ConsentML: A Modelling Language for Dynamic Consent Modelling
摘要
Consent is a cornerstone of lawful and ethical personal data processing in modern information systems, and all main data protection regulations, such as the General Data Protection Regulation (GDPR), require that valid consent be obtained from data subjects before their personal data is processed. Yet, existing privacy-aware modelling approaches offer limited support for explicitly representing consent-related concepts. To address this gap, we present ConsentML, a modelling language tailored for the formal and visual representation of consent and its interactions among key stakeholders. The language supports the engineering of consent-centric requirements by aligning legal, organisational, and technical perspectives. A case study in the financial domain illustrates its applicability in modelling dynamic consent flows, enforcing purpose limitation, and strengthening accountability across organisational boundaries. The results demonstrate that ConsentML facilitates stakeholder communication through visual abstractions, supports compliance-by-design, and enhances the automation of consent management within complex, adaptive data ecosystems.