View Source

Date

2017-09-14

Status of Minutes

Approved

Approved at: 2019-12-12 Meeting notes (CR) DRAFT

Attendees

Voting

Andrew Hughes
John Wunderlich
Mark Lizar
Rupert Graves
Jim Pasquale

Non-Voting

David Turner
Dorota Filpczuk
Sal D'Agostino
Tom Jones
Colin Wallis

Meeting was quorate

Participant Roster (2016) - Quorum is 5 of 8 as of 2017-08-24

Iain Henderson, Mary Hodder, Harri Honko, MarkLizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Rupert Graves

Discussion Items

Time	Item	Who	Notes
4 mins	Roll call Agenda bashing	Former user (Deleted)
1 min	Organization updates	All	Please review these blogs offline for current status on Kantara and all the DG/WG: Director's Corner Working + Discussion Group Activity
2 min	CIAM World Tour workshop	All	Any specific sessions about Consent Receipts and Consent Management?
5 min	Discuss 'sprint' process diagram	Andrew	Refresh on where we are in the cycle. What is left to do for v1.1? September 14, should be at: End of WG Contributions to Sprint 5 Waiting for Editor updates from Sprint 5
20 min	Discuss work backlog priorities for CR v1.1	David	Github Issues: https://github.com/KantaraInitiative/CISWG/issues
10 min	Draft of publication synopsis for new WG	Andrew	The purpose of the Consent Management Solutions – Best Current Practices publication is to establish an open standard of good practice for the management of an individual’s consent to process their personal data in electronic systems. The publication describes the practices used by leading organizations to manage the full lifecycle of an individual’s consent to process their personal data. The lifecycle stages include privacy notice, prompt for acceptance of terms, collection of consent, production and storage of consent receipt, and, management of the record of consent. The practices and requirements derived from them described in the publication can be used as the basis for a conformity assessment scheme which may include product and services certification. Proposed Table of Contents Introduction Scope Notations and Abbreviations Terms and Definitions Best Current Practices – Consent management solutions General Regulations Privacy Notice Collection of consent Management of consent records (creation, updates, expiry, change of scope) Interoperability of consent records Considerations (Non-Normative)

Discussion

Discussion about practices around consent receipts v consent records v privacy notices
Must clarify the relationship between these things and the context with regulatory environment
Recommended to have an explicit record format for 'consent' - separate publication
Discussion about how changes or updates to notice/consent scopes will happen
v1.1 status
- Two main areas plus smaller pieces
- 1) Security Considerations
- 2) NEW Data Controller contact information - #104
  - Concern that the mandatory requirements might be too restrictive
What about 'soft identity' - non-identifying attribute sets that is unlinkable to an individual like device fingerprint - 'soft consent'
AI: schedule a call for re-identifiability and di-identification

ISO 29184 contributions

Deadline for contributions and comments is September 15 to ISO - so the Kantara group needs to submit at least a week prior.