A sub-group project has been the lifecycle of consent RFC work, the aim of this work has been to develop digital ledger consent specification for the new Notice and Consent State specification with ISO 29184 and the Consent Record .
The proposal to work in collaboration on this between communities requires careful consideration of the governance structure for the consent work.
For this work to remain open, and to be in compliance with the ISO legal standards for EEMA/National Legal Implementation of the OECD Guidelines for the Transboarder Flows of Personal Information under the Council of Europes Convention 108 +.
Due to the multi-community nature of the Notice & Consent work , there are active inputs from multiple communities of interest which require inputs there is a requirement to explore what a clear separation of powers between the various parties and the governance ecosystems this work pertains too.
For example;
- W3C Data Privacy Vocabulary Controls
- have contributed the GDPR Extension for the CR v1.1 as the first half of the drat .
- W3C DPVC have indicated that when the 29184 is published the - DPVC for ISO interoperability with GDPR can be complete
- Hyperledger Consent Lifecycle Project has requested a collaboration with the ToiP governance WG, in which the Digital Ledger Consent technology - being co-developed can be developed in ToiP can be written in ToiP with the V2 DPVC draft for ISO
- aNG - A New Governance - requires a clear separation of powers between these parties, and like other parties working on this, would like a neutral 3rd party identity authority like Kantara to administer the Separation of powers framework.
- Key elements for this Separation of Powers Agreement to Consider
- the Notice & Consent Group is
- an independent group of framework operators associations, framework implementors and presentatives
- produces the conformance profile in accordance with - and - as required by the legal standards committees
- Kantara to facilitate this effort with the Kantara ISO - BOT Liaison Committee
- Notice & Consent state records, for digital ledger technology are contributed according to the policies and procedures currently active in the ISI Notice and Consent Project
- this separation of powers framework agreement remains flexible for requirements of future SDO's and industry/ standards and blockchain based associations .
- the Notice & Consent Group is
Moving forward At the moment, a separation of powers is not defined in this this context so, this is also hard to use with out more digging and more research into this context.
Separation of powers is a doctrine of constitutional law under which the three branches of government (executive, legislative, and judicial) are kept separate. This is also known as the system of checks and balances, because each branch is given certain powers so as to check and balance the other branches.
DLC tech and its conformance can be a tool for this, and the contribution of the fields for DLC to this work, could be all that is required.
The topic for discussion is how and if anything needs to be done in consideration of separation of powers, should other efforts contribute related work here or be able to do work in other communities and contribute it to the work stream? Are their IPR issues for this which can be addressed ?
- Hyperledger Consent Lifecycle Project has exploring the work continuing in the newly setup ToiP governance community, in which Digital Ledger Consent technology might be suited.
- Key elements for Separation of Powers should be considered by the parties, these can include;
- Kantara Requirements:
- Review by LC and perhaps Kantara ISO - BOT Liaison Committee
- what ever approach for separation of powers is taken, it should be flexible so that future SDO's, industry and trade associations, or standards and blockchain communities can feel comfortable with the approach chosen
- that the Notice&Consent group is scoped to focus on the legal requirements and agnostic to specific group or community requirements
- legal meaning the OECD Guideline, EU Convention 108 +, ISO 29184 ( and ISO/IEC 27560 Privacy technologies: Consent record information structure)
for international conformance with national and regional privacy laws
- legal meaning the OECD Guideline, EU Convention 108 +, ISO 29184 ( and ISO/IEC 27560 Privacy technologies: Consent record information structure)
- Kantara Requirements:
References
- the OASIS - COEL standard is an adopter of the Consent Receipt v1.1 and has provided requirements back to this effort, after adoption the CR V1.1 works. This Feed back is directed at section pages 72 & 73: http://docs.oasis-open.org/coel/COEL/v1.0/cs02/COEL-v1.0-cs02.pdf
- This section provides a requirement for separation of concerns, and provide some insight into this process.
- In addition, the OASIS-COEL Specification is under RF-RAND - in order to be compatible with the IPR governance if they were to be require to interoperate with the IPR of the Consent Receipt v1.1 which is written under a very similar RF-RAND IPR,
Suggestions To this end, after a review, a simple path forward is to agree for the separation of the consent work, and the integrity of its conformance be maintained by the ISI-Kantara Notice & Consent project membership, that the use of the multi-community developed Consent for DPV and ISO be accompanied by a reciprocal and proportional process for fair and equal use be all parties. And, that it be done so in accordance with the ISO 29184 and the ISO/IEC 27560 Privacy technologies: Consent record information structure.
- agree to work on and use the Kantara ISI fields for ISO,
- contribute - the work - schema and inputs for these fields back to the N&C
- don't hinder others from using it -