How consents are enforced
The Consent API can be used as a data source for making access control decisions and enforcing the user’s consent.
If a data usage scenario requires consent, then the application or service can’t process or access the data unless the user has provided consent. The entity that performs this consent check can be the application itself or some other service.
To perform a consent check, the Consent API client tries to correlate a data access request type with a consent definition. For example, if a web application needs to collect a user’s browsing behavior, it can use the browsing-behavior
consent definition. In this data collection scenario, the application searches the Consent API and checks the an existing consent grant for a consent record that matches the user and the browsing-behavior
consent definition. If a match is found, then the application proceeds. If a match is not found, the application must collect consent from the user.