Discussion topics on consent and notification


Consent and Notice Topics



A set of issues we’ve encountered in trying to deploy practical and effective consent/notification/compliance infrastructure at scale.


Note Bene:

            In the real world, apps and SP’s do subsequent and out of band ways to gather personal data from users.

            Our model is transactionally oriented but includes a “while I’m away” capability that applies to batch feeds, unattended apps, etc.

            Cognitive load is a real concern


Purpose of use:

            Is it specified on a per attribute basis, or just for the overall bundle of attributes requested?


Required versus optional attributes

            How to characterize the distinction between the two – what functionalities and attributes in an app are considered optional

            How does this relate to data minimization principles


Obfuscation?

            What’s adequate for law (and where is that specified) and what’s functional for the user to handle?


Selective release of values from a multivalued attribute (common example – our schema includes the multivalued attribute group memberships for users and

            Are there SP to IdP signaling mechanisms to indicate what types of values are needed by the SP?


Community-oriented schema

            To facilitate citizen-gov interactions