2019-01-10 Meeting notes (CR)

Date

2019-01-10

Status of Minutes

Approved

Approved at: 2019-12-12 Meeting notes (CR) DRAFT

Attendees

Voting

Andrew Hughes
Jim Pasquale
John Wunderlich
Paul Knowles

Non-Voting

Sneha Ved
David Turner

Regrets

Oscar Santolalla

Quorum Status

Meeting was <<<>>> quorate

Voting participants

Participant Roster (2016) - Quorum is 6 of 11 as of 2018-11-19

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Samantha Zirkin

Discussion Items

Time	Item	Who	Notes
4 mins	Roll call Agenda bashing	Former user (Deleted)	Speaker proposal deadlines for Identiverse and EIC Wiki refresh work Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide) Discuss approach to specification updates - look at github Discuss EIC demo and scheduling Formal publication of the Blinding Identity Taxonomy work
5 min	Organization updates	All	Please review these blogs offline for current status on Kantara and all the DG/WG: Director's Corner: 2018: December Work + Discussion Group Activity There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation. TIIME, Vienna, February EIC, Munich, May Identiverse, Washington, June
10 min	Product roadmap for the demo	All	Target is EIC May 2019 Decisions needed: The specific set of user stories we want to showcase
30 min	Specification update approach	All	Discovery approach leading to backlog leading to prioritization? How do we decide what changes we must do in this round versus deferrable changes? See https://github.com/KantaraInitiative/consent-receipt-v-next See a flowchart version of this here: https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5
	AOB
	Next meeting		* Next call 2019-01-10 10:30 am Eastern Standard Time / 15:30 GMT Next call January 17, 2019**

From earlier calls:

Andrew has set up a github repo for next-version specification backlog items, including use cases:
https://github.com/KantaraInitiative/consent-receipt-v-next
Some possible items for next versions:
- Structural changes to the spec including a hierarchy of objects that should improve high transaction volume
- Integration/association of the new Blinding Identity Taxonomy into the CR Spec family (to inform implementers of potential data categories of interest)
  - See also this Data Categories infographic: https://enterprivacy.com/wp-content/uploads/2018/09/Categories-of-Personal-Information.pdf
- Recommendations for Customer Journey / UX / UI features
- Library of industry-specific or case-specific Purpose categories and example Purpose statements
- Expansion of Consent Types to allow for more than just Explicit Consent situations
- (idea) Optional receipt metadata to assist privacy dashboards in organizing and processing 'bring forward' items (e.g. "remind me to check this share in 3 months")
- digi.me product and management have identified six areas for development
  - consent over period of time (rather than instantaneous consent)
  - termination/modification of consent from either side
  - high transaction volume & low per-instance cost
  - how the 'receipt' fits into accounting systems infrastructures
  - receipt as the basis for legal matters and actions
  - UX/UI concerns
- for Clinical Trials uses, data holder is required to keep data for 10 years - need to consider longevity of the receipts to go alongside data holdings