# 3 Terminology We recognise there are common terms across all ID related Building Blocks (Identity, E-Signature, Consent, Wallet). We define these [here](https://app.gitbook.com/s/cuIQsUm31pRS11jL4LMg/3-terminology/id-related-bb-common-terminology). In addition the following terms are specific to the Consent Building Block. ### Configuration Technical implementation of all the content and process conditions as defined by the [Data Policy](#data-policy) for [Consent Agreement](#consent-agreement) creation, reading, updating and deletion, as well as for providing all necessary actors with the required operations ### Consent Agreement The agreement to be signed by the [Individual](#individual) and the Data Controller as prescribed by [Data Policy](#data-policy), based on which the Data Providing System may transmit the data to the Data Consuming System for the purposes described in the Consent Agreement. ### Consent Record The Consent Record created when an [individual](#individual) signs a [consent agreement](#consent-agreement). It represents a signed consent agreement. ### Consent Reference A unique identifier used to locate and verify the validity of the [Consent Agreement](#consent-agreement). ### Data Providers A legal entity that stores and provides access to an [Individual'](#individual)s data, which requires the Individual's consent for processing (outside of its primary purpose/location). ### Data Consumers A legal entity that requires the [Individual](#individual)'s data from the [Data Providers](#data-providers) according to the consent of the Individual. ### Data Disclosure Agreements (DDAs) A Data Disclosure Agreement (DDA) exists between two organisations where one organisation acts as a [Data Provider](#data-providers) and the other as a [Data Consumer](#data-consumers). The DDA captures how data is shared between the two organisations and what role and obligation each party has. ### Data Policy Is a formal description of the purpose, nature and extent of consent-based [Personal Data](#personal-data) processing, covering the configuration needs by Data Providing System and Data Consuming System and the conditions defined by law. ### Data Processing Auditor Is an legal entity (a person or an organisation) verifying the legitimacy of [Personal Data](#personal-data) processing by Data Controllers and Data Processors based on the Data Policies and performed tasks. The entity is not to be confused with a data policy auditor that is independent of the actors involved in the operations of consent management and can engage directly with the Consent BB service operator. ### Delegate The person giving consent (signing [Consent Agreement](#consent-agreement)); on behalf of the [Individual](#individual), ### Individual Is a person about whom the [Personal Data](#personal-data) is stored in an information system (a.k.a. “Data Subject”) and who agrees or not with the use of this data outside of its primary purpose/location ### Legal Entity {% hint style="info" %} See [this entry](https://app.gitbook.com/s/cuIQsUm31pRS11jL4LMg/3-terminology/id-related-bb-common-terminology#legal-entity), and related terminology in the **ID Common Terminology** reference. {% endhint %} ### Personal Data Is any information that (a) can be used to identify the [Individual](#individual) to whom such information relates, or (b) is or might be directly or indirectly linked to the Individual ([ISO(IEC 29100:2024)](https://www.iso.org/standard/85938.html)) {% hint style="info" %} please also see common definition of [Personally Identifiable Information (PII)](https://app.gitbook.com/s/cuIQsUm31pRS11jL4LMg/3-terminology/id-related-bb-common-terminology#pii-personally-identifiable-information) {% endhint %} ### Regulations Are broadly defined as rules followed by any system: could be laws, bylaws, ​norms or architectures that​ regulate a given system. The term and definition is inspired by [Lessig’s modalities of regulation](https://lessig.org/images/resources/1999-Code.pdf).