Versions Compared

Old Version 52

changes.mady.by.user Mark Lizar (Unlicensed)

Saved on

compared with

New Version 53

changes.mady.by.user Mark Lizar (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Editors:

VersionStatusWriterEditorreviewer

v.01


XMark Lizar - ; Summary of IntentMary Hodder 
v.02X Mark Lizar & Mary Hodder Stakeholder Analysis  John Wunderlich
v.03 XJohn & Mark: Summary of Compliance ContentsMary Hodder 
v.04Current

Spec Outline: Mark Lizar

PDS Walkthrough: Markus Sabadello

Open Notice CR Demo: Mark Lizar


John Wunderlich  
v.05Next Edit   

Status

This draft version is currently 95% outlined and 85% drafted

Action Items

...

Related Documents:


 Example Links

Respect Network (RN) Technical Demo:

...

This is a specification to develop an open consent notice protocol for trusted services.  The specification combines legal, technical and social consent notice elements and records them in a transparent manner, which is called in this specification a consent receipt. The consent receipt demonstrates the technical aspects, the fields required for the Minimum Viable Consent Receipt (MVCR) represent the legal aspects, and the trusted services and the compliance scale represent the social aspects of this specifications. 

 

Specification by example (SBE) is a collaborative approach to defining requirements and business-oriented functional tests for software products based on capturing and illustrating requirements using realistic examples instead of abstract statements. It is applied in the context of agile software development methods, in particular behavior-driven development. This approach is particularly successful for managing requirements and functional tests on large-scale projects of significant domain and organisational complexity.[1] (https://en.wikipedia.org/wiki/Behavior-driven_development)

A key aspect of specification by example is creating a single source of truth about required changes from all perspectives. This latest version specification with this document title is the single source of truth. 

Objective

The aim of the specification is to increase usability and the legal compliance of consent.  This means that:

...

The Open Notice Initiative is an effort that calls for open consent (http://opennotice.org/callforcollaboration).   This has resulted in the development of this specification for a Minimum Viable Consent Receipt(MVCR).

Glossary 

  • Minimum Viable Consent Receipt(MVCR)A Consent Receipt - denotes a single record of consent and consent context at point of consent provision

  • Consent Receipt (CR) Data Subject(DS)

  • Data Controller(DC) 

  • Trusted Services; A provider of Trust/Privacy Icons, Standard Assurance,  Reputation Services, Trusted Network, Trusted Protocols, 

  • Minimum Viable Consent Receipt(MVCR)

    • Minimum: (in Minimum Viable Consent Receipt) means to only  include only the fundamental links needed to gain transparency and make further usable the consent receipt for consent and identity management. 

    • Viable: (in Minimum Viable Consent Receipt) refers to the utility of the receipt being transparent. (Note: wether the receipt is compliant legally is a secondary factor to producing a record of consent)

  • Data Subject(DS)

  • Data Controller(DC) 


Minimum Viable Consent Requirements

By its format and structure the MVCR is intended to provide the basic information to review further the compliance of policy for consent. The MVCR is a format for an organisation to link, capture and sign existing (The MVCR Consists of required fields that are used to  links consent centric notices to a single record for compliance review. The MVCR consists of the required-to-be open ) policy information for consent.  The receipt is intended to provide a structure that can be extended to capture  all the consent provided (multiple consent notice types e.g. cookie, terms, privacy policy) at the time of consent enabling the data controller to provide a compliance by default receipt.  (as seen in Walkthrough 1Example1: Personal Cloud Storage of Receipt

A usability of a minimum viable consent receipt can then further be extended with additional notice and consent requirements specific to data subject jurisdiction, data type, location of consent and additional stakeholder contexts. (see extensions) 

...

A MVCR with a complaint status will assure a basic level of general regulatory compliance with a much higher usability.  It will do this by being digitally represented, digitally accessible, providing at the minimum a clear way to find the Data Controller contact,  required address, and purpose(s) of consent as a standard format.  This format can then be audit for these data points at a glance, with one click access to all consent related policies by default. This can further be enhanced with organisation integrated trusted services (icons and links) to be added to the receipt.  These trusted services, for instance privacy icons or Terms of Service, are then used to further extend the usability and increase the control of consent and trust it provides. 

MVCR: Consent Notice

...

Fields

 Minimum: means to only  include only the fundamental links needed to gain transparency and make further usable the consent receipt for consent and identity management. 

Field NameDescriptionPurpose/ExplanationReason Why This Field is Required

Cloud Receipt Capture & Sign: Format example in (XDI)

Note: following lines all prepended with ([=]!:uuid:1111/[+]!:uuid:9999)

Data Subject

Name or pseudonym of the user at minimum,

Data Subject is primary party to consent

Is the consent contributor and primary party of the consent, (which is why this is the first field of the MVCR)

if not signed by Data Subject then its use post consent may be limited.

Data Subject: Alice [=]!:uuid:1111

Address (and jurisdiction) of Data Controller

Name of the entity issuing the receipt

Should be the entity/organization that is in control of the personal data and is responsible for consent compliance.Is the Data Controller and is the primary party responsible for administration of the consent

Data Controller: Amazon [+]!:uuid:9999

PurposeThe purposes for which the personal information is being collected.this is a single purpose at minimum linked to the short purpose notice, or policy of purpose.

