Date
2018-08-0916
Status of Minutes
DRAFT
Approved at: <<Insert link to minutes showing approval>>
Attendees
Voting
- Andrew Hughes
- Mark Lizar
- Oscar SantolallaRichard Gomer
- Jim Pasquale
- Mark Lizar
Non-Voting
- SylvesterDavid Turner
- Colin Wallis
- Sal D'Agostino
- Tom Jones
Regrets
Quorum Status
Meeting was <<>> quorate
...
Time | Item | Who | Notes |
---|
4 mins | | | - Dev Team status
- Sequence diagram and roles status
- Storyboard status
- Stage narrative status
- Team issues and show stoppers
- Dry run on Consent Management WG call Wednesday August 22 at 07:00 Pacific time
- Andrew has set up a github repo for next-version specification backlog items: https://github.com/KantaraInitiative/consent-receipt-v-next
|
5 min | | All | Please review these blogs offline for current status on Kantara and all the DG/WG: There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation. Planning a Member Plenary meeting October 26-ish San Francisco (Friday after IIW) - Are there specific cross-group items you'd like to propose to work on?
|
40 min | Interoperable Consent Receipt demo at MyData Conference | All | 1) Dev team status Google drive folder for export/import of consent receipts - digi.me
- Code to export is complete, not exposed in the UI yet
- Consentua
- Ubisecure
- CR generation in prototype now - sample file uploaded
- Should have demo account set up by August 13 week
- OpenConsent
- Progress
- Writing a mini-spec to map CR field names to a set of GDPR terms
- Trunomi
- clym
- Not presentDiscussing using the iOS Share button to invoke the JSON export
- No code functionality will be available for the demo
- Existing JSON file version
- Consentua
- WOOOOOO!!!!!!!
- Code functionality is built and internet-available
- Richard working on updating the SDK to expose this functionality
- Will build a small demo app
- Ubisecure
- OpenConsent
- Trunomi
- Export code exists, but only on a dev laptop - customer demand has occupied all devs so no time to work on import function. We will get static screenshots and example receipt JSON files to show.
- clym
|
|
|
| 2) Sequence diagram and roles status |
|
|
| 3) Storyboard status |
|
|
| 4) Stage narrative status - Andrew still has not started - aiming for end of next weekbut will have a dry run ready for next week on WEDNESDAY August 22 at 07:00 Pacific time
|
|
|
| 5) Team Issues and showstoppers discussion OpenConsent raised an issue: The result is that there is no PII. Controller name in a receipt produced spec an viewed in the viewer. From OC -viewer conformance input - The spec does not clearly differentiate between child objects (or values) and their parents. Thus the spec defines piiController as an array. What it then does is list a number of other fields WITHOUT indicating that they are a grouped object that is what is in the array. From what I can tell 4.4.2 (line 319) refers to an array, this array is comprised of objects (i.e. more than one field) which is made of 4.4.3 - 4.4.9 (lines 323 to 358). However in the spec there are simply a long list of fields with no indication as to which are children of others. 4.4.10 (line 359) for example, has no indication as to whether it is a part of the piiController object (4.4.3 - 4.4.9) or is a sibling of piiControllers (4.4.2) Solution piiController - should an array of piiController objects - and this should be explicity stated in the spec piiController should not be a string, neither should service or purpose - these fields should also be reviewed to be an object .. Might also have a name field (or description field in the object that is a string. - Call notes on the issue:
- The Page 16 content is a JSON Schema, not an example
- The issue is resolved - no changes required to the spec
- An example JSON file would be helpful, especially if there are joint controllers
|
| AOB | - Colin - UK ICO grant funding proposal call is open now - AdUnity, OpenConsent interested in this
- Colin was on the bidders call earlier this week
https://ico.org.uk/about-the-ico/what-we-do/grants-programme-2018/ I (Andrew) quickly reviewed the Grant info linked above, and I think there might be a fit. The possible research topic and solution might be: - purposes categories and examples for one or more industry verticals - use of consent receipts to inform data subjects of their ongoing rights - surveys of opinions of use of consent as a justification for data processing - research into standardization of consent management (including market surveys to document current practices) Submission deadline is August 17.
| AOB |
| - digi.me marketing will be at MyData - a table doing rapid application development for health information - Rory Donelly (Global CEO), Tarik and Dan Bailey will be there
|
| Next meeting |
| 2018-08-16 23 same time, same number GOAL IS TO HAVE ALL DEMO PARTICIPANTS JOIN THE CALL TO WORK OUT ANY MAJOR ISSUES |
...