---
title: How consents are enforced
description: The Consent API can be used as a data source for making access control decisions and enforcing the user's consent.
component: pingdirectory
version: 11.0
page_id: pingdirectory:consent_solution_guide:pd_cs_how_consents_enforced
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/consent_solution_guide/pd_cs_how_consents_enforced.html
revdate: September 13, 2023
---

# How consents are enforced

The Consent API can be used as a data source for making access control decisions and enforcing the user's consent.

If a data usage scenario requires consent, then the application or service can't process or access the data unless the user has provided consent. The entity that performs this consent check can be the application itself or some other service.

To perform a consent check, the Consent API client tries to correlate a data access request type with a consent definition. For example, if a web application needs to collect a user's browsing behavior, it can use the `browsing-behavior` consent definition. In this data collection scenario, the application searches the Consent API and checks the an existing consent grant for a consent record that matches the user and the `browsing-behavior` consent definition. If a match is found, then the application proceeds. If a match is not found, the application must collect consent from the user.