Charter (CMS)

WG NAME (and any acronym or abbreviation of the name):

Consent Management Solutions WG (Consent Management WG)

PURPOSE:

Consent Management Solutions are used to manage the full lifecycle of an individual’s consent for the processing of their personal data. That consent needs to be: freely given, specific, informed and unambiguous.

The purpose of the Consent Management Solutions WG is to produce a series of Recommendations and Technical Specifications. The Consent Management Solutions WG will gather common current practices from organizations that have implemented consent management solutions; to gather requirements from jurisdictional regulations related to consent management; to develop consensus requirements based on the best current practices to enable businesses to implement best practice, and to support the establishment of a Kantara conformity assessment scheme leading towards supplier declaration or certification against the requirements.

Due to impending deadlines for GDPR, PSD2 and other existing regulations in multiple jurisdictions, there is a market need for guidance and possibly product/service certification for compliant consent management solutions.

SCOPE:

The initial scope of the WG is:

  • to collect documented current practices for management of privacy notice and

    consent from many sources;

  • to collect requirements from regulations in many jurisdictions;

to publish a Kantara Recommendation “Consent Management Solutions – Best Current Practices” which is to contain consensus best current practices as derived from the sources;

Once the initial scope is complete, additional publications will be scoped for production.

DRAFT TECHNICAL SPECIFICATIONS:

None planned in initial scope of the WG.

OTHER DRAFT RECOMMENDATIONS:

“Consent Management Solutions – Best Current Practices” anticipated ready for Ballot after WG launch, gap analysis and report before publication.

LEADERSHIP:

Chair: Jim Pasquale, digi.me 

Vice-Chair: Marco Venuti, iWelcome

Secretary: Andrew Hughes, ITIM Consulting

Editor: TBD

AUDIENCE:

Anticipated audience or users of the work.

Organizations that collect personal information using individual consent for processing

  • Identity providers and credential providers; Customer Information and Access Management (CIAM) providers

  • Organizations in the ConsentTech, myData, “Internet of Me” spaces

  • Privacy and Information Commissioners, Regulators

  • Consent Management platform providers

DURATION:

  • The WG will operate long enough to publish v1.0 and v1.1 of the Best Current Practices publication; no less than 12 months.

  • Once additional publications are identified, the WG participants may choose to extend the WG duration.

IPR POLICY:

The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara Initiative IPR Policy - Option Non-Assertion Covenant

RELATED WORK AND LIAISONS:

Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.

  • Kantara Consent & Information Sharing WG

    • Consent Receipt Specification v1.0 and v1.1

    • (Draft) How to specify Purpose and Purpose Categories

  • Kantara UMA WG

    • UMA 2.0 Grant for OAuth 2.0 Authorization

    • Federated Authorization for UMA 2.0

  • IEC/ISO SC 27 WG 5 “Identity management and privacy technologies”

    • ISO/IEC 29100 “Privacy framework"

    • ISO/IEC AWI 29184 “Guidelines for online privacy notices and consent” (draft)

      General Data Protection Regulation

  • Article 29 Working Party: Guidance

  • Office of the UK Information Commissioner: Guidance

  • Office of the Privacy Commissioner of Canada: Guidance

  • NIST

    • Internal Report 8112: Attribute Metadata

CONTRIBUTIONS (optional): 

A list of contributions that the proposers anticipate will be made to the WG.

  • To be confirmed

PROPOSERS:

Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members.

Jim Pasquale, digi.me, jim@digi.me
Marco Venuti, iWelcome, marco.venuti@iwelcome.com
Andrew Hughes, Individual, AndrewHughes3000@gmail.com