Status of Minutes


Approved at: 2019-12-12 Meeting notes (CR) DRAFT





Quorum Status

Meeting was <<>> quorate

Voting participants

Participant Roster (2016) - Quorum is 5 of 9 as of 2018-07-12

Iain Henderson, Mary Hodder, Harri Honko, Mark Lizar, Jim Pasquale, John Wunderlich, Andrew Hughes, Oscar Santolalla, Richard Gomer

Discussion Items





4 mins
  • Roll call
  • Agenda bashing
  • Dev Team status
  • Sequence diagram and roles status
  • Storyboard status
  • Stage narrative status
  • Team issues and show stoppers
5 min
  • Organization updates

Please review these blogs offline for current status on Kantara and all the DG/WG:

There is a new wiki page that will hold all the known implementations of Consent Receipts - Please update the page or inform Andrew of your implementation.

Planning a Member Plenary meeting October 26-ish San Francisco (Friday after IIW)

  • Are there specific cross-group items you'd like to propose to work on?
40 minInteroperable Consent Receipt demo at MyData ConferenceAll

1) Dev team status

Google drive folder for export/import of consent receipts

    • Code to export is complete, not exposed in the UI yet
  • Consentua
    • Not present
  • Ubisecure
    • CR generation in prototype now - sample file uploaded
    • Should have demo account set up by August 13 week
  • OpenConsent
    • Progress
    • Writing a mini-spec to map CR field names to a set of GDPR terms
  • Trunomi
    • Not present
  • clym
    • Not present

2) Sequence diagram and roles status

  • Any questions?

3) Storyboard status

4) Stage narrative status

  • Andrew has not started - aiming for end of next week

5) Team Issues and showstoppers discussion

OpenConsent raised an issue:

The result is that there is no PII. Controller name in a receipt produced spec an viewed in the viewer.

From OC -viewer conformance input - The spec does not clearly differentiate between child objects (or values) and their parents. Thus the spec defines piiController as an array. What it then does is list a number of other fields WITHOUT indicating that they are a grouped object that is what is in the array.
From what I can tell 4.4.2 (line 319) refers to an array, this array is comprised of objects (i.e. more than one field) which is made of 4.4.3 - 4.4.9 (lines 323 to 358).
However in the spec there are simply a long list of fields with no indication as to which are children of others. 4.4.10 (line 359) for example, has no indication as to whether it is a part of the piiController object (4.4.3 - 4.4.9) or is a sibling of piiControllers (4.4.2)

piiController - should an array of piiController objects - and this should be explicity stated in the spec

piiController should not be a string, neither should service or purpose - these fields should also be reviewed to be an object .. Might also have a name field (or description field in the object that is a string.

  • Call notes on the issue:
    • The Page 16 content is a JSON Schema, not an example
    • The issue is resolved - no changes required to the spec
    • An example JSON file would be helpful, especially if there are joint controllers

  • Colin - UK ICO grant funding proposal call is open now - AdUnity, OpenConsent interested in this
    • Colin was on the bidders call earlier this week

      I (Andrew) quickly reviewed the Grant info linked above, and I think there might be a fit.

      The possible research topic and solution might be:
      - purposes categories and examples for one or more industry verticals
      - use of consent receipts to inform data subjects of their ongoing rights
      - surveys of opinions of use of consent as a justification for data processing
      - research into standardization of consent management (including market surveys to document current practices)

      Submission deadline is August 17.

Next meeting

2018-08-16 same time, same number



From 2018-08-02 call:

From 2018-07-26 call:


From 2018-07-19 call: