Evolving regulations is enabling customers to have more control about the data that is shared with consumer sites and how that data is to be used. Unfortunately that imposes a lot of complex requirements for consumer sites to comply with such regulations. There is also a great deal of interaction required between the Chief Privacy/Compliance Officer and developers building consumer-facing applications, and it typically results in incorrect interpretation when the capability is written in the application. Traditional consent management constructs included on common single sign on protocols are not enough. The following is to present a model to manage privacy via purpose based consent management that can accommodate the evolution of the data usage and to silo the interactions between the CPO and the developer to let them do what they are best at.