CC

Consent & Choice

• If consent is not the basis for processing mobile credential data, the authority must be made clear before release.

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12288014

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397557

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397557

PL

Purpose legitimacy and specification

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12189713

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097242

CL

Collection Limitation

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12288003

DM

Data Minimization

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12320806https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097237

UR

Use, retention, and disclosure limitation

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097232https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12648452https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12189706

AQ

Accuracy & Quality

• Minimum accuracy to fulfill the purpose of the transaction

• Minimum tracking

  • Location

  • Longitudinal

OT

Openness, transparency, and access

• Ability to see and correct data

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12451853

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/2097288

IA

Individual access & participation

Mobile Credentials must be made available to all subjects that have right granted by Issuer

AC

Accountability

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12156995

IS

Information Security

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/21397594

https://kantara.atlassian.net/wiki/spaces/PEMCP/pages/12320796

PS

Privacy Compliance

• Where an entity processer mobile credential data for legal purposes …. (out of scope) - or records of access

• Clarity on meaning of consent needed.