Cyber-physical systems (CPS) are characterised by integrating physical and computational components, which use embedded systems and internetwork connectivity. These systems operate in real-time, facilitating interaction and control of physical elements to address problem-solving scenarios. Cyber-physical systems

(CPS) operate in digital and physical realms, so their actions, such as those in smart homes or medical devices, can significantly affect individuals’ privacy. For instance, they may automatically adjust home settings based on user behaviour or monitor vital signs in real-time. Consequently, CPS can potentially infringe upon an individual’s private spaces, such as homes, personal vehicles, or workplaces, through pervasive sensing and actuation, thereby constraining personal autonomy. As they increasingly permeate our daily lives, empowering individuals to manage their data privacy and safeguarding against potential threats becomes paramount. This article introduces a novel Privacy Consent Management Architecture (PCMA) to address these concerns. We discuss the architecture’s components, functionality, and benefits, demonstrating its effectiveness in safeguarding privacy and security in CPS. The PCMA is a symmetric system that allows transaction parties to balance the sharing of privacy data and benefits of the transaction to the privacy data owner through a policy-based negotiating framework. The enforcement of privacy data consent enables users to manage their privacy data actively and, importantly, fosters trust, a critical factor in complex CPS environments. The PCMA introduces a dynamic architecture for privacy management, offering the potential to manage and strengthen privacy and security in CPS environments, giving hope for a more secure future.