Page Comparison

• Review User-Managed Access (UMA) in Contractual and Regulatory Contexts
  • Nailing down the right 1-2 paragraph scenario for use throughout the document (send your alternatives before the meeting)

Attending: Eve, Kathleen, Andrew H, Adrian, Mary, Jim, John

NOTE: No meeting next week!

Regarding finding the right scenario: Smart home scenarios are really just as important due to sensitivity as health scenarios. In health research, it looks like the first BSC use case is going to get more complex still because real-life scenarios are getting blocked due to patients' reluctance to consent without a way to be notified of additional researchers' requests to access. Jim notes that "broad" consent is the key problem – anticipating future needs. And speaking of this, Adrian dislikes "informed" consent, because people don't know what's going to be done with it later. Transparency in being kept aware of status and where else the data is traveling is a key part of resource owner empowerment.

Our discussion this time is ranging all over, but it all seems related to our hoped-for Regulatory section.

Maybe we need a discussion in the Regulatory section about what "consent" maps to in UMA's "authorization" concept. There is a notion of authorization as a thing that can be dynamic – an RO can grant authorization and later revoke it (by an interaction with the AS that is actually outside the protocol but in scope for our model text), at a grain that is finer than Ts & Cs, and empowered by that grain, by the option to "Share" at will, and by the option to "un-share" any portion of the resource at will. John likes the phrase "Dynamic Consent"... It may be taken already. See this Nature article.

Hazard@All: could have an obligation on the data user to destroy.  Like my passport number for a hotel stay.
Hazard@All: but once the other guy has it, we need to rely on some other method to have them delete it.
Hazard@All: either contract or escrow
Hazard@All: that is a matter of legal verbiage, I think
Hazard@All: the lawyers phrase it however seems to work
Hazard@All: and the vocabulary will change based on dozens of factors, including the common vocabulary of the business sector, jurisdiction and language
Hazard@All: notice can be specified however you want - right?
Hazard@All: you can use my stuff but you agree to text me whenever you do.

Would we have to deal with privacy/data protection regulations as property-based vs. rights-based in our model text? We may very well, but it needs more discussion. Could Jeffrey apply his model?

AI: Eve: Ask if Jeffrey would be willing to adapt his Information Governance school assignment into a small scenario for the primer, adding Alice to it, as an alternative scenario for consideration.