Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version 6

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • We are collecting a list of topic for consent legal. 

    1. GDPR Provides an excellent use case for the Consent Receipt v.1
      1. we are working on a mapping the consent receipt to the GDPR as an exercise
    2. Mark L -  contribute a starting point for mapping the CR to the GDPR (from Open Consent)
    3. Jens C-  has provided a review of the CR from a GDPR point of view
    4. Ensure Article 15 is addressed in CR v1 and how CR can be used for data portability & order of operations to ensure subject rights are met
    5. International use of the GDPR - guidance on how it might be interpreted in different places
  • We aim to use these two activities to raise specific issues, identify gaps etc
    1. Identified that Joint DC are missing  (have been added to mapping in highlighted yellow) 
    2.  Identified -  that in the Specification - recipients is missing   (needs to be with 3rd party) 
  • Review mapping 

...

  • Mark has started a comparison between the CR v1 fields and the GDPR Articles and Recitals
  • Looks like GDPR 'Joint Controller' and 'Recipients' don't appear in the CR v1
    • John: Although GDPR allows for Joint Controllers, the Receipt is issued by one of those controllers (not by both simultaneous)
  • IAPP is interested in linking over to CR and Generator - they would also like to see some simple use cases e.g. for multiple controllers
  • Note: Article 15 (Right of access by the data subject) - CR provides for all the items in Article 15 in a 'receipt' structure
  • A consent receipt reduces risk of non-compliance - it does not mean that an org is actually compliant
  • Development of the CR was started before GDPR was published - so CIS WG has to go back and update the references to ICO Guidance and GDPR text
  • Mark asks interested contributors to add their analysis to the sheet
  • Consent for children is missing from the CR
    • Any missing fields should be raised as issues in the github for CR
  • Jens raised some interesting issues, in particular, the non-normative Considerations
  • Take a look at Chapter V article 44 for international use case analysis

Action Items

  •