Page Comparison

...

Hypothesis: Better managed consent preferences and policy will result in better user experience, transparency, privacy and security. 

Governance of Consent:

A receipt can also be used as a tool for governance, for instance, the Tax authorities can use a commercial receipt to check and see if the sales are hidden, the purchaser can use a receipt to be sure of the cost of goods and compare the currency change provided against the price advertised or currency provided to make sure of compliance.  

 A A receipt can be taken and used with third parties like a token to access other services.

...

1. Pre-Consent
   1. a website/server with form for a company to generate a legal.txt file
   2. Publishing legal.txt
   3. An embed code is created for company to put behind their consent buttons on the website
2. Consent
   1. A service user selects the consent '+ receipt' option to collect a receipt
      1. The id used by the service user to provision consent is used to send the receipt. 
         1. With no pre arranged application, a modal box will appear  asking for selection of identifier to use with the receipt
            1. this could be social login, email, etc
         2. the receipt is then accepted and stored by the digital identity being used for the consent
3. Post - Consent
   1. TOSSOS - Receipts are used to compare policy changes using TOSSOS
   2. TOS;Dr - Receipts are used to look up TOS;Dr rating
   3. Out of Scope
      1. Browser Plugin - Receipts are captured and used automatically  to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience. 
         1. Would require a receipt viewing capability, preferably on aggregate and current view as well. (by identity would be useful too)

Use Case: Demonstrator Scenario 1, Stage 1: Pre-Consent (In Progress)

Submitted by: Mark Lizar

The primary focus is to create the first legal.txt (which I think at the time of this writing is already done) and develop a process for an organisation to distribute a consent receipt. 

Scope of Work for Stage 1

• Focus first on creating a minimum viable consent receipt schema and using this as the schema for the legal.txt file
• Create webpage with Minimum Viable Consent Form  

1. Create Legal.txt
2. Publish Legal.TXT
3. Generate Embed Code for Consent to be used by other organisations

• Optional
  • Create a Common Terms option to layer policies for different consent context. e.g. mobile phone, physical location, online service 
  • Option would be on first page for use in creating legal.txt file and would demonstrate the ability to create certified data sets
    • link existing policies to layered notice

Image Removed   Image Removed Wireframe illustration

Scenario 1 Part 1 - Site Map

Image Added

Image Added

• Scenario 1 Part 1 A - Create Legal.txt

Image Removed 

• Image Added

  - Scenario 1 Part 1: B - Publish Legal.

  TXT

Image Removed

• TX

Image Added

• Optional - look into publishing with multiple methods

Image Added

• Scenario 1 Part 1: C --> Create Embed Code for Consent to be used by other organisations

Image RemovedImage Added

The Embed Code is the consent receipt schema.  At the point of consent a snap shot of the consent is captured and sent to the consent provisioner. 

• This should include all reasonable elements that can be captured at that point and provided to in a receipt format. 
  • DNT Header, URI links for privacy or terms, IP Addresses,  (full list is pending).  As well as a counter. 

• Notes: 
  • Exploring a Common Terms approach and layering policies for different consent context. e.g. mobile phone, physical location, online service 
    • use existing standards and best practices
  • Option would be on first page for use in creating legal.txt file and would demonstrate the ability to create context specific consent receipts. 
    • link existing policies to layered notice
• Discussion Needed:
  • Publishing, 
    • where should legal.txt be published? (multiple places?)
    • What ID should be used,how will people receive/store and use their receipts? 

Use Case: Demonstrator Scenario 1, Stage 2: Consent (Pending)

When a consent is provisioned using the consent option/button 

...

1. Consent
   1. The org, who has generated a LEGALS.TXT and embed code, cuts and pastes the code, which links to the LEGALS.TXT, file and adds it to the code in the current consent option that exists on the website. 
      1. We can generate three different types of buttons. (I agree button, Check box opt-in, I have read and understand terms and service - but with the receipt option) 
   2. A service user selects the consent '+ receipt' option to collect a receipt
      1. The id used by the service user to provision consent is used to send the receipt. 
         1. With no pre arranged application, a modal box will appear  asking for selection of identifier to use with the receipt
            1. this could be social login, email, etc
         2. the receipt is then accepted and stored by the digital identity of choice
   3. Including Data in the Receipt for the recipient
      1. This should include all reasonable elements that can be captured at that point and provided in a receipt format. 
         • DNT Header, URI links for privacy or terms, IP Addresses,  (full list is pending).  As well as a counter. 

Scenario 1: Part 2

Use Case: Demonstrator Scenario 1, Stage 3: Post-Consent (Pending)

1. Post - Consent
   1. TOSSOS - Receipts are used to compare policy changes using TOSSOS
   2. TOS;Dr - Receipts are used to look up TOS;Dr rating
   3. Out of Scope
      1. Browser Plugin - Receipts are captured and used automatically  to make policy responsive and to customise experience, reduces steps in stage 2. streamlining user experience. 
         1. Would require a receipt viewing capability, preferably on aggregate and current view as well. (by identity would be useful too)

Issue: unique-title

(Provide technical commentary on the issues brought up by this use case.)

...