Versions Compared

Old Version 7

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version Current

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

Use Case: Kantara v0.8 Implementation

Authors: Mark & Oliver

 

Log Of Activities

ActivitiesDateStatusNotes
Converted Api to Plugin Finished 
Updating JSON to v0.816/Jun/2016in progress 
Adding 2 conformance modes to this doc   

 

Brief Description

A part of enrolment to engage in this workgroup is to agree to the general participation agreement, consent  to the IPR Conditions, choose voting status, and self assert the authority to represent your company. 

 

(Note: This is a continuation of the  Consent & Information Sharing WG reference implementation, updating to v0.8 draft of the Consent Receipt specification. 

...

https://kantarainitiative.org/beta-signup/

In this use case; Work Group - General Participation Agreement and Kantara Work Group enrolment

  1. Assessment  Kantara Consent Policy Notice and Disclosure Assessment 
  2. Review Purpose of Consent collection in the General Participation Agreement 
  3. Scope of Consent for PII use, disclosure and collection
  4. Design of Receipt - (completed once comments and UX considerations created (see ISO SC/JT Input)

1. Assessment

Kantara has a trusted and unique brand in trusted services, in that it is a community of people invested in standards development, developing trusted technology, policy, protocols around identity and policy. As a result, it is important to Kantara to be transparent around the collection use and disclosure of PII as Kantara Initiative is comprised of open and transparent Work Groups, where members agree to participate in a WG by consenting to a workgroup participation agreement.

...

 

Actors 

Individual a New Member: An interested new member would fill out this enrolment form

Kantara CIS-WG: the workgroup that is working on a project.

Stakeholders

  • Kantara Initiative & Community

Pre Conditions (Mode 1)

  • Assessment for the Collection of Consent Notice Information
    • privacy policy link
    • DC Identity and Contact
    • list of use, collection and disclosure based on purpose of use
    • create a link to update PII, withdraw consent,  or change status of consent
  • Individual Providing PII to become a member must
    • Consent to Join WG
    • Self Assert Authority to consent on behalf of

...

3. Privacy Policy Review

 

To implement a consent receipt the privacy policy needs to be reviewed to collect consent and policy components which should be a) reviewed by the Kantara organization b)

consent enhancement recommendations.  

 

  • In the privacy policy there is a reference to an implied consent to transfer personal information across jurisdictional borders which is not compliant with current Privacy Shield practices
  • Recommend adding an explicit consent to the WPA form
  • Member data shared on WG WIKI in participation roster (link to participant roster)
  • All post to mailing list are captured in a public achieved (link to mailing list for m)

WG PI Sharing practices

  • Share IP with Google Analytics (non-identified data) (link to policy)

3. PII Sharing Practices

 

 

4. PI Sharing Practices

 

 

5. 3rd Party Sharing Practices

 

When reviewing the 3rd Party Sharing practices for both PII and PI, it became clear that there were some sharing.

  1. Google Analytics; Analytical services collect some sort of personally identifiable information as a rule of thumb, which is why it this sharing should also be disclosed this fact to people via something like a privacy policy:

 

 the Kantara CISWG (Consent & Information Sharing Work Group) The WG Participation agreement. This agreement on boards the work group participant to the Consent & Information Sharing Work Group.

  • Review the privacy policy at Kantara,
  • Review at the PI information sharing practices for Kantara WG membership.
  • Review the privacy policy and membership agreement
  • Review existing consent form (if there is one)

...

  • Transfer of personal data to the USA can benefit from consent on the GPA form

Results

The results of the consent audit for the CIS WG participation agreement provided a number of recommendations for consent enhancement in addition to some recommendations for review by the Kantara Organisation.

 

Importantly, it is clear that the current priacy policy is not in compliance with consent and information regulations, nor does it reflect the brand trust that is inherent to the Kantara organization. 

Word
nameKantara-Imp -CIS-Audit v.1.docx

PDF
nameKan-Imp v0.8-Edit-v.2.pdf

...

    • organisation (requires link to withdraw authority)
    • Consent Preference (secondary purpose)  - voting or non-voting (link to policy for changing voting status)

...

    • Consent to the Kantara PII Disclosure (list disclosure)

Post Conditions (Mode 2) 

  • Create a Consent Receipt in JSON conforming the the data dictionary 
  • consent receipt with a link to all the relevant consent notices 
  • Consent Receipt Provisioned at point of consent once 

 

Basic Flow: See CR-Use Case Basic Site Registration

 

 

Supporting Documentation