Framework for Informed Consent

This document provides a structured framework for gaining informed consent from individuals before using their copyright works (including posts, articles, or comments), Name, Image, Likeness (NIL), or other Personal Data, in an engineered system. It pulls together best current practice from many sources including GDPR, the Article 29 Working Party, multiple ISO standards and the NIST RMF framework and presents it one place.

It lists the eleven essential elements required for valid informed consent in engineered systems.

The ten key elements required for valid Informed Consent are:

• Language: Ensure that all communications with the individual (including, but not limited to, transparency of processes, consent, withdrawal of consent, questions and answers, and redress) are conducted in the individuals' preferred language.
• Clear Communication: Provide clear, accessible, and comprehensive information about the nature of the action, use of data, or representation, including its purpose, scope, how it will be stored and protected.
• Potential Risks: Provide clear, accessible, and comprehensive information about risks, benefits, and potential consequences.
• Transparency: Explain the processes involved, how the information will be used, who will have access to it, who controls and is responsible and accountable for the information, how long it will be retained. Be transparent about any reuses and possible future uses.
• Competence: Ensure that the individual giving consent is capable of understanding the information provided, including their rights and the implications of their consent. This may require age-appropriate or culturally sensitive explanations.
• Voluntariness: Make sure that consent is given as clear affirmative action, voluntarily, and without coercion, pressure, or manipulation, allowing individuals to make a free and informed choice.
• Opportunity for Questions: Give individuals the chance to ask questions and seek clarification to ensure they fully understand the terms and implications before consenting.
• Right to Withdraw: Inform individuals that they have the right to withdraw their consent at any time and explain the process for doing so without any negative consequences.
• Documentation: Ensure that written, electronic, or recorded consent, depending on the context, is formally secured and documented to provide auditability that informed consent has been given. ISO/IEC 27701:2019 provides one way to achieve this.
• Periodic Review: In cases of ongoing consent, such as for long-term projects or data usage, periodically check in with individuals to confirm continued consent under the same or updated terms. ISO/IEC 27701:2019 provides one way to achieve this.
   

This document is applicable in any context where informed consent is sought from individuals for the use of their intellectual property, personal data, or identity in engineered systems. The process of seeking informed consent might be written, electronic, online, or recorded.
This document is an early draft.