Status of Minutes
Approved at: <<Insert link to minutes showing approval>> 2019-12-12 Meeting notes (CR) DRAFT
- Andrew Hughes
- John Wunderlich
- Mark Lizar
- Rupert Graves
- Jim Pasquale
Participant Roster (2016) - Quorum is 5 of 8 as of 2017-08-24
Iain Henderson, Mary Hodder, Harri Honko, MarkLizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Rupert Graves
Please review these blogs offline for current status on Kantara and all the DG/WG:
|2 min||All||Any specific sessions about Consent Receipts and Consent Management?|
|5 min||Discuss 'sprint' process diagram||Andrew|
Refresh on where we are in the cycle. What is left to do for v1.1?
September 14, should be at:
|20 min||Discuss work backlog priorities for CR v1.1||David|
Github Issues: https://github.com/KantaraInitiative/CISWG/issues
|10 min||Draft of publication synopsis for new WG||Andrew|
The purpose of the Consent Management Solutions – Best Current Practices publication is to establish an open standard of good practice for the management of an individual’s consent to process their personal data in electronic systems.
The publication describes the practices used by leading organizations to manage the full lifecycle of an individual’s consent to process their personal data. The lifecycle stages include privacy notice, prompt for acceptance of terms, collection of consent, production and storage of consent receipt, and, management of the record of consent.
The practices and requirements derived from them described in the publication can be used as the basis for a conformity assessment scheme which may include product and services certification.
Proposed Table of Contents
- Discussion about practices around consent receipts v consent records v privacy notices
- Must clarify the relationship between these things and the context with regulatory environment
- Recommended to have an explicit record format for 'consent' - separate publication
- Discussion about how changes or updates to notice/consent scopes will happen
- v1.1 status
- Two main areas plus smaller pieces
- 1) Security Considerations
- 2) NEW Data Controller contact information - #104
- Concern that the mandatory requirements might be too restrictive
- What about 'soft identity' - non-identifying attribute sets that is unlinkable to an individual like device fingerprint - 'soft consent'
- AI: schedule a call for re-identifiability and di-identification