Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
  • Discuss the demo concept paper
  • Discuss approach to specification updates



5 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

  • TIIME, Vienna, February
  • EIC, Munich, May
  • Identiverse, Washington, June
30 minProduct roadmap for the demoAll
  • Target is EIC May 2019
  • Iain: suggests the 'virtual product' name should be "Kantara Initiative Information Sharing Control Panel"
  • Peter: Is it a requirement that the CR is a standalone document or can it be embedded in a parent document? (may need to update the JSON Schema to specify)
  • Peter: What does 'change permissions' mean? A: Intended to convey that the Subject might instruct the Controller to restrict processing in some way.

Proposed description

The following is a very early draft description of the system we will demonstrate at EIC 2019 and other events.


The main purposes of the Kantara Initiative Privacy Control Panel (Kantara PCP) Information Sharing Control Panel (ISCP) system are a) to allow people to see, organize, find details via a ‘data processing receipt’ construct about the conditions under which they agreed to provide information for data processing; and b) to give them tools to investigate the data processing receipts they might have received or modify the permissions they granted when they initially shared the data for processing.

In the Kantara vision, whenever an individual is asked for their personal data, or whenever their personal data is acquired, a ‘data processing receipt’ is created by the data controller. The receipt includes details about the conditions under which the data was obtained: the privacy notices provided;  the lawful basis and purposes for collecting and processing data; the terms of the agreement and other metadata related to the interaction.

These data processing receipts could be offered by the data controller’s system to the individual for storage in their personal Privacy Control PanelInformation Sharing Control Panel application. 

Once the data processing receipts are in the personal PCP ISCP, the person can organize them and inspect them to ensure they are valid, current and actually represent what happened. 

The PCPISCP gives the person tools to take action with the receipts including view, validity check, request the data, revoke consent, change permissions, or erase the data. In other words to exercise their data subject rights.

On the consent management platform and data controller system side, standard data processing receipt APIs could be offered. The PCPISCP utilizes these APIs. 


The Kantara Members in the Consent & Information Sharing WG can participate in the demo by showing their product features that provide the different functions needed for the PCPISCP demonstration, for example: the PCPISCP dashboard, the data controller functionality to generate receipts, API platform provider, the ‘app’ used by the person, receipt viewer, receipt language translator, and so on.


The concept is that the products could, with very minor enhancements, be a component of the overall Kantara PCPISCP system. We will showcase a future vision of the data processing ecosystem where the individual has more insight and control over their data.


Decisions needed:

  • The specific set of user stories we want to showcase
30 minSpecification update approachAll
  • Discovery approach leading to backlog leading to prioritization?
  • How do we decide what changes we must do in this round versus deferrable changes?

AOB



Next meeting

*** Next call 2018-12-20 10:30 am Eastern Standard Time / 15:30 GMT



...