Page tree
Skip to end of metadata
Go to start of metadata

Receipt use cases and updates for the Notice & Consent Receipt Community. 

Fist Update, Re:  the Consent Receipt v1.1 is representative of the 2016 MVCR (Minimum Viable Consent Receipt),  when it was clear that the MVCR had some significant challenges, which have recently been addressed.  

  1. The receipt needed enforceable law, 
  2. The receipt needed standardized components; to be a recognized legal tool,  standardized personal data categories (not our appendix),  standard legal ontology / semantics, which could also be machine readable, 
  3. The receipt itself would need to be a usable legal standard for people and requires a UI as well as legal and technical framework

Since 2016, the receipt has been contributed to community and regulatory efforts where  this work has been pursued, meaningful consent in Canada,  the GDPR NOTICE and consent enforcement fully, in 2020, and the ISO 29184 (July 2020).   Now the work from this WG group is focused on the update to the Notice & Consent Receipt v1.2, and the V2.

To achieve an MVCR update, use cases have been suggested: 

  1. What was unfinished in v1.1. (update to v.1.2 ) 
  2. legal notice as an identity governance framework: a consent notice receipt and consent withdraw (v1.2)
    1. Life Cycle of a Consent Notice Receipt : creating an anchor notice receipt
    2. Delegation of liability and risk between stakeholders
    3. A notice and notification requirements doc for the V2
  3. Privacy as Expected: Active state UI  - 2FC (two factor notice for identity management permission grants)
  4. Binding: UMA Protocol in a Consent Notice Receipt

Unfinished in the Consent Receipt - V1.1 

  1. The consent receipt was written in conjunction with comments to ISO/IEC 29184 Online privacy notices and consent,  this standard providing online notice requirements for privacy and security techniques.  (this is now published July 6, 2020)
  2. The onbehalf field was used in multiple different contexts and reflected out of date UK Data Protection Act language.
    1. GDPR provided needed updates and requirements for consent record structure and specification: (see GDPR extension)
      1. Delegation of risk and liability between stakeholders,
  3. PaE: Privacy as Expected - A transparency risk UI conformance signalling for Notice. Presented as a public governance framework UI for purpose driven surveillance transparency for dynamic data governance
    1. notice receipt, for any legal justification :
    2. privacy agreement for consent by design
    3. contract notice receipt for every consent 

  • No labels