A purpose notice is a basic and common legal requirement and functionally a requirement of consent.

[#receipt]!:uuid:1234[<#purpose>]<@0>&/&/"We need to process your payment."

[#receipt]!:uuid:1234[<#purpose>]<@1>&/&/"We  need your data to prevent fraud."

[#receipt]!:uuid:1234[<#purpose>]<@2>&/&/"We will advertise to you."

Location of Consent

The location of the consent provision. from which the consent receipt originates.(For example the web page with the consent button. )

This indicates the 'point of consent' - hopefully a button where the user clicked "I agree" or "I consent" (i.e. the biggest lie)

Can be a URI, URL, URN, 

This can also be a physical space where surveillance legal notice requirements exist (EU) - Global Positioning System (GPS)

 

[#receipt]!:uuid:1234<#location><$uri>&/&/"....." 

Sensitive Personal Data Flag (Y/N)Flag to categorise the information collected as sensitive or not (Y/N)Each jurisdiction has classifications of sensitive personal information: The generally include health, financial, Child Protection, Religious, Union categorisations

If Yes, then additional notice requirements are needed to confirm its compliance status.

If No, then the consent is automatically compliant

[#receipt]!:uuid:1234<#sensitive>&/&/true

Third Party Sharing

Flag whether data is shared with third parties. (Y/N)

If true, then compliance is dependent upon additional notice requirements not present in a MVCR. This can be addressed with the "Third Party Sharing" extension.

If Yes, then additional notice requirements are needed to confirm its compliance status.

If No, then the consent is automatically compliant

[#receipt]!:uuid:1234<#third><parties>&/&/true

TimestampWhen consent was obtainedTo record when the user, either by implication or explicity, granted consent for the purposes described. [#receipt]!:uuid:1234<$t>&/&/"2014-07-13T21:32:52"
Privacy PolicyThe issuing entity's privacy policy (either inline copy, or reference to URI)If not available, should provide a notice that it is missingIs the minmum Policy (or short notice) Needed to create a consent receipt.

[#receipt]!:uuid:1234<#privacy><#policy>&/&/"copy of privacy policy here"

or

 

[#receipt]!:uuid:1234<#privacy><#policy><$uri>&/&/"https://..."

     
ContextFlag wether the Operational Requirements are present or not. (Y/N/Unknown)For the presentation of consent there are contextual and prescriptive requirements in legislation, a check list of these elements is being crated in this draft below. (this list is living draft )

Consent has contextual compliance requirements for the notice to be sufficent. These depend on the location of the consent and data subject.

An organisation can agree to add address this list when implementing the consent receipt.

 

...

Amazon Respect Use Case: With the Respect Network and Open Notice
(Note: Amazon Respect is a Fictitious organisation used here only as an example) 

(http://open-notice.github.io/consent-receipt/amazon-mock/signup.html)

Implementation of consent receipt which is signed & created by a DC and stored in a personal Cloud. 

...

 

Each field on the MVCR contains legal notice requirements, each of these components are listed in and the presence of these are counted and a flag is added to record if any of these self asserted claims have been disputed and not resolved.  

 

The MVCR has a maximum rating of compliant.   Additional Ratings are possible with extensions. 

 

Notice Compliance Checklist

Non Compliant

Partially Compliant

Compliant

Above Compliant

TrustedUser Managed

Contact of DC

 

 

X

 

  

Address of DC

 

X

 

 

  

Purpose(s)

 

X

 

 

  

Sensitive Data (If NO)

 

 

X

 

  

Share with 3rd Party (If No)

 

 

X

 

  
Any of the above self asserted is
Disputed or un verifiable (Y/N Flag) (If No)
( if Yes and unresolved = Non-Compliant)		  X   
 

 

MVCR Compliance Scale

 

 

 

 

Summary of Benefits to MVCR

  1. Transparency: The MVCR receipt is a common format for the legally required  policies which provide notice.   links to all notices and demonstrate a much higher level of minimum viable notice (for consent) legal compliance.  This standard is intended to augment the existing legal notice and consent infrastructures that is already in place and reward greater transparency of consent. .  
  2. Extensible: The MVCR Spec is intended to be easily extensible and auditable, with a jurisdicitional legal compliance audit built in for making transparent legal context and controls of a consent transaction.  Meaning that consent legal notice requirements are different by jurisdictions, industry, for various sensitive data types, for sharing to 3rd parties, tracking (cookie consents), in additional to personal and contextual consent preferences of the individual.  Extensions are notice requirements layered onto this MVCR format to meet and match legal requirements and trust frameworks to address cross jurisdictional management of consent.
  3. Trusted Services Vehicle: A receipt passed to the service user at time of consent provides a legal trust framework to build upon.  As a result it is  the MVCR  is intended as a vehicle for delivering trusted services to the individual. A stakeholder can utilise trust services, which are then linked to the receipt, which further extend the compliance and "fast track" usability of consent and identity management by using a spec compliant receipt. Eg.privacy icons, TOS reputation, certifications, trusted networks, and protocols 
  4. MVC is intended to be an all purpose consent process enhancement. 
  5. This MVCR specification is intended to be used so any organisation can implement the spec and provide a MVCR.