Date

2018-07-26

Status of Minutes

DRAFT

Approved at: <<Insert link to minutes showing approval>>

Attendees

Voting

Non-Voting

Regrets



Quorum Status


Meeting was <<>> quorate


Voting participants


Participant Roster (2016) - Quorum is 5 of 9 as of 2018-07-12

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Oscar Santolalla, Richard Gomer

Discussion Items

Time

Item

Who

Notes

4 mins
  • Roll call
  • Agenda bashing
  • Dev Team status
  • Sequence diagram and roles status
  • Storyboard status
  • Stage narrative status
  • Team issues and show stoppers
5 min
  • Organization updates
All

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

Planning a Member Plenary meeting October 26-ish San Francisco (Friday after IIW)

  • Are there specific cross-group items you'd like to propose to work on?
40 minInteroperable Consent Receipt demo at MyData ConferenceAll

1) Dev team status

Google drive folder for export/import of consent receipts

  • digi.me
    • n/a
  • Consentua
    • Developers have promised CR output Week of August 6-10 - we will be looking for the output in the shared google folder (smile)
  • Ubisecure
    • n/a
  • OpenConsent
    • Viewer has been started - looking to get receipts from others
    • Target is August 15 to be able to display CRs
    • Open call to suggest features for OC to include - provide them this week if possible
  • Trunomi
    • currently in their 2-week dev sprint - target completion week of August 6-10
  • clym
    • n/a
  • Telus
    • Resource and scheduling estimates for creating an external CR for an existing app



2) Sequence diagram and roles status

  • Any questions?
  • No other comments



3) Storyboard status

  • OpenConsent is looking at how to make a pseudonymous CR repo available (but not for this demo project)
  • Classification Of Everyday Living (COEL) Specification (OASIS) - incudes references to the CR Spec. Allows for standardized encoding of personal 'events' in a person's life - including consents. In this instance, this means that there is a centralized-architecture repository that could be used to store consents. Right now it is for 'research purposes' - Joss is looking into how to make this available for 'commercial purposes'.
  • No other comments



4) Stage narrative status

  • Starting work on this now



5) Team Issues and showstoppers discussion

  • No issues reported

AOB
  • Q: in the spec, Services is described as a 'business service'. But these days, companies are describing this as a 'category of business purposes'.
    • A: 'Service' is the name and description of the service - an unspecified field - mainly for humans
    • A: 'Purpose category' is to describe the business service purposes
    • A: If there is a Service with the same Purposes and the same Data as anonther Service, then they are indistinguishable.
  • Q: How are we envisioning asking the 'do you consent to this' question?
    • A: The Notice part of the flows have not been worked out yet in this group, deliberately.
  • Q: Have we decided on what format/location/interface will be recommended for the 'exported' CRs?
    • A: Right now, it's files in the Downloads folder (or a user-selected folder) - the 'real' discussion about this will be deferred until after the demo in August.
  • Q: How does COEL spec relate to the IETF secevent RFC?
  • mydata session - Joss
    • OneTrust, Nixu, JLINC, Kantara
    • Andrew asked for 20 minutes for the demo
    • Joss suggests that the Kantara demo goes last then transitions to Q&A for all
    • Q: Are there special provisions needed on the mydata web site to help people interact with the demo?
    • Need to focus the mydata demo presentation to trigger 'delivery' and action instead of 'interest'


  • Colin - UK ICO grant funding proposal call is open now - Ubisecure, AdUnity interested in this
    • Colin was on the bidders call earlier this week
    • https://ico.org.uk/about-the-ico/what-we-do/grants-programme-2018/

      I (Andrew) quickly reviewed the Grant info linked above, and I think there might be a fit.

      The possible research topic and solution might be:
      - purposes categories and examples for one or more industry verticals
      - use of consent receipts to inform data subjects of their ongoing rights
      - surveys of opinions of use of consent as a justification for data processing
      - research into standardization of consent management (including market surveys to document current practices)

      Submission deadline is August 17.


Next meeting

2018-08-02 same time, same number

GOAL IS TO HAVE ALL DEMO PARTICIPANTS JOIN THE CALL TO WORK OUT ANY MAJOR ISSUES

 

From 2018-07-26 call:

From 2018-07-12 call:

1) Story board discussion - Richard

https://gist.github.com/RichardGomer/14fccfb4c590d6b1285422215cd6e3b5

From 2018-07-12 call:

Andrew walked through the sequence diagram.

Receipt Reader

 A receipt reader is an application that parses (reads) consent receipts automatically. A reader only handles consent receipts in it's machine readable format  and is a component of some automatic process. 

Receipt Viewer

A receipt viewer is an application that a human uses to interpret the contents of a consent receipt. An application can only be considered a receipt viewer if it presents receipt data in a human readable form.

Receipt Dashboard

A receipt dashboard is an app used by humans to store and manage consent receipts. A user can use their dashboard to perform batch operations on multiple receipts at a time.

 ACTION: All to comment on these starter definitions, on list (note that the text above has already been edited)

From 2018-06-28

From 2018-06-21 call:

From 2018-06-14 call: