...
- Extend with Legal justification to specify purpose for a service
- Specifying the Legal Justification for data processing in a notificationnotification
- Specifying Data Categories
- Specifying Data Treatment
- Specifying Security
V 1.2.3 : Rights Access & Automation
V 1.2.4 : Consent Validation - The Life cycle of a consent
- Active State of Consent Validation
- identity governance controls and scope
- Consent Grant for Identity GovernanceProtocol Governance
- Scope of a Consent Grant Represented in the User Managed Access Protocol
- use of consent gateway for consent grant validation
- Scope of a Consent Grant Represented in the User Managed Access Protocol
Protocol Scope Use Cases
UMA
SAML / eIDAS
- FAPI
- GNAP
V 1..2.5 :
- Privacy as Expected - Part 3: the human interaction point - in which Consent by Design - operational conformance - standardizing signalling - UI interaction point conformance - proof of notice being provided/read is captured and a Consent Notice Receipt is generated.
...
- and transparency/accountability assurance
- 29184 notice controls and consent structure
V 1.2.6 Data Governance Interoperability
- Privacy Framework for Gov interop for Security/Surveillance, Evidence and Policing
- protocol into across SAML / eIDAS
- with UMA we could do SAML /eIDAS
...
- Re-Issuing Identity Credentials with a native and local identity service - rather than exporting a federation into foreign governance models (e.g. Contracts / T&C's)
- Transparency Assurance
V 1.2.6 Topics Raised to be Reviewed / Refined and Addressed in Roadmap to V2
- Delegation
- Jurisdiction (physical location proof)
- Consent Types Defined in v1.2
- explicit
- implied
- directed
- altruistic
WKD ISSUES
The CR v1,1 as published known challenges have been addressed and are specified here in the v1.2 update.
- See V1.1 Update https://kantarainitiative.org/confluence/x/VYSVC
- V1.1 (2017) addressed with GDPR and then adopted to ISO
- V1.1 completed with comments to ISO
- delegation
- Jurisdiction
- PII categories
CR v1,.2 Format Structure and fieildsand fields
- Notice field object
- Location & Time
- Location – twin -
- Physical Device -
- PII Controller object
- Jurisdictions,
- Link to physical notice
- Extend it (Legal Justification)
- Privacy Stakeholders
- Categories of controllers
- Consent Purpose Specification (v.1.1)
- Purpose Category
- Purpose Descriptions
- Purpose Sensitive Categories of Data
- Sensitive data category
- Personal Data Category
- Personal Data Types/attributes etc
- Personal Data Processing Treatment
- Storage
- Security (cert/sighed key)
- Extensions –Requirements (according to Context)
...