Skip to end of metadata
Go to start of metadata



Status of Minutes


Approved at: 2019-12-12 Meeting notes (CR) DRAFT




  • Jan Lindquist
  • David Turner
  • Sneha Ved
  • Sal D'Agostino
  • Peter Davis
  • Mary Hodder


Quorum Status

Meeting was <<<>>> quorate

Voting participants

Participant Roster (2016) - Quorum is 6 of 11 as of 2018-11-19

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale (C), John Wunderlich (VC), Andrew Hughes (VC), Oscar Santolalla, Richard Gomer, Paul Knowles, Samantha Zirkin

Discussion Items





4 mins
  • Roll call
  • Agenda bashing
  • Discuss what we should demo at EIC

5 min
  • Organization updates

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

  • TIIME, Vienna, February
  • EIC, Munich, May
  • Identiverse, Washington, June
45 minProduct roadmap for the demoAll
  • Target is EIC May 2019
  • is considering doing the import/export functionality for January
    • suggests showing of functionality of the 'privacy dashboard' concept
    • suggests showing a communication flow between person, controller and a processor - showing how changes to preferences are communicated
    • will show demo to Jim of consent receipt spec new features of - these probably will go in the next release
  • Sphere Identity
    • 3-party consent will be implemented and tested in January
    • will have an end-end demo at EIC
    • showing how data sharing and consent management works (data subject, data controller, Sphere)
    • would need to add an 'export' function
  • Consentua
    • Focus on the interoperability aspect
    • 1) How do i combine multiple receipts into a single file? (zip, JSON format, etc) - to demo parsing packets of receipts - portability between dashboards
    • 2) How to make a CR actionable - how to check it, revoke it, mutate it, is it valid in the service that issued it - this would allow dashboards to become 'control panels'
  • Airside
    • Could use emulators to show mobile. Could also run and pause a video.
    • Wants to speak about how CRs are used in their general aviation app - there are iPad/Android version
    • Their data organization is information oriented, not privacy-first oriented
    • The 'dashboard' feature for General Aviation might be the Passengers sharing their passport data to the Pilot for flight manifest compliance
  • OpenConsent
    • Power is in the 'proof' aspect of this - proof about what Notice was given
      • For consent, Notice is required, followed by an Agreement
      • Consentua has the concept of 'provenance' - all the elements that went into the agreement.
      • Andrew suggested using the word 'agreement' instead of 'consent' - nobody agreed (smile)
    • This is 'consent by design' that demonstrates the increased quality of consent.
    • Idea: if there was a bare 'notice receipt' (a subset of the explicit consent receipt) that could be powerful to keep track of where notice was or was not provided correctly.
  • What point of view should we demo?
    • From the person's perspective? (excercising data subject rights)
    • From the data controller's perspective?
  • Demo of a Privacy Control Panel?
    • One interface showing where the person shared their information for processing
    • The person can interact and change their preferences related to these information processing interactions
    • The control panel operates on a more complete capture of the provenance of the consent interaction
  • Consensus reached - this sounds like the right concept for the demo - now we need to work on the details


Next meeting

*** Next call 2018-12-13 10:30 am Eastern Standard Time / 15:30 GMT