Versions Compared

Old Version 84

changes.mady.by.user John Wunderlich

Saved on

compared with

New Version 85

changes.mady.by.user John Wunderlich

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: More clean up. Still need to straighten out the examples.

Contents

Table of Contents
outlinetrue
indent10px
absoluteUrltrue

...

...

  1. Consent notice details can be appended to the MVCR to accommodate different personal data sensitivity, data sharing and additional contextual compliance requirements.  
  2. A context field is a field in the MVCR indicating that there are contextual conditions and exceptions to consent that can be listed and applied by an organisation to the context of receiving consent (e.g. medical emergency overrides).  In the MVCR the context is a flag with yes or no. If yes, the provider is stating that they implement a check list of contextual consent requirements. Additional contexts can also be added to a consent receipt. 
  3. Organisations can append trusted services links/icons to the receipt and further extend the assurance provided to capture multiple consent notice types e.g. cookie, terms of use.

Specification by example (SBE) is a collaborative approach to defining requirements and business-oriented functional tests for software products based on capturing and illustrating requirements using realistic examples instead of abstract statements. It is applied in the context of agile software development methods, in particular behavior-driven development. This approach is particularly successful for managing requirements and functional tests on large-scale projects of significant domain and organisational complexity.[1] (https://en.wikipedia.org/wiki/Behavior-driven_development)

...

Field NameDescriptionPurpose/ExplanationReason Why This Field is Required

Cloud Receipt Capture & Sign: Format example in (XDI)

Note: following lines all prepended with ([=]!:uuid:1111/[+]!:uuid:9999)

Data Subject

Name or pseudonym of the user at minimum,

Data Subject is primary party to consent

Is the consent contributor and primary party of the consent, (which is why this is the first field of the MVCR)

if not signed by Data Subject then its use post consent may be limited.

Data Subject: Alice [=]!:uuid:1111

Address (and jurisdiction) of Data Controller

Name of the entity issuing the receipt

Should be the entity/organization that is in control of the personal data and is responsible for consent compliance.Is the Data Controller and is the primary party responsible for administration of the consent

Data Controller: Amazon [+]!:uuid:9999

PurposeThe purposes for which the personal information is being collected.this is a single purpose at minimum linked to the short purpose notice, or policy of purpose.

A purpose notice is a basic and common legal requirement and functionally a requirement of consent.

[#receipt]!:uuid:1234[<#purpose>]<@0>&/&/"We need to process your payment."

[#receipt]!:uuid:1234[<#purpose>]<@1>&/&/"We  need your data to prevent fraud."

[#receipt]!:uuid:1234[<#purpose>]<@2>&/&/"We will advertise to you."

Location of Consent

The location of the consent provision. from which the consent receipt originates.(For example the web page with the consent button. )

This indicates the 'point of consent' - hopefully a button where the user clicked "I agree" or "I consent" (i.e. the biggest lie)

Can be a URI, URL, URN, 

This can also be a physical space where surveillance legal notice requirements exist (EU) - Global Positioning System (GPS)

 

[#receipt]!:uuid:1234<#location><$uri>&/&/"....." 

Sensitive Personal Data Flag (Y/N)Flag to categorise the information collected as sensitive or not (Y/N)Each jurisdiction has classifications of sensitive personal information: The generally include health, financial, Child Protection, Religious, Union categorisations

If Yes, then additional notice requirements are needed to confirm its compliance status.

If No, then the consent is automatically compliant

[#receipt]!:uuid:1234<#sensitive>&/&/true

Third Party Sharing

Flag whether data is shared with third parties. (Y/N)

If true, then compliance is dependent upon additional notice requirements not present in a MVCR. This can be addressed with the "Third Party Sharing" extension.

If Yes, then additional notice requirements are needed to confirm its compliance status.

If No, then the consent is automatically compliant

[#receipt]!:uuid:1234<#third><parties>&/&/true

TimestampWhen consent was obtainedTo record when the user, either by implication or explicity, granted consent for the purposes described. [#receipt]!:uuid:1234<$t>&/&/"2014-07-13T21:32:52"
Privacy PolicyThe issuing entity's privacy policy (either inline copy, or reference to URI)If not available, should provide a notice that it is missingIs the minmum Policy (or short notice) Needed to create a consent receipt.

[#receipt]!:uuid:1234<#privacy><#policy>&/&/"copy of privacy policy here"

or

 

[#receipt]!:uuid:1234<#privacy><#policy><$uri>&/&/"https://..."

