Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

WG NAME (and any acronym or abbreviation of the name):

The WG name, acronym and abbreviation must not include trademarks not owned by the Organization, or content that is infringing, harmful, or inappropriate.

Consent Management Solutions WG (Consent Management WG)

PURPOSE:

Please provide a clear statement of purpose and justification why the proposed WG is necessary.

Consent Management Solutions are used to manage the full lifecycle of an individual’s consent for the processing of their personal data. That consent needs to be: freely given, specific, informed and unambiguous.
The purpose of the Consent Management Solutions WG is to produce a series of Recommendations and Technical Specifications. The Consent Management Solutions WG will gather best current practices from organizations that have implemented consent management solutions; to gather requirements from jurisdictional regulations related to consent management; to develop consensus requirements based on the best current practices to enable businesses to implement best practice, and to support the establishment of a Kantara conformity assessment scheme leading towards supplier declaration or certification against the requirements.

Due to impending deadlines for GDPR, PSD2 and other existing regulations in multiple jurisdictions, there is a market need for guidance and possibly product/service certification for compliant consent management solutions.

SCOPE:

Explain the scope and definition of the planned work.

The initial scope of the WG is:

  • to collect documented current practices for management of privacy notice and

    consent from many sources;

  • to collect requirements from regulations in many jurisdictions;

to publish a Kantara Recommendation “Consent Management Solutions – Best Current Practices” which is to contain consensus best current practices as derived from the sources;

Once the initial scope is complete, additional publications will be scoped for production.

DRAFT TECHNICAL SPECIFICATIONS:

List Working Titles of draft Technical Specifications to be produced (if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership.

None planned in initial scope of the WG.

OTHER DRAFT RECOMMENDATIONS:

Other Draft Recommendations and projected completion dates for submission for All Member Ballot.

“Consent Management Solutions – Best Current Practices” anticipated ready for Ballot four months after WG launch.

LEADERSHIP:

Proposed WG Chair and Editor(s) (if any) subject to confirmation by a vote of the WG Participants.

Chair: Corné van Rooij, iWelcome Vice-Chair: Julian Ranger, digi.me Secretary: Andrew Hughes, ITIM Consulting Editor: TBD

AUDIENCE:

Anticipated audience or users of the work.

Organizations that collect personal information using individual consent for processing

  • Identity providers and credential providers; Customer Information and Access Management (CIAM) providers

  • Organizations in the ConsentTech, myData, “Internet of Me” spaces

  • Privacy and Information Commissioners, Regulators

  • Consent Management platform providers


DURATION:

Objective criteria for determining when the work of the WG has been completed (or a statement that the WG is intended to be a standing WG to address work that is expected to be ongoing).


  • The WG will operate long enough to publish v1.0 and v1.1 of the Best Current Practices publication; no less than 12 months.

  • Once additional publications are identified, the WG participants may choose to extend the WG duration.


IPR POLICY:

The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara Initiative IPR Policy - Option Non-Assertion Covenant

RELATED WORK AND LIAISONS:

Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.


  • Kantara Consent & Information Sharing WG

    • Consent Receipt Specification v1.0 and v1.1

    • (Draft) How to specify Purpose and Purpose Categories

  • Kantara UMA WG

    • UMA 2.0 Grant for OAuth 2.0 Authorization

    • Federated Authorization for UMA 2.0

  • IEC/ISO SC 27 WG 5 “Identity management and privacy technologies”

    • ISO/IEC 29100 “Privacy framework"

    • ISO/IEC AWI 29184 “Guidelines for online privacy notices and consent” (draft)

      General Data Protection Regulation

  • Article 29 Working Party: Guidance

  • Office of the UK Information Commissioner: Guidance

  • Office of the Privacy Commissioner of Canada: Guidance

  • NIST

    • Internal Report 8112: Attribute Metadata


CONTRIBUTIONS (optional): 

A list of contributions that the proposers anticipate will be made to the WG.


  • To be confirmed

PROPOSERS:

Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members - current members list

Corné van Rooij, iWelcome, corne.van.rooij@iwelcome.com
Julian Ranger, digi.me, julian@digi.me
Andrew Hughes, Individual, AndrewHughes3000@gmail.com