Consent Management

TrustGate helps you collect, track, and manage consent for data processing activities, ensuring compliance with GDPR and other privacy regulations.

When Consent is Needed

KYC/AML Processing

For mandatory compliance activities, consent is typically NOT the appropriate legal basis:

Activity	Lawful Basis	Why Not Consent
Identity verification	Legal obligation	Required by AML law
Sanctions screening	Legal obligation	Required by sanctions law
Document collection	Legal obligation	Required for KYC

Optional Processing

Consent IS appropriate for optional activities:

Activity	Requires Consent
Marketing communications	Yes
Optional biometric features	Yes
Data sharing with third parties	Yes (if not required)
Analytics beyond compliance	Yes

Recording Consent

Record Consent via API

curl -X POST https://api.bytrustgate.com/v1/consent \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "applicant_id": "550e8400-e29b-41d4-a716-446655440000",
    "consent_type": "biometric_verification",
    "granted": true,
    "consent_text": "I consent to facial recognition for identity verification.",
    "collected_at": "2025-01-20T14:30:00Z",
    "collection_method": "checkbox",
    "ip_address": "192.168.1.1",
    "user_agent": "Mozilla/5.0..."
  }'

Response

{
  "consent_id": "consent_123456",
  "applicant_id": "550e8400-e29b-41d4-a716-446655440000",
  "consent_type": "biometric_verification",
  "status": "granted",
  "version": "1.0",
  "collected_at": "2025-01-20T14:30:00Z",
  "expires_at": null,
  "audit_trail": {
    "ip_address": "192.168.1.1",
    "collection_method": "checkbox"
  }
}

Consent Types

Standard Consent Types

Type	Description	Required
terms_of_service	Agreement to terms	Yes
privacy_policy	Acknowledgment of privacy policy	Yes
biometric_verification	Face matching consent	Jurisdiction-dependent
data_sharing	Third-party data sharing	If applicable
marketing	Marketing communications	No
ongoing_monitoring	Continuous screening	Jurisdiction-dependent

Custom Consent Types

curl -X POST https://api.bytrustgate.com/v1/consent/types \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type_id": "credit_check",
    "name": "Credit Check Consent",
    "description": "Consent to perform credit bureau check",
    "required_for": ["credit_application"],
    "consent_text_template": "I authorize {company_name} to obtain my credit report from credit bureaus.",
    "expires_after_days": 30
  }'

Consent Workflows

Web SDK Integration

// Initialize TrustGate consent
const consent = new TrustGate.Consent({
  applicantId: 'app_123',
  apiKey: 'your_api_key'
});

// Display consent form
consent.show({
  consentTypes: ['biometric_verification', 'privacy_policy'],
  onComplete: (result) => {
    if (result.allGranted) {
      // Proceed with verification
      startVerification();
    } else {
      // Handle declined consent
      showConsentRequired();
    }
  }
});

Check Consent Status

curl -X GET "https://api.bytrustgate.com/v1/consent?applicant_id=app_123" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

{
  "applicant_id": "app_123",
  "consents": [
    {
      "consent_type": "biometric_verification",
      "status": "granted",
      "granted_at": "2025-01-20T14:30:00Z",
      "version": "1.0"
    },
    {
      "consent_type": "privacy_policy",
      "status": "granted",
      "granted_at": "2025-01-20T14:30:00Z",
      "version": "2.1"
    },
    {
      "consent_type": "marketing",
      "status": "not_requested"
    }
  ]
}

Consent Withdrawal

Withdraw Consent

curl -X POST https://api.bytrustgate.com/v1/consent/withdraw \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "applicant_id": "app_123",
    "consent_type": "marketing",
    "withdrawn_at": "2025-01-20T15:00:00Z",
    "reason": "user_request"
  }'

Withdrawal Effects

{
  "withdrawal": {
    "consent_type": "marketing",
    "status": "withdrawn",
    "withdrawn_at": "2025-01-20T15:00:00Z",
    "effects": [
      "Marketing emails will be stopped within 24 hours",
      "Applicant removed from marketing lists"
    ],
    "data_affected": [
      "marketing_preferences will be deleted"
    ]
  }
}

Consent Versions

Track Version Changes

curl -X GET "https://api.bytrustgate.com/v1/consent/versions?type=privacy_policy" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

{
  "consent_type": "privacy_policy",
  "versions": [
    {
      "version": "2.1",
      "effective_date": "2025-01-01",
      "status": "active",
      "changes_summary": "Updated data retention section"
    },
    {
      "version": "2.0",
      "effective_date": "2024-06-01",
      "status": "archived",
      "changes_summary": "Added AI processing disclosure"
    }
  ]
}

Re-consent on Version Change

curl -X POST https://api.bytrustgate.com/v1/consent/request-reconsent \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "consent_type": "privacy_policy",
    "new_version": "3.0",
    "filter": {
      "current_version": "2.1",
      "status": "approved"
    },
    "notification": {
      "send_email": true,
      "template": "reconsent_request"
    }
  }'

Consent Audit Trail

View Consent History

curl -X GET "https://api.bytrustgate.com/v1/consent/history?applicant_id=app_123" \
  -H "Authorization: Bearer YOUR_API_KEY"

Response

{
  "applicant_id": "app_123",
  "history": [
    {
      "timestamp": "2025-01-20T14:30:00Z",
      "action": "granted",
      "consent_type": "biometric_verification",
      "version": "1.0",
      "collection_method": "checkbox",
      "ip_address": "192.168.1.1"
    },
    {
      "timestamp": "2025-01-20T15:00:00Z",
      "action": "withdrawn",
      "consent_type": "marketing",
      "reason": "user_request",
      "ip_address": "192.168.1.1"
    }
  ]
}

Consent Requirements by Jurisdiction

Configure Jurisdiction Rules

curl -X PUT https://api.bytrustgate.com/v1/settings/consent/jurisdictions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "rules": [
      {
        "jurisdiction": "EU",
        "required_consents": ["privacy_policy", "terms_of_service"],
        "biometric_consent_required": true
      },
      {
        "jurisdiction": "US_IL",
        "required_consents": ["privacy_policy", "terms_of_service", "biometric_verification"],
        "biometric_consent_required": true,
        "notes": "Illinois BIPA requires biometric consent"
      },
      {
        "jurisdiction": "US_DEFAULT",
        "required_consents": ["privacy_policy", "terms_of_service"],
        "biometric_consent_required": false
      }
    ]
  }'

Consent Reports

Generate Consent Report

curl -X POST https://api.bytrustgate.com/v1/consent/report \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "report_type": "consent_status",
    "period": {
      "from": "2025-01-01",
      "to": "2025-01-31"
    },
    "format": "csv"
  }'

Report Metrics

{
  "period": "2025-01",
  "metrics": {
    "total_consent_requests": 5000,
    "consents_granted": 4850,
    "consents_declined": 150,
    "grant_rate": 0.97,
    "withdrawals": 25,
    "by_type": {
      "biometric_verification": {
        "granted": 4800,
        "declined": 200
      },
      "marketing": {
        "granted": 2500,
        "declined": 2500
      }
    }
  }
}

---

Next Steps

• Evidence Export - Export compliance evidence
• GDPR Compliance - Privacy requirements
• Audit Logging - Track all actions