...
- Mark King walked the group through the compiled comments available at IAWG comments (received comments until September 8th).
- Comment 14. Its scope is only defined as electronic transactions. The scope is somewhat wider, it is slightly odd that is limited to electronic transactions, "can we have the scope clarified?". It's facing that it's just the internationalist part of this that we're suggesting here needs to be looked at.
- Comment 15 is about the notification by a member State and one of the assumptions that some people have made is that that has to be in that state. There is no reason why a member State cannot for example offer an American System Canadian system or a Chinese system if it recognizes it can put it forwards and then the others have to accept it. From an international perspective something that is worth recognizing.
- Comment 16 is a simple one about the use of the term “Mutual” it is seeding the misleading and also important to understand that in many contexts one way is all you get and is quite sufficient. So it is simply asking that the thing be slightly reworded in order to take account of that.
- Comment 17 refers to seals. It perhaps ought to be elaborated a little further. It's only humans who get involved in the the moment in the first part of the ideas, but in the second part, there is a distinction between a signature done by a human which is the signature, and a signature done by a non-entity, defined as a seal. There is also a very subtle distinction in the implications of using one rather than using the other, which probably isn't intended. It's just there as an editorial problem. If it can be used interchangeably then the legal position of them ought to be the same and therefore this distinction just is no explained. So the request there is to either explain it or remove it.
- Comment 19, English version where the meaning of “required “is not clear. So it is simply tidying up that and suggesting that it is for online services.
- The next one is the suspension argument; suspension causes endless trouble and basically the recommendation here is to kill it unless somebody can actually show how it could work in practice in a legal context. It makes perfectly good sense for Access Control for buildings but when it comes to Signatures, any sense of legal certainty has disappeared. So, it was proposed that the suspension either should be removed entirely or explain what people are going to do with it and how it's going to work because most of our experiences on this are really bad.
- There is then the specific Kantara one where we need a better reference, but it simply says that consent is not generally the legal basis for the public sector data processing but it does get a mention and so when it is appropriate then it ought to be using the consent model that Kantara has got. ISO 29184 for online privacy notices and consent, Annex B contains a sample of receipt out of Kantara consent receipt.
- Comment 22 is a little bit of clarification on the location. There is considerable interest at the moment in Europe for automatically charging on your public transport using your insurance in some cases countries like to have where the contract is done or where a check is signed not just the fact of the date and who did it so as well as knowing location. So it's really just flagging up that there is this new area and that the Assurance associated with that.
- There is a comment about due diligence. The original legislation was that the EU has in its wisdom defined these levels of substantial and high with the result that you can't exceed high and you can't require more than high. That is quite a significant constraint on the market.
- Comment 1 , redoing the work on what is authentication and what is identification, not trying to dictate what it should be, but to point out that actually between their regulation and their consultation they are using different terms.
...