Page Comparison

• Roll call
• Agenda bashing

• Status: Wiki refresh work
• Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)
• Review list of implementations
• Demo status update and walkthrough
• Spec v2
• Status: DIACC Notice and Consent Overview comments
• AOB

• Organization updates

Please review these blogs offline for current status on Kantara and all the DG/WG:

• Director's Corner: 2019: April
• Work + Discussion Group Activity

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation.

• Complete: IIW, Mountain View, California, April-May
• EIC, Munich, May - member discount code available - PLEASE REGISTER FOR THE MEMBER PLENARY MEETING Monday May 13th 2019: https://kantarainitiative.org/register-for-kantara-european-plenary/
• Identiverse, Washington, June
• USENIX SOUPS '19 and PEPR '19 symposia August 11-13 Santa Clara, CA
• MyData, Helsinki, September

Org status update

• Colin at Connect:ID event
  • lots of engagement around the ID Assurance program / Trust Framework operations - high level of interest in getting approvals for 800-63-3
  • several orgs approaching for engagment on HealthIT assurance programs
  • mDL interest - with Secure Technology Alliance
• ISO SC 27/WG 5
  • the WG 5 is very interested in Consent Receipts and Records
• IIW update
  • High level of interest and actual implementations of consent receipts
  • Sphere Identity, Transmute.industries, digi.me showed implementations of Kantara receipts
  • 1 large organization and 1 large consortium are on the path towards 'consent receipts' and were very interested to figure out how to work together with Kantara to make progress
  • We highlighted the concept of 'a secure storage place for people to keep their data receipts' - once this storage place is full of receipts, personal data receipt management software tools can be invented to work with that data to the benefit of the person

• We have tentatively identified a PM for the v2 project
• Tentative plan is to start a small team after EIC to collect up any and all requirements and requests for v2, 'normalize' the language, figure out a good approach for structural reform in order to support effective spec profiling, present back to the WG for prioritization and feedback. Then to produce a first cut Draft-0 of v2. 
• After the Draft-0 is ready, it will be turned over to the WG for consensus-finding/editing.
• Draft-0 should be sufficient for contribution into the ISO study period as a starting point

• Target is EIC May 2019

• Here's the project page for the "Demo v2"

• TUESDAY is the first showing during the Kantara workshop at EIC, WEDNESDAY is the dedicated presentation at EIC !!
• Status updates
• Oscar has proposed that Ubisecure create a primitive Privacy Control Panel app that accepts inbound receipts over an OAuth-controlled API.
• digi.me is nearing completion of mods to their 'consent access dashboard' to make it look/behave like a Privacy Control Panel
• We need to add a couple fileds to the spec (just for the demo) that allow the user to 'call back' to the receipt-issuer to invoke a user-mediated function like 'forget me'. These need to be fields that are URLs somewhere in the receipt-issuing party's namespace - the idea is that the user views a receipt and can click on the field/URL for the action they want to invoke. It's a way to fake an action button that does what we believe might happen in real implementations.
• Status updates from participants:
• Andrew to connect Richard and Oscar to get working on the API
• digi.me still making progress

John W. is responsible for gathering and submitting comments from the WG. (2019-04-25)

• Deadline is May 3 for comments

https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/

• Ubisecure
  • Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service
  • Simple flows - a mechanism - for the end-user
  • This would allow direct receipt transfers instead of 'faking it' via the Downloads folder

======

Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call

• See https://github.com/KantaraInitiative/consent-receipt-v-next

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5

2019-03-14 notes:

• Mark:
  • sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment
  • building a proposal to split the notice from the 'consent' in the structure
    • (note that this is similar to the digi.me proposal)
• Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action

• CIS WG marketing collateral - need it for EIC - Jim to resume progress
• WG had a long discussion about what the receipt represents and roadmap and how they might be valued by the individual

• Go look at Ctrl-Shift "Data Mobility" project - a sandbox project - might be interesting for this WG
• https://www.ctrl-shift.co.uk/reports/DCMS_Ctrl-Shift_Data_mobility_report_summary.pdf

*** Next call 2019-05-16 10:30 am Eastern DAYLIGHT Time TENTATIVE due to EIC

https://global.gotomeeting.com/join/323930725