Page tree
Skip to end of metadata
Go to start of metadata


Sunday.May 24, 2020

AdvCIS Project happy to produce the Kantara 2020 -  PrivMas-Eve we had an informal  Notice & Consent Call (IPR rules suspended)  to talk about some of the latest work awaiting the publication of the ISO 29184 Online Privacy Notices and Consent standard and the start of the ISO Consent Record work, (formerly the Consent Receipt).  

 In short, this is the Agenda we ended up with for   PrivMas. 

PrivMas Call Video

PrivMas - Presentation Videos Posted

(We were sure to issue a surveillance notice and made sure people knew we were recording.)

Surveillance Notice : The PrivMas call will be recorded,  attendee's are invited to change their name and turn off video - and wear a mask to self protect against privacy or security risk

Also, we started working on a new set of common roles - for engineer based role playing for data governance frameworks.  Working to update the Alice & Bob Narrative to Consent & Permission. 

Kantara - PrivMas - Materials


Title of Presentation




Colin Wallis Kantara PrivMas2020 Special Video of the PrivMas Call 

Colin Wallis  Kick's off the Kantara PrivMas with international #PrivMas Gifts 

Video Link to the Call - is here (its big at the moment) 
Doc SearlsAnti-Consentiment

The R Button

Doc SearlsWhy #PrivMas  needs to kill contract of adhesion -  its not human consent

Is the operator the 4th party?

Mark LizarPrivMas -Intro

Review of the history of the legal standards and the background of the work contributed to the OECD Transboarder Flows Guidelines.   Referencing 2003 ISTPA - Presentation by John Sabo from OASIS which is very relevant today.   In particular slide 26 - Referencing Open Trust environments we are working on in this workgroup today. 

Mark Lizar #PrivMas History

This the 2003 ISTPA Presentation by John Sabo from Computer Associates, which serves a great backgrounder to the legal standards that lead to many of the current technical standards.

Mathais De Bievre & Olivier Dion

aNew Governance Project for the EU Data Governance Architecture 

European Commission Data Strategy- An infrastructure for decentralised consent (inherent to design) data infrastructure for permissions. 

Addressing the lock-in of big-data platforms 

Forming a New Governance in the MyData Community - with interoperability amongst data operator. 

  • Human Centric Governance 
  • MyData Declaration 
  • Separation of Powers 
  • Cross Sector and Domain 
aNG -the upstart EU Network -enjoys PrivMas at Kantara - with Separation of Powers and the Power of  Skills & Mobility Use Cases 
Joss LangfordMyData Operator
  • The MyData Operator 
    • Updates 
    • Proto-Operators 
    • Professional Association in Development


MyData Operator - PrivMas at it's best - global best practices 
Jim HazzardCommon Accord

Accountability - e.g.

Common Accord, a #PriMas gift for a New Governance 
Muhammad WaqasAlexa - AI Consent ReceiptsLive Demo of a consent receipt sent via email - where the email must be read before the consent moves from implied consent to explicit consent.   Implied to let Alexa offer a service and explicit for access to data - later in the flow - 

Paul Knowles


From the Human Colossus Foundation for scaling data governance -" A home for synergy"
Tom Jones A Call To Action for Consent Identity ProtocolPresented a dynamic architecture for real–time emergency response data access, also references to work in Kantara FIRE WG.

Xiaohu BRUE: UMA For Cross Domain Explicit Consent (for HealthCare) 

I'm hungry. That soup looks awesome! - BlockChain-UMA Specific Soup

Demonstrating international health care use case where UMA is used to enable cross Jurisdictions Electronic Health Exchange - with explicit consent as the framework for the exchange.  

