Page Comparison

• Roll call
• Agenda bashing

• Deferred: Status: Wiki refresh work
• Deferred: Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)
• Updates from ISO SC 27/ WG 5 meetings in Tel Aviv
  • Consent receipt annex to 29184
  • New 6 month Study Period on consent record and receipt
• Spec v2 timeline
• Demo status updateDemo status update
• Spec v2
• DIACC Notice and Consent Overview comments
• Mark: letter to the EC re patent on opt-in
• AOB

• Organization updates

Please review these blogs offline for current status on Kantara and all the DG/WG:

• Director's Corner: 2019: March
• Work + Discussion Group Activity

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation.

• IIW, Mountain View, California, April-May
• EIC, Munich, May - member discount code available - PLEASE REGISTER FOR THE MEMBER PLENARY MEETING Monday May 13th 2019: https://kantarainitiative.org/register-for-kantara-european-plenary/
• Identiverse, Washington, June
• MyData, Helsinki, September

HIGHLIGHTS FROM DIRECTORS CORNER MARCH 2019:

• A synopsis of the consent receipt concept has been added to the draft 29184 Online Notice and Consent standard
• This is a major success - ISO standards are one of the pillars supporting international trade - they remove 'technical barriers to trade' via WTO conventions
• The discussion piqued the interest of the ISO WG around the concept of 'consent record and receipt'
• A new Study Period has started to investigate whether a new standard project should be started to create a Consent Record and Receipt standard (we say 'yes!')
• Colin and Andrew are the rapporteurs (coordinators) of the study period
  • will collect requirements, environmental scan, draft some text
  • the hope is that at the end of the study period we will be able to propose the start of a new project, possibly starting with draft text
• IEEE 7012 - 'terms agreements' are likely to mandate that these agreements are documented and available to both parties
• Cross-membership between Kantara WGs and other consent, privacy and information sharing project in other organizations should be used to keep loose coordination and information flows

• USENIX SOUPS '19 and PEPR '19 symposia August 11-13 Santa Clara, CA
• MyData, Helsinki, September

• There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project)
• We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.

• Oscar has proposed that Ubisecure create a primitive Privacy Control Panel app that accepts inbound receipts over an OAuth-controlled API.
• digi.me is nearing completion of mods to their 'consent access dashboard' to make it look/behave like a Privacy Control Panel
• We need to add a couple fileds to the spec (just for the demo) that allow the user to 'call back' to the receipt-issuer to invoke a user-mediated function like 'forget me'. These need to be fields that are URLs somewhere in the receipt-issuing party's namespace - the idea is that the user views a receipt and can click on the field/URL for the action they want to invoke. It's a way to fake an action button that does what we believe might happen in real implementations.
• Status updates from participants:
  • Andrew to connect Richard and Oscar to get working on the API
  • digi.me still making progress

** Need a person to be responsible for this activity **

• Deadline is May 3 for comments

https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/

• Target is EIC May 2019

Here's the project page for the "Demo v2"

2019-04-11 call notes:

Comments (2019-04-04)

• (jim) digi.me green light
• (sneha) green light

2019-03-28 call notes:

• Ubisecure
  • Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service
  • Simple flows - a mechanism - for the end-user
  • This would allow direct receipt transfers instead of 'faking it' via the Downloads folder

======

Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call

• Discovery approach leading to backlog leading to prioritization?
• How do we decide what changes we must do in this round versus deferrable changes?
• See https://github.com/KantaraInitiative/consent-receipt-v-next

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5

2019-03-14 notes:

• Mark:
  • sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment
  • building a proposal to split the notice from the 'consent' in the structure
    • (note that this is similar to the digi.me proposal)
• Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action

• H2020 TRUESSEC.eu project (draft document is from June 2018)Mark: Should this WG write a letter to the EC about the badly-conceived patent as noted here?
  • https://www.eff.org/deeplinks/2019/02/stupid-patent-month-patent-following-privacy-laws
  • Andrew is checking with Colin to confirm that this is OK in Kantara's scope (probably is)
  • Mark to lead drafting efforts

*** Next call 2019-04-18 25 10:30 am Eastern DAYLIGHT Time

https://global.gotomeeting.com/join/323930725