Page tree
Skip to end of metadata
Go to start of metadata


Outcomes: 

  • Summer Project Report 
    • There is on-going governance model work on GA4GH Privacy Agreements 
    • Decentralised Semantics is working on the OPN Notice Schema at ToiP for Consent Receipts
      • there is a patient id effort there 
    • AdvCIS is workshopping the V1.2 - update and Kantara contribution 
    • Hyper-ledger is 

****

Three Decentralised  Governance Sectors 

  1. Notice and Consent - (Standards) - with a final push, motivated by this collaborative Summer Project, presented with the DLC reference implementation

 

In line with all the activity in this space this summer, the Notice & Consent Project is supporting a multi-commuity input summer project, led the by the  Lifecycle of Consent RFC for  Distributed Ledger Consent (DLC), presented to the CISWG as work being undertaken at Hyperledger.   The contribution, is the resulting DLC extension for the Notice and Notification Consent State Record specification, which we are working on in the Notice and Consent Group. 

This project provides related efforts opportunities to mash up some decentralised standards work, using the global notice and consent standards, which have long been in development.  

Kick Off Agenda

  1. Updates
  2. Discussion and some planning
  3. Jan - Starting with a demo of the privacy agreement and flow for Digital Consent Technology 
    1. more specific tasks details and assignment
  4. Summer Dates and Planning 


Summer Project 2020 Description

Touchstone use case - with support from UBC - Dr. Lemieux, who has provide some of @Anadi's time, from the Molecular You project, that is working on block-chain technology for GA4GH and medical research initiatives in tele-health.  Along with Jim, who has already worked o this project and its consent en-codification, Jan, who has specified the lifecycle requirements for DLC, with Hyperledger, Scott with the Informational Risks, which are required for the Privacy Agreement notices and the Common Accord Contract so that a DLC is suitable for genetic medical research consent in GA4GH. 

All the conditions - for the perfect summer project

Planning

Note: As a result, the rest of the summer calls will be focused on Summer Project Activities with a break in calls on Aug 15th, for a break, and some fun.   (and to give people to finish and submit work etc independently)  But all projects that submit- must be under the project IPR and available for use in the DLC use case. 


Objectives

  1. Work on the Hyperledger Digital Ledger Consent Lifecycle reference implementation, utilising the inputs and interest from the ISI _ Notice & Consent Project Calls. 
    1. Privacy Agreement 
      1. Privacy by Design and Consent by Design Standard Protocol Requirements for DLC - Listed for GA4GH Code of Practice  
      2. All of the GA4GH categories mapped into DPV
      3. All restrictions and derogation listed for discussion on hack day 
        1. July 20 - Update the reference implementation - plan - a hack day for inputs and outputs. 
      4. Common Accord Version of Privacy Agreement- utilising 29184 and inputs
        1. Information Risks of Harm (WU) inputs - as required DLC Notice - for Consent Directive Smart Privacy Contract 
  2. July 20 - Genetic Consent Hack-Day for a Unified Data Control Vocabulary 
    1. review of inputs and discussion about the genetic consent requirements for use with DPV and GA4GH in the reference implementation
    2. gap analysis. and report writing
      1. each participant takes a section on summarises - in 3 pages or less
      2. due Aug 10th 

The Plan 

  1. Kick-Off - Wed 10th of June
    1. Tasks:ask for all the inputs for the DLC project to be provided by July 10th
      1. invite for Support for Mapping the GA4GH with the DPV from the W3C  -  for the hardest use case in consent - medical consent for genetic research and the human genome. 
        1. categories and 



  • Part 1: Now - July 10th - inputs Please:  requesting all inputs and draft - (finish that spec work people's) 
    • utilising the DPV to map the GA4GH, categories and requirements for decentralised human personal data control vocabulary, that is machine readable 
    • utilising the CR v1.2 (draft) and appendices to be able to generate a consent receipt that usable as an international notice and consent token. 
    • utilising the Human Colossus/Decentralised Semantics: OCA, to utilise the Appendix DPVA for the CR v1.1 to produce the  'Unified Personal Data Control Vocabulary' with Prose
    • Providing a return input back to the W3C DPV, to support the unified data control vocabulary (for decentralised semantics)
      •  - demonstrating international usability by context translating between both ISO and GDPR compliance context, privacy requirements. utilising the Crv1.2 appendix
    • utilising Common Accord and the Identity Risk per context work from the University of Washington: Information Risk Research Initiative 
      • to generate a Privacy agreement template for the GA4GH
        • to generate the smart privacy contract 
    • to generate the GA4GH Consent for genetic research autonomously - creating a consent record the person holds and a legal consent receipt for the use of personal data for medical research - 
    • Utilising OPN Framework to generate the Code of Conduct for the GA4GH 
    • Utilising pr
  • Summer Mixer July 15 - Notice & Consent Project 
    • Summer Mixer inviting various standards efforts to come and see the work - chat about what each effort is upto in the decentralised spaces of governance
      • More - TBA  
  •  Part 2 - a bit of rapid adoption - to mock-demo and present the DLC extension draft 
    • July 20 - Update the reference implementation - plan - a hack day for inputs and outputs. 
    • Aug 15- Summary Report -Draft
    • Holidays - 
    • Sept 21 - Final Report Presentation of Summer Project Outcome


