Versions Compared

Old Version 9

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version Current

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  •  consist of:

    • the core consent receipt data model form the MVCR v0.7 specification

    • a web API to generate signed consent receipt JWTs.

    • The UI will be a Kantara CISWG Branded JavaScript application that will present a set of form fields;

    • submission of the form will call the API and download the JWT into the browser.

    • The UI will then render the downloaded JWT in a human-readable fashion and allow the user to download the JWT to their machine.

    • The code for the render of the UI will be re-usable. i.e. cut and paste into the implementation of the MVCR consent button. 
  • be usable for:
    • developing the consent receipt data model and usable renderings of a consent receipt
  • Be hosted at Consentreceipts.org
    • this will be an open source consent reciept receipt generator, with a liberal re-use license.
    • will take into consideration that 
      • success of the consent receipt being a machine readable meta format relies on the CR being  THE dominant common format
      • we need to ensure that the licensing for the receipt generator enables CIS to actively maintain this format
      • we need to ensure the CIS WG is setup to actively maintain this consent data model
      • we need to make  sure that this development effort and the WG is  easy for data model change requests, and additions to be made. 
  • All of the code will be kept in Git Hub at https://github.com/smartopian/MVCR

The MVCR Implementation:

  • The MVCR is the primary proof of concept Use Case for the core consent receipt data model. 
  • The MVCR is the open common consent meta-format for a legal consent notice delivered as a consent receipt when consent is provided on while registering on the website.
  • The alpha MVCR  instance is to be used to sign up to the CISWG, and is best explained as an advanced consent button, which calls the consent receipt generator API, (Hosted at consentreceipts.org) and delivers a consent receipt visually in the browsers as well as a jwt machine readable consent receipt to the person consenting.
  • The consent receipt generator and the MVCR is intended to demonstrate how/why the most simple version of a consent receipt is a massive improvement over existing consent buttons on line, especially in the context of website/service registration.
  •   management   better than existing consent, demonstrating that a record by itself provides transparency over policy and organisation information sharing practices
  • Used as a demonstrator to evaluate the legal and binding aspects of a consent record
  • Used to demonstrate how a consent receipt opens the closed privacy policy infrastructure.

...

Objective

    1. The MVCR has a downloadable record of consent, provides contact and purpose in context
    2. It is record the data subject receives that has a clear record of purpose, and can be used to independently manage consent after the consent has been provided. 
    3.  Usability: It is, by itself intended to transparently show organisation data sharing practices at a glance
    4. The MVCR implementation will be evaluated in compairison to the MVCR v0.7 specification, to create a list of issues, that will be solved in the v0.8  iteration of the MVCR spec.

...

  • display the meta format that meets the minimum compliance obligations of an organisation that does not:
    • share with third parties,
    • does not collect sensitive data,
    • includes a self assertion that context specific requirements are included, this minimum viable consent receipt provides the minimum needed for a person to interact independently with an organizations to address any additional compliance or complaint requirements.
    • Notes: the

MVCR

...

 

MVCR Website Registration Walkthough for the CIS-WG Registration:

  • Specific Use Case for the Kantara CISWG Registration
    •  non-sensitive PII, -
    • e.g.no third party sharing,
    • no-PII payload,
    • with output into a json format of the receipt download as a text file with  html version displayed on screen and pdf version available to send via email (evaluating different methods of delivery)
    Components
    • includes a simple form for creating a static receipt or code that generates a receipt dynamically at point of consent.
    • presents the receipt on a website, with a machine readable downloaded version
    • How to documentation
  • Walkthrough
    • WG- Admin
      •  installs a consent button  that calls the consent receipt generator api. 
      • this code (or consent receipt generator) is put on the website
    • Alice Experience
      • alice goes to sign up
      • alice see human readable in the website page, gets download machine readable receipt message,

...