What Comes After CCPA? A Universal Standard for Digital Consent
By Lisa Moynihan, Head of Operations & Communications, DCID DAO Foundation
The California Consumer Privacy Act (CCPA) was a major milestone in American data protection—but it’s not the destination.
While CCPA granted consumers rights to access and delete their data, it wasn’t built for our fast-moving, interconnected digital world. That’s why we need something more comprehensive: a user-first, programmable, and globally portable framework for consent and identity.
CCPA: A Milestone, Not an Endpoint
The CCPA introduced important protections—transparency, opt-outs, and data deletion. However, its structure falls short in the face of dynamic data flows. There’s no mechanism for real-time revocation, no portability across services, and a heavy focus on static disclosures rather than active control. These features limit user agency and leave significant gaps in data protection.
As different states—California, Virginia, Colorado—enact their own privacy laws, the regulatory landscape becomes fragmented and confusing. For both users and companies, patchwork regulations create burdens and uncertainty. What’s needed isn’t yet another law—it’s a national, or even global, standard that centers individuals and simplifies governance.
Toward a Universal Consent Standard
Imagine a digital future where consent isn’t just a legal formality, but a living agreement—transparent, revocable, and respected across every app, website, and platform. A universal consent framework would allow individuals to manage their data access the same way they manage a digital wallet: in real time, with full visibility and control.
DCID—the Digital Consent Identity standard—was developed to meet this challenge. Like how TCP/IP standardized the internet’s foundational language, DCID aims to standardize how users grant, revoke, and manage consent across ecosystems. It is not another regulatory policy—it’s infrastructure.
What Makes DCID Different
The DCID standard, governed by the DCID DAO Foundation, introduces a modern, decentralized framework for digital identity and consent. It connects users with self-sovereign identity and empowers them to manage permissions dynamically—no more one-time pop-ups or buried opt-out links. Consent becomes portable, programmable, and enforceable by design, traveling with the user across digital environments and adjusting based on time, context, or intent.
Unlike existing frameworks, which tie consent to a single moment or session, DCID recognizes that data relationships are ongoing. A user can share health data with a provider for 30 days, revoke access instantly, or change consent terms based on new conditions. The system adapts to the reality of how people interact online—and puts the individual, not the platform, in charge.
Redefining Digital Trust
As the tech press aptly noted, we don’t need more cookie banners—we need consent that understands context. That insight captures the frustration many feel about the state of online privacy today. Consent has become something people mindlessly click through, not something they truly control. But what if we turned that frustration into progress?
CCPA showed us what’s possible. DCID shows us what’s next. This shift is not about abandoning regulation—it’s about upgrading it. A universal standard means people in every state, and eventually every country, can trust that their data rights are consistent, enforceable, and respected.
Privacy shouldn’t depend on what state you live in. When users cross state lines, their rights shouldn’t disappear. And when companies operate globally, they shouldn’t face dozens of conflicting compliance regimes. A standard like DCID simplifies the complexity by offering one clear, open-source framework that benefits everyone.
And finally, a true consent standard must move with the user—not stay buried in policy. That’s what makes DCID more than a legal tool—it’s a user experience revolution.
A Consent Layer Built for Everyone
For users, DCID represents digital property rights—giving them full ownership of their identity and control over their data. For enterprises, it provides a scalable, transparent way to align with user expectations and build long-term trust. And for regulators, it offers a harmonized framework that removes ambiguity and increases enforceability.
This isn’t about tearing down what CCPA and GDPR created—it’s about building the next logical layer. Consent should be actionable, programmable, and respected everywhere. DCID makes that possible.
The internet no longer needs more rules layered on outdated models. It needs a new foundation—one built with the user at the center, identity as infrastructure, and consent as a living function of digital life.
About the Author
Lisa Moynihan is the Head of Operations & Communications at the DCID DAO Foundation, steering the governance and global outreach of the Digital Consent Identity standard. She brings a deep focus on privacy innovation, regulatory strategy, and building a more user-centric internet.
Media Inquiries
For interviews, commentary, or speaking opportunities, please contact Lisa at
Lisa@dcidfoundation.org.
