Page Comparison

• Call to order
• Roll call
• Agenda bashing
• Organization updates

• Meeting was called to order and the roll was called
• Please ensure that you sign the Group Participation Agreement

• Please review these blogs offline for current status on Kantara and all the DG/WG:

  • 2018: October
  • Work + Discussion Group Activity
• Colin: ISO SC 27/WG 5 item
  • ISO 29184 Privacy Notices and Consent - is at the last committee draft stage
  • The general plan was for Kantara to contribute the Kantara Consent Receipt spec into this work
  • Colin has asked the WG 5 mailing list about this idea - low response but generally positive
  • The deadline for submissions is around February 24, 2019 - need to assign editor time to it

Moved by:

Seconded:

Discussion:

Result:

Introductions

Welcome!

The draft is in a Google doc - feel free to comment - Chairs and Editor will control acceptance of material.

Reminders from prior meetings:

• Set a deadline for our work - EIC Munich in May
• Corné will start with 2 streams: BP-1 (Consent Definition) and BP-2 (Privacy Notice)Looking for writing partners to build contentReview this Powerpoint deck
• Corné gave an overview of the process steps iWelcome goes through during customer workshops. 
  • The workshops deal with Information Management, data flows, and eventually what user consents are required by the customer systems.
  • They talk about the customer journey (UI and consumer facing) and the iWelcome digital platform (API and platform facing)
  • Definethe data model, the data processing purposes and consumer control capabilities
  • They discover the mandatory minimum data to deliver the service; data processed under other legal bases (collection is permitted but not mandatory); voluntary data where consent is needed
  • Q: Noted that "workforce" is listed in the first slide - do the workshops cover employee data? Normally the workshops are directed at the 'consumer' interaction. 
  • ACTION: The Employee use case should be covered in the consent use cases.
  • They work through the customer journey to define the data model - registration and initial data collection, data collection at later stages
  • The process highlights where additional data is wanted by the company but is not in the data model - requires further analysis by the team
  • The workshop then defined processing purposes for each of Mandatory, Other legal basis, and Voluntary data collection/processing
  • Note that these analysis processes are independent of the specific architecture implemented
  • Corné showed how the metadata could be used to give transparency and user controls in the mobile UI
  • Q: Should there be a "consent notice" in addition to the "privacy notice"?
  • Patterns that we should analyse
    • One time data collection, single use
    • One time data collection, multiple use
    • Periodic data collection
    • 'Continuous' data collection from a data connection

The first draft of the interview questions is in a Google doc - please comment.

Events that Kantara will have an active role: https://kantarainitiative.org/events/

• Corné presented a draft WG timeline leading up to EIC in May

• At the Kantara member member meeting - Paul Knowles presented the Blinding Identity Taxonomy and Schema Overlays - put on the agenda for a future meeting

Next WG meeting Wednesday, November 21, 2018 10:00 Eastern Standard Time / 14:00 GMT