Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Date

2018-11-08

Status of Minutes

DRAFT

Approved at: <<Insert link to minutes showing approval>>

Attendees

Voting


Non-Voting

  • Tom Jones
  • Derek Munneke
  • Colin Wallis
  • Peter Davis

Regrets

  •  Chris Cooper

Quorum Status


Meeting was <<<>>> quorate


Voting participants


Participant Roster (2016) - Quorum is 5 of 9 as of 2018-07-12

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Oscar Santolalla, Richard Gomer

Discussion Items

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
Former user (Deleted)
  • presentation from Peter Davis - Airside Mobile on their planned implementation of Consent Receipts
  • discuss the road map - are there high priority items?
  • discuss ideas for EIC May 2018 demo and other talks
10 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

  • ISSE Brussels (EEMA)
  • TIIME, Vienna, February
  • EIC, Munich, May
  • Identiverse, Washington, June
30 minRoadmap ideas for Kantara CIS WG productsAll

Continuation of the discussion about 'what should interoperate?'

Some food for discussion:

  • If we believe that the CR should be adjusted to enable general use for any legal basis for processing, what steps are needed (where are the requirements? what are mandatory/optional features? etc)
  • If we believe that 'consent' will become an peer with the other legal bases for processing, then maybe we should leapfrog and look at requirements from ePrivacy Regulation, and take an affirmative position in the marketplace that Kantara Consent Receipts are designed to be fit-for-purpose to address ePrivacy, GDPR and GDPR-similar regulations.
  • Is there support in this WG to use the "Contract Law" concepts as the scaffolding/framework for future development of the "Kantara receipt" construct?
    The use cases described last week (in addition to the ones in the github repo) were:
    • Privacy Dashboard
    • Evidence of Action
    • Agreement Details and Transaction Records
    • Standardized Message Data Structure




From 2018-11-08 call:



From 2018-11-01 call:

Andrew led the group through a discussion looking at the central 'agreement' between data subject and data controller in light of basic concepts of Contract Law in the Common Law to see what patterns and insights are available

Andrew has uploaded some material to help the discussion: Product Roadmap Ideas

Blog: Kantara Initiative Work Groups on Data Sharing and Consent

Mind map to go with the blog

Kantara consent high level use cases.pdf


0 minInteroperable Consent Receipt roadmap ideasAll


From 2018-10-04 call:

  • If the legitimate basis is not 'explicit consent' - but rather legitimate interest, is the concept of 'data receipt' still viable?
  • Mark - yes, the current CR was designed to be not confined to 'explicit consent' - so yes, the receipt concept will work for other bases for processing
    • in particular - for updates to privacy notices
  • Mark Q: would it be interesting to have additional values for the 'consent type' field? A: YES! 
    • Jim: maybe this should go to the Consent Management WG?
  • A lawyer at the Seattle event pointed out that it would be useful to capture the actual privacy notice that was agreed by the user.
    • OpenConsent has an alpha product that might suit the purpose
    • There is a systemic problem that needs to be addressed - and capturing the privacy notice won't actually help
    • If there is a strong need for a high value receipt, then it would be very useful to capture the actual notice text
    • So maybe the receipt could have optionality to allow for capture of the notice text.
  • WG needs to take some time to discuss the UX - schedule it
    • Tom has posted some examples that could be discussed
    • Mark - OpenBanking has posted UX guidance
  • Schedule specific multiple calls for this to discuss what the user should see, and how this translates into the 'receipt' concept
    • Should this WG do a spec or guidance on UX or UI?
    • Should this WG talk about what the 'receipt' means and / or represents?
    • (YES to both question)
  • Andrew: suggests first design call on Thursday October 18, 2019 and then every 4 weeks to be kind to the down-under-ers.

Iain: the highest value work item is the lexicon work

5 minAdding feature requests to next version of spec familyAll
  • Andrew has set up a github repo for next-version specification backlog items, including use cases:
    https://github.com/KantaraInitiative/consent-receipt-v-next
  • Some possible items for next versions:
    • Structural changes to the spec including a hierarchy of objects that should improve high transaction volume
    • Integration/association of the new Blinding Identity Taxonomy into the CR Spec family
    • (idea) Optional receipt metadata to assist privacy dashboards in organizing and processing 'bring forward' items (e.g. "remind me to check this share in 3 months")
10 minProduct roadmap for the demoAll
  • Target is EIC May 2019

AOB



Next meeting

*** Next call 2018-11-15 10:30 am Eastern Standard Time / 15:30 GMT



 


  • No labels