Status of Minutes
Approved at: 2019-12-12 Meeting notes (CR) DRAFT
- Jan Lindquist
- David Turner
- Sneha Ved
- Sal D'Agostino
- Peter Davis
- Mary Hodder
Meeting was <<<>>> quorate
Participant Roster (2016) - Quorum is 6 of 11 as of 2018-11-19
Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Samantha Zirkin
- Discuss what we should demo at EIC
Please review these blogs offline for current status on Kantara and all the DG/WG:
There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.
- TIIME, Vienna, February
- EIC, Munich, May
- Identiverse, Washington, June
|45 min||Product roadmap for the demo||All|
- Target is EIC May 2019
- digi.me is considering doing the import/export functionality for January
- suggests showing of functionality of the 'privacy dashboard' concept
- suggests showing a communication flow between person, controller and a processor - showing how changes to preferences are communicated
- will show demo to Jim of consent receipt spec new features of digi.me - these probably will go in the next release
- Sphere Identity
- 3-party consent will be implemented and tested in January
- will have an end-end demo at EIC
- showing how data sharing and consent management works (data subject, data controller, Sphere)
- would need to add an 'export' function
- Focus on the interoperability aspect
- 1) How do i combine multiple receipts into a single file? (zip, JSON format, etc) - to demo parsing packets of receipts - portability between dashboards
- 2) How to make a CR actionable - how to check it, revoke it, mutate it, is it valid in the service that issued it - this would allow dashboards to become 'control panels'
- Could use emulators to show mobile. Could also run and pause a video.
- Wants to speak about how CRs are used in their general aviation app - there are iPad/Android version
- Their data organization is information oriented, not privacy-first oriented
- The 'dashboard' feature for General Aviation might be the Passengers sharing their passport data to the Pilot for flight manifest compliance
- Power is in the 'proof' aspect of this - proof about what Notice was given
- For consent, Notice is required, followed by an Agreement
- Consentua has the concept of 'provenance' - all the elements that went into the agreement.
- Andrew suggested using the word 'agreement' instead of 'consent' - nobody agreed
- This is 'consent by design' that demonstrates the increased quality of consent.
- Idea: if there was a bare 'notice receipt' (a subset of the explicit consent receipt) that could be powerful to keep track of where notice was or was not provided correctly.
- What point of view should we demo?
- From the person's perspective? (excercising data subject rights)
- From the data controller's perspective?
- Demo of a Privacy Control Panel?
- One interface showing where the person shared their information for processing
- The person can interact and change their preferences related to these information processing interactions
- The control panel operates on a more complete capture of the provenance of the consent interaction
- Consensus reached - this sounds like the right concept for the demo - now we need to work on the details
*** Next call 2018-12-13 10:30 am Eastern Standard Time / 15:30 GMT