Meeting 2020-05-06 AdvCIS

Date

2020-05-06

IPR

Thank you for joining the call today. 

This Work Group operates under the Non-Assertion Covenant IPR option found as an appendix to IPR Policies V2.0 that Kantara operates.The Group Participation Agreement memorializes your acknowledgment of the terms under which you participate in this Work Group. Every person who has acknowledged the GPA is listed in the Participant Roster, as a voting or non-voting participant.However, there are circumstances, such as in-person workshops or calls where non-participant guests may be present who have not acknowledged the GPA for this Work Group.

Every person on this call is strongly encouraged to acknowledge the GPA for this Work Group prior to any form of participation.
If you have not, or do not wish to, please Note Well the following before you participate in any form.

  1. In accordance with the Kantara Initiative IPR Policies V2.0, all contributions by voice are valid contributions alongside the much more preferred written contributions and while you still retain your IP, you grant Kantara copyright equivalent to the terms of the Non-Assertion Covenant without further condition or reservation.
  2. It is your own IP and not another party's IP
  3. Such contributions are not confidential or otherwise subject to the limitation in its distribution, including pricing or other competitively sensitive information.

Again, if you are uncertain about any matters, please remain silent and do not contribute anything in writing.

Attendees

Topics (revisit)

  • Reviewing Table of Contents
  • Inviting comments on what should / should not be included 
  • Reviewing of contributions for appendix 
    • Notifications for consent lifecycle management. 
    • Consent Types (Appendix) 
    • Blinding Identity Taxonomy (Appendix) 
    • Notice Specification &  Personal Data Categories, 

Discussion items


TopicDescriptionDiscussion 

Call for Inputs Asking for any future inputs, considerations, or contributions for the specification 

Inputs

  • what are the requirements for inputting into the ISO/IEC 27560 stream? 
  • EDPB - Consent Doc 


Mark Table of Contents Review  

Introduction

Notations and Abbreviations

Terms and definitions

Terms - Section heading

Elements of a Receipt

  1. a) Introduction
  2. b) Conformance
  3. c) Receipt Terms and Fields 
  4. d) Receipt data structure
  5.  e) Notice, Notifications for Consent Receipts for Consent Lifecycle Management
    1. Notice, Notification and Consent Receipt Structure
  6. f) 29184 Presentation and Delivery (for transparency, security and compliance to legal standards)
  7. g) JSON Schema

Considerations

  1. a) General
  2. b) Sensitive or Special Categories of Personal Information
  3. c) Security and Integrity
    1. Data Capture and Masking
      1. Blinding Identity Taxonomy 
    2. LifeCycle Considerations 

Acknowledgements

References

Appendix A: 

Appendix B: 

Appendix C:

Appendix D: Options Security Consideration Framework & the Blinding Identity Taxonomy

Appendix E: Linking and Stacking: Receipt & Record examples 

Revision history

  • Flow of drafting: 
    • section 3 - first list all the fields for the maximum consent record 
    • Section 5 -
      •  notice and notifications are subsets of the consent record fields 
    • appendix has the new contributions
      • consent type labels. -  justifications (legal) 
      • notification types
        • Notifications for Consent Lifecycle Management
          • quadrant of 4 types
            • data protection consent record (closed in an org) 
              • Data Subject can send a notice 
              • Controller can send a notice 
            • data control - using consent receipt 
              • Data subject 
              • Controller 
            • notification 
              • must present 
              • ack or not
      • Personal Data Categories
      • Mapping to GDPR - 
        • Native - W3C DPV 
      • Unified Data Fields -for scalable mapping
        • Using for other legal jurisdictions 
        • Unified W3C DPV Terms 
        • use of OCA for unified data automation 
        • recommend mapping 
        • mapping equivalence assessment 


 Asking for any future inputs, considerations, or contributions for the specification 


Are we missing considerations ? 



Spec Drafting,  - schedule and contribution to effort  - 

editors or reviewers 

  • Former user (Deleted)  - Receipt Terms and Fields   estimated May 13
  • 29184 - presentation and delivery 
  • Security Considerations 




AOB

List updates for next week

  • IIW 
  • MyData Operator 
  • PCTF Comments 
  • NIST Comments going out 

Action items