Charter (CMS)
WG NAME (and any acronym or abbreviation of the name):
Consent Management Solutions WG (Consent Management WG)
PURPOSE:
Consent Management Solutions are used to manage the full lifecycle of an individual’s consent for the processing of their personal data. That consent needs to be: freely given, specific, informed and unambiguous.
The purpose of the Consent Management Solutions WG is to produce a series of Recommendations and Technical Specifications. The Consent Management Solutions WG will gather common current practices from organizations that have implemented consent management solutions; to gather requirements from jurisdictional regulations related to consent management; to develop consensus requirements based on the best current practices to enable businesses to implement best practice, and to support the establishment of a Kantara conformity assessment scheme leading towards supplier declaration or certification against the requirements.
Due to impending deadlines for GDPR, PSD2 and other existing regulations in multiple jurisdictions, there is a market need for guidance and possibly product/service certification for compliant consent management solutions.
SCOPE:
The initial scope of the WG is:
to collect documented current practices for management of privacy notice and
consent from many sources;
to collect requirements from regulations in many jurisdictions;
• to publish a Kantara Recommendation “Consent Management Solutions – Best Current Practices” which is to contain consensus best current practices as derived from the sources;
Once the initial scope is complete, additional publications will be scoped for production.
DRAFT TECHNICAL SPECIFICATIONS:
None planned in initial scope of the WG.
OTHER DRAFT RECOMMENDATIONS:
“Consent Management Solutions – Best Current Practices” anticipated ready for Ballot after WG launch, gap analysis and report before publication.
LEADERSHIP:
Chair: Jim Pasquale, digi.me
Vice-Chair: Marco Venuti, iWelcome
Secretary: Andrew Hughes, ITIM Consulting
Editor: TBD
AUDIENCE:
Anticipated audience or users of the work.
• Organizations that collect personal information using individual consent for processing
Identity providers and credential providers; Customer Information and Access Management (CIAM) providers
Organizations in the ConsentTech, myData, “Internet of Me” spaces
Privacy and Information Commissioners, Regulators
Consent Management platform providers
DURATION:
The WG will operate long enough to publish v1.0 and v1.1 of the Best Current Practices publication; no less than 12 months.
Once additional publications are identified, the WG participants may choose to extend the WG duration.
IPR POLICY:
The Organization approved Intellectual Property Rights Policy under which the WG will operate.
Kantara Initiative IPR Policy - Option Non-Assertion Covenant
RELATED WORK AND LIAISONS:
Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.
Kantara Consent & Information Sharing WG
Consent Receipt Specification v1.0 and v1.1
(Draft) How to specify Purpose and Purpose Categories
Kantara UMA WG
UMA 2.0 Grant for OAuth 2.0 Authorization
Federated Authorization for UMA 2.0
IEC/ISO SC 27 WG 5 “Identity management and privacy technologies”
ISO/IEC 29100 “Privacy framework"
ISO/IEC AWI 29184 “Guidelines for online privacy notices and consent” (draft)
General Data Protection Regulation
Article 29 Working Party: Guidance
Office of the UK Information Commissioner: Guidance
Office of the Privacy Commissioner of Canada: Guidance
NIST
Internal Report 8112: Attribute Metadata
CONTRIBUTIONS (optional):
A list of contributions that the proposers anticipate will be made to the WG.
- To be confirmed
PROPOSERS:
Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members.
Jim Pasquale, digi.me, jim@digi.me
Marco Venuti, iWelcome, marco.venuti@iwelcome.com
Andrew Hughes, Individual, AndrewHughes3000@gmail.com