MVCR (Minimum Viable Consent Receipt) for an Open Consent Model
- A proof of concept that explains the consent receipt and is presented as an open common consent meta-format for consent.
- A receipt is a starting point for being able to track consents and their basic requirements for people online.
The MVCR is meant to be the simple version of a receipt, which people download at the point of consent
- providing legacy consents, with an updated consent profile implementations that can be used to evolve, manage and maintain consent by both parties
- a consent receipt aggregated, with other receipts in a dashboard provide the basis for modern consent management (which is beyond scope of this use case)
- This use case will show that the open format by its self is
- It is intended to be the light version of the core consent receipt data model
- It is intended to a way to bridge for policy, and personal data control architecture
- Objective
- The MVCR has a downloadable record of consent, provides contact and purpose in context
- It is record the data subject receivies that has a clear record of purpose, and can be used to independently manage consent after the consent has been provided.
- it is, by itself intended to transparently show organisation data sharing practices and
- Method
- display the meta format that meets the minimum compliance obligations of an organisation that does not:
- share with third parties,
- does not collect sensitive data,
- includes a self assertion that context specific requirements are included, this minimum viable consent receipt provides the minimum needed for a person to interact independently with an organizations to address any additional compliance or complaint requirements.
- Notes:
- the MVCR is designed and intended to demonstrate the minimum online consent requirements with existing law illustrating the most common consent requirements across all jurisdictions in an independently usable form)
- with these three components alone provides a tremendous improvement as a meta format,
- display the meta format that meets the minimum compliance obligations of an organisation that does not:
- Additional Operational Objectives to implement beyond the MVCR: (creating list here)
re-consent
withdrawing consent
upgrading consent to the new consent data model
- Technical Implementation
- release an open simple version of the CR that is useful out of the box for a common and specific scenario, defined here as website registration for Kantara.
- do this in a way that enables the receipt to be usable (systematically read)
Stage 1 MVCR Website Registration: : CIS-WG Implementation:
- Specific Use Case for:
- non-sensitive PII, -
- e.g.no third party sharing,
- no-PII payload,
- with output into a json field with pdf version (or html version)
- Components
- includes a simple form for creating a static receipt
- presents the receipt on a website, with pdf version, and digital cert version
- documentation about what the receipt is potentially good for.
- Walkthrough
- WG- Admin
- fills out form for creating consent receipt code
- this code is put on the website
- Alice Experience
- alice goes to sign up
- alice gets receipt
- WG- Admin
- Implementation Plan
- get quote from Oliver for the demo
- demo needs plan to be developed and moved to consent receipt. org
- includes list of usability requirements, documentation, graphics
Stage 2 MVCR Website Registration: Consent Receipt . Org