[WG-InfoSharing] Consent Receipt Summary Re: EU Proposal Submitted

Iain Henderson iainhenderson at mac.com
Wed Sep 3 11:21:54 CDT 2014


Hi Mark, isn’t there an easier nutshell version than that? The one liner.

Consent receipt is built on the simple concept that if a person shares their data with an entity, they get a digital receipt that, at it’s core, sets out what was shared, when, by whom, with whom, for what purpose.

…. just like they get a receipt when they exchange value by buying something - except the consent receipt is designed out of the box to be digital.

Lot’s of complexity packed in there obviously, but isn’t that the essence of it?

Cheers

Iain


On 3 Sep 2014, at 14:22, Mark Lizar <mark at smartspecies.com> wrote:

> 
> Hi Doc, 
> 
> Apologies for the delay in returning your email.   
> 
> The consent receipt at its most simple incarnation is about creating some systemic and open transparency for the individual around consent, jurisdictional compliance for legal transparency obligations, and simplifying the compliance for organisations so this transparency is meaningful to everyone. 
> 
> As this issue, which Open Notice has advocated as “The Biggest Lie”, is bigger than one champion, one company, even one government, the underlying philosophy and aim of this work was (is) to collaborate and team up against the large forces and market players that are undermining personal data control.  We co-wrote a paper that we  submitted this to the W3C workshop at Berkeley in 2012. called ‘Opening The Online Notice Infrastructure: A Call For Collaboration’. This paper illustrates the position and purpose for the effort.   
> 
> As a result of this paper we started an effort which evolved into the consent receipt (at the Kantara Initiative) and it is very much intended to facilitate collaboration amongst a competitive trusted services community.  Creating a way to deliver trusted services directly, and independently, to the person who provides consent.   As an open standards candidate the consent receipt proposes a common format so that individual can use the meta-data from a consent receipt to view consent on aggregate.   
> 
> The aim is for many service ratings, icons, contexts, trusted networks and standards to be used to extend the consent receipt to address the many use cases for complex consent, compliance and transparency requirements across jurisdictions.   
> 
> As a result, a consent receipt becomes a tool of interoperability, where multiple rating systems, trusted services infrastructure components, can be put together (on a receipt) to provide greater value to all stakeholders.  This proposed to achieve the goal of providing the basic infrastructure so that the champions in this space can team up.  But most importantly, the consent receipt proposes a way for people to not only have greater transparency but also meaningful choices. 
> 
> The work over the last year has shown that their is a dynamic group of privacy champions and data control entrepreneurs that are not specifically represented in the market.  Some of the lessons that we have learned is that their is a great opportunity for a trusted services community to be formed in this space.  A community that can push adoption of a consent receipt standard, lobby as a group and act in unison to open the way for a trusted services market that scales the globe. 
> 
> In this regard, we are now looking to see if their is interest for evolving Open Notice into a trusted services Cooperative (or industry group) that will be responsible for creating an assessment for verifying the legal compliance and utility of trusted services to organisations. 
> 
> If there is enough interested, I propose that we start a trusted services thread that will initiate a members based organisation, an open source dashboard for trusted services (which is apart of the EU proposal recently submitted) and develop an international lobby that not only represents trusted services, but fights to open and keep open the data control infrastructure for privacy and data control. 
> 
> So, that is the consent receipt effort it in a nutshell! 
> 
> Kind Regards, 
> 
> Mark Lizar
> 
> PS. In the past year we have attended a few workshops, had a couple of hacking events, submitted many proposal and a few papers (linked below).  Finally, we have something stable enough to present and share. 
> 
> CMU Consent & Choice Workshop, June 2014: "Usable Consent" -  https://www.cylab.cmu.edu/news_events/events/fopnac/pdfs/lizar.pdf
> UbiComp Sept 2014 - "Usable Consents: Tracking and Managing Use of Personal Data With a Consent Transaction Receipt” In process to be published
> Future of Privacy Forum: Papers for Policy Makers - "Policy Paper: Minimum Viable Consent Receipt” (was a draft)
> 
> Kantara Initiative: Open Draft for the”  Minimum Viable Consent Receipt” Policy Paper, anyone can comment and sign up to edit. 
> 
> 
> On 28 Aug 2014, at 17:38, Doc Searls <dsearls at cyber.law.harvard.edu> wrote:
> 
>> For ProjectVRM and some other work going on (or possibly going on) around Harvard and other places that care about this kind of stuff, it would be good for me to have in my head (and in a bookmark or two) a summary statement of what the consent receipt is about. If one of you can provide that, it would be most cool.
>> 
>> Thanks!
>> 
>> Doc
>> 
>> On Aug 28, 2014, at 12:01 PM, Mark Lizar <mark at smartspecies.com> wrote:
>> 
>>> 
>>> Hello All, 
>>> 
>>> Just to update everyone.  We have successfully put forward a proposal for the consent receipt specification for EU scale implementation.  In this proposal we have illustrated how the consent receipt would be used to channel PETs and Trusted Services which include; reputations, ratings, trusted networks, icons, assurance frameworks, standards and the like.  
>>> we hope that this will create, support and ignite a market explosion for all the services and projects that champion privacy, trust, transparency and personal data control that exist in and out of this Open Notice group. 
>>> 
>>> We have illustrated how many of the projects and services here can co exist to increase transparency, trust, personal data value and the economic performance of privacy for people.  With the intent upon funding to support the transformation of this Open Notice effort into a properly funding trusted services community and cooperative.   All comments on this objective are welcome. 
>>> 
>>> Kind Regards, 
>>> 
>>> Mark 
>>> _______________________________________________
>>> WG-InfoSharing mailing list
>>> WG-InfoSharing at kantarainitiative.org
>>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing
>> 
>> _______________________________________________
>> WG-InfoSharing mailing list
>> WG-InfoSharing at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing
> 
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing

This email and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorised to read, copy or use the e-mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20140903/e9fdd855/attachment.html>


More information about the WG-InfoSharing mailing list