WG NAME (and any acronym or abbreviation of the name):

Consent Management Solutions WG (Consent Management WG)

PURPOSE:

Consent Management Solutions are used to manage the full lifecycle of an individual’s consent for the processing of their personal data. That consent needs to be: freely given, specific, informed and unambiguous.

The purpose of the Consent Management Solutions WG is to produce a series of Recommendations and Technical Specifications. The Consent Management Solutions WG will gather common current practices from organizations that have implemented consent management solutions; to gather requirements from jurisdictional regulations related to consent management; to develop consensus requirements based on the best current practices to enable businesses to implement best practice, and to support the establishment of a Kantara conformity assessment scheme leading towards supplier declaration or certification against the requirements.

Due to impending deadlines for GDPR, PSD2 and other existing regulations in multiple jurisdictions, there is a market need for guidance and possibly product/service certification for compliant consent management solutions.

SCOPE:

The initial scope of the WG is:

to collect documented current practices for management of privacy notice and
consent from many sources;
to collect requirements from regulations in many jurisdictions;

• to publish a Kantara Recommendation “Consent Management Solutions – Best Current Practices” which is to contain consensus best current practices as derived from the sources;

Once the initial scope is complete, additional publications will be scoped for production.

DRAFT TECHNICAL SPECIFICATIONS:

None planned in initial scope of the WG.

OTHER DRAFT RECOMMENDATIONS:

“Consent Management Solutions – Best Current Practices” anticipated ready for Ballot after WG launch, gap analysis and report before publication.

LEADERSHIP:

Chair: Jim Pasquale, digi.me

Vice-Chair: Marco Venuti, iWelcome

Secretary: Andrew Hughes, ITIM Consulting

Editor: TBD

AUDIENCE:

Anticipated audience or users of the work.

• Organizations that collect personal information using individual consent for processing

Identity providers and credential providers; Customer Information and Access Management (CIAM) providers
Organizations in the ConsentTech, myData, “Internet of Me” spaces
Privacy and Information Commissioners, Regulators
Consent Management platform providers

DURATION:

The WG will operate long enough to publish v1.0 and v1.1 of the Best Current Practices publication; no less than 12 months.
Once additional publications are identified, the WG participants may choose to extend the WG duration.

IPR POLICY:

The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara Initiative IPR Policy - Option Non-Assertion Covenant

RELATED WORK AND LIAISONS:

Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.

Kantara Consent & Information Sharing WG
- Consent Receipt Specification v1.0 and v1.1
- (Draft) How to specify Purpose and Purpose Categories
Kantara UMA WG
- UMA 2.0 Grant for OAuth 2.0 Authorization
- Federated Authorization for UMA 2.0
IEC/ISO SC 27 WG 5 “Identity management and privacy technologies”
- ISO/IEC 29100 “Privacy framework"
- ISO/IEC AWI 29184 “Guidelines for online privacy notices and consent” (draft)
  General Data Protection Regulation

Article 29 Working Party: Guidance
Office of the UK Information Commissioner: Guidance
Office of the Privacy Commissioner of Canada: Guidance
NIST
- Internal Report 8112: Attribute Metadata

CONTRIBUTIONS (optional):

A list of contributions that the proposers anticipate will be made to the WG.

To be confirmed

PROPOSERS:

Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members.

Jim Pasquale, digi.me, jim@digi.me
Marco Venuti, iWelcome, marco.venuti@iwelcome.com
Andrew Hughes, Individual, AndrewHughes3000@gmail.com

Browser not supported