2019-04-18 Meeting notes (CR) DRAFT

• Roll call
• Agenda bashing

• Deferred: Status: Wiki refresh work
• Deferred: Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)
• Demo status update
• Spec v2
• DIACC Notice and Consent Overview comments
• AOB

• Organization updates

Please review these blogs offline for current status on Kantara and all the DG/WG:

• Director's Corner: 2019: March
• Work + Discussion Group Activity

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation.

• IIW, Mountain View, California, April-May
• EIC, Munich, May - member discount code available - PLEASE REGISTER FOR THE MEMBER PLENARY MEETING Monday May 13th 2019: https://kantarainitiative.org/register-for-kantara-european-plenary/
• Identiverse, Washington, June
• MyData, Helsinki, September

• There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project)
• We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.

• Oscar has proposed that Ubisecure create a primitive Privacy Control Panel app that accepts inbound receipts over an OAuth-controlled API.
• digi.me is nearing completion of mods to their 'consent access dashboard' to make it look/behave like a Privacy Control Panel
• We need to add a couple fileds to the spec (just for the demo) that allow the user to 'call back' to the receipt-issuer to invoke a user-mediated function like 'forget me'. These need to be fields that are URLs somewhere in the receipt-issuing party's namespace - the idea is that the user views a receipt and can click on the field/URL for the action they want to invoke. It's a way to fake an action button that does what we believe might happen in real implementations.
• Status updates from participants:

** Need a person to be responsible for this activity **

• Deadline is May 3 for comments

• Target is EIC May 2019

Here's the project page for the "Demo v2"

2019-04-11 call notes:

Comments (2019-04-04)

• (jim) digi.me green light
• (sneha) green light

2019-03-28 call notes:

• Ubisecure
  • Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service
  • Simple flows - a mechanism - for the end-user
  • This would allow direct receipt transfers instead of 'faking it' via the Downloads folder

======

Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call

• Discovery approach leading to backlog leading to prioritization?
• How do we decide what changes we must do in this round versus deferrable changes?
• See https://github.com/KantaraInitiative/consent-receipt-v-next

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5

2019-03-14 notes:

• Mark:
  • sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment
  • building a proposal to split the notice from the 'consent' in the structure
    • (note that this is similar to the digi.me proposal)
• Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action

• H2020 TRUESSEC.eu project (draft document is from June 2018)

*** Next call 2019-04-18 10:30 am Eastern DAYLIGHT Time

https://global.gotomeeting.com/join/323930725