Skip to end of metadata
Go to start of metadata

WG NAME (and any acronym or abbreviation of the name):

Consent Management Solutions WG (Consent Management WG)

PURPOSE:

Consent Management Solutions are used to manage the full lifecycle of an individual’s consent for the processing of their personal data. That consent needs to be: freely given, specific, informed and unambiguous.

The purpose of the Consent Management Solutions WG is to produce a series of Recommendations and Technical Specifications. The Consent Management Solutions WG will gather best current practices from organizations that have implemented consent management solutions; to gather requirements from jurisdictional regulations related to consent management; to develop consensus requirements based on the best current practices to enable businesses to implement best practice, and to support the establishment of a Kantara conformity assessment scheme leading towards supplier declaration or certification against the requirements.

Due to impending deadlines for GDPR, PSD2 and other existing regulations in multiple jurisdictions, there is a market need for guidance and possibly product/service certification for compliant consent management solutions.

SCOPE:

The initial scope of the WG is:

  • to collect documented current practices for management of privacy notice and

    consent from many sources;

  • to collect requirements from regulations in many jurisdictions;

to publish a Kantara Recommendation “Consent Management Solutions – Best Current Practices” which is to contain consensus best current practices as derived from the sources;

Once the initial scope is complete, additional publications will be scoped for production.

DRAFT TECHNICAL SPECIFICATIONS:

None planned in initial scope of the WG.

OTHER DRAFT RECOMMENDATIONS:

“Consent Management Solutions – Best Current Practices” anticipated ready for Ballot four months after WG launch.

LEADERSHIP:

Chair: Corné van Rooij, iWelcome

Vice-Chair: Jim Pasquale, digi.me

Secretary: Andrew Hughes, ITIM Consulting

Editor: TBD

AUDIENCE:

Anticipated audience or users of the work.

Organizations that collect personal information using individual consent for processing

  • Identity providers and credential providers; Customer Information and Access Management (CIAM) providers

  • Organizations in the ConsentTech, myData, “Internet of Me” spaces

  • Privacy and Information Commissioners, Regulators

  • Consent Management platform providers

DURATION:

  • The WG will operate long enough to publish v1.0 and v1.1 of the Best Current Practices publication; no less than 12 months.

  • Once additional publications are identified, the WG participants may choose to extend the WG duration.

IPR POLICY:

The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara Initiative IPR Policy - Option Non-Assertion Covenant

RELATED WORK AND LIAISONS:

Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.

  • Kantara Consent & Information Sharing WG

    • Consent Receipt Specification v1.0 and v1.1

    • (Draft) How to specify Purpose and Purpose Categories

  • Kantara UMA WG

    • UMA 2.0 Grant for OAuth 2.0 Authorization

    • Federated Authorization for UMA 2.0

  • IEC/ISO SC 27 WG 5 “Identity management and privacy technologies”

    • ISO/IEC 29100 “Privacy framework"

    • ISO/IEC AWI 29184 “Guidelines for online privacy notices and consent” (draft)

      General Data Protection Regulation

  • Article 29 Working Party: Guidance

  • Office of the UK Information Commissioner: Guidance

  • Office of the Privacy Commissioner of Canada: Guidance

  • NIST

    • Internal Report 8112: Attribute Metadata

CONTRIBUTIONS (optional): 

A list of contributions that the proposers anticipate will be made to the WG.

  • To be confirmed

PROPOSERS:

Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members.

Corné van Rooij, iWelcome, corne.van.rooij@iwelcome.com
Julian Ranger, digi.me, julian@digi.me
Andrew Hughes, Individual, AndrewHughes3000@gmail.com 

  • No labels

2 Comments

  1. can i check that the focus is on UI/ UX and customer experience for "best practices"  for consent and not some internal ideal processes or privacy terms.  thanks  

    1. There's no restriction on which aspects are covered in the Best Current Practices recommendation. The overall goal is to allow leader organizations to share their practices to raise the overall understanding and beneficial outcomes of consent management practices. There will be internal-facing practice recommendations and should also be 'customer-facing' practice recommendations.