Date
2019-04-25
Status of Minutes
Approved
Approved at: 2019-12-12 Meeting notes (CR)
Attendees
Voting
- Andrew Hughes
- Lisa LaVasseur
- Jim Pasquale
- John Wunderlich
- Mary Hodder
Non-Voting
- Pierre Roberge
- Colin Wallis
- Chris Olsen
- Tom Jones
Regrets
Quorum Status
Meeting was <<<not>>> quorate
Voting participants
Participant Roster (2016) - Quorum is 6 of 10 as of 2019-03-20
Iain Henderson, Mary Hodder, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Lisa LeVasseur
Discussion Items
Time | Item | Who | Notes |
---|
4 mins | | | - Status: Wiki refresh work
- Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)
- Demo status update
- Spec v2
- DIACC Notice and Consent Overview comments
- AOB
|
5 min | | All | Please review these blogs offline for current status on Kantara and all the DG/WG: There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation. - IIW, Mountain View, California, April-May
- EIC, Munich, May - member discount code available - PLEASE REGISTER FOR THE MEMBER PLENARY MEETING Monday May 13th 2019: https://kantarainitiative.org/register-for-kantara-european-plenary/
- Identiverse, Washington, June
- USENIX SOUPS '19 and PEPR '19 symposia August 11-13 Santa Clara, CA
- MyData, Helsinki, September
- Discussion on what Privacy Engineering is (it's specific direction on how to implement rather than policy statements)
|
15 min | v2 specification timeline | Andrew | - There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project)
- We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.
|
15 min | Demo status update | all | - Oscar has proposed that Ubisecure create a primitive Privacy Control Panel app that accepts inbound receipts over an OAuth-controlled API.
- digi.me is nearing completion of mods to their 'consent access dashboard' to make it look/behave like a Privacy Control Panel
- We need to add a couple fileds to the spec (just for the demo) that allow the user to 'call back' to the receipt-issuer to invoke a user-mediated function like 'forget me'. These need to be fields that are URLs somewhere in the receipt-issuing party's namespace - the idea is that the user views a receipt and can click on the field/URL for the action they want to invoke. It's a way to fake an action button that does what we believe might happen in real implementations.
- Status updates from participants:
- Andrew to connect Richard and Oscar to get working on the API
- digi.me still making progress
|
15 min | DIACC Notice and Consent doc | all | John W. is responsible for gathering and submitting comments from the WG. (2019-04-25) - Deadline is May 3 for comments
https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/ |
defer | Product roadmap for the demo | All | Here's the project page for the "Demo v2" 2019-04-11 call notes:
Comments (2019-04-04) - (jim) digi.me green light
- (sneha) green light
2019-03-28 call notes: - Ubisecure
- Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service
- Simple flows - a mechanism - for the end-user
- This would allow direct receipt transfers instead of 'faking it' via the Downloads folder
====== Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call
|
defer | Specification update approach |
| See a flowchart version of this here: https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5
2019-03-14 notes: - Mark:
- sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment
- building a proposal to split the notice from the 'consent' in the structure
- (note that this is similar to the digi.me proposal)
- Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action
|
5 min | AOB |
| - CIS WG marketing collateral - need it for EIC - Jim to resume progress
- WG had a long discussion about what the receipt represents and roadmap and how they might be valued by the individual
|
| Next meeting |
| *** Next call 2019-05-09 10:30 am Eastern DAYLIGHT Time https://global.gotomeeting.com/join/323930725
|