2015-02-05 Meeting DRAFT Minutes

Date

Feb 05, 2015

Attendees

Call at Quorum

Goals

  • Discuss current state of the spec

Discussion Items

ItemWhoNotes
Review of unapproved minutes 

2015-01-08 Meeting Minutes - approved

2015-01-22 Meeting Minutes - approved

Action items from 2015-01-29Mark
  • John Wunderlich to remove the "extension" language from the spec; extensions don't belong in a document describing the "minimum". 
  • Mark Lizar to kick off the discussion "links or no links in an MVCR" on the mailing list

 

MVCR Scope - Defining Usability in the MVCR 

Discussion of John's edit - John has narrowed down to two specific scope items.  

 - Note that this isn't a record of consent, it is a receipt for a personal data transaction that includes what kind of consent was used for that transaction.

 - This is not about implicit or explicit consent at all.  Example: the act of registration is implicit consent.  It may or may not include a notice of explicit consent.  After they register, they get a popup that says "do you want a consent receipt."  If yes, that will contain the transaction info.

 - This is considered a useful concept, but would like to state the difference between implicit and explicit consent and how it applies here.

 - Suggest using "expressed" and "implied" instead of "explicit" and "implicit" as potentially less fuzzy/regulatory language.  either way, having these distinctions clear in the spec will be useful.

 - Concern/debate that a personal data transaction is different from a consent transaction.  But given that even identifiers are personal data, calling this a personal data transaction that includes consent information is ok.

 - Reminder that the MVCR is not web-specific, though the first use case used is web-specific.

 - Suggest adding back one more line to the scope: making consent usable and transparent.  Maybe this is part of the marketing and not the specification?

 - Now we are tracking MVCR content, not programming requirements. Add Nat's seven security points to the security section.  Take out the abstract for now.  Change scope to Contents of Consent Receipt.  Change Consent Notice Data table to remove DCI data and replace it with Consent Receipt Field Definitions or Comments.  If we do that, we can get rid of the most of the rest of the document - the core info will be in that table.

AOB Mary is working with IDESG to have an accounting consent and some of the other privacy requirements that express how this should work.

Action Items

  • Mark Lizar (Unlicensed) to write usability bullet for the scope (or possibly part of the design requirements).
  • Mark Lizar (Unlicensed) to start work on a new table to create the core of the .7 respect (post it in Google Docs for live editing during the next call)
  • John Wunderlich to write the language to clarify expressed and implied.
  • Former user (Deleted) to revise the master document to clean up the old/new docs that have gotten overly mixed and make the section headers clear.