ISO/IEC 27560 W3C DPV 2.3 EUDI Wallet Ready

Privacy Processing Receipts

Moving beyond unreadable privacy policies. ISO/IEC 27560 defines structured, machine-readable PII Processing Records and Privacy Receipts — giving individuals real transparency about how their data is processed, with values powered by the W3C Data Privacy Vocabulary.

Why Privacy Receipts?

Privacy policies are generic documents written for everyone. A privacy receipt is a specific, personal record of your data processing — tied to a purpose, a lawful basis, and actionable rights.

Structured & Specific

Each receipt documents exactly what data is processed, why, by whom, and for how long — per purpose, per lawful basis.

Machine-Readable

Using W3C DPV vocabulary, receipts are interoperable across systems, enabling automated compliance checking and rights exercise.

Actionable Rights

Receipts include withdrawal methods, privacy choices, and authority contacts — empowering individuals to act, not just read.

Privacy Policy vs. Privacy Receipt

What you get today versus what ISO/IEC 27560 makes possible.

❌ Today's Privacy Policy
  • 📄 Generic document for all users
  • 🔍 Buried in legalese — average 4,000+ words
  • No link to YOUR specific data
  • 🚫 Not machine-readable
  • Changes silently, no versioning
  • Vague on rights exercise
We may collect, use, and share your personal information as described in this privacy policy. We collect information you provide directly, information collected automatically, and information from third parties. We use your information for providing and improving our services, for research and analytics, for marketing and advertising, for legal compliance, and for other purposes described in this policy. We may share your information with service providers, business partners, law enforcement, and other third parties as described herein. Your continued use of our services constitutes acceptance of these terms...
✅ ISO 27560 Privacy Receipt
  • 👤 Personal to YOU — tied to your PII principal ID
  • 🎯 Specific: one receipt per purpose + lawful basis
  • 📊 Structured fields with standardized DPV values
  • 🤖 Machine-readable — enables automated compliance
  • 📅 Versioned with event timeline (given → renewed → withdrawn)
  • 💪 Direct links to withdraw consent, exercise rights, file complaints
receipt_id: 7a2f...schema: v2.0
Purpose: Newsletter — Personalised Recommendations
Lawful Basis: dpv:Consent
Data: Email, Browsing Preferences
Retention: P2Y (2 years)
Withdraw: preferences.example.com/consent

Interactive Privacy Receipt Explorer

Select a EUDI Wallet scenario, then switch lawful bases to see how the receipt adapts. Hover over any field label for its ISO 27560 definition and DPV mapping.

Identity (PID)
Person Identification Data
Health (EAA)
Medical records
Education (EAA)
Diplomas & credentials
Payment
Financial transactions
LAWFUL BASIS:

Data Categories

Apple-style privacy labels — designed for mobile wallet screens

Event Timeline