2014-02-25 Meeting Notes

Date

Feb 25, 2014

Attendees

Goals

  • Update on the tech side of the CRR

Discussion Items

TimeItemWhoNotes
Reuben
  • Bookmarklet
  • goto website of consent
  • bring in the privacy policy and TOS
  • identify the privacy officer
  • send a request for the simplified
   
  • legals.txt.
    • updated the code
    • manage consent receipts
  • Will be able
  • Use of Crunchbase?
    • Yes,
    • Use TOS;Dr database
 Process 

1st stage - consent receipt request form in California

2rd stage - collect input and best practice

3nd stage - automate this for use in multiple jurisdiction

4th stage - Crowd Source

4th stage - Cross jurisdiction protocol with multiple notice and consent requirements

  • jurisdiction - where a company do business.

 

 From Reuben 

Mark: Account for anonymous users.

Write our own privacy policy.

Other users help us send more informations. Other languages. Moderate them and check them.

Valentino - other countries also interested, e.g. Italy.

Innis - 

Mary - Depends on jurisdiction whether jurisdiction matters. IP address?

Mark - we can cross this bridge with a simple solution when it comes to it.

Separate the issues - a) which rules apply b) which courts c) if there are not any assets in that country - no point sueing. Joe: google says where there jurisdiction is. Innis: in the EU there are rules against this for consumers.

Mark: How can we go beyond these problems to focus on the minimum viable consent. First thing is a checkbox for the minimum. Separate checkboxes for different jurisditions e.g. UK, Switzerland. Then send off to CISWG for certification. We still have all these problems - e.g. is the consent receipt valid, null? Are there other market remedies this facilitates?

Joe: Alot of these won't be resolved until some supreme court decisions have been made. We need a framework that provides the support so that ultimately national courts can make those decisions.

Mary: We ask the user. Where is your residence? Where do you want your jurisdiction to be? These are the ramifications, if you say something false. Record the IP address. Even if someone goes somewhere else, that's recorded. It's good to think of the different examples. What jurisdiction would the company like to be enforced in.

Then other ON projects can come in when we have companies signing up to this.

Use DNT, new EU laws, build them into the tool. Build it for companies, sell to regulators, open it up so other efforts can make it usable for other people.

 

Mary: Get 1000 people to use the tool - then go to the press. (cf. Europe vs. Facebook).

 

Mark: Do a small test - 1 italian, 1 US. Then work on the international aspects - a second phase.

 

mary: 4 jurisdictions where there are groups who really care. Where they can make the same receipt request notice - go to the page, agree to be part of the protest. Allow their consent request to be public, send them to the regulator.

 

feedback from first round will give us a lot of knowledge.

 

List of instructions, with example of a request - then improve it a bit, then send it off to a company.

Action Items

  • Mark - Hugo if he was suggestion Crunchbase as a repository.Â