2018-10-04 Meeting notes (CR)
Date
2018-10-04
Status of Minutes
Approved
Approved at: 2019-12-12 Meeting notes (CR) DRAFT
Attendees
Voting
- Andrew Hughes
- Oscar Santoalla
- Jim Pasquale
- Mark Lizar
Non-Voting
- Sneha Ved
- Colin Wallis
- Tom Jones
- Sal D'Agostino
Regrets
Quorum Status
Meeting was <<<>>> quorate
Voting participants
Participant Roster (2016) - Quorum is 5 of 9 as of 2018-07-12
Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Oscar Santolalla, Richard Gomer
Discussion Items
Time | Item | Who | Notes |
---|---|---|---|
4 mins |
|
| |
5 min |
| All | Please review these blogs offline for current status on Kantara and all the DG/WG:
There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation. Planning a Member Plenary meeting October 26-ish San Francisco (Friday after IIW)
|
10 min | Demo updates | All |
|
20 min | Interoperable Consent Receipt roadmap ideas | All | Continuation of the discussion about 'what should interoperate?' |
0 min | Interoperable Consent Receipt roadmap ideas | All | From 2018-10-04 call:
From 2018-09-27 call: See the data flow sketch that Andrew circulated by email This diagram shows ALL data flows, despite the legitimate basis for processing. The idea is that given this data flow diagram, what are the functions, nouns and verbs for each of the legitimate bases? Q: How would enforcement work? Q: What's the difference between 'observe' and 'surveil'? A: Depends on if the user is aware of it or not. Also see from our archives: https://kantarainitiative.org/iain-henderson-the-personal-data-eco-system/ The 'my data', 'our data', 'their data' view Comment Brent: in a social network, what roles do the different actors take? eg if I share an image, what role does the website take, what role do the users who can view my image take? also, how do I represent those rules where I restrict access to my data based on roles or groups I assign to my connections? how do I represent that implicit consent using consent receipts without knowing explicitly who I am granting permission to? Comment: This picture looks very corporate - must ensure that the individual's perspective is very clear Comment: The 'interface' for the individual should not be the 'consent receipt' itself - but rather the interaction with the service. JLINC perspective: Alice grants permission and organization seeks consent. Alice only sees permissions. Comment: this discussion is oriented towards 'explicit' consent. But all interaction has some level of agreement. Iain: the highest value work item is the lexicon work |
0 min | Permissions v User Consent discussion notes from From 2018-09-13 call | All | From 2018-09-27 call: Proposal: Permission = Authorization to act Data Permissions = the functional actions that are allowed on information (database: Create, Read, Update, Delete; communications: Copy, Transmit, Store; data flow: Collect, Use, Disclose) or resources. User Consent = Voluntary agreement by the person to take an action. GDPR includes 'unambiguous'
Questions:
Alternative proposal:
Note:
Another proposal:
|
5 min | Adding feature requests to next version of spec family | All |
|
AOB | |||
Next meeting | 2018-10-11 Same time same number |