: We have decided that some specification updates can go through vetting in this document. If something is relevant for the specification itself, it can be escalated through a Jira issue.
DRAFT ANSWER = we will discuss the draft async and approve at a meeting
ACCEPTED ANSWER = answer has been accepted by the WG. If desired, the information can be built into the specification.
The following FAQ is meant to provide short and simple answers to someone expecting a short and simple answer. These answers can all be referenced to the Consent BB Definition document.
The most common denominator that we find is that the definition of consent itself is misunderstood.
Can Consent BB handle generic agreements? ACCETPED ANSWER
Short answer: No, it’s not designed for that. GovStack specifications, use-cases and training resources should not encourage using Consent software for generic agreements.
Elaborated answer: It’s quite possible for an organization to assess and evaluate if their Consent software can handle agreements and satisfy legal obligations. But this is not encouraged since there are fundamental differences between binding agreements and revocable consent.
Using a consent system for an agreement, would most likely mean that the agreement can be recalled at any point in time by the individual who has given the consent. This is not a desirable property for most generic agreements.
Read more about how consent is defined by the building block: https://govstack.gitbook.io/bb-consent/2-description#2.1-what-consent-is
Can I query if a specific operation requires consent? ACCEPTED ANSWER
No.
The Consent BB is not aware of special data properties or APIs in other systems. It does not manage access nor permissions.
A given system needs to configure the Consent BB with an Agreement and a Policy. It is the knowledge of the Agreement ID that a privileged system can query if a Consent Record exists for a given Individual.
What is the responsibility of my BB/service?
How does a BB/service query if consent exists? ACCEPTED ANSWER
A given system needs to configure the Consent BB with an Agreement and a Policy. It is the knowledge of the Agreement ID that a privileged system can query if a Consent Record exists for a given Individual.
What are some critical scenarios for my BB/service to satisfy?
Can consent be collected without the Consent BB? DRAFT ANSWER
It’s GovStack’s policy to promote Consent collection through the Consent BB as a foundation of good public governance.
Other building blocks or processes are not advised to handle consent, since this implies questions like withdrawal, multi-party consent, auditing, and not least the life-cycle of consent agreements and policies.