Meeting 2020-05-06 AdvCIS

Date

2020-05-06

IPR

Thank you for joining the call today.

This Work Group operates under the Non-Assertion Covenant IPR option found as an appendix to IPR Policies V2.0 that Kantara operates.The Group Participation Agreement memorializes your acknowledgment of the terms under which you participate in this Work Group. Every person who has acknowledged the GPA is listed in the Participant Roster, as a voting or non-voting participant.However, there are circumstances, such as in-person workshops or calls where non-participant guests may be present who have not acknowledged the GPA for this Work Group.

Every person on this call is strongly encouraged to acknowledge the GPA for this Work Group prior to any form of participation.
If you have not, or do not wish to, please Note Well the following before you participate in any form.

In accordance with the Kantara Initiative IPR Policies V2.0, all contributions by voice are valid contributions alongside the much more preferred written contributions and while you still retain your IP, you grant Kantara copyright equivalent to the terms of the Non-Assertion Covenant without further condition or reservation.
It is your own IP and not another party's IP
Such contributions are not confidential or otherwise subject to the limitation in its distribution, including pricing or other competitively sensitive information.

Again, if you are uncertain about any matters, please remain silent and do not contribute anything in writing.

Attendees

Mark Lizar (Unlicensed)
Salvatore D'Agostino (Unlicensed)
Anadi Pandaharkar
Burak
Jan Lindquist
Tom Jones
Xiaohu Zhou
Vitor Jesus
Colin Wallis
Ken Klingenstein
Georj

Topics (revisit)

Reviewing Table of Contents
Inviting comments on what should / should not be included
Reviewing of contributions for appendix
- Notifications for consent lifecycle management.
- Consent Types (Appendix)
- Blinding Identity Taxonomy (Appendix)
- Notice Specification & Personal Data Categories,

Reviewing
- Inputs to review
  - 29184
  - Guidelines on Consent : edpb_guidelines_202005_consent_en

Discussion items

Topic

Description

Discussion

Call for Inputs

Asking for any future inputs, considerations, or contributions for the specification

Inputs

what are the requirements for inputting into the ISO/IEC 27560 stream?
EDPB - Consent Doc

Mark

Table of Contents Review

Introduction

Notations and Abbreviations

Terms and definitions

Terms - Section heading

Elements of a Receipt

a) Introduction
b) Conformance
c) Receipt Terms and Fields
d) Receipt data structure
e) Notice, Notifications for Consent Receipts for Consent Lifecycle Management
1. Notice, Notification and Consent Receipt Structure
f) 29184 Presentation and Delivery (for transparency, security and compliance to legal standards)
g) JSON Schema

Considerations

a) General
b) Sensitive or Special Categories of Personal Information
c) Security and Integrity
1. Data Capture and Masking
  1. Blinding Identity Taxonomy
2. LifeCycle Considerations

Acknowledgements

References

Appendix A:

Appendix B:

Appendix C:

Appendix D: Options Security Consideration Framework & the Blinding Identity Taxonomy

Appendix E: Linking and Stacking: Receipt & Record examples

Revision history

Flow of drafting:
- section 3 - first list all the fields for the maximum consent record
- Section 5 -
  - notice and notifications are subsets of the consent record fields
- appendix has the new contributions
  - consent type labels. - justifications (legal)
  - notification types
    - Notifications for Consent Lifecycle Management
      - quadrant of 4 types
        data protection consent record (closed in an org)
        Data Subject can send a notice
        Controller can send a notice
        data control - using consent receipt
        Data subject
        Controller
        notification
        must present
        ack or not
  - Personal Data Categories
  - Mapping to GDPR -
    - Native - W3C DPV
  - Unified Data Fields -for scalable mapping
    - Using for other legal jurisdictions
    - Unified W3C DPV Terms
    - use of OCA for unified data automation
    - recommend mapping
    - mapping equivalence assessment

Asking for any future inputs, considerations, or contributions for the specification

Are we missing considerations ?

Spec Drafting, - schedule and contribution to effort -

editors or reviewers

Former user (Deleted) - Receipt Terms and Fields estimated May 13
29184 - presentation and delivery
Security Considerations

AOB

List updates for next week

IIW
MyData Operator
PCTF Comments
NIST Comments going out

Action items

Former user (Deleted) - Receipt Terms and Fields estimated May 13
Salvatore D'Agostino - org thread on content a) pushing a report out b) security consideration curating with vitor jesus (Unlicensed)
– Mark Lizar (Unlicensed) – 29184 input
Jan & Paul Knowles - to sign agreement and to help draft the blinding identity security consideration and appendix