DRAFT 2019-07-24 Meeting notes

• Call to order
• Roll call
• Agenda bashing
• Organization updates

• Meeting was called to order and the roll was called
• Please ensure that you sign the Group Participation Agreement

• Please review these blogs offline for current status on Kantara and all the DG/WG:

  • 2019: May
  • Work + Discussion Group Activity

Motion to ...

Moved by:

Seconded:

Discussion:

Result:

Introductions

All

Welcome!

• Discussion about pressure points and the demand for 'consent'
  • Discussion on seeing 'consent' requirements in some RFPs - purchasing 
  • Also -  Service providers (data processors) are starting to insist that Brands (the data controllers) have valid 1st party consent from consumers (data controller to data processor demands) 
• ACH asked Marco for ratio of wants consent stuff versus not asking for consent stuff in rfps
• ACH asked Marco for sample language - examples of how company RFPs ask for consent management-related stuff
• Andrew speculates - what if CMS WG produced a boilerplate clause setting out how to ask for consent management stuff?
• James - one aspect is when a customer 'signs up' with a provider - explicit; another aspect is passive tracking; this is the omnichannel user consent management problem - the person might set different instructions on every different channel the customer connects to the provider (e.g. in-person vs mobile app)
  • Caution to ourselves that user preferences can come from any channel, not just 'web' or 'mobile app'
• Lisa & Eve Maler have written a paper that sets out 'consent' needs to evolve - interesting supporting material
  • Lisa has been talking to some legal experts in the US and according to them re: consent--there's no such thing as "explicit" consent in the eyes of the law. There's only consent, and the necessary characteristics of consent--which include "understanding".  Fundamentally Consent is actually a two-party agreement to go outside normal law or unethical.   As a legal instrument for terms & conditions, and always favors the offerer and is asymmetrical in nature.  Proposing a Right to use licenses with three components of templates customized to industry segments they are basic service (minimal), personalized (trust), Loyatliy collect information and use it) (all three having some level for a value exchange)
  • Ken Meaningful Consent drives down into making consent more understand for individuals.
    • what about interoperability, where should Ken spend his limited time
• Verticals lots of discussion on use cases 
• James - identification of the user is a challenge that intersects with the explicit/active consent management topic
  • James had to leave early however, regarding the European (GDPR) perspective on consent and "explicit" consent, see --> https://www.i-scoop.eu/gdpr/explicit-consent/ 
  • This is a big challenge for companies
  • Companies are seeking a solution to lightweight but robust identification solutions - rather than asking for an emailed picture of a passport or ID card
    • There is a need for safe, secure solutions to linking customer interaction channel identifiers together in order to manage consent instructions at a **person** level, not at a channel-user level
  • Notes that collection of passive identifiers via setting a cookies etc is problematic when those passive identifiers are sent onwards to a third party that has the capability of linking those passive identifiers to actual individuals. If the identifiers cannot be linked to real persons (because they are not sent onwards) then they are less problematic.
  • Companies want risk mitigation - this can mean the unification of the many 'consents' that a person gives to a company due to many channels
• Jan gave a quick recap and primer on his efforts around CR and BlockChain

Events that Kantara will have an active role: https://kantarainitiative.org/events/

ACTIONS:

Next WG meeting Wednesday, 2019-08-07, 2019 10:00 Eastern Daylight Time / 14:00 GMT