Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »



A sub-group project has been the lifecycle of consent RFC work, the aim of this work has been to develop digital ledger consent specification for the new Notice and Consent State specification with ISO 29184 and the Consent Record . 

The proposal to work in collaboration on this between communities requires careful consideration of the governance structure for the consent work.  

For this work to remain open, and to be in compliance with the ISO legal standards for EEMA/National Legal Implementation of the OECD Guidelines for the Transboarder Flows of Personal Information under the Council of Europes Convention 108 +.  

Due to the multi-community nature of the Notice & Consent work, there are active inputs from multiple communities of interest which require a clear separation of powers between the various parties and the governance ecosystems this work pertains too.

For example;

  •   W3C Data Privacy Vocabulary Controls 
    • have contributed the GDPR Extension for the CR v1.1 as the first half of the drat .  
    • W3C DPVC have indicated that when the 29184 is published the - DPVC for ISO interoperability with GDPR can be complete
  • Hyperledger Consent Lifecycle Project has requested a collaboration with the ToiP governance WG, in which the Digital Ledger Consent technology - being co-developed can be developed in ToiP can be written in ToiP with the V2 DPVC draft for ISO 
  • aNG - A New Governance - requires a clear separation of powers between these parties, and like other parties working on this, would like a neutral 3rd party identity authority like Kantara to administer the Separation of powers framework. 
  • Key elements for this Separation of Powers Agreement to Consider 
    • the Notice & Consent Group is
      • an independent group of framework operators associations, framework implementors and presentatives 
      • produces the conformance profile in accordance with - and - as required by the legal standards committees
    • Kantara to facilitate this effort with the Kantara ISO - BOT Liaison Committee
      •  Notice & Consent state records,  for digital ledger technology are contributed according to the policies and procedures currently active in the ISI Notice and Consent Project
    •  this separation of powers framework agreement remains flexible for requirements of future SDO's and industry/ standards and blockchain based associations .  

Moving forward 

  • the OASIS - COEL standard is an adopter of the Consent Receipt v1.1 and has provided  requirements back to this effort, after adoption the CR V1.1 works.  This Feed back is directed at section  pages 72 & 73: http://docs.oasis-open.org/coel/COEL/v1.0/cs02/COEL-v1.0-cs02.pdf 
  • This section provides a requirement for separation of concerns, and provide some insight into this process. 
  • In addition, the OASIS-COEL Specification is under RF-RAND - in order to be compatible with the IPR governance if they were to be require to interoperate with the IPR of the Consent Receipt v1.1 which is written under a very similar RF-RAND IPR, 


To this end, after a review, a simple path forward is to agree for the separation of the consent work, and the integrity of its conformance be maintained by the ISI-Kantara Notice  & Consent project membership, that the use of the multi-community developed Consent for DPV and ISO be accompanied by a reciprocal and proportional process for  fair and equal use be all parties. And, that it be done so in accordance with the ISO 29184 and the ISO/IEC 27560 Privacy technologies: Consent record information structure. 




  • No labels