Consent Management Smart Contract

In healthcare, CMSCs manage patient consent for sharing medical records or participating in research. The contract can encode complex rules:

• Purpose Limitation: Data can only be used for the approved study.
• Temporal Control: Access expires after the trial concludes.
• Multi-Party Consent: May require signatures from both patient and physician. This ensures HIPAA/GDPR compliance and builds patient trust through transparency.

CMSCs can disrupt digital advertising by creating direct, consent-based relationships between users and advertisers. Users grant explicit consent to view ads in exchange for tokens or rewards. The contract tracks:

• Ad impressions and engagements.
• Revenue distribution to the user.
• Data usage policies (e.g., "no profiling"). This model replaces opaque, tracking-based ads with a transparent value-for-consent exchange.

In ethical supply chains, participants (e.g., farmers, manufacturers) must consent to share operational data (carbon footprint, labor practices) with auditors or consumers. A CMSC manages this multi-stakeholder consent, ensuring data is only shared with authorized entities for specific verification purposes. This creates an immutable, consent-backed chain of custody for sustainability claims.

For DeFi or institutional finance, CMSCs can manage ongoing Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance. A user's verified credential is stored off-chain, but their consent to share it with a new protocol is managed on-chain. The contract can enforce conditional logic, such as requiring renewed consent for transactions above a certain threshold or for new counterparties.

A core tension exists between a user's right to revoke consent and the immutable nature of blockchain. Solutions include:

• State-based revocation: The contract stores a boolean flag that can be toggled to 'false'.
• Time-bound permissions: Consent automatically expires after a predefined period.
• Consent nonces: Each authorization uses a unique, incrementing nonce; revoking invalidates future uses but not past, settled transactions.

Storing consent preferences on a public ledger can itself leak sensitive information. Key strategies are:

• Zero-knowledge proofs (ZKPs): Prove a user meets a policy (e.g., "is over 18") without revealing the underlying data.
• Commitment schemes: Store only a cryptographic hash (commitment) of the consent statement on-chain, with details kept off-chain.
• Private computation: Use trusted execution environments (TEEs) or fully homomorphic encryption (FHE) to process consented data without exposing it.

The contract must precisely define and enforce who can do what with which data. Critical mechanisms include:

• Role-based access control (RBAC): Assigning permissions to roles (e.g., Data Processor, Auditor).
• Attribute-based access control (ABAC): Policies based on user/data attributes (e.g., data category, purpose).
• Secure function modifiers: Using require statements to check msg.sender and consent status before executing data operations. A common vulnerability is missing or insufficient checks.

Blockchain provides a strong audit trail, but the contract must log events correctly for compliance (e.g., GDPR, CCPA). Essential practices:

• Emitting structured events for all consent actions (ConsentGranted, ConsentRevoked, DataAccessed).
• Including metadata: Timestamp, data subject identifier, purpose of processing, and data controller address.
• Ensuring non-repudiation: The cryptographic proof in the transaction provides undeniable evidence of who granted or revoked consent.

Privacy regulations and business needs evolve, requiring contract updates without violating existing user consent. Secure patterns include:

• Transparent Proxy Pattern: Logic can be upgraded while preserving the storage layer holding consent states.
• Consent Re-prompting: Major policy changes should trigger a mechanism requiring users to provide fresh, informed consent.
• Versioning: Storing a consent agreement version ID to link grants to a specific, immutable policy text stored on IPFS or similar.

In public mempools, consent transactions are visible before confirmation, creating risks:

• Consent Sniffing: Observing a user's consent transaction could reveal their associations or intentions.
• Malicious Front-Running: A bot could see a consent grant and immediately submit its own transaction to exploit the newly permitted data access.
• Mitigations: Using private transaction relays (e.g., Flashbots Protect) or commit-reveal schemes to submit consent actions without exposing intent.

The technical foundation for consent. These are on-chain rules that define who can perform what actions on a smart contract. Key patterns include:

• Ownable: A single-owner model for administrative control.
• Role-Based Access Control (RBAC): Granular permissions assigned to different user roles (e.g., admin, data subject, processor).
• Attribute-Based Access Control (ABAC): Decisions based on user attributes (e.g., holding a specific NFT, being over 18).

Key Ethereum standards for decentralized identity and verifiable claims, which are prerequisites for portable consent.

• ERC-725 (Identity): A smart contract-based account that can hold keys and claims.
• ERC-735 (Claim Holder): A standard for adding, removing, and holding verifiable claims (attestations) about the identity. Together, they allow a user to own their consent receipts and permissions as portable assets.

A W3C standard for tamper-evident credentials that can be cryptographically verified. In consent systems:

• A user's consent preference (e.g., "Opt-in to marketing") can be issued as a Verifiable Credential.
• The smart contract acts as a verifier, checking the VC's validity and signature before granting access to data or services.
• This decouples the issuance of consent from its verification.

Cryptography that enables privacy-preserving consent verification. A user can prove they have given valid consent (or meet certain criteria) without revealing the underlying data.

• Example: Proving you are over 18 without revealing your birth date.
• Example: Proving you hold a valid "consent token" without revealing your wallet address. This allows for compliance (like GDPR) while maximizing user privacy.

Services that bridge off-chain data and events to the blockchain. They are critical for connecting consent management to real-world legal and system events.

• An oracle can feed a smart contract with data subject deletion requests from an off-chain privacy portal.
• It can provide regulatory status updates (e.g., a change in data protection law) that trigger contract logic.
• Oracles enable conditional consent based on external states.

A common implementation pattern where access to a resource is contingent on holding a specific token. This token can represent a consent grant.

• A user grants consent and receives a non-transferable Consent NFT or Soulbound Token (SBT).
• A downstream service's smart contract checks for the presence of this token before allowing data processing or entry.
• Revoking consent typically involves burning or invalidating the token.