[notclive]

What does proof look like?

On past projects we've recorded the time the user submitted a from (with a checked consent checkbox), but this doens't feel like rigorous proof.

[dpkirchner]

A scanned signature would work, I think, on a form mailed in by the user. The form would need to be clearly identified as coming from the data broker but could be provided by the company ultimately seeking your data.