Page Comparison

• Roll call
• Agenda bashing

• Deferred: Status: Wiki refresh work
• Deferred: Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)
• Updates from ISO 29184 contribution statusJan to give an update on the IHAN Consent workshop from last weekSC 27/ WG 5 meetings in Tel Aviv
  • Consent receipt annex to 29184
  • New 6 month Study Period on consent record and receipt
• Spec v2 timeline
• Demo status update
• AOB

Welcome Pierre Roberge!

• Based in Toronto - 25 years working on financial services, FinTech, working on Digital ID and Fintech, co-founder of SecureKey advisor to Fintech cluster at Mars (innovation hub)

• DIACC Notice and Consent Overview comments
• AOB

• Organization updates

Please review these blogs offline for current status on Kantara and all the DG/WG:

• Director's Corner: 2019: FebruaryMarch
• Work + Discussion Group Activity

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation.

• IIW, Mountain View, California, April-May
• EIC, Munich, May - member discount code available - PLEASE REGISTER FOR THE MEMBER PLENARY MEETING Monday May 13th 2019: https://kantarainitiative.org/register-for-kantara-european-plenary/
• Identiverse, Washington, June
• MyData, Helsinki, September

• SITRA (Finland) - launching the IHAN project
• Workshop on developing consent architecture and specification
• Represented Dativa - presented on Hyperledger consent flow work and data overlays
• Interesting debates - 'what is needed in the future for consent & how does IHAN connect'
• In the audience - there's a split between just the specification and also the consent management practices piece.
• Someone working with DNA - recounted how to 'donate' data for research.
  • Andrew described the project at UBC that is doing this
• Discussed different technologies for managing 'consent' - cookies, OAuth, others
• Jan - privacy concerns about what is specifically stored on ledger etc
  • Also thinking about how parties can communicate about GDPR Rights and excercising them - anonymously

HIGHLIGHTS FROM DIRECTORS CORNER MARCH 2019:

• Kantara's Trust Framework Operations and Assurance program continues to strengthen with major players signalling their intention to seek 3rd party assessment and approval of their solutions to Kantara's 'NIST 800-63-3 Class of Approval'. To that end it was great to see the Board approve Swedish company Seadot as an accredited assessor. 
• The last week of the month featured the KNOW Identity conference in Las Vegas, with many Kantarians in attendance, at the podium presenting, on the stage on panels, as well as receiving awards. It was a great event with Kantara helping out or liaison partners ID Pro on the educational session 'Privacy essentials for ID Professionals' and members featuring other members or Kantara reps on their panels.   
• the UMA working group was presenting to the OAuth working group at the IETF 104 meeting in Prague to support its contribution of the UMA 2.0 specifications for formal standardization
• the ID Proofing and Verification Discussion Group is assembling a strong set of use cases into a report to ISO SC27 Working Group 5 later in March in time for the Study Period's findings in Tel Aviv in April
  
• 
  

• A synopsis of the consent receipt concept has been added to the draft 29184 Online Notice and Consent standard
• This is a major success - ISO standards are one of the pillars supporting international trade - they remove 'technical barriers to trade' via WTO conventions
• The discussion piqued the interest of the ISO WG around the concept of 'consent record and receipt'
• A new Study Period has started to investigate whether a new standard project should be started to create a Consent Record and Receipt standard (we say 'yes!')
• Colin and Andrew are the rapporteurs (coordinators) of the study period
  • will collect requirements, environmental scan, draft some text
  • the hope is that at the end of the study period we will be able to propose the start of a new project, possibly starting with draft text
• IEEE 7012 - 'terms agreements' are likely to mandate that these agreements are documented and available to both parties
• Cross-membership between Kantara WGs and other consent, privacy and information sharing project in other organizations should be used to keep loose coordination and information flows

• There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project)
• We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.

** Need a person to be responsible for this activity **

• Deadline is May 3 for comments

• Target is EIC May 2019

Here's the project page for the "Demo v2"

2019-04-11 call notes:

Comments (2019-04-04)

• (jim) digi.me green light
• (sneha) green light

2019-03-28 call notes:

• Ubisecure
  • Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service
  • Simple flows - a mechanism - for the end-user
  • This would allow direct receipt transfers instead of 'faking it' via the Downloads folder

======

Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call

• Discovery approach leading to backlog leading to prioritization?
• How do we decide what changes we must do in this round versus deferrable changes?
• See https://github.com/KantaraInitiative/consent-receipt-v-next

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5

2019-03-14 notes:

• Mark:
  • sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment
  • building a proposal to split the notice from the 'consent' in the structure
    • (note that this is similar to the digi.me proposal)
• Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action

• Check the mailing list for a discussion about Consent Objects in FHIR - there's a ballot to expire some material that should be of interest to CIS WG
• Mary: User Submitted Terms workThe engineering work has shifted to IEEE but there is some discussion about bringing it back to KantaraH2020 TRUESSEC.eu project (draft document is from June 2018)

*** Next call 2019-04-11 18 10:30 am Eastern DAYLIGHT Time

https://global.gotomeeting.com/join/323930725