[WG-InfoSharing] [WG-UMA] Minimum Viable Consent Receipt draft spec

Lionel Klee Lionel.Klee at dia.govt.nz
Mon Sep 1 16:34:53 CDT 2014


We're growing the citizens' personal information sharing ecosystem starting with authoritative data - which is generally held by government agencies, but we are anticipating the increasing importance of personal data stores.

However, an interim concern, at least locally, is whether the various providers of such personal data vaults can operate viably without marketing the information in some way to third parties. If initially there are only a few providers, then perhaps there will be greater security and privacy risks than if such personal information is spread across a variety of data stores.


From: wg-infosharing-bounces at kantarainitiative.org [mailto:wg-infosharing-bounces at kantarainitiative.org] On Behalf Of Mark Lizar
Sent: Saturday, 30 August 2014 1:13 a.m.
To: wg-infosharing at kantarainitiative.org
Subject: Re: [WG-InfoSharing] [WG-UMA] Minimum Viable Consent Receipt draft spec

Hi Lionel,
(FYI - I also sent to UMA, am getting my email issue sorted today)

in our latest thinking of architecture we think that people will have their own RP and use consent receipts to tell Service Providers to collect preferences, consent instructions and send data to a personal data store (RP).

Aiming for the open and distributed architecture of data stores rather than the Gov version of centralised data stores.

On 29 Aug 2014, at 03:16, Lionel Klee <Lionel.Klee at dia.govt.nz<mailto:Lionel.Klee at dia.govt.nz>> wrote:

Once we've done a bit more work on the changes that we are looking at we can share the resulting documentation and consider how this fits with initiatives such as the trust registry. I'd also like to contribute towards restarting the work in the other branch of WG-InfoSharing around the sharing label - in particular the user interface aspects around consent.

I think Joe is back next week from holiday and is up for moving on the information sharing label.    I am not sure what the consent specific parts of it are but this would be an interesting conversation.   In the MVCR we have a planned extension for 3rd party personal information sharing.   This extension could be used as an input into the Information sharing label.    As  organisations who share information often do this on a dynamic basis, this is a bit of a challenge.    We are also focusing on Sensitive Data Collection, and specific transparency obligations for different context based on sharing, sensitive data and jurisdiction of the data subject.

All of which can be very useful inputs or the information sharing label.

Have a great holiday!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20140901/fcc5d1f9/attachment.html>

More information about the WG-InfoSharing mailing list