Editors:
| Version | Status | Writer | Editor | reviewer |
|---|---|---|---|---|
v.01 | X | Mark Lizar - ; Summary of Intent | Mary Hodder | |
| v.02 | X | Mark Lizar & Mary Hodder Stakeholder Analysis | John Wunderlich | |
| v.03 | X | John & Mark: Summary of Compliance Contents | Mary Hodder | |
| v.04 | Current | Spec Outline: Mark Lizar PDS Walkthrough: Markus Sabadello Open Notice CR Demo: Mark Lizar | John Wunderlich | |
| v.05 | Next Edit |
...
Table of Contents outline true indent 10px
Related Documents:
- CISWG: Consent Requirements Map: (spreadsheet of laws/principles for receipt and data control R&D)
- Latest Consent Receipt Template
- Hackathon Video and Convergathon Hack Notes from July 12&13 2014 -->
- Scale of Compliance to measure the legal compliance of a consent receipt
...
Respect Network (RN) Technical Demo:
- Store a Consent Receipt in your RN personal cloud using XDI: http://amazon-respect-consent.herokuapp.com/
- List Consent Receipts in your RN personal cloud: http://open-notice.github.io/respect-network-receipts/
...
This is a specification to create a common format for provisioning consent receipts to increase usability of consent. The specification will provide Organisations with the ability to create and provision a record of consent. The requirements are that the record is linked to the minimum notice requirements to be viable for self asserted compliance. The underlying strategic aim is to prioritise the 'Fast Track' usability of compliance.
...
Specification by example (SBE) is a collaborative approach to defining requirements and business-oriented functional tests for software products based on capturing and illustrating requirements using realistic examples instead of abstract statements. It is applied in the context of agile software development methods, in particular behavior-driven development. This approach is particularly successful for managing requirements and functional tests on large-scale projects of significant domain and organisational complexity.[1] (https://en.wikipedia.org/wiki/Behavior-driven_development)
A key aspect of 'specification by example' is creating a single source of truth about required changes from all perspectives. This latest version specification with this document title is the single source of truth.
Objective
The aim of the specification is to produce a the minimum compliant capable consent receipt that directly links all required policies (open notices) to the consent receipt.
...
The Open Notice Initiative is an effort that calls for open consent (http://opennotice.org/callforcollaboration). This has resulted in the development of this specification for a Minimum Viable Consent Receipt(MVCR).
Glossary
Minimum Viable Consent Receipt(MVCR)
Minimum: (in Minimum Viable Consent Receipt) means to include links to all the policies that inform the consent
Viable: (in Minimum Viable Consent Receipt)
Example: Is an MVCR implementation that demonstrates a functional implementation of a consent receipt
Consent Receipt (CR) A Consent Receipt -denotes a single record of consent and consent context at point of consent provision,
Trusted Services; A provider of Trust/Privacy Icons, Standard Assurance, Reputation Services, Trusted Network, Trusted Protocols,
Data Subject(DS)
Data Controller(DC)
Operational Context of Consent: Consent is used as an operational identifier of a physical event which is accompanied by a defined notice requirements found in law
...
A MVCR with a complaint status will assure a level of regulatory compliance in a more than compliant manner as it is a digital record that both parties have and inherently more open. The consent receipt should make sense at a glance, be one click to use Data Controller contact, and to get to a purpose(s) short notice or trust . This visual format can then be audit for these data points at a glance, with one click access to all consent related policies by default.
MVCR: Consent Notice Fields
...
