Status:
Status | ||||||
---|---|---|---|---|---|---|
|
- The user must review and authorize the release of any data before it is transmitted to the relying party.Only the subset of the mDL data requested by the relying party is shared. If a relying party only needs your date of birth, your address will not be shared even though it is part of your mDL data.relying party should only request the data that is required for the transaction.
- The user must have an assurance that they are releasing the their data to the intended relying party behind the identity reader. The relying party must be honest about their Essentially, the terminal should be under the relying party's control
- The value of the intent to retain flag per data elementmust match the use of the data received and should be consistent with their identity privacy policy.
- The relying party must maintain an identity specific data use policy that clearly indicates what data dat is being requested, and why it's being requested. If the relying party intends on retaining any specific identity data, the relying party must indicate in the This identity data use policy why it's being requested, should include why it's being stored and for how long it will be stored.
- The relying party must adhere to the ISO18013-5 mDL standard in order to properly interface with the mobile devices.
- If the relying party can satisfy the use case transaction requirements via the device retrieval method outlined in ISO18013-5, the relying party should use the device retrieval method in order to request the data that is required for the transaction.
Additional information from Annex E in 18013-5.
- Consent and Choice – The Data Subject must consent to the processing of their personal data (see definitions in the section on mDL Holder Consent below).
• Purpose Specification – the Data Subject should be fully aware of the purpose for which their personal data is being collected, processed, and potentially stored.
• Collection Limitation – The Data Controller and Data Processors should only collect the data necessary for their purpose and should only collect data consistent with these principles.
• Data Minimization – Processing of data should be minimized to that specifically necessary for the purpose specified.
• Use, Retention, and Disclosure Limitation – Data Processors should not use personal data of the Data Subject except for the purposes specified and consistent with these other principles. Personal Data should only be retained for the period necessary to provide the service.
• Data Accuracy and Quality – High accuracy of data being processed and held is in the best interest of the Data Subject and processors should take measures to ensure accuracy.
• Openness and Transparency – What data and how data is being processed should be well-known to the Data Subject, including obtaining consent, and posting and updating clear notices.
• Individual Participation – the Data Subject should be involved in the collection, consent, processing, and storage management of their personal data.
• Information Security (of Data and Data Subject) - Personal data should be protected by security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure
• Privacy Compliance, Accountability and Auditing – The Data Controller and Data Processors must be accountable for all aspects of the processing of Personal Data and provide audit logs and auditability to the Data Subject.
FIC Recommendations: Relying Party Handling of Transaction Data
...