**** 


Initial Call Agenda/Summary  Wed 10th of June

  1. Summer Project -
    1. (Plan: Finish CR spec update)  Notice & Consent standards inputs- for as the summer project use case. Using/Referencing the combined project works/inputs -  (overview)
      1. Part 1- Until July 15
        1. Specs drafted 
        2. Unified DPVC
        3. DPV to GA4GH mapped
      2. Part 2 -  Aug 15
        1. Updated and Presentable - Ref Implementation with Summer Project Inputs
        2. OCA example use of Unified -DPVC - Human Colossus
        3. A  DLC - Code of Conduct for GA4GH - that molecular you can evaluate
    2. DLC - Reference Implementation Demo - by Jan 
    3. DLC - Summer Trello Board - 
    4. Send Email: (after this call) For a critical collaboration with the W3C DPV for this purpose, finish the backend for July 15th.  
  2. Complete the Summer Project - by updating the Reference implementation, using DPV, for GA4GH DLCL. (overview)
  3.  Plan (RoadMap): 
    1. Decentralised Law & Semantics Virtual Mixer - (show and tell).  Inviting;
      1. W3C Verified Claims, 
      2. W3C Data Privacy Controls, (maybe hosted by the Kantara Notice & Consent project) to get together and share updates.  Providing the needed inputs for the summer project. 
    1. Post - Kantara Summer Project Wiki Page  and send email to the W3C DPV list 
    2. July 15 - Summer Project Mixer -  
    3. Aug - 15 - presenting an updated version of the DLC reference Implementation - representing the summer project - with a lot of room to get organised,  once we have a shared reference implementation,  supporting a technical work group and decentralised agenda amongst different efforts
  • No labels

10 Comments

  1. Requesting changing the label of W3C DPV as a participant since there is no formal agreement between the groups. If you wish to indicate invited participants, I would suggest using "invited contributions from W3C DPVCG" as the label. I think it is important to distinguish the DPVCG is a community group (CG) and does not represent W3C.

  2. Thanks Harsh, edited this to be clear about the nature of the collaboration.

  3. I'm requesting clarity on "evolve the CR 1.1 to Notice Receipt (NR) 1.2 and then NR 1.3" (as we have also discussed this on the calls) - I'm asking for a written objective here for reference. To my understanding, consent-receipt has a definition in both the Kantara spec and ISO/IEC 29184. It represents a record of consent interaction (traditionally represents given, but also could arguably represent requested, withdrawn etc.).

    1. Notice-receipt is ... what? What will be the objective of this specification? Will it be: receipt of notice i.e. the information provided in a consent interaction e.g. consent dialogue listing purposes?
    2. If this is mirroring the ISO/IEC 29184 + 27560 standards, will there be one standard for notice (29184) and another for consent receipt (27560) or a single standard for both?
      1. I would suggest a single standard representing all states/information within a consent workflow BUT the notice (as per 29184) can also be about other legal justifications (e.g. legitimate interest).
      2. In this case, a single spec will no longer be primarily about consent. I'm okay with this as long as it is not called 'consent' receipt - maybe 'notice & consent receipt' as Mark suggested. My personal opinion is that consent is one of the many legal bases and we should treat it as such.
      3. However, given that 27560 is specifically about consent receipt - will ISO/IEC and Kantara want a catch-all spec for all legal bases or only consent?
      4. If there are two specs (for notice and for consent) then will the consent spec be a subset of the notice spec or atleast compatible?
    3. Following a resolution on this (above), we should document this on the AdvCIS wiki page as well.
    1. hi Harsh, 

      The agreed plan of comments and inputs have not changed, but are just being clarified as we learn and plant the path of engagement appropriate for Kantara ISI and the appropriate inputs, format and process. 

      As we have learned about the appropriate  approach this week we are working on its description.  Expect this to evolve this week with the schedule of inputs and tasks for the summer project.   The inputs and schedule will be tied to the Wednesday meetings going forward.  The input review - will be in a separate thread than the summer project here.  The wiki and this thread will be setup for/in the next meeting.

  4. Thanks Harshvardhan J. Pandit ,this is exactly what we are working towards.  So this is just me trying to state this out here.  I think 1 requires some group discussion and I believe that is what Mark is driving towards with a draft of what is called NR 1.2, with that we will have an example of an NR.  On 2a I think we are converging on a single specification for Notice that could be used across. On 2b I think we all agree, perhaps with the naming to be determined. On 2c I believe our initial focus will be for explicit consent as the reference implementation and using a specific context, likely the genomic one.  As part of this we can further explore the differences in receipts and records and create a consent receipt for the explicit consent type.  On 2d I think we are looking at notice generally and then "consent" receipts which are by consent types and certainly compatible and likely a subset but under single specification.  Again, just my description and certainly open for Project Group input

  5. I promoted this in healthcare under the HL7 FHIR project as something that healthcare and FHIR might eventually be able to build upon. I hope that brings you some interest from Healthcare. I know of some that likely will want to participate. 

    1. That's great John, same notice and consent framework, but finally standardised enough to do kewl new things.  We will keep the updates coming, thanks for sharing ! 

    2. John Moehrke , you know I would always love your participation. Per the notes Mark Lizar added below, we are also examining this in the Trust Over IP Foundation and a team is actually making progress on a consent schema for FHIR. Personally I see a relationship to IHE BPPC too, but leave that up to you as the author (smile)

    • Summer Project Report 
      • There is on-going governance model work on GA4GH Privacy Agreements 
        • (more information to follow ) 
      • Decentralised Semantics is working on the OPN Notice Schema at ToiP for Consent Receipts
        • there is a patient id effort there which is looking to collaborate with efforts in Kantara led by Jim Sinclair (and co.)
      • DLC is continuing as a common use case for decentralised identity and block-chain - with the
        • Life Cycle of Consent DLC  at Hyper-ledger - Jan Lindquist is the lead.  
      • AdvCIS Project - is workshopping Receipt types for Data Governance Interoperability - focusing on Privacy Master Controls -  to complete the  Notice & Consent Receipt v 1.2 update for Kantara contribution 
    • Stay Tuned for more Interop news