Modeling and reasoning about privacy-consent requirements