2019-04-18 Meeting notes (CR)

Date

2019-04-18

Status of Minutes

Approved

Approved at: 2019-12-12 Meeting notes (CR) DRAFT

Attendees

Voting

Jim Pasquale
Andrew Hughes
Paul Knowles
Iain Henderson
Mark Lizar
Lisa LaVasseur
Oscar Santolalla
Mary Hodder

Non-Voting

Jan Lindquist
Colin Wallis
Tom Jones

Regrets

Quorum Status

Meeting was <<<not>>> quorate

Voting participants

Participant Roster (2016) - Quorum is 6 of 10 as of 2019-03-20

Iain Henderson, Mary Hodder, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Lisa LeVasseur

Discussion Items

Time	Item	Who	Notes

Time	Item	Who	Notes
4 mins	Roll call Agenda bashing	@Former user (Deleted)	Deferred: Status: Wiki refresh work Deferred: Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide) Demo status update Spec v2 DIACC Notice and Consent Overview comments Mark: letter to the EC re patent on opt-in AOB
5 min	Organization updates	All	Please review these blogs offline for current status on Kantara and all the DG/WG: Director's Corner: 2019: March Work + Discussion Group Activity There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation. IIW, Mountain View, California, April-May EIC, Munich, May - member discount code available - PLEASE REGISTER FOR THE MEMBER PLENARY MEETING Monday May 13th 2019: https://kantarainitiative.org/register-for-kantara-european-plenary/ Identiverse, Washington, June USENIX SOUPS '19 and PEPR '19 symposia August 11-13 Santa Clara, CA MyData, Helsinki, September
15 min	v2 specification timeline	Andrew	There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project) We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.
15 min	Demo status update	all	Oscar has proposed that Ubisecure create a primitive Privacy Control Panel app that accepts inbound receipts over an OAuth-controlled API. digi.me is nearing completion of mods to their 'consent access dashboard' to make it look/behave like a Privacy Control Panel We need to add a couple fileds to the spec (just for the demo) that allow the user to 'call back' to the receipt-issuer to invoke a user-mediated function like 'forget me'. These need to be fields that are URLs somewhere in the receipt-issuing party's namespace - the idea is that the user views a receipt and can click on the field/URL for the action they want to invoke. It's a way to fake an action button that does what we believe might happen in real implementations. Status updates from participants: Andrew to connect Richard and Oscar to get working on the API digi.me still making progress
15 min	DIACC Notice and Consent doc	all	Need a person to be responsible for this activity Deadline is May 3 for comments https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/
defer	Product roadmap for the demo	All	Target is EIC May 2019 Here's the project page for the "Demo v2" 2019-04-11 call notes: Comments (2019-04-04) (jim) digi.me green light (sneha) green light 2019-03-28 call notes: Ubisecure Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service Simple flows - a mechanism - for the end-user This would allow direct receipt transfers instead of 'faking it' via the Downloads folder ====== Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call
defer	Specification update approach		Discovery approach leading to backlog leading to prioritization? How do we decide what changes we must do in this round versus deferrable changes? See https://github.com/KantaraInitiative/consent-receipt-v-next See a flowchart version of this here: https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5 2019-03-14 notes: Mark: sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment building a proposal to split the notice from the 'consent' in the structure (note that this is similar to the digi.me proposal) Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action
5 min	AOB		Mark: Should this WG write a letter to the EC about the badly-conceived patent as noted here? https://www.eff.org/deeplinks/2019/02/stupid-patent-month-patent-following-privacy-laws Andrew is checking with Colin to confirm that this is OK in Kantara's scope (probably is) Mark to lead drafting efforts
	Next meeting		*** Next call 2019-04-25 10:30 am Eastern DAYLIGHT Time https://global.gotomeeting.com/join/323930725