You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 4
Ref
Principle
VIP Requirements
Verifiers
Issuers
Providers
Consent & Choice
If consent is not the basis for processing mobile credential data, the authority must be made clear before release.
Purpose legitimacy and specification
Collection Limitation
Data Minimization
Use, retention, and disclosure limitation
Accuracy & Quality
Minimum accuracy to fulfill the purpose of the transaction
Minimum tracking
Location
Longitudinal
Openness, transparency, and access
Ability to see and correct data
Individual access & participation
Mobile Credentials must be made available to all subjects that have right granted by Issuer
Accountability
Information Security
Privacy Compliance
Where an entity processer mobile credential data for legal purposes …. (out of scope) - or records of access
Clarity on meaning of consent needed.