Candidate DPG mapping (draft)

This was originally a slightly nicer Google Spreadsheet. It’s put here in case we want to keep working on it. Neither the mapping procedure nor the entries have been discussed or formalized in any way. It’s essentially just a collection of open source projects that deal with the consent question to a varying extend. None of them were found to be suitable candidates.

Project name

URL

Remarks

Cookie banner

Other uses possible

Regulatory references

Compatible with Consent BB

Likely infringements of GDPR?

Description

Klaro

https://github.com/kiprotect/klaro

Does not support any broader definition of consent, just third-party usage of website tracking data. It likely suffers from the same issues that the Consent Framework has been found in violation of GDPR for.

TRUE

FALSE

FALSE

FALSE

TRUE

Klaro [klɛro] is a simple consent management platform (CMP) and privacy tool that helps you to be transparent about the third-party applications on your website. It is designed to be extremely simple, intuitive and easy to use while allowing you to be compliant with all relevant regulations (notably GDPR and ePrivacy).

Orejime

https://github.com/empreinte-digitale/orejime

Fork of Klaro w/ accessibility regulations satisfied.

TRUE

FALSE

FALSE

FALSE

TRUE

Klaro [klɛro] is a simple consent management platform (CMP) and privacy tool that helps you to be transparent about the third-party applications on your website. It is designed to be extremely simple, intuitive and easy to use while allowing you to be compliant with all relevant regulations (notably GDPR and ePrivacy).

PDPA-Consent

https://github.com/iamapinan/PDPA-Consent

Wordpress-plugin built for Thai regulations, ultimately just a website cookie banner

TRUE

FALSE

TRUE

FALSE

FALSE

 

kirby3-cookie-banner

https://github.com/michnhokn/kirby3-cookie-banner

Another nice example of someone tagging a cookie banner with no auditable trail as "consent management".

TRUE

FALSE

FALSE

FALSE

TRUE

 

wagtail-tag-manager

https://github.com/jberghoef/wagtail-tag-manager/

An interesting case, based on thorough work and analysis of ePrivacy. Consent is actually stored in a database, but everything is modeled for cookies: https://github.com/jberghoef/wagtail-tag-manager/blob/master/src/wagtail_tag_manager/models/others.py#L85

TRUE

FALSE

TRUE

FALSE

FALSE

Wagtail Tag Manager (WTM for short) is a Wagtail addon that allows for easier and GDPR compliant administration of scripts and tags.

Open Pryv.io

https://www.pryv.com/open-pryv/

Seems abandoned again in 2021, soon after launching. I can't find any schemas related to consent in the codebase. Hard to see how this monolithic platform can be trimmed to only deal with Consent. Has only 3 contributers, so not sure if really enterprise-grade as labeled.

FALSE

FALSE

FALSE

FALSE

FALSE

A free, full production, easy-to-install open-source solution for the collection and management of sensitive personal and health data.

AppNexus CMP

https://github.com/appnexus/cmp

A reference implementation from 4 years ago. Terminology is unfamiliar, no clear data structure found. Deals apparently only with cookie consent and vendor+publisher systems.

FALSE

FALSE

FALSE

FALSE

FALSE

 

ConsentStack | Consent Management Platform | CMP

https://github.com/ConsentStack/cmp

Development not seen in 4 years, consentstack.org offline

FALSE

FALSE

FALSE

FALSE

FALSE

Open source, developer focused & human centric consent management platform.

consent-manager

https://github.com/segmentio/consent-manager

Nothing implemented for persistent consent records, just a JS frontend lib. Dark patterns included (implyConsentOnInteraction). Unclear ownership, website of segments.com is down. Project still sporadically active. Added because it labeled itself with "consent management", actually a lot of Open Source projects exist for purely client-side cookie-based consent without auditing possible.

TRUE

FALSE

FALSE

FALSE

TRUE

Drop-in consent management plugin for analytics.js

consent-receipt-dart

GitHub - adaptant-labs/consent-receipt-dart at https://githubhelp.com

Kantara reference implementation

TRUE

TRUE

TRUE

FALSE

FALSE

Dart library for working with Kantara Initiative Consent Receipts.

ADA Project

GitHub - decentralised-dataexchange/automated-data-agreements: This repository contains the specifications for Automated Data Agreement (ADA) Project. The project is part of NGI-eSSIF-Lab that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 871932

NGI-Trust, part of DPG - where is the implementation of this spec?

FALSE

TRUE

TRUE

TRUE

FALSE

Currently code exist for decentralised SSI based systems, but easily extendable to a centralised microservices

 

 

 

FALSE

FALSE

FALSE

FALSE

FALSE

 

 

 

 

FALSE

FALSE

FALSE

FALSE

FALSE

 

 

 

 

FALSE

FALSE

FALSE

FALSE

FALSE

 

 

 

 

FALSE

FALSE

FALSE

FALSE

FALSE

 

 

 

 

FALSE

FALSE

FALSE

FALSE

FALSE