Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Approved at: <<Insert link to minutes showing approval>>

Attendees

Voting

  • Jim Pasquale
  • Andrew Hughes
  • Paul Knowles
  • Iain Henderson
  • Mark Lizar
  • Lisa LaVasseur
  • Lisa LaVasseur
  • Jim Pasquale
  • John Wunderlich
  • Mary Hodder

Non-Voting

  •  Jan LindquistPierre Roberge
  • Colin Wallis
  • Chris Olsen
  • Tom Jones

Regrets

  • Oscar Santolalla

...

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
  • Status: Wiki refresh work
  • Status: Distribution-version of slide deck describing the work here (consent receipt today → personal data processing receipt tomorrow - or whatever we decide)
  • Demo status update
  • Spec v2
  • DIACC Notice and Consent Overview comments
  • AOB


5 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Jim, or John, or Andrew of your implementation.

  • IIW, Mountain View, California, April-May
  • EIC, Munich, May - member discount code available - PLEASE REGISTER FOR THE MEMBER PLENARY MEETING Monday May 13th 2019: https://kantarainitiative.org/register-for-kantara-european-plenary/
  • Identiverse, Washington, June
  • USENIX SOUPS '19 and PEPR '19 symposia August 11-13 Santa Clara, CA
  • MyData, Helsinki, September
  • Discussion on what Privacy Engineering is (it's specific direction on how to implement rather than policy statements)

15 minv2 specification timelineAndrew
  • There is an opportunity here - if we can get v2 of the specification to a stable (but not necessarily final) state by late-July then we could potentially contribute it into the ISO Study Period to inform the 1st working draft of the standard (presuming that ISO approves starting the project)
  • We need a Product Manager/Owner dedicated to driving the next version of the receipt specification - if we don't make the timelines then the opportunity will probably be lost.
15 minDemo status updateall
  • Oscar has proposed that Ubisecure create a primitive Privacy Control Panel app that accepts inbound receipts over an OAuth-controlled API.
  • digi.me is nearing completion of mods to their 'consent access dashboard' to make it look/behave like a Privacy Control Panel
  • We need to add a couple fileds to the spec (just for the demo) that allow the user to 'call back' to the receipt-issuer to invoke a user-mediated function like 'forget me'. These need to be fields that are URLs somewhere in the receipt-issuing party's namespace - the idea is that the user views a receipt and can click on the field/URL for the action they want to invoke. It's a way to fake an action button that does what we believe might happen in real implementations.
  • Status updates from participants:
    • Andrew to connect Richard and Oscar to get working on the API
    • digi.me still making progress


15 minDIACC Notice and Consent docall

** Need a person to be responsible for this activity **John W. is responsible for gathering and submitting comments from the WG. (2019-04-25)

  • Deadline is May 3 for comments

https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/

deferProduct roadmap for the demoAll
  • Target is EIC May 2019

Here's the project page for the "Demo v2"

2019-04-11 call notes:


Comments (2019-04-04)

  • (jim) digi.me green light
  • (sneha) green light

2019-03-28 call notes:

  • Ubisecure
    • Oscar sent an email to the list about how to pass the v1.1 receipts to the dashboard/receiver service
    • Simple flows - a mechanism - for the end-user
    • This would allow direct receipt transfers instead of 'faking it' via the Downloads folder

======

Go to the demo v2 page for the breakdown of roles and functions for 2019-02-21 call


deferSpecification update approach

See a flowchart version of this here:

https://share.mindmanager.com/#publish/b-DWOcuKGnVY1PXBKXTpL0-DQOeqmZMGfGUAPiC5


2019-03-14 notes:

  • Mark:
    • sent the GDPR extension to the W3C "Data Privacy Vocabulary Community Group" for comment
    • building a proposal to split the notice from the 'consent' in the structure
      • (note that this is similar to the digi.me proposal)
  • Andrew urges all participants to post issues into the github repo for proposed spec changes - so that we can discuss and prioritize them for action
5 minAOB
  • Mark: Should this WG write a letter to the EC about the badly-conceived patent as noted here?
  • https://www.eff.org/deeplinks/2019/02/stupid-patent-month-patent-following-privacy-laws
  • Andrew is checking with Colin to confirm that this is OK in Kantara's scope (probably is)
  • Mark to lead drafting effortsCIS WG marketing collateral - need it for EIC - Jim to resume progress
  • WG had a long discussion about what the receipt represents and roadmap and how they might be valued by the individual

Next meeting

*** Next call 2019-0405-25 09 10:30 am Eastern DAYLIGHT Time

https://global.gotomeeting.com/join/323930725



...