Managing Versioned Consent

miaa Access provides a rich API to manage the lifecycle of consents in relation to versioned policies. Policies include an enterprise’s Terms of Service and a Privacy Policy. The API provides full versioning of the consents as well as traceability about where and when the person gave their consent and about the language, territory and version of the policy. miaa Access thus enables your organisation to control the versioning of policies and the freshness of the consents of individual users.

miaa Access has released following features:

Customise consent registration

Consents are maintained as a list of consent objects. As such you can accommodate any number of consent versions and consent types.

Each individual consent object contains the status, the timestamp of the latest status change (grant/revoke), the id of the environment in which the status was changed and the history of these changes.

You can further customise the contents of the consent object to include:

  • the version number
  • whether the version is a major or a minor update compared to the previous version
  • the link to the actual policy text
  • the language presented to the user
  • the jurisdiction to which the policy applies.

Enforce user’s consent

Using miaa PolicyGate, you can ensure that whenever profile data is requested by an application, the data is returned if and only if the user provided their consent for that application. As such, read access to a user’s profile can be made subject to purpose-specific consent from that user, whenever it is accessed.

Offer true forget-me

Using miaa ProfileSync, you can offer a true forget-me flow. The flow will erase specific data in the user profile, keeping essential audit evidence. The forget-me request will also be pushed to connected applications to make sure they erase all profile data. A miaa HouseKeeper function shall delete the profile after a configurable expiration period.

The forget-me flow supports an optional user-confirmation cycle, by sending a confirmation request with a secure challenge & response, with the action ‘confirm forget me’ in the request token.