Sensitive personal information of individuals and non-personal information of organizations or communities often needs to be legitimately exchanged among different stakeholders, to provide services, maintain public health, law and order, and so on. While such exchanges are necessary, they also impose enormous privacy and security challenges. Data protection laws like GDPR for personal data and Indian Non-personal data protection draft specify conditions and the \textit{legal capacity} in which personal and non-personal information can be solicited and disseminated further. But there is a dearth of formalisms for specifying legal capacities and jurisdictional boundaries, so that open-ended exchange of such data can be implemented. This paper proposes an extensible framework for consent management in Data Trusts in which data can flow across a network through "role tunnels" established based on corresponding legal capacities.

翻译：敏感的个人信息以及组织或社区的非个人信息，往往需要在不同利益相关者之间合法交换，以提供服务、维护公共卫生、法律秩序等。尽管此类交换是必要的，但也带来了巨大的隐私和安全挑战。诸如《通用数据保护条例》（GDPR）等个人数据保护法以及印度非个人数据保护草案，规定了个人和非个人信息的征集与进一步传播的条件及法律能力。然而，目前缺乏用于指定法律能力和管辖边界的形式化方法，以实现此类数据的开放性交换。本文提出了一种面向数据信托的可扩展同意管理框架，在该框架中，数据可通过基于相应法律能力建立的"角色隧道"在网络中流动。