Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

20182019-1201-2010

Status of Minutes

DRAFT

Approved at: <<Insert link to minutes showing approval>>

...

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
  • Speaker proposal deadlines for Identiverse and EIC
  • Wiki refresh work
  • Distribution-version of slide deck describing the work here (consent receipt today → data processing receipt tomorrow - or whatever we decide)
  • Discuss approach to specification updates - look at github
  • Discuss EIC demo and scheduling
  • Formal publication of the Blinding Identity Taxonomy work



5 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

  • TIIME, Vienna, February
  • EIC, Munich, May
  • Identiverse, Washington, June
10 minProduct roadmap for the demoAll
  • Target is EIC May 2019
  • Decisions needed:
  • The specific set of user stories we want to showcase
30 minSpecification update approachAll
  • Discovery approach leading to backlog leading to prioritization?
  • How do we decide what changes we must do in this round versus deferrable changes?
  • Support for implementation functions
    • x
  • Structural changes for ease of receipt processing
    • Note that because the v.next receipt specification is net new - so 'breaking changes' probably means that v.next is not backwards-compatible with v1.1
    • x
  • Direct support for interoperable exchange of receipt data
    • Data integrity features, etc
    • Note: this category shares many topics and issues with the Schemas/Overlays work
    • x
  • Recommendations and guidance for specific fields/values
    • x
  • Document family structure for extensions
    • x
  • See https://github.com/KantaraInitiative/consent-receipt-v-next

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5


AOB

Paul - next SSI task is to build a 'consent schema' - 20 attributes so far - will circulate for review

  • Issues about Purpose for data processing are not included at this time - the schema is more about the mechanical aspects of description of the data e.g. aspects of revocation

Mark - liaison work

  • Lots of progress at W3C on vocabulary - GDPR-specific profile/extensions
  • EU government group working on Taxonomy for people and businesses
  • NIST "xpress rules", Healthcare IT, FHIR
  • Should establish a bi-monthly or quarterly liaison information sharing call in 2019




Next meeting

*** Next call 2019-01-10 10:30 am Eastern Standard Time / 15:30 GMT

NO CALLS December 27 or January 3Next call January 17, 2019




From earlier calls:

  • Andrew has set up a github repo for next-version specification backlog items, including use cases: 
    https://github.com/KantaraInitiative/consent-receipt-v-next
  • Some possible items for next versions:
    • Structural changes to the spec including a hierarchy of objects that should improve high transaction volume
    • Integration/association of the new Blinding Identity Taxonomy into the CR Spec family (to inform implementers of potential data categories of interest)
    • Recommendations for Customer Journey / UX / UI features
    • Library of industry-specific or case-specific Purpose categories and example Purpose statements
    • Expansion of Consent Types to allow for more than just Explicit Consent situations
    • (idea) Optional receipt metadata to assist privacy dashboards in organizing and processing 'bring forward' items (e.g. "remind me to check this share in 3 months")
    • digi.me product and management have identified six areas for development
      • consent over period of time (rather than instantaneous consent)
      • termination/modification of consent from either side
      • high transaction volume & low per-instance cost
      • how the 'receipt' fits into accounting systems infrastructures
      • receipt as the basis for legal matters and actions
      • UX/UI concerns
    • for Clinical Trials uses, data holder is required to keep data for 10 years - need to consider longevity of the receipts to go alongside data holdings

...