Skip to end of metadata
Go to start of metadata

Date

2018-12-06

Status of Minutes

DRAFT

Approved at: <<Insert link to minutes showing approval>>

Attendees

Voting


Non-Voting

  • Jan Lindquist
  • David Turner
  • Sneha Ved
  • Sal D'Agostino
  • Peter Davis
  • Mary Hodder

Regrets



Quorum Status


Meeting was <<<>>> quorate


Voting participants


Participant Roster (2016) - Quorum is 6 of 11 as of 2018-11-19

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Samantha Zirkin

Discussion Items

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
  • Discuss what we should demo at EIC



5 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

  • TIIME, Vienna, February
  • EIC, Munich, May
  • Identiverse, Washington, June
45 minProduct roadmap for the demoAll
  • Target is EIC May 2019
  • digi.me is considering doing the import/export functionality for January
    • suggests showing of functionality of the 'privacy dashboard' concept
    • suggests showing a communication flow between person, controller and a processor - showing how changes to preferences are communicated
    • will show demo to Jim of consent receipt spec new features of digi.me - these probably will go in the next release
  • Sphere Identity
    • 3-party consent will be implemented and tested in January
    • will have an end-end demo at EIC
    • showing how data sharing and consent management works (data subject, data controller, Sphere)
    • would need to add an 'export' function
  • Consentua
    • Focus on the interoperability aspect
    • 1) How do i combine multiple receipts into a single file? (zip, JSON format, etc) - to demo parsing packets of receipts - portability between dashboards
    • 2) How to make a CR actionable - how to check it, revoke it, mutate it, is it valid in the service that issued it - this would allow dashboards to become 'control panels'
  • Airside
    • Could use emulators to show mobile. Could also run and pause a video.
    • Wants to speak about how CRs are used in their general aviation app - there are iPad/Android version
    • Their data organization is information oriented, not privacy-first oriented
    • The 'dashboard' feature for General Aviation might be the Passengers sharing their passport data to the Pilot for flight manifest compliance
  • OpenConsent
    • Power is in the 'proof' aspect of this - proof about what Notice was given
      • For consent, Notice is required, followed by an Agreement
      • Consentua has the concept of 'provenance' - all the elements that went into the agreement.
      • Andrew suggested using the word 'agreement' instead of 'consent' - nobody agreed (smile)
    • This is 'consent by design' that demonstrates the increased quality of consent.
    • Idea: if there was a bare 'notice receipt' (a subset of the explicit consent receipt) that could be powerful to keep track of where notice was or was not provided correctly.
  • What point of view should we demo?
    • From the person's perspective? (excercising data subject rights)
    • From the data controller's perspective?
  • Demo of a Privacy Control Panel?
    • One interface showing where the person shared their information for processing
    • The person can interact and change their preferences related to these information processing interactions
    • The control panel operates on a more complete capture of the provenance of the consent interaction
  • Consensus reached - this sounds like the right concept for the demo - now we need to work on the details

AOB



Next meeting

*** Next call 2018-12-13 10:30 am Eastern Standard Time / 15:30 GMT