Consent Management Solutions WG (Consent Management WG)
Consent Management Solutions are used to manage the full lifecycle of an individual’s consent for the processing of their personal data. That consent needs to be: freely given, specific, informed and unambiguous.
The purpose of the Consent Management Solutions WG is to produce a series of Recommendations and Technical Specifications. The Consent Management Solutions WG will gather best current practices from organizations that have implemented consent management solutions; to gather requirements from jurisdictional regulations related to consent management; to develop consensus requirements based on the best current practices to enable businesses to implement best practice, and to support the establishment of a Kantara conformity assessment scheme leading towards supplier declaration or certification against the requirements.
Due to impending deadlines for GDPR, PSD2 and other existing regulations in multiple jurisdictions, there is a market need for guidance and possibly product/service certification for compliant consent management solutions.
The initial scope of the WG is:
to collect documented current practices for management of privacy notice and
consent from many sources;
to collect requirements from regulations in many jurisdictions;
• to publish a Kantara Recommendation “Consent Management Solutions – Best Current Practices” which is to contain consensus best current practices as derived from the sources;
Once the initial scope is complete, additional publications will be scoped for production.
None planned in initial scope of the WG.
“Consent Management Solutions – Best Current Practices” anticipated ready for Ballot four months after WG launch.
Chair: Corné van Rooij, iWelcome
Vice-Chair: Jim Pasquale, digi.me
Secretary: Andrew Hughes, ITIM Consulting
Anticipated audience or users of the work.
• Organizations that collect personal information using individual consent for processing
Identity providers and credential providers; Customer Information and Access Management (CIAM) providers
Organizations in the ConsentTech, myData, “Internet of Me” spaces
Privacy and Information Commissioners, Regulators
Consent Management platform providers
The WG will operate long enough to publish v1.0 and v1.1 of the Best Current Practices publication; no less than 12 months.
Once additional publications are identified, the WG participants may choose to extend the WG duration.
The Organization approved Intellectual Property Rights Policy under which the WG will operate.
Kantara Initiative IPR Policy - Option Non-Assertion Covenant
Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.
Kantara Consent & Information Sharing WG
Consent Receipt Specification v1.0 and v1.1
(Draft) How to specify Purpose and Purpose Categories
Kantara UMA WG
UMA 2.0 Grant for OAuth 2.0 Authorization
Federated Authorization for UMA 2.0
IEC/ISO SC 27 WG 5 “Identity management and privacy technologies”
ISO/IEC 29100 “Privacy framework"
ISO/IEC AWI 29184 “Guidelines for online privacy notices and consent” (draft)
General Data Protection Regulation
Article 29 Working Party: Guidance
Office of the UK Information Commissioner: Guidance
Office of the Privacy Commissioner of Canada: Guidance
Internal Report 8112: Attribute Metadata
A list of contributions that the proposers anticipate will be made to the WG.
Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members.
Corné van Rooij, iWelcome, firstname.lastname@example.org
Julian Ranger, digi.me, email@example.com
Andrew Hughes, Individual, AndrewHughes3000@gmail.com