Operational Context FlagFlag wether the Operational Requirements are present or not. (Y/N/Unknown)For the presentation of consent there are contextual and prescriptive requirements in legislation, a check list of these elements is being crated in this draft below.

Consent has contextual compliance requirements for the notice to be sufficent. These depend on the location and format of the consent notices

An organisation displays agreement (or not) to implement these OC requirements and this is reflected on the consent receipt.

 

 

The MVCR Format Notice Requirements

...

are currently in progress

...

Full . The full reference table can be found here:  

 

. The table below may not be current

 

Notice Requirements Receipt Meets

Description

UK

UK DPA 1998

http://www.legislation.gov.uk/ukpga/1998/29

EU

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML

USA

For Sharing Personal Sensitive Information with 3rd Parties

Canada

APEC

P3P

FTC FIPPS

OECD FIPPS

Contact of Data Controller (DC)

Legally required to provide contact details of the DC

Schedule 1, Part II, 2.3

a)the identity of the data controller,



X

      

Address of Data Controller (DC)

Legally required to provide contact details of the DC

(b)if he has nominated a representative for the purposes of this Act, the identity of that representative,
 

X

      

Purpose(s)

Legally required to provide purpose for data control

(c)the purpose or purposes for which the data are intended to be processed, and

X

      

Third Party Legal Requirements Transparency

This is a flag to see if additional notice extensions are requirements to assess compliance

(d)any further information which is necessary, having regard to the specific circumstances in which the data are or are to be processed, to enable processing in respect of the data subject to be fair.

X

      

Sensitive Personal Information Collection Transparency

This is a flag to see if additional notice extensions are requirements to assess compliance

X

X

      

Extensions for the MVCR

An extension can be appended to the MVCR to strengthen the compliance of a consent receipt,to enable an organization to meet policy or other goals that are not regulatory requirements, but may be deemed to be best practices, or provide a better user experience for the data subject.

Extension Types

Operational Context:core extension

...

Core ExtensionsExtend the MVCR
Operation Context

Core extension

Note: For the MVCR First Draft there is only the online website format context, additional context can be added by extension

...

Trusted Services

...

Trust Framework Extensions
Usability

...

Extensions that increase usability and

...

adoption of the consent receipt

 

Core Extensions

In each jurisdiction there are sensitive types of personal information found in privacy and data protection law.  Each sensitive type corresponds to a jurisdiction, is defined by an industry, and has prescribed context requirements for the use of a notice.  Core extensions can be added to the MVCR to meet more complex notice requirements and meet the requirements of multiple regulatory jurisdictions.  .

Core extensions can be used by policy makers to localise the use of consent notices to operational contexts

Operational Context (OC): Legal

...

Requirement for the MVCR Context (in progress)

this This is essentially a check list of provisions for the implementation of a consent notice, it is fundamentally It will be used to assure provide assurance that the consent is  fair is fair and reasonable.  There There are specific and existing policy requirements policies that are formalled used to create this checklis. Each jurisdiction has prescriptive text which need checklist. Many jurisdictions have prescriptions for the text required to accompany specific types of consent as well as legally written terminology for these requirements.   With notices there are also contextual and prescriptive requirements in legislationterms defining those requirements. This is also the case with notice requirements.

As a part of creating a receipt for a service user data subject an organisation displays that they have agreed to implement (or not) the OC requirements checklist that accompanies the receipt. This is a flag yes or no,  If yes then their there is a self assertion that the notice will be provided in a fair manner with all of the required considerations as prescribed in law in that jurisdiction.  This is then reflected on the consent receipt.

Instructions: This is a self asserted option, the Operational Context is a yes or no flag that the receipt provisioner turns on or off. 

...

Operational context is dependent on the location of consent, the use of personal data, the origin of the data, and type of data provided. As Context of a consent can vary significantly operational requirements will also vary.  

 

Fair &

...

Reasonable Consent

...

Conditions

This table will collect  a check list of these elements is being crated in this draft below.

Context: Location Specific

Description

UK

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML

EU

USA

Canada

website consent form

To provide notice at point of consent the consequences of not provisioning consent

X (put in legal ref)

X

  

website consent form

To indicate what is required and optional information to provide for consent

X

X

  

mobile application

     

Entering Physical Space

Sign posted upon entry to physical space

    

Core Extensions

In each jurisdiction there are sensitive types of personal information found in privacy and data protection law.  Each sensitive type corresponds to a jurisdiction, is defined by an industry, and has prescribed context requirements for the use of a notice.  Core extensions can be added to the MVCR to meet more complex notice requirements and meet the requirements of multiple regulatory jurisdictions.  .

