...
- The user must review and authorize the release of any data before it is transmitted to the relying party.
- Only the subset of the mDL data requested by the relying party is shared. If a relying party only needs your date of birth, your address will not be shared even though it is part of your mDL data.
- The user must have an assurance that they are releasing the data to the intended relying party behind the identity reader.
- The relying party must be honest about their intent to retain flag per data element.
- The relying party must maintain an identity specific data use policy that clearly indicates what data is being requested, and why it's being requested.
- If the relying party intends on retaining any specific identity data, the relying party must indicate in the data use policy why it's being requested, why it's being stored and for how long it will be stored.
- The relying party must adhere to the ISO18013-5 mDL standard in order to properly interface with the mobile devices.
Loremipsum |
---|
FIC Recommendations: Relying Party Handling of Transaction Data
...