Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A sub-group project has been the lifecycle of consent RFC work, the aim of this work has been to develop digital ledger consent specification for the new Notice and Consent State specification with ISO 29184 and the Consent Record . 

The proposal to work in collaboration on this between communities requires careful consideration of the governance structure for the consent work.  

For this work to remain open, and to be in compliance with the ISO legal standards for EEMA/National Legal Implementation of the OECD Guidelines for the Transboarder Flows of Personal Information under the Council of Europes Convention 108 +.  

Due to the multi-community nature of the Notice & Consent work, there are active inputs from multiple communities of interest which require a clear separation of powers between the various parties and the governance ecosystems this work pertains too.

For example;

...

.

...

  • Hyperledger Consent Lifecycle Project has 

...

  • exploring the work continuing in the newly setup ToiP governance

...

  • community, in which

...

  •  Digital Ledger Consent technology

...

  • might be suited.
  • Key elements for

...

  • Separation of Powers

...

  • an independent group of framework operators associations, framework implementors and presentatives 
  • produces the conformance profile in accordance with - and - as required by the legal standards committees

...

  • should be considered by the parties, these can include; 
    • Kantara Requirements: 
      • Review by LC and perhaps Kantara ISO - BOT Liaison Committee

...

    •  
    •  what ever approach for separation of powers is taken, it should be flexible so that future SDO's

...

    • , industry and trade associations, or standards and blockchain communities can feel comfortable with the approach chosen
    • that the Notice&Consent group is scoped to focus on the legal requirements and agnostic to specific group or community requirements   
      • legal meaning the OECD Guideline, EU Convention 108 +, ISO 29184 ( and ISO/IEC 27560 Privacy technologies: Consent record information structure) 
        for international conformance with national and regional privacy laws

References

  • the OASIS - COEL standard is an adopter of the Consent Receipt v1.1 and has provided  requirements back to this effort, after adoption the CR V1.1 works.  This Feed back is directed at section  pages 72 & 73: http://docs.oasis-open.org/coel/COEL/v1.0/cs02/COEL-v1.0-cs02.pdf 
  • This section provides a requirement for separation of concerns, and provide some insight into this process. 
  • In addition, the OASIS-COEL Specification is under RF-RAND - in order to be compatible with the IPR governance if they were to be require to interoperate with the IPR of the Consent Receipt v1.1 which is written under a very similar RF-RAND IPR,


Suggested requirements - To this end, after a review, a simple path forward is to agree for the separation of the consent work, and the integrity of its conformance be maintained by the ISI-Kantara Notice  & Consent project membership, that the use of the multi-community developed Consent for DPV and ISO be accompanied by a reciprocal and proportional process for  fair and equal use be all parties. And, that it be done so in accordance with the ISO 29184 and the ISO/IEC 27560 Privacy technologies: Consent record information structure.

  • agree to work on and use the Kantara ISI fields for ISO, 
  • contribute - the work - schema and inputs for these fields back to the N&C 
  • don't hinder others from using it -