Open Data Infrastructure

Data Modeling for Consent-Aware Agents

How consent-aware agents need models for consent, purpose, permission, revocation, subject identity, and evidence confidence.

A consent-aware agent cannot treat consent as a column named consent.

Consent is a relationship, not a flag

Agents that use personal data need to understand more than whether a record exists. They need to know who the subject is, what consent was granted, for which purpose, under which policy, for which time window, and how revocation changes the allowed use.

That is a modeling problem before it is an AI problem. A single boolean cannot carry purpose, scope, source, confidence, jurisdiction, revocation, and downstream use constraints.

The model needs explicit entities

A practical consent-aware model separates subject identity, consent record, permission, purpose, data product, processing activity, policy decision, revocation event, and evidence confidence. Those entities let the agent ask narrower questions.

The model should also preserve uncertainty. Identity matches can be probabilistic. Consent source systems can disagree. Policies can change. An agent should not receive a clean yes when the evidence says review needed.

Core idea: consent-aware data modeling gives agents bounded permission instead of vibes.

The ODI pattern keeps consent portable

Open Data Infrastructure matters because consent and purpose constraints should survive movement across tools. If the warehouse, catalog, vector index, and agent runtime each invent their own consent model, governance becomes translation by hope.

For adjacent context, read identity resolution for agentic systems, event-sourced agent workflows, and context graphs for policy simulation.

What breaks first

  • Consent is modeled as a current-state field without revocation history.
  • Purpose limitation lives in policy text but not in queryable metadata.
  • Subject identity resolution hides confidence scores from the agent.
  • Derived context keeps personal data after source consent changes.

Questions to ask

Ask which entity represents consent, which represents purpose, which represents revocation, and which represents evidence confidence. Ask whether the agent can distinguish allowed use from unknown use.

Sources to start with

These primary sources anchor the technical claims in this guide.

Consent-aware agents start with consent-aware models.

ODI hub Article library Use the scorecard Identity resolution Event-sourced workflows Policy simulation
Get started with Apache Iceberg, today! Want to learn more? Visit https://www.opendatainfrastructure.com/