|Consent Receipt Usability and Accessibility Project|
Work project to determine approaches to specifying usabiity and accessibility recommendations for implementation of consent receipts, and development of those specifications. Includes topics like user experience, user interface, web content usability, accessibility standards.
Report leading towards Recommendation
|"Report on consent receipt usability and accessibility requirements"||Preliminary/initiation|
Enabling Maximum Data Portability through GDPR
A brief and simple description of the project objective, rationale for creating the publication, specific entities that will use the publication and related work inside or outside of Kantara.
The General Data Protection Regulation (GDPR) introduces a new right of Data Portability for individuals (data subjects). The text states that ‘the data subject shall have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain from the controller a copy of data undergoing processing in an electronic and structured format which is commonly used and allows for further use by the data subject’.
The text goes on to say: 'Where the data subject has provided the personal data and the processing is based on consent or on a contract, the data subject shall have the right to transmit those personal data and any other information provided by the data subject and retained by an automated processing system, into another one, in an electronic format which is commonly used, without hindrance from the controller from whom the personal data are withdrawn.'
The Data Portability section concludes with: ‘The Commission may specify the electronic format referred to in paragraph 1 and the technical standards, modalities and procedures for the transmission of personal data pursuant to paragraph 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).'
On first reading, one might assume that the above is relatively straightforward to deliver in the technical sense; a range of technical routes to doing so have been around for a long time. However, data portability is seen as a threat to many existing organisations. Free-ing up the data they have carefully gathered on customers is seen far more as a threat than an opportunity; that is multiplied considerably when viewed through the lens of data being ported to a competitor.
The above is why customers/ users do not have data portability as the norm at present. There have been attempts to deliver it, all have stalled or being minimised to the point of being meaningless. Those with the data roll out numerous excuses and reasons to water down the art of the possible; reasons for not delivering on the premise include:
• ‘How can we be sure we are providing the data to the right person/ organisation?
• We’re not sure we can share this data, it might get lost/ hacked
• Some of the data is ours, the customer should not be able to leverage that for free
What has emerged from previous attempts has been limited lists of standardised data listing, and data sharing formats such as ‘download a .csv file’. The task taken on by this project within CISWG is to take the alternate perspective. Rather than minimise, slow down and put barriers in front of data portability, we will focus on fast tracking, and setting the bar based on what modern technologies. In practical terms that means:
• Build a list of industry sectors/ business types that is commonly recognised and can be scaled out
• Prioritise that list in order of maximum benefit to the individual in making the data therein portable
• Build a related list of the data attributes that we’d wish to see become portable from those organisation types
• Discuss the various technical means to enabling portability, and agree a recommended technical approach
Draft Technical Specification
"An Analysis of How to Deliver Maximum Data Portability under GDPR"
"A Specification for Data Portability Under GDPR"
This report reviews the history and current status of data portability project work in order to synthesis that into a recommended way to deliver maximum data portability in the context of the upcoming deployment of the General Data Protection Regulation (GDPR)
Draft Technical SpecificationThis specification, if followed by an organisation (data controller), will enable an organisation t the General Data Protection Regulation (GDPR), and ensure that the organisation maximises the portability of the data in question.