WG NAME (and any acronym or abbreviation of the name):

Charter 2019   Final draft

(1) WG NAME (and any acronym or abbreviation of the name): The WG name, acronym and abbreviation must not include trademarks not owned by the Organization, or content that is infringing, harmful, or inappropriate.

Consent and Authorization Practices Work Group (CAPWG)

(2) PURPOSE: Please provide a clear statement of purpose and justification why the proposed WG is necessary.

Consent and Authorization solutions are used to manage the full lifecycle of an individual’s consent for the processing of their personal data.  These solutions cover::

• The Data Controller/Processor’s identification of the Legal Authority under which they act.
• How the Individual gains an understanding of the request to grant Legal Authority.
• How the Individual and Data Processor establish that Authority:
• Individual responds to requests for granting Legal Authority, 
• Individual proactively grants Legal Authorization, and
• Cases where the Individual doesn’t have an interactive opportunity to Authorize. 
• How each party monitors, acts on, and changes that Legal Authority and the resultant Data Processing Activities.

The goal of this working group is to establish balance…..

For this work group, the starting point is the Data Subject Consent, which is the current standard of practice.*  There are three conditions for legal consent:

1. Consent Manifestation-- The recorded assertion of consent by the individual. [JP2]  - 
2. Voluntariness-- The 
3. Knowledge

Moreover, the practical rigor of each of these conditions must reflect the potential threat to individual autonomy for the particular scenario.  For instance, consent for surgery necessarily entails greater rigor for the Consent Manifestation [physical signature ], Voluntariness, and Knowledge [Informed Consent].   

In today’s digital world, consent manifestation abounds, often with insufficient voluntariness and knowledge.  

The purpose of the Consent & Authorization Practices WG is to produce a series of Reports and Recommendations on consent and authorization best practices. The Consent & Authorization Solutions and Practices WG will gather common current practices from organizations having implemented consent management solutions; gather requirements from jurisdictional regulations related to consent management; develop consensus requirements based on the best current practices to enable businesses to implement best practices, and support the establishment of a Kantara conformity assessment scheme leading towards supplier declaration or certification against the requirements.

Due to impending deadlines for GDPR, PSD2 and other existing regulations in multiple jurisdictions, there is a market need for guidance and possibly product/service certification for compliant consent management solutions.

(3) SCOPE: Explain the scope and definition of the planned work.

The initial scope of the WG is:

• to collect documented current practices for management of privacy notice and consent from many sources;
• to collect requirements from regulations in many jurisdictions;

•         to publish a Kantara Recommendation “Privacy Notice and Consent – Best Current Practices” which is to contain consensus best current practices as derived from the sources;
•         to develop a roadmap for the evolution of Consent, Authorization, and permission over the next 10 years, including analysis and recommendation for the most individual-empowering legal instrument to convey authorization.

Once the initial scope is complete, additional publications will be scoped for production.

(4) DRAFT TECHNICAL SPECIFICATIONS: List Working Titles of draft Technical Specifications to be produced (if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership.

None planned in initial scope of the WG.

(5) OTHER DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot.

(6) LEADERSHIP: Proposed WG Chair and Editor(s) (if any) subject to confirmation by a vote of the WG Participants.

 “Consent Management Solutions – Best Current Practices” anticipated ready for Ballot after WG launch, gap analysis and report before publication.

(7) AUDIENCE: Anticipated audience or users of the work.

Developers, entrepreneurs, policy makers, developers, and deployers, both internal and external, to large organizations who manage services for individual customers.

(8) DURATION: Objective criteria for determining when the work of the WG has been completed (or a statement that the WG is intended to be a standing WG to address work that is expected to be ongoing). 

 The Kantara Leadership Council charters the Information Sharing Work Group for five years. It may be amended from time to time, with changes approved by the Leadership Council. This charter will expire in September 2024

(9) IPR POLICY: The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara IPR Policy - Option Patent and Copyright Reciprocal Royalty Free with Opt-Out to (RAND)

(10) RELATED WORK AND LIAISONS: Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.

• Conference Liaisons
• ISO Liaison
• UMA Collaboration
• Project VRM
• Customer Commons
• MyData Global
• Me2B Alliance

(11) CONTRIBUTIONS (optional): A list of contributions that the proposers anticipate will be made to the WG.

TBC

(12) PROPOSERS: Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG.

TBC

History

Xxxx xx, xxxx

First complete draft for consideration by work group

…..

September 2019 Update