comment. Select a bubble to view comments.
Document is loading Loading Glossary…
Powered by Konveio

Comments

View all Cancel

Add comment

No comments have been posted yet.
View all