...
- User use cases that result in the issuance of a CR (eg the user enters some data with suitable privacy labels, at the end of the session a CR is issued.)
- How will the user interpret a CR (eg this CR will relate to the named data categories and data sinks for a stated period of time, or until revoked)
- How does the user find sources of data about him that he does not generate (eg medical lab results) and are they subject to the issuance of a CR
- List of issues that impact the user experience or understanding
- What is the scope of a CR (eg the CR relates to a user, a data source and a (perhaps potential) data sink.
- How does a web site policy get represented to the user and tracked (eg the privacy policy is indicated by a DOI and hash of the document)
- How does the user's acceptance of the web site policy (or other stipulation) get recorded and is it considered non-reputable (eg good legal evidence)
- How does the user understand the data categories (ie what actual data is included in each category}