Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Brief Description

A web user provides information to a web site for the purpose of creating a persistent user identity on that site. The web site collects the information provided by the user and provides the user with a consent receipt to record the information transaction.

 

Actors

 

 

Alice: Alice is the web user seeking to make use of the information or services provided by the web site on which she is registering.

 

Bob: Bob is the person or organization that is accountable for the operation of the web site.

 

 

Stakeholders and Interests

 

 

Data Protection Authority (DPA): The competent authority or authorities that have jurisdiction over the operation of the web site in this use case. This is the authority to which Bob will be accountable and to which Alice could raise issues or complaints.

 

Pre-Conditions

The following conditions must be true before this Use Case can be executed:

  1. The connection between Alice and Bob is reasonably secure - that is to say that Bob has provision the security level appropriate for the sensitivity of the data that Alice has been asked to provide.
  2. Alice is using a standards compliant web browser
  3. Bob has a web privacy notice on a URL accessible to Alice
  4. Alice has provided the information necessary for Bob to register her chosen identity on his web site.
  5. Alice has consented to the collection, use and disclosure of the information she has provided for the purposes identified in Bob’s web privacy notice.

Post Conditions

Success end condition

  • Bob has generated and retained a copy of the information contained in a consent receipt.
  • Alice has seen and been presented with the opportunity to save a local copy of the consent receipt
  • Bob has logged the presentation of the consent receipt to Alice.

Failure end condition

  • Alice does not receive a consent receipt
  • Bob retains more information about Alice than is necessary for the purposes of web registration.

Minimal Guarantee    

Alice is registered as a user on Bob’s web site and has been presented with a consent receipt that allows her to understand what information about her has been collected, the purposes for that data collection, how the information will be used, whether or not the information will be disclosed to third parties and for how long the information will be retained.

Trigger

The creation and presentation of a consent receipt is triggered when Alice consents to the collection of her information for site registration.

Event Flow

Conformance Mode 1 (Human Readable)

  1. Alice is asked for consent to the collection of her information to register her on the site.
  2. Alice consents to the collection of her information.
  3. Bob generates or gathers the information necessary for a consent receipt
  4. Bob presents Alice with the consent receipt. Options for presentation include

 

 

 

 


  • No labels