Consent signal

Privacy governance depends on the ability to translate human preferences into system behavior. A consent signal is the technical mechanism by which that translation occurs: a structured, machine-readable piece of data that tells downstream systems whether a specific individual's data may be used for a specific purpose.

Consent signals come in multiple forms:

  • Browser-level signals like the Global Privacy Control (GPC), transmitted via HTTP headers.
  • Platform-specific signals like Facebook's Limited Data Use flag or Google Consent Mode, transmitted through advertising technology APIs.
  • Internal consent signals stored in a consent management platform and propagated to enterprise systems through data pipelines and integrations.

The challenge is standardization and reliability: different systems expect different signal formats, and many systems have no native mechanism to receive and act on consent signals at all. A system-level enforcement approach, where consent signals are applied at the data layer before data reaches any vendor, is architecturally more reliable than trusting that each recipient will honor the signals correctly.