Sal D'Agostino Identity Surveillance TechnologyBigger Brother - - a SoShanna Zubov Review -  And a PrivMas gift - Active transparency Over Surveillance Capitalism 

Salvatore D'Agostino Closes #PrivMas Eve - with a Toast and tale of Bigger Brother - to close

Interop Gov Role-Play For Video Conferencing Calls - 

(A use case for facilitating decentralised governance experience - aka consent by design) 

This game came about this week as we search for a way to have a Covid PrivMas that was on theme.  Realising that some expierencial tools could really help people design with consent and data permissions.    To better understand the risks these governance systems have a set of experience driven tools can be developed that helps people experience the surveillance vs consent by design frameworks and permissions that we are designing to replace.  

As - how to fix the broken internet game sounded like it could be an idea for future PrivMas fun.   Attendee’s participation is (optional)   Using video call features people control to turn off video when they want,  wear a mask/disguise/sunglasses on the call to make it more comfortable.  Be able to come on and off video as person feel's like it, change their screen name to a psudonymn -Basically, turn down the Surveillance to make it more comfortable.  etc.   is a key first step to trying anything.  Which is what we did on the call for PrivMas. 

The results below are the raw ingredients. 


The aim of the game is for people to experience what difference governance (Gov) frameworks would be like if implemented the way people think and act.  There is a good guy mask, a bad girl mask, a rainbow mask and an imposter mask, for people who don't want to participate in the call, can use the pseudonym Doc or Joyce to participate in a neutral way.  The aim is use governance framework names as psudonyms and use the governance frameworks to see if you can work out who is the imposter. 

To Participate

Everyone can only invite one guest and you can make up a name for your caller ID (on the video call) by using the suggested identity governance naming convention, that is intended to make transparent the governance framework perspectives you feel like representing on the call or even at different times in the call.  (Also, you can exaggerate the name of your favourite governances flavour with a pre-expression to futher exaggerate the naming).  

For Example, 

ISI Members: as hosts -should pick an ISI Gov flavour name :  ISI-N&C Gov,  ISI-Intent Gov, etc  (as this is prescribed by the role of hosts) 
Framework & Protocol Reps: UMA Gov, Skilz Gov, Nxt-ISO-Gov, Me2B Gov, WoT Gov, and interestingly  - aNG - doesnt need a naming convention - (these examples are not prescriptive)
Likewise - pls ask your guests to affiliate to whatever Gov label you choose to participate under, e.g.  Guest of Gov Name. And for those wishing to be un-afiliated - please name yourself Doc or Joyce to play

(More trust and assurance guidance for participation in Gov frameworks to mimick or perform to human expections).This is why we have moderators, and security protocols to kick people out etc, so that the risks can be mitigated

The Game Play Options

The risks mitigated in the call are captured through masking  identity in different ways to reduce privacy and security risk of the person, intended to be extremely flexible.  Generally, people can identify each other through topic and voice, but the idea is to let people join the call, so no one really knows who each person is to begin with.  And with all the video turned off..  as people present, and talk, they can turn on video, and people can communicate via chat.

The call should have one facilitator that can change masks, turning on and off vide.  

1 person has to be known and the moderator - another person can be designated the security person for the call.  If there is a real (or staged) call disruption - the moderator and the security person has a separation of powers, and need to keep a log of the secret chat where the security person has the decision making power to kick people off the call, but the moderator has the technical control to do so. 

Each person's guest can act as a proxy - so their could really be unknown people on the call - which is why its good for a work group/community rather than a public event.    


To find the imposter,  experience the impact of a governance framework, examine assurances and their integrity specify a governance tool. Explore combinations that are more trust-worthy. 

Notes On development

  • playing the PrivMas game is needed to develop further and putting in a game play scenario 
  • For those that play or dev further - pls add update to the  comment section below 

Videos & Recordings

privmas-01-Doc.mp4privmas-02-aNG.mp4privmas-03-mydata.mp4privmas04-common_accord.mp4privmas05-Alex_receipts.mp4privmas06_Paul_Knowles.mp4 privmas07_TomJones.mp4 privmas08_BRUE.mp4

  • No labels