- Andrew Hughes
- Marco Venuti
- Chris Cooper
- Ken KlingensteinLisa LeVasseur
- Nancy Lush
- Chris Olson
The meeting was not quorate
- Call to order
- Roll call
- Agenda bashing
- Organization updates
|5 min||WG Motions |
A Quorum required
Motion to ...
|30 min||WG path forward||All|
- Discussion about pressure points and the demand for 'consent'
- Discussion on seeing 'consent' requirements in some RFPs - purchasing
- Also - Service providers (data processors) are starting to insist that Brands (the data controllers) have valid 1st party consent from consumers (data controller to data processor demands)
- ACH asked Marco for ratio of wants consent stuff versus not asking for consent stuff in rfps
- ACH asked Marco for sample language - examples of how company RFPs ask for consent management-related stuff
- Andrew speculates - what if CMS WG produced a boilerplate clause setting out how to ask for consent management stuff?
- James - one aspect is when a customer 'signs up' with a provider - explicit; another aspect is passive tracking; this is the omnichannel user consent management problem - the person might set different instructuctions on every different channel the customer connects to the provider (e.g. in person vs mobile app)
- Caution to ourselves that user preferences can come from any channel, not just 'web' or 'mobile app'
- Lisa & Eve Maler have written a paper that sets out 'consent' needs to evolve - interesting supporting material
- James - identification of the user is a challenge that intersects with the explicit/active consent management topic
- This is a big challenge for companies
- Companies are seeking a solution to lightweight but robust identification solutions - rather than asking for an emailed picture of a passport or ID card
- There is a need for safe, secure solutions to linking customer interaction channel identifiers together in order to manage consent instructions at a **person** level, not at a channel-user level
- Notes that collection of passive identifiers via setting a cookies etc is problematic when those passive identifiers are sent onwards to a third party that has the capability of linking those passive identifiers to actual individuals. If the identifiers cannot be linked to real persons (because they are not sent onwards) then they are less problematic.
- Companies want risk mitigation - this can mean unification of the many 'consents' that a person gives to a company due to many channels
|5 min||Upcoming conferences and events||Andrew|
Events that Kantara will have an active role: https://kantarainitiative.org/events/
Next WG meeting Wednesday, XXXXXXXX, 2019 10:00 Eastern Daylight Time / 14:00 GMThttps://global.gotomeeting.com/join/276734989