Skip to end of metadata
Go to start of metadata



Status of Minutes


Approved at: 2019-12-12 Meeting notes (CR) DRAFT




  • David Turner
  • Dorota Filpczuk
  • Sal D'Agostino
  • Tom Jones
  •  Colin Wallis

Quorum Status

Meeting was quorate

Voting participants

Participant Roster (2016) - Quorum is 5 of 8 as of 2017-08-24

Iain Henderson, Mary Hodder, Harri Honko, MarkLizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Rupert Graves

Discussion Items

4 mins
  • Roll call
  • Agenda bashing
1 min
  • Organization updates

Please review these blogs offline for current status on Kantara and all the DG/WG:

2 min
  • CIAM World Tour workshop
AllAny specific sessions about Consent Receipts and Consent Management?
5 minDiscuss 'sprint' process diagramAndrew

 Refresh on where we are in the cycle. What is left to do for v1.1?

September 14, should be at:

  • End of WG Contributions to Sprint 5
  • Waiting for Editor updates from Sprint 5

20 minDiscuss work backlog priorities for CR v1.1David

Github Issues:

10 minDraft of publication synopsis for new WGAndrew

The purpose of the Consent Management Solutions – Best Current Practices publication is to establish an open standard of good practice for the management of an individual’s consent to process their personal data in electronic systems.

The publication describes the practices used by leading organizations to manage the full lifecycle of an individual’s consent to process their personal data. The lifecycle stages include privacy notice, prompt for acceptance of terms, collection of consent, production and storage of consent receipt, and, management of the record of consent.

The practices and requirements derived from them described in the publication can be used as the basis for a conformity assessment scheme which may include product and services certification.

Proposed Table of Contents

  • Introduction
  • Scope
  • Notations and Abbreviations
  • Terms and Definitions
  • Best Current Practices – Consent management solutions
    • General
    • Regulations
    • Privacy Notice
    • Collection of consent
    • Management of consent records (creation, updates, expiry, change of scope)
    • Interoperability of consent records
Considerations (Non-Normative)


  • Discussion about practices around consent receipts v consent records v privacy notices
  • Must clarify the relationship between these things and the context with regulatory environment
  • Recommended to have an explicit record format for 'consent' - separate publication
  • Discussion about how changes or updates to notice/consent scopes will happen
  • v1.1 status
    • Two main areas plus smaller pieces
    • 1) Security Considerations
    • 2) NEW Data Controller contact information - #104
      • Concern that the mandatory requirements might be too restrictive
  • What about 'soft identity' - non-identifying attribute sets that is unlinkable to an individual like device fingerprint - 'soft consent'
  • AI: schedule a call for re-identifiability and di-identification

ISO 29184 contributions

  • Deadline for contributions and comments is September 15 to ISO - so the Kantara group needs to submit at least a week prior.