/
2015-09-07 Meeting Notes

2015-09-07 Meeting Notes

Sep 07, 2015

Date

Sep 07, 2015

Attendees

  • @Mark Lizar (Unlicensed)

  • @iainh1 NA (Unlicensed)

  • @John Wunderlich

Goals

  • Agenda:

    • Update on Consent Receipt Website & Implementations

      • Iain & Mark will work on website

      • Oliver is looking at Word Press plugin to make consent button website

    • Present  v0.7 of Spec to the WG for comment - (note: will try and send to list before call starts)

      • Mark to follow up planning for event showing off work at Digital Catapult event with

    • This version of the specification has an Review List built in for  v0.7 fields that need to be reviewed for insertion into core the specification for version 0.8, as well we need to schedule and priorities issues that will arrive from reviewing fields and the specification.

In v0.7 fields that need to be reviewed for insertion into core the specification for version 0.8:

  • Review Purpose Specification: field structure and extension of purpose specification attributes. Service, Purpose (from List in Appendix A).  Should data retention be mandatory in MVCR?

  • Review consent context – Adding method of collection, location, placement, type of option, clarity of purpose, (i.e. a button on a website, a radial) – This context information is relevant to regulations in some jurisdictions that stipulate required fields, and conditions which are required for consent to be fair and reasonable.

  • Review mandatory link to short privacy notice – Is the consent receipt a new first layer for privacy meta-notice, the first layer in layered privacy notices? Should this be required or optional in the MVCR?  What are the legal considerations?

  • Review consent transaction data – How does this differ from the consent payload?

  • Review consent payload – what is a total list of data that can, should and must be captured?  [This appears to be out of scope of the MVCR and requires a use case]

  • Review Resource/Authorization Server (UMA)

  • Review Adding OAuth Scopes

  • Review and what is —> Audience URI

  • Review Resource/Authorization Server

    • Discuss Scheduling items for SPEC review in CISWG call  for this quarter and to start using join.me to edit the spec or address issues on the call

Schedule

Review on List

Review on Call

  Issue Priority

Schedule

Review on List

Review on Call

  Issue Priority

Monday 14 Sept

Purpose Specification

Specification Abstract & Introduction

To be  reviewed once issues are posted and added to GitHub in Calls

Monday 21 Sept

Consent Context

Next Section

 

Monday 28 Sept

Design Principles

Next Section

 

  •  

    •  ISO Comment Submission  - We miss this and John indicates their will be more rounds for comment

      • ACTION Mark to pass his comments to ISO

  • Discussing Purpose Specification and duration should be seperate from purpose.

    • there are multiple duration for data retention for different purposes

    • this may be need to be another section in the receipt post MVCR that list retention period separately.. So this tabled and is out of purpose specification.

  • The contents of a retention period section woudl be key valued pairs - values would be assigned by regulation or policy.

    • the longest period would be rolled up and this would be the retention period that is presented

  • Context & Collection Method Field needs definition and better label (remove context)

  • VRM DAY - we discussed creating a demo of our work and presenting this at IIW on Oct 26

    • Action: Mark to start a scope of work for the demoAction Items