| Field Name | Description | Purpose/Explanation | Reason Why This Field is Required | Cloud Receipt Capture & Sign: Format example in (XDI) Note: following lines all prepended with ([=]!:uuid:1111/[+]!:uuid:9999) |
|---|---|---|---|---|
| Data Subject | Name or pseudonym of the user at minimum, | Data Subject is primary party to consent | Is the consent contributor and primary party of the consent, (which is why this is the first field of the MVCR) if not signed by Data Subject then its use post consent may be limited. | Data Subject: Alice [=]!:uuid:1111 |
| Address (and jurisdiction) of Data Controller | Name of the entity issuing the receipt | Should be the entity/organization that is in control of the personal data and is responsible for consent compliance. | Is the Data Controller and is the primary party responsible for administration of the consent | Data Controller: Amazon [+]!:uuid:9999 |
| Purpose | The purposes for which the personal information is being collected. | this is a single purpose at minimum linked to the short purpose notice, or policy of purpose. | A purpose notice is a basic and common legal requirement and functionally a requirement of consent. | [#receipt]!:uuid:1234[<#purpose>]<@0>&/&/"We need to process your payment." [#receipt]!:uuid:1234[<#purpose>]<@1>&/&/"We need your data to prevent fraud." [#receipt]!:uuid:1234[<#purpose>]<@2>&/&/"We will advertise to you." |
| Location of Consent | The location of the consent provision. from which the consent receipt originates.(For example the web page with the consent button. ) | This indicates the 'point of consent' - hopefully a button where the user clicked "I agree" or "I consent" (i.e. the biggest lie) Can be a URI, URL, URN, This can also be a physical space where surveillance legal notice requirements exist (EU) - Global Positioning System (GPS) |
| |
| Sensitive Personal Data Flag (Y/N) | Flag to categorise the information collected as sensitive or not (Y/N) | Each jurisdiction has classifications of sensitive personal information: The generally include health, financial, Child Protection, Religious, Union categorisations | If Yes, then additional notice requirements are needed to confirm its compliance status. If No, then the consent is automatically compliant | |
Third Party Sharing | Flag whether data is shared with third parties. (Y/N) | If true, then compliance is dependent upon additional notice requirements not present in a MVCR. This can be addressed with the "Third Party Sharing" extension. | If Yes, then additional notice requirements are needed to confirm its compliance status. If No, then the consent is automatically compliant | |
| Timestamp | When consent was obtained | To record when the user, either by implication or explicity, granted consent for the purposes described. | ||
| Privacy Policy | The issuing entity's privacy policy (either inline copy, or reference to URI) | If not available, should provide a notice that it is missing | Is the minmum Policy (or short notice) Needed to create a consent receipt. | |
| Context | Flag wether the Operational Requirements are present or not. (Y/N/Unknown) | For the presentation of consent there are contextual and prescriptive requirements in legislation, a check list of these elements is being crated in this draft below. (this list is living draft ) | Consent has contextual compliance requirements for the notice to be sufficent. These depend on the location of the consent and data subject. An organisation can agree to add address this list when implementing the consent receipt. |
...
operation Context is for receipt provisioner to provide Each jurisdiction provide. Context of a consent can vary dramatically. location and type of data provided is much different.
Each jurisdiction has prescriptive text which need to accompany specific types of consent as well as legally written terminology for these requirements. With notices there are also contextual and prescriptive requirements in legislation.
This table will collect a check list of these elements is being crated in this draft below.
| Context: Location Specific | Description | UK Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML | EU | USA | Canada |
|---|---|---|---|---|---|
| Online Consentwebsite,, | To provide notice at point of consent the consequences of not provisioning consent | X | X | ||
| Online Consentwebsite,, | To indicate what is required and optional information to provide for consent | X | X | ||
| Entering Physical ConsentSpace | Sign posted upon entry to physical space |
...
Extension Types
- core extensionOperational Context Extensions (OCE)
- Trusted Services - Trust Framework Extensions
...
Core extensions can be used by policy makers to localise the use of consent notices to operational contexts
Operation Contexts
Online (via web browser),
Device Type
Physical Space
Trusted Services
3rd party trusted services can also be used to extend the compliance or trust inherent to corporate process and these can be added in the form of linked Icons to a MVCR.
...
