|Project Name||Project Description||Output type||Leader||Publication title||Publication Synopsis||Project-Publication Status†|
|CISWG Research: Consent in the Wild||Research into the terms used for authorisations spanning permissions, agreements and consent||research summary for best practice||Mark Lizar||Terms Conformance Research|
|Receipt Demo v2||Design and planning for the next interop demo: the "Kantara Initiative Privacy Control Panel"||Demonstration at events||Andrew Hughes||n/a||TBD||Active|
|Data Receipt Specification v1.1bis Development Project|
The backlog of proposed changes to specification and specification family:
Github Issues list: https://github.com/KantaraInitiative/consent-receipt-v-next/issues
|Updated specifications or new publications||TBC||TBD||TBD||Active|
|Consent Receipt Usability and Accessibility Project|
Work project to determine approaches to specifying usabiity and accessibility recommendations for implementation of consent receipts, and development of those specifications. Includes topics like user experience, user interface, web content usability, accessibility standards.
Report leading towards Recommendation
|"Report on consent receipt usability and accessibility requirements"||Preliminary/initiation|
|MyData 2018 Consent Receipt Interop Demo|
The goal is to demonstrate either live or recorded instances of exchanging consent receipts between organizations. The intent is to show that data is flowing and that consent receipts are being parsed correctly.
The Consent Receipt Interop Demo will be at the MyData 2018 conference in Helsinki, 27-31 August 2018
|User Submitted Terms||The User Submitted Terms project will create a common set of icons that customers can use to signal their intent. This project is meant to build a Minimum Viable set of term icons, their definitions and example engineering code for submitting terms and answering them. The purpose of USTs are to allow individuals to request their preferred treatment of their data, before submission. This is meant is to change the dynamic between entities that most often ask their users to accept terms from the entity with no negotiation. USTs would bring a negotiation aspect to the consent process, before a Consent Receipt is created. UST development will include participants from all relevant domains including UX and usability, engineering, legal, product, marketing and standardization, as well as other parties wishing to join and assist the group. UST development should result in a standard adopted by the Kantara Initiate and eventually through a formal standard's body.||Mary Hodder||Active - Development|
A brief and simple description of the project objective, rationale for creating the publication, specific entities that will use the publication and related work inside or outside of Kantara.
The General Data Protection Regulation (GDPR) introduces a new right of Data Portability for individuals (data subjects). The text states that ‘the data subject shall have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain from the controller a copy of data undergoing processing in an electronic and structured format which is commonly used and allows for further use by the data subject’.
The text goes on to say: 'Where the data subject has provided the personal data and the processing is based on consent or on a contract, the data subject shall have the right to transmit those personal data and any other information provided by the data subject and retained by an automated processing system, into another one, in an electronic format which is commonly used, without hindrance from the controller from whom the personal data are withdrawn.'
The Data Portability section concludes with: ‘The Commission may specify the electronic format referred to in paragraph 1 and the technical standards, modalities and procedures for the transmission of personal data pursuant to paragraph 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).'
On first reading, one might assume that the above is relatively straightforward to deliver in the technical sense; a range of technical routes to doing so have been around for a long time. However, data portability is seen as a threat to many existing organisations. Free-ing up the data they have carefully gathered on customers is seen far more as a threat than an opportunity; that is multiplied considerably when viewed through the lens of data being ported to a competitor.
The above is why customers/ users do not have data portability as the norm at present. There have been attempts to deliver it, all have stalled or being minimised to the point of being meaningless. Those with the data roll out numerous excuses and reasons to water down the art of the possible; reasons for not delivering on the premise include:
• ‘How can we be sure we are providing the data to the right person/ organisation?
What has emerged from previous attempts has been limited lists of standardised data listing, and data sharing formats such as ‘download a .csv file’. The task taken on by this project within CISWG is to take the alternate perspective. Rather than minimise, slow down and put barriers in front of data portability, we will focus on fast tracking, and setting the bar based on what modern technologies. In practical terms that means:
• Build a list of industry sectors/ business types that is commonly recognised and can be scaled out
Draft Technical Specification
"An Analysis of How to Deliver Maximum Data Portability under GDPR"
"A Specification for Data Portability Under GDPR"
This report reviews the history and current status of data portability project work in order to synthesis that into a recommended way to deliver maximum data portability in the context of the upcoming deployment of the General Data Protection Regulation (GDPR)
Draft Technical SpecificationThis specification, if followed by an organisation (data controller), will enable an organisation t the General Data Protection Regulation (GDPR), and ensure that the organisation maximises the portability of the data in question.