...

  

Trusted Services

3rd party trusted services can also be used to extend the compliance or trust inherent to corporate process and these can be added in the form of linked Icons to a MVCR.

...

The various table currently include. 

 

Usability

Usability of a consent can be from addint adding a protocol, or a compliance level, or a receipt capture option. In the table below a 'Consent Receipt Request' extenstion that was developed at the Data privacy Legal Hackathon is listed. (Example 3:

 

Extension

...

Road Map

List of current or planned extensions


Priority

Extension Type

Field Name

Description

Instructions

Legal Requirement Jurisdiction (this item must be listed on LR table)

Context

(this item must be listed in the Operational Requirements table)

(usability/Interoperability Benefit)

 XDI Example

1

Core Extension

Jurisdiction

The jurisdictions of the parties: the data protection authority is mandatory.

  • this is taken from the data controller address and the location of the consent.

  • optional the jurisdiction of for the data subject can be added with the consent of the data subject and if the receipt is stored directly in a personal data store.

All

 

Usability: enables receipt to be used as evidence or for the purpose of legal data controls out of context of the consent event.

[#receipt]!:uuid:1234<#jurisdiction>/$ref/[=]!:uuid:1111<#jurisdiction>

[=]!:uuid:1111<#jurisdiction>&/&/"US"

[+]!:uuid:9999<#jurisdiction>&/&/"DE"

2

Core Extension

Collect Sensitive Personal Data

 

  1. Sensitive personal data categories need to be listed by jurisdiction

  2. legal and industry notice requirements need to be listed,

  3. the OC table needs to be updated with the physical requirements

 

    
3

Core Extension

3rd Party Trusted Services Extension (this is the functionality for Registry)

ability to add trusted services to the minimum viable consent receipt

 This incorporates 3rd party sharing and purpose listing format

    
4Usability Extension

Consent Receipt Request Extension

This is a button a user can press to request a consent receipt from a business

  • scrape consent session and send request to MVCR DC Contact field for a reciept (byproviding a form)

  • hypothetical: if an org responds with all of the information they automatically get an above compliant rating

This is for all contexts of the MVCR

Usability

 
5

Operational Context Extension

Policy Extension for Consent Cookie Policy Link

The issuing entity's cookie policy Link (either inline copy, or reference to URI)

If not available, should provide a notice that it is missing or self assert an icon

 Legally in the EU a cookie requires explicit assent

 

 

[#receipt]!:uuid:1234<#cookie><#policy>&/&/"copy of cookie policy here"

or

[#receipt]!:uuid:1234<#cookie><#policy><$uri>&/&/"https://..."

6

OperationalContext Extension

Policy Extension for Terms of Service Link

The issuing entity's terms of service (either inline copy, or reference to URI)

If not available, should provide a notice that it is missing

 Legally Terms need to be open and accessible in order to be fair and reasonable.

 

 

[#receipt]!:uuid:1234<#tos>&/&/"copy of tos here ..."

or

[#receipt]!:uuid:1234<#tos><$uri>&/&/"https://..."


7

keep copy of all notices with receipt

Store all notice data option as a part of signed receipt

      

Examples:

This is a specification by example, all examples need to be listed and demoed in this section.   

 

 

...

Specification Examples

 

 

 

Open Notice

...

Web Site

Consent Receipt - Technical Demo

 

 

 

Demonstration

  • Provides a simple consent receipt to show compliant policy (in progress) http://on.smartspecies.com/receipt-example/
  • Show Directory of Supporters with consent to appear directory managed by supporters personal data store (in progress)

 

MVCR Consent Receipt Template

The MVCR has a base template v.1 that we have using to wireframe consent receipts: V.1

...

Respect Network (RN) Technical Demo:

...

...

Amazon Respect Use Case: With the Respect Network and Open Notice
(Note: Amazon Respect is a Fictitious organisation used here only as an example) 

(http://open-notice.github.io/consent-receipt/amazon-mock/signup.html)

Implementation of consent receipt which is signed & created by a DC and stored in a personal Cloud. 

...

Trusted Services Appendix

...