Draft Trust Services Auditing Compliance Scale
Type of Trust Framework - Consent Policy Format
Personal Policy Preference Consent Extension Location
Trusted Service Provider Examples Tracker: Analytics etc:
Cookie Do Not Track browser header cookiepedia, privacy clearing warehouse, Ghostery Terms of Use Policy
Agree to terms TOS;DR, Citizen Me Policy Tracking Services Policy Comparison Has terms materially changed ( is consent still compliant? ) TOSBack Consent Type What kind of consent has been received To record the type of consent or whether there is an exception to the requirement for consent. Reputation
Trust Framework (all trust services provide reputation) Privacy Icons
Pictorial Short Notices Disconnect Me Capture of Personal Preference at Time of Consent Does the issuing entity acknowledge DNT If not available, should provide a notice that it is missing Data Control Protocol
User Managed Access Trusted Network Service
Respect Network Standards
Certificates
TrustE Levels of Assurance KI: Identity Assurance Framework
...
MVCR
...
Mockup
The MVCR has a base template that is being updated all the time.t
Old Version can be found XXX
...
We have a template that we are using for the technical design of the consent receipt, the GUI design is also out of scope. What is provided by default is a Consent Receipt Template that we are using for technical design.
Example 1: Open Notice Consent
...
Receipt
(Example (in progress) can be found at http://on.smartspecies.com/support-open-notice/
(******SCREEN SHOT HERE***)
Example 2: Storing Receipt in Personal Data Store: Technical Walkthrough Example with Respect Network
Amazon Respect Use Case: With the Respect Network and Open Notice
(Note: Amazon Respect is a Fictitious organisation used here only as an example)
(http://open-notice.github.io/consent-receipt/amazon-mock/signup.html)
Implementation of consent receipt which is signed & created by a DC and stored in a personal Cloud.
...
Each field on the MVCR contains legal notice requirements, each of these components are listed in and the presence of these are counted and a flag is added to record if any of these self asserted claims have been disputed and not resolved.
The MVCR has a maximum rating of compliant. Additional Ratings are possible with extensions.
Notice Compliance Checklist | Non Compliant | Partially Compliant | Compliant | Above Compliant | Trusted | User Managed |
|---|---|---|---|---|---|---|
Contact of DC |
|
| X |
| ||
Address of DC |
| X |
|
| ||
Purpose(s) |
| X |
|
| ||
Sensitive Data (If NO) |
|
| X |
| ||
Share with 3rd Party (If No) |
|
| X |
| ||
| Any of the above self asserted is Disputed or un verifiable (Y/N Flag) (If No) ( if Yes and unresolved = Non-Compliant) | X |
MVCR Compliance Scale
Each item in the MVCR will be rated with this scale presented below
The compliance scale is the social aspect of the MVCR Specification. The scale provides a simple icon for a universal measure of MVCR compliance.
basedis based on the ICO table of compliance http://ico.org.uk/for_organisations/data_protection/working_with_the_ico/~/media/documents/library/Data_Protection/Detailed_specialist_guides/auditing_data_protection.pdf
Summary of Benefits to MVCR
- Transparency: The MVCR receipt is a common format for the legally required policies which provide notice. links to all notices and demonstrate a much higher level of minimum viable notice (for consent) legal compliance. This standard is intended to augment the existing legal notice and consent infrastructures that is already in place and reward greater transparency of consent. .
- Extensible: The MVCR Spec is intended to be easily extensible and auditable, with a jurisdicitional legal compliance audit built in for making transparent legal context and controls of a consent transaction. Meaning that consent legal notice requirements are different by jurisdictions, industry, for various sensitive data types, for sharing to 3rd parties, tracking (cookie consents), in additional to personal and contextual consent preferences of the individual. Extensions are notice requirements layered onto this MVCR format to meet and match legal requirements and trust frameworks to address cross jurisdictional management of consent.
- Trusted Services Vehicle: A receipt passed to the service user at time of consent provides a legal trust framework to build upon. As a result it is the MVCR is intended as a vehicle for delivering trusted services to the individual. A stakeholder can utilise trust services, which are then linked to the receipt, which further extend the compliance and "fast track" usability of consent and identity management by using a spec compliant receipt. Eg.privacy icons, TOS reputation, certifications, trusted networks, and protocols
- MVC is intended to be an all purpose consent process enhancement.
- This MVCR specification is intended to be used so any organisation can implement the spec and provide a MVCR.