Notice & Consent - Summer Project

(Note this work and effort has moved to the ANCR WG - Wiki

Outcomes: 

  • Summer Project Report 
    • There is on-going governance model work on GA4GH Privacy Agreements 
    • Decentralised Semantics is working on the OPN Notice Schema at ToiP for Consent Receipts
      • there is a patient id effort there 
    • AdvCIS is workshopping the V1.2 - update and Kantara contribution 
    • Hyper-ledger is 

****

Three Decentralised  Governance Sectors 

  1. Notice and Consent - (Standards) - with a final push, motivated by this collaborative Summer Project, presented with the DLC reference implementation

 

In line with all the activity in this space this summer, the Notice & Consent Project is supporting a multi-commuity input summer project, led the by the  Lifecycle of Consent RFC for  Distributed Ledger Consent (DLC), presented to the CISWG as work being undertaken at Hyperledger.   The contribution, is the resulting DLC extension for the Notice and Notification Consent State Record specification, which we are working on in the Notice and Consent Group. 

This project provides related efforts opportunities to mash up some decentralised standards work, using the global notice and consent standards, which have long been in development.  

Kick Off Agenda

  1. Updates
  2. Discussion and some planning
  3. Jan - Starting with a demo of the privacy agreement and flow for Digital Consent Technology 
    1. more specific tasks details and assignment
  4. Summer Dates and Planning 


Summer Project 2020 Description

Touchstone use case - with support from UBC - Dr. Lemieux, who has provide some of @Anadi's time, from the Molecular You project, that is working on block-chain technology for GA4GH and medical research initiatives in tele-health.  Along with Jim, who has already worked o this project and its consent en-codification, Jan, who has specified the lifecycle requirements for DLC, with Hyperledger, Scott with the Informational Risks, which are required for the Privacy Agreement notices and the Common Accord Contract so that a DLC is suitable for genetic medical research consent in GA4GH. 

All the conditions - for the perfect summer project

Planning

Note: As a result, the rest of the summer calls will be focused on Summer Project Activities with a break in calls on Aug 15th, for a break, and some fun.   (and to give people to finish and submit work etc independently)  But all projects that submit- must be under the project IPR and available for use in the DLC use case. 


Objectives

  1. Work on the Hyperledger Digital Ledger Consent Lifecycle reference implementation, utilising the inputs and interest from the ISI _ Notice & Consent Project Calls. 
    1. Privacy Agreement 
      1. Privacy by Design and Consent by Design Standard Protocol Requirements for DLC - Listed for GA4GH Code of Practice  
      2. All of the GA4GH categories mapped into DPV
      3. All restrictions and derogation listed for discussion on hack day 
        1. July 20 - Update the reference implementation - plan - a hack day for inputs and outputs. 
      4. Common Accord Version of Privacy Agreement- utilising 29184 and inputs
        1. Information Risks of Harm (WU) inputs - as required DLC Notice - for Consent Directive Smart Privacy Contract 
  2. July 20 - Genetic Consent Hack-Day for a Unified Data Control Vocabulary 
    1. review of inputs and discussion about the genetic consent requirements for use with DPV and GA4GH in the reference implementation
    2. gap analysis. and report writing
      1. each participant takes a section on summarises - in 3 pages or less
      2. due Aug 10th 

The Plan 

  1. Kick-Off - Wed 10th of June
    1. Tasks:ask for all the inputs for the DLC project to be provided by July 10th
      1. invite for Support for Mapping the GA4GH with the DPV from the W3C  -  for the hardest use case in consent - medical consent for genetic research and the human genome. 
        1. categories and 



  • Part 1: Now - July 10th - inputs Please:  requesting all inputs and draft - (finish that spec work people's) 
    • utilising the DPV to map the GA4GH, categories and requirements for decentralised human personal data control vocabulary, that is machine readable 
    • utilising the CR v1.2 (draft) and appendices to be able to generate a consent receipt that usable as an international notice and consent token. 
    • utilising the Human Colossus/Decentralised Semantics: OCA, to utilise the Appendix DPVA for the CR v1.1 to produce the  'Unified Personal Data Control Vocabulary' with Prose
    • Providing a return input back to the W3C DPV, to support the unified data control vocabulary (for decentralised semantics)
      •  - demonstrating international usability by context translating between both ISO and GDPR compliance context, privacy requirements. utilising the Crv1.2 appendix
    • utilising Common Accord and the Identity Risk per context work from the University of Washington: Information Risk Research Initiative 
      • to generate a Privacy agreement template for the GA4GH
        • to generate the smart privacy contract 
    • to generate the GA4GH Consent for genetic research autonomously - creating a consent record the person holds and a legal consent receipt for the use of personal data for medical research - 
    • Utilising OPN Framework to generate the Code of Conduct for the GA4GH 
    • Utilising pr
  • Summer Mixer July 15 - Notice & Consent Project 
    • Summer Mixer inviting various standards efforts to come and see the work - chat about what each effort is upto in the decentralised spaces of governance
      • More - TBA  
  •  Part 2 - a bit of rapid adoption - to mock-demo and present the DLC extension draft 
    • July 20 - Update the reference implementation - plan - a hack day for inputs and outputs. 
    • Aug 15- Summary Report -Draft
    • Holidays - 
    • Sept 21 - Final Report Presentation of Summer Project Outcome


**** 


Initial Call Agenda/Summary  Wed 10th of June

  1. Summer Project -
    1. (Plan: Finish CR spec update)  Notice & Consent standards inputs- for as the summer project use case. Using/Referencing the combined project works/inputs -  (overview)
      1. Part 1- Until July 15
        1. Specs drafted 
        2. Unified DPVC
        3. DPV to GA4GH mapped
      2. Part 2 -  Aug 15
        1. Updated and Presentable - Ref Implementation with Summer Project Inputs
        2. OCA example use of Unified -DPVC - Human Colossus
        3. A  DLC - Code of Conduct for GA4GH - that molecular you can evaluate
    2. DLC - Reference Implementation Demo - by Jan 
    3. DLC - Summer Trello Board - 
    4. Send Email: (after this call) For a critical collaboration with the W3C DPV for this purpose, finish the backend for July 15th.  
  2. Complete the Summer Project - by updating the Reference implementation, using DPV, for GA4GH DLCL. (overview)
  3.  Plan (RoadMap): 
    1. Decentralised Law & Semantics Virtual Mixer - (show and tell).  Inviting;
      1. W3C Verified Claims, 
      2. W3C Data Privacy Controls, (maybe hosted by the Kantara Notice & Consent project) to get together and share updates.  Providing the needed inputs for the summer project. 
    1. Post - Kantara Summer Project Wiki Page  and send email to the W3C DPV list 
    2. July 15 - Summer Project Mixer -  
    3. Aug - 15 - presenting an updated version of the DLC reference Implementation - representing the summer project - with a lot of room to get organised,  once we have a shared reference implementation,  supporting a technical work group and decentralised agenda amongst different efforts