2017-09-14 Meeting notes (CR)

Date

2017-09-14

Status of Minutes

Approved

Approved at: 2019-12-12 Meeting notes (CR) DRAFT

Attendees

Voting


Non-Voting

  • David Turner
  • Dorota Filpczuk
  • Sal D'Agostino
  • Tom Jones
  •  Colin Wallis

Quorum Status

Meeting was quorate



Voting participants

Participant Roster (2016) - Quorum is 5 of 8 as of 2017-08-24

Iain Henderson, Mary Hodder, Harri Honko, MarkLizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Rupert Graves

Discussion Items

TimeItemWhoNotes
4 mins
  • Roll call
  • Agenda bashing
  •  
1 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:


2 min
  • CIAM World Tour workshop
AllAny specific sessions about Consent Receipts and Consent Management?
5 minDiscuss 'sprint' process diagramAndrew

 Refresh on where we are in the cycle. What is left to do for v1.1?

September 14, should be at:

  • End of WG Contributions to Sprint 5
  • Waiting for Editor updates from Sprint 5


20 minDiscuss work backlog priorities for CR v1.1David

Github Issues: https://github.com/KantaraInitiative/CISWG/issues


10 minDraft of publication synopsis for new WGAndrew

The purpose of the Consent Management Solutions – Best Current Practices publication is to establish an open standard of good practice for the management of an individual’s consent to process their personal data in electronic systems.

The publication describes the practices used by leading organizations to manage the full lifecycle of an individual’s consent to process their personal data. The lifecycle stages include privacy notice, prompt for acceptance of terms, collection of consent, production and storage of consent receipt, and, management of the record of consent.

The practices and requirements derived from them described in the publication can be used as the basis for a conformity assessment scheme which may include product and services certification.


Proposed Table of Contents

  • Introduction
  • Scope
  • Notations and Abbreviations
  • Terms and Definitions
  • Best Current Practices – Consent management solutions
    • General
    • Regulations
    • Privacy Notice
    • Collection of consent
    • Management of consent records (creation, updates, expiry, change of scope)
    • Interoperability of consent records
Considerations (Non-Normative)

Discussion

  • Discussion about practices around consent receipts v consent records v privacy notices
  • Must clarify the relationship between these things and the context with regulatory environment
  • Recommended to have an explicit record format for 'consent' - separate publication
  • Discussion about how changes or updates to notice/consent scopes will happen
  • v1.1 status
    • Two main areas plus smaller pieces
    • 1) Security Considerations
    • 2) NEW Data Controller contact information - #104
      • Concern that the mandatory requirements might be too restrictive
  • What about 'soft identity' - non-identifying attribute sets that is unlinkable to an individual like device fingerprint - 'soft consent'
  • AI: schedule a call for re-identifiability and di-identification


ISO 29184 contributions

  • Deadline for contributions and comments is September 15 to ISO - so the Kantara group needs to submit at least a week prior.
  •