/
2019-04-25 Meeting notes (CR)

2019-04-25 Meeting notes (CR)

Dec 12, 2019

Date

2019-04-25

Status of Minutes

Approved

Approved at: 2019-12-12 Meeting notes (CR) 

Attendees

Voting

  • Andrew Hughes

  • Lisa LaVasseur

  • Jim Pasquale

  • John Wunderlich

  • Mary Hodder

Non-Voting

  • Pierre Roberge

  • Colin Wallis

  • Chris Olsen

  • Tom Jones

Regrets

  • Oscar Santolalla

 

Quorum Status


Meeting was <<<not>>> quorate

 

Voting participants

 

Participant Roster (2016) - Quorum is 6 of 10 as of 2019-03-20

Iain Henderson, Mary Hodder, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Lisa LeVasseur

Discussion Items

Time

Item

Who

Notes

Time

Item

Who

Notes

4 mins

  • Roll call

  • Agenda bashing

@Former user (Deleted)

  • Status: Wiki refresh work

  • Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)

  • Demo status update

  • Spec v2

  • DIACC Notice and Consent Overview comments

  • AOB

 

5 min

  • Organization updates

All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation.

  • IIW, Mountain View, California, April-May

  • EIC, Munich, May - member discount code available - PLEASE REGISTER FOR THE MEMBER PLENARY MEETING Monday May 13th 2019: https://kantarainitiative.org/register-for-kantara-european-plenary/

  • Identiverse, Washington, June

  • USENIX SOUPS '19 and PEPR '19 symposia August 11-13 Santa Clara, CA

  • MyData, Helsinki, September

  • Discussion on what Privacy Engineering is (it's specific direction on how to implement rather than policy statements)

  •  

15 min

v2 specification timeline

Andrew

  • There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project)

  • We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.

15 min

Demo status update

all

  • Oscar has proposed that Ubisecure create a primitive Privacy Control Panel app that accepts inbound receipts over an OAuth-controlled API.

  • digi.me is nearing completion of mods to their 'consent access dashboard' to make it look/behave like a Privacy Control Panel

  • We need to add a couple fileds to the spec (just for the demo) that allow the user to 'call back' to the receipt-issuer to invoke a user-mediated function like 'forget me'. These need to be fields that are URLs somewhere in the receipt-issuing party's namespace - the idea is that the user views a receipt and can click on the field/URL for the action they want to invoke. It's a way to fake an action button that does what we believe might happen in real implementations.

  • Status updates from participants:

    • Andrew to connect Richard and Oscar to get working on the API

    • digi.me still making progress

 

15 min

DIACC Notice and Consent doc

all

John W. is responsible for gathering and submitting comments from the WG. (2019-04-25)

  • Deadline is May 3 for comments

https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/

defer

Product roadmap for the demo

All

  • Target is EIC May 2019

Here's the project page for the "Demo v2"

2019-04-11 call notes:

 

Comments (2019-04-04)

  • (jim) digi.me green light

  • (sneha) green light

2019-03-28 call notes:

  • Ubisecure

    • Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service

    • Simple flows - a mechanism - for the end-user

    • This would allow direct receipt transfers instead of 'faking it' via the Downloads folder

======

Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call

 

defer

Specification update approach

 

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5

 

2019-03-14 notes:

  • Mark:

    • sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment

    • building a proposal to split the notice from the 'consent' in the structure

      • (note that this is similar to the digi.me proposal)

  • Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action

5 min

AOB

 

  • CIS WG marketing collateral - need it for EIC - Jim to resume progress

  • WG had a long discussion about what the receipt represents and roadmap and how they might be valued by the individual

 

Next meeting

 

*** Next call 2019-05-09 10:30 am Eastern DAYLIGHT Time

https://global.gotomeeting.com/join/323930725