Consent Management guideline

Today, the way companies gather and manage consumer consent varies by region, platform and marketplace need. The ecosystem lacks a consistent and transparent way of gathering these permissions and consumers are frustrated — with 69% reporting that companies only sometimes educate them about how data is collected, and 79% reporting they want to take more control of their data.1

We believe that individuals, organizations, and the broader ecosystem can benefit from a cohesive approach that puts individuals at the center. To that end, Visa has worked with global partners to develop guidelines for how organizations across industries can offer and implement granular consent management experiences – driving towards consistency, transparency, and clarity for consumers.

The Visa Consent Management Specification (“the Spec”) is available now for download by organizations upon acceptance of the Terms of Use.

Check out findings from Visa’s recent Consumer Empowerment research paper to learn more about consumer sentiments regarding the way companies collect and use consumer data.

Consumer data privacy Insights1

icon1
56%
Think companies use data use policies, terms of consent and privacy policies to protect their legal interests
icon3
68%
say companies only sometimes, rarely, or never educate them about how data collection works and individuals’ options to control it
icon2
76%
want to take more direct control or have the option to have more control over their data
icon4
68%
of individuals believe companies benefit more from using their data than they do

The Visa Consent Management Specification

Visa is sharing a set of proposed guidelines to help organizations implement a consent management system that defines data-capture methods and allows consumers to determine how their data is shared. The Spec represents a collaborative view of how a consent management system can be designed to provide the right level of control to individuals while being flexible enough to accommodate a variety of use cases. We expect the Spec to evolve as we learn more through feedback and as new use cases are developed.

Image1

Defined Parties and Actions

The Spec includes a taxonomy that defines which parties typically exist in a consent management ecosystem (e.g., consumers, banks, retailers, aggregators). For each party defined in the taxonomy, The Spec further defines the various actions (“Defined Party Actions”) allowed (e.g., “View Consented Items”, “Grant Consent”).
Image2

Sequence and State Diagrams

In addition to Defined Party Actions, The Spec provides sequence diagrams to help visualize how these parties participate during key stages of a User-initiated consent management experience, specifically – granting consent, revoking consent, and renewing consent. State diagrams are also provided to explain how consent tokens are initiated, activated, and maintained. These diagrams are complemented by system rules.
Image3

Example Flows and User Experience Recommendations

The Spec also contains UX guidelines for Consent, describing how Consent Request Attributes defined in the Taxonomy (e.g., “Consent Beneficiary”, “Resource Provider”) can appear in a generic mobile Consent Request experience. While the Spec also provides examples of how Consent Request Attributes may appear for popular use cases such as Personal Financial Management (PFM) and Marketing, the Spec is extensible and intended to accommodate any use case where user consent is permissioned.

Visa welcomes your feedback subject to our Terms of Use and will review anything you choose to share, which may be incorporated to the Spec was part of future publishing updates.

1 Visa Consumer Empowerment Study (2020-2022). Consumer participant volume by country: United States (October 2020, N=2,000), Singapore (June 2021, N=1,200), Brazil (August 2021, N=1,200), Colombia (September 2021, N=1,200), New Zealand (January 2022, N=2,000), France (May 2022, N=2,000), United Kingdom (July 2022, N=1,500), Australia (September 2022, N=1,500), Canada (September 2022, 1,500), Hong Kong (September 2022, N=2,000), Japan (September 2022, N=2,000).

Register to download the Visa Consent Management Specification

Visa will use the following Required Data to better understand and track who is interested in The Specification, and follow up with you to understand your perspective on the Specification and share updated versions as they become available. We will only use this information to support our work on the Specification and not for any other purpose without your permission.

* Indicates required field

The Visa Consent Management Specification

Visa is sharing a set of proposed guidelines to help organizations implement a consent management system that defines data-capture methods and allows consumers to determine how their data is shared. The Spec represents a collaborative view of how a consent management system can be designed to provide the right level of control to individuals while being flexible enough to accommodate a variety of use cases. We expect the Spec to evolve as we learn more through feedback and as new use cases are developed.

Image1

Defined Parties and Actions

The Spec includes a taxonomy that defines which parties typically exist in a consent management ecosystem (e.g., consumers, banks, retailers, aggregators). For each party defined in the taxonomy, The Spec further defines the various actions (“Defined Party Actions”) allowed (e.g., “View Consented Items”, “Grant Consent”).
Image2

Sequence and State Diagrams

In addition to Defined Party Actions, The Spec provides sequence diagrams to help visualize how these parties participate during key stages of a User-initiated consent management experience, specifically – granting consent, revoking consent, and renewing consent. State diagrams are also provided to explain how consent tokens are initiated, activated, and maintained. These diagrams are complemented by system rules.
Image3

Example Flows and User Experience Recommendations

The Spec also contains UX guidelines for Consent, describing how Consent Request Attributes defined in the Taxonomy (e.g., “Consent Beneficiary”, “Resource Provider”) can appear in a generic mobile Consent Request experience. While the Spec also provides examples of how Consent Request Attributes may appear for popular use cases such as Personal Financial Management (PFM) and Marketing, the Spec is extensible and intended to accommodate any use case where user consent is permissioned.

Visa welcomes your feedback subject to our Terms of Use and will review anything you choose to share, which may be incorporated to the Spec was part of future publishing updates.

1 Visa Consumer Empowerment Study (2020-2022). Consumer participant volume by country: Australia (October 2020, N=2,000), United Kingdom (October 2020, N=2,000), United States (October 2020, N=2,000), Singapore (June 2021, N=1,200), Brazil (August 2021, N=1,200), Colombia (September 2021, N=1,200), Canada (December 2021, N=2,000), New Zealand (January 2022, N=2,000), France (May 2022, N=2,000).

Visa Home

Global Privacy Notice.
©Copyright 1996-2024 All Rights Reserved.