Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.





Status of Minutes


Approved at: <<Insert link to minutes showing approval>> 2019-12-12 Meeting notes (CR) DRAFT



  • Andrew Hughes
  • Mark LizarRichard Gomer
  • Oscar Santolalla
  • Jim Pasquale
  • Mark Lizar


  • SylvesterDavid Turner
  • Colin Wallis
  • Sal D'Agostino
  •  Tom Jones


  • Oscar Santolalla

Quorum Status

Meeting was <<>> not quorate

Voting participants

Participant Roster (2016) - Quorum is 5 of 9 as of 2018-07-12

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Oscar Santolalla, Richard Gomer

Discussion Items





4 mins
  • Roll call
  • Agenda bashing
  • Dev Team status
  • Sequence diagram and roles status
  • Storyboard status
  • Stage narrative status
  • Team issues and show stoppers
  • Dry run on Consent Management WG call Wednesday August 22 at 07:00 Pacific time
  • Andrew has set up a github repo for next-version specification backlog items:
5 min
  • Organization updates

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

Planning a Member Plenary meeting October 26-ish San Francisco (Friday after IIW)

  • Are there specific cross-group items you'd like to propose to work on?
40 minInteroperable Consent Receipt demo at MyData ConferenceAll

1) Dev team status

Google drive folder for export/import of consent receipts

    • Code to export is complete, not exposed in the UI yet
  • Consentua
    • Not present
  • Ubisecure
    • CR generation in prototype now - sample file uploaded
    • Should have demo account set up by August 13 week
  • OpenConsent
    • Progress
    • Writing a mini-spec to map CR field names to a set of GDPR terms
  • Trunomi
    • Not present
  • clym
    • Not presentDiscussing using the iOS Share button to invoke the JSON export
    • No code functionality will be available for the demo
    • Existing JSON file version
  • Consentua
    • WOOOOOO!!!!!!!
    • Code functionality is built and internet-available
    • Richard working on updating the SDK to expose this functionality
    • Will build a small demo app
  • Ubisecure
  • OpenConsent
  • Trunomi
    • Export code exists, but only on a dev laptop - customer demand has occupied all devs so no time to work on import function. We will get static screenshots and example receipt JSON files to show.
  • clym
    • Pulled out

2) Sequence diagram and roles status

  • Any questions?

3) Storyboard status

4) Stage narrative status

  • Andrew still has not started - aiming for end of next weekbut will have a dry run ready for next week on WEDNESDAY August 22 at 07:00 Pacific time

5) Team Issues and showstoppers discussion

OpenConsent raised an issue:

The result is that there is no PII. Controller name in a receipt produced spec an viewed in the viewer.

From OC -viewer conformance input - The spec does not clearly differentiate between child objects (or values) and their parents. Thus the spec defines piiController as an array. What it then does is list a number of other fields WITHOUT indicating that they are a grouped object that is what is in the array.
From what I can tell 4.4.2 (line 319) refers to an array, this array is comprised of objects (i.e. more than one field) which is made of 4.4.3 - 4.4.9 (lines 323 to 358).
However in the spec there are simply a long list of fields with no indication as to which are children of others. 4.4.10 (line 359) for example, has no indication as to whether it is a part of the piiController object (4.4.3 - 4.4.9) or is a sibling of piiControllers (4.4.2)

piiController - should an array of piiController objects - and this should be explicity stated in the spec

piiController should not be a string, neither should service or purpose - these fields should also be reviewed to be an object .. Might also have a name field (or description field in the object that is a string.

  • Call notes on the issue:
    • The Page 16 content is a JSON Schema, not an example
    • The issue is resolved - no changes required to the spec
    • An example JSON file would be helpful, especially if there are joint controllers

AOBColin - UK ICO grant funding proposal call is open now - AdUnity, OpenConsent interested in this
  • Colin was on the bidders call earlier this week

    I (Andrew) quickly reviewed the Grant info linked above, and I think there might be a fit.

    The possible research topic and solution might be:
    - purposes categories and examples for one or more industry verticals
    - use of consent receipts to inform data subjects of their ongoing rights
    - surveys of opinions of use of consent as a justification for data processing
    - research into standardization of consent management (including market surveys to document current practices)

    Submission deadline is August 17.AOB

    • marketing will be at MyData - a table doing rapid application development for health information - Rory Donelly (Global CEO), Tarik and Dan Bailey will be there

    Next meeting

    2018-08-16 23 same time, same number



    From 2018-08-02 call:

    • Consentua
      • Still on track - deciding on timing of code change deployment on Monday - some front end work to go after that
    • Ubisecure
      • Still on track
    • OpenConsent
    • Trunomi
      • Still on track - JSON examples early next week
    • clym

    From 2018-07-26 call:

      • n/a
    • Consentua
      • Developers have promised CR output Week of August 6-10 - we will be looking for the output in the shared google folder (smile)
    • Ubisecure
      • n/a
    • OpenConsent
      • Viewer has been started - looking to get receipts from others
      • Target is August 15 to be able to display CRs
      • Open call to suggest features for OC to include - provide them this week if possible
    • Trunomi
      • currently in their 2-week dev sprint - target completion week of August 6-10
    • clym
      • n/a
    • Telus
      • Resource and scheduling estimates for creating an external CR for an existing app


    • Q: in the spec, Services is described as a 'business service'. But these days, companies are describing this as a 'category of business purposes'.
      • A: 'Service' is the name and description of the service - an unspecified field - mainly for humans
      • A: 'Purpose category' is to describe the business service purposes
      • A: If there is a Service with the same Purposes and the same Data as anonther Service, then they are indistinguishable.
    • Q: How are we envisioning asking the 'do you consent to this' question?
      • A: The Notice part of the flows have not been worked out yet in this group, deliberately.
    • Q: Have we decided on what format/location/interface will be recommended for the 'exported' CRs?
      • A: Right now, it's files in the Downloads folder (or a user-selected folder) - the 'real' discussion about this will be deferred until after the demo in August.
    • Q: How does COEL spec relate to the IETF secevent RFC?
    • mydata session - Joss
      • OneTrust, Nixu, JLINC, Kantara
      • Andrew asked for 20 minutes for the demo
      • Joss suggests that the Kantara demo goes last then transitions to Q&A for all
      • Q: Are there special provisions needed on the mydata web site to help people interact with the demo?
      • Need to focus the mydata demo presentation to trigger 'delivery' and action instead of 'interest'

    From 2018-07-19 call:


    • new internal release v2.2 is available this week
    • some enhancements to Consent Access functions - some export functions
    • created field mapping versus specification - spreadsheet has been available for a few weeks
    • has new spreadsheet with updated JSON file info - has sent to David and Andrew for pre-review
    • has drafted a 'vendor extension' - proposal for new objects to be added to the spec
    • is done


    • Service is ready to go - just need to create a format for the CR spec - a configuration change, not a code change
    • work planned to start next week - planning session - will have more status on Monday


    • Minimal prototype - no CR in product
    • They will use the CR generator to create a sample app - a bookshop
    • CR will be downloadable


    • underway to create a Viewer plus Viewer API
    • scheduling estimates underway - target is to demo this at the interop demo


    • currently in their 2-week dev sprint - will have code after next week
