Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Introduction

  • A receipt is a starting point for being able to track consents and their basic open notice requirements for people online.

  • The MVCR is meant to be the simple version of a receipt, which people download at the point of consent 

    • providing legacy consents, with an updated consent profile implementations that can be used to evolve, manage and maintain consent by both parties
    • a consent receipt aggregated, with other receipts in a dashboard provide the basis for modern consent management (which is beyond scope of this use case)
    • This use case will show that the open format by its self is a more compliant way to harvest and manage consent across multiple juisdictions.
    • The MVCR is a bridge for policy, and personal data control architecture

Scope of Work

The scope of work is to create a consent receipt generator that is used to developed the MVCR, and then to implement the MVCR for a site registration use case, starting with the CISWG registration process. 

The Consent Receipt Generator will :

  •  consist of:

    • the core consent receipt data model form the MVCR v0.7 specification

    • a web API to generate signed consent receipt JWTs.

    • The UI will be a Kantara CISWG Branded JavaScript application that will present a set of form fields;

    • submission of the form will call the API and download the JWT into the browser.

    • The UI will then render the downloaded JWT in a human-readable fashion and allow the user to download the JWT to their machine.

    • The code for the render of the UI will be re-usable. i.e. cut and paste into the implementation of the MVCR consent button. 
  • be usable for:
    • developing the consent receipt data model and usable renderings of a consent receipt
  • Be hosted at Consentreceipts.org
    • this will be an open source consent reciept generator, with a liberal re-use license.
    • will take into consideration that 
      • success of the consent receipt being a machine readable meta format relies on the CR being  THE dominant common format
      • we need to ensure that the licensing for the receipt generator enables CIS to actively maintain this format
      • we need to ensure the CIS WG is setup to actively maintain this consent data model
      • we need to make  sure that this development effort and the WG is  easy for data model change requests, and additions to be made. 

The MVCR Implementation:

  • The MVCR is the primary proof of concept Use Case for the core consent receipt data model. 
  • The MVCR is the open common consent meta-format for a legal consent notice delivered as a consent receipt when consent is provided on while registering on the website.
  • The alpha MVCR  instance is to be used to sign up to the CISWG, and is best explained as an advanced consent button, which calls the consent receipt generator API, (Hosted at consentreceipts.org) and delivers a consent receipt visually in the browsers as well as a jwt machine readable consent receipt to the person consenting.
  • The consent receipt generator and the MVCR is intended to demonstrate how/why the most simple version of a consent receipt is a massive improvement over existing consent buttons on line, especially in the context of website/service registration.
  •   management   better than existing consent, demonstrating that a record by itself provides transparency over policy and organisation information sharing practices
  • Used as a demonstrator to evaluate the legal and binding aspects of a consent record
  • Used to demonstrate how a consent receipt opens the closed privacy policy infrastructure.

 

Objective

    1. The MVCR has a downloadable record of consent, provides contact and purpose in context
    2. It is record the data subject receives that has a clear record of purpose, and can be used to independently manage consent after the consent has been provided. 
    3.  Usability: It is, by itself intended to transparently show organisation data sharing practices at a glance
    4. The MVCR implementation will be evaluated in compairison to the MVCR v0.7 specification, to create a list of issues, that will be solved in the v0.8  iteration of the MVCR spec.

MVCR: Minimum Method

  • display the meta format that meets the minimum compliance obligations of an organisation that does not:
    • share with third parties,
    • does not collect sensitive data,
    • includes a self assertion that context specific requirements are included, this minimum viable consent receipt provides the minimum needed for a person to interact independently with an organizations to address any additional compliance or complaint requirements.
  • Notes:
    •  the MVCR is designed and intended to demonstrate the minimum online consent requirements with existing law illustrating the most common consent requirements across all jurisdictions in an independently usable form)
    • with these three components alone provides a tremendous improvement as a meta format

 

MVCR Website Registration Walkthough for the CIS-WG Registration:

  • Specific Use Case for the Kantara CISWG Registration
    •  non-sensitive PII, -
    • e.g.no third party sharing,
    • no-PII payload,
    • with output into a json format of the receipt download as a text file with  html version displayed on screen and pdf version available to send via email (evaluating different methods of delivery)
  • Components
    • includes a simple form for creating a static receipt or code that generates a receipt dynamically at point of consent.
    • presents the receipt on a website, with a machine readable downloaded version
    • How to documentation
  • Walkthrough
    • WG- Admin
      •  installs a consent button  that calls the consent receipt generator api. 
      • this code (or consent receipt generator) is put on the website
    • Alice Experience
      • alice goes to sign up
      • alice see human readable in the website page, gets download machine readable receipt message,

Additional Operational Objectives to consider during MVCR development: (creating list here)

  1. re-consent

  2. withdrawing consent

  3. upgrading consent MVCR to the new consent data model  v1.0

 

  • No labels