2017-08-18 Meeting Notes: Purpose Specification Call

Owned by Mark Lizar (Unlicensed)
Last updated: Aug 22, 2017
2 min read

Date

Aug 18, 2017

Attendees

  • Colin
  • Andrew
  • David
  • John
(Note: These are Post Call Notes)

Agenda

 

- Pro’s and Cons of providing fields in the consent receipt specification for the specifying a purpose category, purpose sub-category in addition to the purpose description.
-  Next steps
 - work on turning the Purpose Specification document into a Consent Receipt Guidance and a process for specifying and evaluating personal data types (PII Cat)  used in a purpose category or subcategory  
-  Move forward the marketing use case example of specifying a  purpose and submit this to the list
In the call we covered the pro’s and con’s of specifying a purpose category, and sub-category in the specification. 
Pro’s 
  1. Sensitive Data Categories for explicit consent and for marketing categories and subcategories are required by trade associations for code of practices to be able to monitor and provide best practices for use of personal data in the industry
  2. Trust
  3. Machine readability adding a category and sub-category  makes using aggregated consent receipts more usable for the individual
  4. Layering policy viewing (provide purpose meta data on aggregate) - viewing purpose category/sub-category as meta-data for the purpose description. Provides context for purpose.
  5. Specifying purpose category and subcategories enables much more granular descriptions  of disclosure for processing activities.
Con’s 
- its could be confusing and onerous for the use of the consent receipt if organisations have to add a purpose category  
- for implied consent and other types of personal data processing there is a wide array of context which may only need an icon or a single purpose description 
- potentially complicates the use the CR specification and can be more complicated 
Summary,
There was general agreement that the consent receipt specification should cover the minimum to the maximum requirements, in many context for implied or other justifications of processing implied consent is provided through the use of notice.      

As a result it is recommended that purpose categories be optional, or dictated by code of practice or regulation in specific jurisdictions and industries.   To progress this, we are looking to  invite purpose specifications for comment by CISWG, implementors and industry.   
Actions: Mark to finish input for  Purpose Specification field, and start CR guidance for purpose specification with the remaining comments and input.