2015-09-07 Meeting Notes

Owned by Mark Lizar (Unlicensed)
Last updated: Sept 07, 2015
2 min read

Date

Sep 07, 2015

Attendees

Goals

  • Agenda:

    • Update on Consent Receipt Website & Implementations

      • Iain & Mark will work on website
      • Oliver is looking at Word Press plugin to make consent button website

    • Present  v0.7 of Spec to the WG for comment - (note: will try and send to list before call starts)

      • Mark to follow up planning for event showing off work at Digital Catapult event with

    • This version of the specification has an Review List built in for  v0.7 fields that need to be reviewed for insertion into core the specification for version 0.8, as well we need to schedule and priorities issues that will arrive from reviewing fields and the specification.

In v0.7 fields that need to be reviewed for insertion into core the specification for version 0.8:

  • Review Purpose Specification: field structure and extension of purpose specification attributes. Service, Purpose (from List in Appendix A).  Should data retention be mandatory in MVCR?
  • Review consent context – Adding method of collection, location, placement, type of option, clarity of purpose, (i.e. a button on a website, a radial) – This context information is relevant to regulations in some jurisdictions that stipulate required fields, and conditions which are required for consent to be fair and reasonable.
  • Review mandatory link to short privacy notice – Is the consent receipt a new first layer for privacy meta-notice, the first layer in layered privacy notices? Should this be required or optional in the MVCR?  What are the legal considerations?
  • Review consent transaction data – How does this differ from the consent payload?
  • Review consent payload – what is a total list of data that can, should and must be captured?  [This appears to be out of scope of the MVCR and requires a use case]
  • Review Resource/Authorization Server (UMA)
  • Review Adding OAuth Scopes
  • Review and what is —> Audience URI
  • Review Resource/Authorization Server

    • Discuss Scheduling items for SPEC review in CISWG call  for this quarter and to start using join.me to edit the spec or address issues on the call

ScheduleReview on ListReview on Call  Issue Priority
Monday 14 SeptPurpose SpecificationSpecification Abstract & IntroductionTo be  reviewed once issues are posted and added to GitHub in Calls
Monday 21 SeptConsent ContextNext Section 
Monday 28 SeptDesign PrinciplesNext Section 

    •  ISO Comment Submission  - We miss this and John indicates their will be more rounds for comment

      • ACTION Mark to pass his comments to ISO
  • Discussing Purpose Specification and duration should be seperate from purpose.
    • there are multiple duration for data retention for different purposes
    • this may be need to be another section in the receipt post MVCR that list retention period separately.. So this tabled and is out of purpose specification.
  • The contents of a retention period section woudl be key valued pairs - values would be assigned by regulation or policy.
    • the longest period would be rolled up and this would be the retention period that is presented
  • Context & Collection Method Field needs definition and better label (remove context)
  • VRM DAY - we discussed creating a demo of our work and presenting this at IIW on Oct 26
    • Action: Mark to start a scope of work for the demoAction Items
  •