Stop consent laundering, stop secret surveillance. Petition for a profile that updates the standard toward Digital Consent. DPV:27560 guidance can be interpreted to launder surveillance-by-default as “consent evidence.”
A “consent receipt” is supposed to be evidence that meaningful choice happened before identification and surveillance — a record of human control.
But DPV:27560 guidance (and 27560) can instead be interpreted in an identifier-first way: controller-side processing records represented as “consent evidence” (or “privacy receipts”) after tracking has already begun. That is not digital consent. It is post-hoc record-keeping that manufactures the appearance of consent, normalizes surveillance-by-default, and weakens provable accountability.
People are pushed into surveillance environments with reduced ability to understand, refuse, or withdraw.
If evidence ordering is not provable, “consent evidence” becomes a tamperable narrative surface.
Third-party identifiers inside the record are linkability amplifiers that scale cross-context surveillance.
We ask DPV maintainers and implementers to adopt guidance that prevents consent evidence laundering.
Anything represented as consent evidence must prove notice occurred before identifier binding and before dpv:Collect / dpv:Use.
You can’t call it consent evidence if tracking started first.
Legal basis assertions must be constrained by jurisdiction + competence + constraints + oversight/remedy.
Legal basis claims must be bounded by who can lawfully claim them, where, and under what controls.
Globally stable identifiers must not appear as privileged header elements unless necessity/proportionality and governance constraints are explicitly represented.
Don’t bake cross-context linkability into the default structure.
Third parties and their identifiers must not appear without explicit disclosure, roles, and transfer context.
No hidden parties and no silent identifier sharing.
Where consent is the legal basis, evidence should be tamper-evident and independently retainable by the individual.
Consent evidence must be durable, verifiable, and not controller-editable.
Support a DPV-aligned profile that preserves digital consent: PII-Principal-controlled identifier binding and recipient choice. The petition is delivered to DPV:27560 maintainers and implementers with the minimum requirements above.
Independent safety, security, and privacy analysis of the “consent evidence laundering” risk: