Demo Scenario

Personal Data at ACME Corp

ACME Corp, an online retailer, collects personal data from customers through a website form. To comply with GDPR regulations and empower users, ACME provides customers like Alice with a Self-Sovereign Identity (SSI) upon form submission. This SSI serves as a digital credential enabling Alice to manage her data privacy preferences. By utilizing the SSI, Alice can revoke consent for data processing at any time, ensuring greater control over her personal information.

Showcase

Firstname
Lastname

"Hidden" fields submitted to ACME Corp

To illustrate how ACME Corp captures and stores user consent, we've made following fields visible. In a real-world scenario, these fields would be populated automatically to provide proof of consent in accordance with privacy laws.
Identity
Signature
Payload

tl;dr

Implementation at ACME Corp

ACME Corp stores user data and associated consent information, including an Identifier. To comply with data privacy regulations, ACME regularly checks if the user has revoked consent using its SSI. This ensures that data is handled in accordance with the user's wishes. It's important to note that ACME doesn't control the SSI; it's owned and managed by the user.

  • Form is submitted to /api/frontend/submit of Consent-Router.
  • Consent-Router will monitor grant/revoke status.
  • Consent-Router forwards or redirects depending on .env setting to legacy backend
  • Backend checks /api/frontend/status if consent got revoked or listens to webhook
Good to know for Alice

Alice downloaded her SSI, which gives her full control over her data and consent. She can revoke consent at any time by using her SSI. However, it's essential to understand that revoking consent doesn't immediately delete her data. ACME must process her revocation request and update their systems accordingly. This process might take some time. By maintaining control of her SSI, she ensures her data privacy rights are upheld.

 © 2024 STROMDAO GmbH