16_V_DM: Verifiers must only request the minimum data required for their transaction

Owned by Venkat (Unlicensed)
Last updated: Aug 09, 2023 by John Wunderlich
2 min read

Statement: Verifiers shall only request the minimum data required for their transaction

Review Meeting(s): TBD

Status: Draft

Item

Description

Item

Description

Statement (Single phrase or sentence)

Verifiers shall only request the minimum data required for their transaction

Description

To avoid excessive collection of data, the Verifiers attested data fields should map to the minimum required to meet their attested use-case.

: attested means that the attested use cases delineate the data fields requested.

:three requirements #5, #6, and #7&#16 to be aligned and sequenced for common language.

: categories of data => required, optional, and ephemeral

: discussion of minimum required for the identified purpose - needs to be flexible enough to allow for various profiles and operational contexts

: Tom instead of relevance - the element @context is designed specifically to bring in addtional schema and requirements.

: Loffie - another step - which option or services do you want?

: John - how to do this without cognitive overload

: Loffie - cognitive overload can be addressed by UX

Verifiers shall only request the strictly necessary PII to provide the services according to justified purposes for data processing. When no identification of the user is needed, Verifiers should accept the isolated proof of attributes via selective disclosure techniques or when possible, zero-knowledge proofs.

Scope (applies to)

Part A: Verifiers
Part B: Issuers
Part C: Providers

Select the Primary Consideration

CC (Consent and Choice)
PL (Purpose legitimacy and specification)
CL (Collection limitation)
DM (Data minimization)
UR (Use, retention, and disclosure limitation)
AQ (Accuracy and quality)
OT (Openness, transparency, and access)
IA (Individual access & participation)
AC (Accountability)
IS (Information Security)
PS (Privacy compliance)

Reference

16_V_DM

Other considerations

CC (Consent and Choice)
PL (Purpose legitimacy and specification)
CL (Collection limitation)
DM (Data minimization)
UR (Use, retention, and disclosure limitation)
AQ (Accuracy and quality)
OT (Openness, transparency, and access)
IA (Individual access & participation)
AC (Accountability)
IS (Information Security)
PS (Privacy compliance)

Explanatory Notes (Text or Link)

From # 6
Verifiers shall only request the strictly necessary PII to provide the services according to justified purposes for data processing. When no identification of the user is needed, Verifiers should accept the isolated proof of attributes via selective disclosure techniques or when possible, zero-knowledge proofs.

Page Tasks

 

Type your task here, using "@" to assign to a user and "//" to select a due date

Related pages

15_V_DM: Verifier Re-identification
15_V_DM: Verifier Re-identification
Privacy Enhancing Mobile Credentials (PEMC)
Read with this
12_V_IS: Secure storage
12_V_IS: Secure storage
Privacy Enhancing Mobile Credentials (PEMC)
Read with this
07_V_CL: Verifiers minimize collection
07_V_CL: Verifiers minimize collection
Privacy Enhancing Mobile Credentials (PEMC)
Read with this
13_V_OT: Data subject rights
13_V_OT: Data subject rights
Privacy Enhancing Mobile Credentials (PEMC)
Read with this
14_V_AC: Verifier Data Registry
14_V_AC: Verifier Data Registry
Privacy Enhancing Mobile Credentials (PEMC)
Read with this
09_V_UR: Declare retention period
09_V_UR: Declare retention period
Privacy Enhancing Mobile Credentials (PEMC)
Read with this