I have reviewed the format with the consent experts and taken some data protection legal advice.

The ExpiryDate approach is not ideal as this not a concept fixed in law. For one-time data collections the consent normally expires once the retention period from point of consent provision has elapsed. For on-going collection the retention period starts at the point of collection. The recommendation is to split this field into the date of original consent provision and the retention period - this allows Service Providers to use their judgement on when the consent has expired.

The Kantara Consent Receipt is still in draft. I suggest we add the purpose list (with a reference) to our document so that it easier to find in the interim.