Buyer Consent Extension
Buyer Consent Extension
Section titled “Buyer Consent Extension”Overview
Section titled “Overview”The Buyer Consent extension enables platforms to transmit buyer consent choices to businesses regarding data usage and communication preferences. It allows buyers to communicate their consent status for various categories, such as analytics, marketing, and data sales, helping businesses comply with privacy regulations like CCPA and GDPR.
When this extension is supported, the buyer object in checkout is extended
with a consent field containing boolean consent states.
This extension can be included in create_checkout and update_checkout
operations.
Discovery
Section titled “Discovery”Businesses advertise consent support in their profile:
{ "capabilities": { "dev.ucp.shopping.buyer_consent": [ { "version": "2026-01-11", "extends": "dev.ucp.shopping.checkout" } ] }}Schema Composition
Section titled “Schema Composition”The consent extension extends the buyer object within checkout:
- Base schema extended:
checkoutviabuyerobject - Path:
checkout.buyer.consent - Schema reference:
buyer_consent.json
Schema Definition
Section titled “Schema Definition”Consent Object
Section titled “Consent Object”The consent object contains boolean fields for each consent category:
| Field | Type | Description |
|---|---|---|
analytics | boolean | Consent for analytics data collection |
preferences | boolean | Consent for storing user preferences |
marketing | boolean | Consent for marketing communications |
sale_of_data | boolean | Consent for sale of personal data to third parties |
The platform includes consent within the buyer object in checkout operations:
Example: Create Checkout with Consent
Section titled “Example: Create Checkout with Consent”POST /checkouts
{ "line_items": [ { "item": { "id": "prod_123", "title": "Blue T-Shirt", "price": 1999 }, "id": "li_1", "quantity": 1 } ], "buyer": { "email": "jane.doe@example.com", "first_name": "Jane", "last_name": "Doe", "consent": { "analytics": true, "preferences": true, "marketing": false, "sale_of_data": false } }}Example: Checkout Response with Consent
Section titled “Example: Checkout Response with Consent”{ "id": "checkout_456", "status": "ready_for_payment", "currency": "USD", "buyer": { "email": "jane.doe@example.com", "first_name": "Jane", "last_name": "Doe", "consent": { "analytics": true, "preferences": true, "marketing": false, "sale_of_data": false } }, "line_items": [...], "totals": [...], "links": [ { "type": "privacy_policy", "url": "https://example.com/privacy" } ]}Security & Privacy Considerations
Section titled “Security & Privacy Considerations”- Consent is declarative - The protocol communicates consent, it does not enforce it
- Legal compliance remains the business’s responsibility
- Platforms should not assume consent without explicit user action
- Default behavior when consent is not provided is business-specific