Assessment (Survey) Summary
This is a short survey focused on assessing the terms used authorisations, consent based interaction, in permissions and agreements.
This is for identifying the terminology and taxonomy in an specific service - it is for research for the identification of terms used for authorisations, permission-ing, agreements and consent.
The scope of this research is to correlate answers by industry, authorisation format, state legal justification and to look at how these conform to the Consent Receipt (personal data processing receipt) and ISO 29184. The object will be to produce a summary and breakdown of the responses for use with future CISWG works.
Produce a summary that can contribute towards the development of common use and practice for use of terms in identity management, catalogue common dark patterns and identify existing or similar best practices that are conferment to consent receipt and ISO 29184 works. The
in contrast to transparency provided by a consent receipt format to identify a set of criteria for evaluating against a baseline for the development that is provided by the consent receipt v.1 + Legal requirements for the context.
CISWG Terminology Assessment: link to the survey/assessment,
link GICS codes (preferred to identify industry codes for this assessment - GICS_structure_formatted.xlsx)
Background
The Kantara Initiative Consent & Information Sharing WG, has produced the Consent Receipt Specification, and is now working on a broader Personal Data Processing Receipt Specification.
The consent receipt that has been a basis for developing a single digital privacy record and receipt format to standardise privacy and information sharing transparency. The consent receipt format has been adopted by other standards efforts and is championed as a tool for transparency and interoperability in identity management.
The objective of this survey is to collect and audit the use of terms in the authorisation and permission-ing of personal data processing and to contrast practice against the consent receipt format. The survey will aim is to assess the actual use of terms, and their interpretation from those who use them. As well as to consider a consent centric interpretation of all the various legal justifications for processing personal data.
More information (like how to join this WG or mailing list can be found on the Kantara CISWG Wiki)
Survey Sections
- Respondent/ Organisation Information
- Context of Data Collection
- Terms Used for the Authorisation of Data Capture
- Additional Questions Relevant to Quality of Authorisation
Thank You Contributors
- Paul Knowles
- Jan Lindquist
- Harshvardhan Pandit
- Oscar Santolalla
- Vitor Jesus
Research & Discussion
- Conformance to best practice
- Security & Privacy Risks, surveillance and dark patterns. e.g. → identification of the malicious and benign
misuse of transparency. - Terms: Legal, Technical, Business,
- Deeper Sub-Topics - (of keen interest to review) Contract Vs Privacy, Governance Vs platform permissions, data trusts
Links to research to help inform this study
- ISO 29184: Online privacy notices and consent
- Consent Receipt v1.1 Specification
- GDPR Consent Receipt Extension
Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds
- Natasha Lomas → https://techcrunch.com/2019/08/10/most-eu-cookie-consent-notices-are-meaningless-or-manipulative-study-finds/
Dark pattern research:
https://uxdesign.cc/the-12-types-of-dark-patterns-and-why-you-should-care-38a7b584777b
https://www.eff.org/deeplinks/2019/02/designing-welcome-mats-invite-user-privacy-0