Stop Consent Laundering, stop secret surveillance, petition for a profile to update standard to Digital Consent 27560

<aside> <img src="notion://custom_emoji/a9e82583-b24a-4a1a-acd2-b871fcb71bd8/30835fe7-dd4a-8027-91ed-007a74611308" alt="notion://custom_emoji/a9e82583-b24a-4a1a-acd2-b871fcb71bd8/30835fe7-dd4a-8027-91ed-007a74611308" width="40px" />

DPV:27560 guidance can be interpreted to launder surveillance-by-default as "consent evidence".

This campaign asks maintainers and implementers to adopt notice-first, authority-scoped guidance so "consent evidence" can’t be manufactured after tracking has already started. (to enable global privacy rights controls)

Sign the Petition

Read first: Jump to the minimum requirements

</aside>

DPV_27560___Surveillance_Receipt_Risks-060326.pdf

What’s happening (in plain language)

The solution model to address surveillance capitalism, putting humans in control of digital surveillance is being blocked and

A "consent receipt" is supposed to be evidence that meaningful choice happened before identification and surveillance. It is a record a human control.

But DPV:27560 guidance (and 27560) is instead defined to be interpreted in a way that is digital- identifier-first, controller-side processing records to be represented as "consent evidence" (or "privacy receipts") after tracking has already begun.

Stop DPV;27560 normalizing surveillance-by-default and weakens provable accountability.

What we’re asking for: notice-first sequencing, authority constraints, no identifier-first defaults, third-party constraints, and tamper-evident reciprocity.

That is not digital consent. It is post-hoc record-keeping that manufactures the appearance of consent.

Why this matters (safety, security, privacy)

Safety

• People are pushed into surveillance environments with reduced ability to understand, refuse, or withdraw.

Security

• If evidence ordering is not provable, "consent evidence" becomes a tamperable narrative surface.

Privacy

• Third-party identifiers inside the record are linability amplifiers that scale cross-context surveillance.

What we are asking for (minimum requirements)

We are asking DPV maintainers and implementers to adopt guidance that prevents consent evidence laundering.

1. Notice-first sequencing: anything represented as consent evidence must prove notice occurred before identifier binding and before dpv:Collect / dpv:Use.

   Plain language: you can’t call it consent evidence if tracking started first.

2. Authority + scope-of-authority: legal basis assertions must be constrained by jurisdiction + competence + constraints + oversight/remedy.

   Plain language: legal basis claims must be bounded by who can lawfully claim them, where, and under what controls.

3. No identifier-first headers by default: globally stable identifiers must not appear as privileged header elements unless necessity/proportionality and governance constraints are explicitly represented.

   Plain language: don’t bake cross-context likability into the default structure.

4. Third-party constraint: third parties and their identifiers must not appear without explicit disclosure, roles, and transfer context.

   Plain language: no hidden parties and no silent identifier sharing.

5. Integrity + reciprocity: where consent is the legal basis, evidence should be tamper-evident and independently retainable by the individual.

   Plain language: consent evidence must be durable, verifiable, and not controller-editable.

Sign the petition

Primary action: fill out the form below to add your signature supporting a DPV-aligned profile that preserves digital consent (PII Principal-controlled identifier binding + recipient choice).