Versions Compared

Old Version 9

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version Current

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Receipt use cases and updates for the Notice & Consent Receipt Community. 

Fist Update, Re:  the Consent Receipt v1.1 is representative of the 2016 MVCR (Minimum Viable Consent Receipt),  when it was clear that the MVCR had some significant challenges, which have recently been addressed.  

  1. The receipt needed enforceable law, 
  2. The receipt needed standardized components; to be a recognized legal tool,  standardized personal data categories (not our appendix),  standard legal ontology / semantics, which could also be machine readable, 
  3. The receipt itself would need to be a usable legal standard for people and requires a UI as well as legal and technical framework

Since 2016, the receipt has been contributed to community and regulatory efforts where  this work has been pursued, meaningful consent in Canada,  the GDPR NOTICE and consent enforcement fully, in 2020, and the ISO 29184 (July 2020).   Now the work from this WG group is focused on the update to the Notice & Consent Receipt v1.2, and the V2.

To achieve an MVCR update, use cases have been suggested: 

  1. What was unfinished in v1.1. (update to v.1.2 ) 
  2. legal notice as an identity governance framework: a consent notice receipt and consent withdraw (v1.2)
    1. Life Cycle of a Consent Notice Receipt : creating an anchor notice receipt
    2. Delegation of liability and risk between stakeholders
    3. A notice and notification requirements doc for the V2
  3. Privacy as Expected: Active state UI  - 2FC (two factor notice for identity management permission grants)
  4. Binding: UMA Protocol in a Consent Notice Receipt

Unfinished in the Consent Receipt - V1.1 

...

  1. GDPR provided needed updates and requirements for consent record structure and specification: (see GDPR extension)
    1. Delegation of risk and liability between stakeholders,

...

Information Structure Framework 

  • Consent By Design

Legal Cases Studies for Receipts 

  • Proof of Notice 
    • Before Consent and Terms of Service which are consented too, to be valid, they must meet some minimum requirements, online this is a privacy notice
    • Alternative flow presented to address the terms and conditions issues standards have been developed for privacy transparency and accountability online, these can now be used to replaces online T&C's
  • Evidence of Consent
  • Data Sovereignty - aka Digital Single Market for Privacy and Data, European Economic Area = 30 countries, and CoE 108 + (ratified in 2023 = 51 counties) 

Technical (Context Specific) Use Case's

  • Generating a Receipt 
    • all stakeholders – 
  • Cookies/Records for preferences 
    • replacing cookies 
  • Children Rights Online 
    • Access to Privacy Rights
    • Parental Consent - what are the boundaries 
      • consent versus permission 
  • Micro-Credential - for Data Governance with eIDAS in Canada
    • Consented use of university certificate for access to education and employment 
    • 3 layers of consideration
      • consent by design approach 
      • interoperable data governance 
  • Video Surveillance 
    • Consented Facial Recognition
  • OpenBanking

Technical Use Cases Summary


Notes

  • Case Study is overarching topic 
  • Use case is a component of a topic, technical or otherwise.