[WG-InfoSharing] Consent Receipt Summary Re: EU Proposal Submitted

Nat Sakimura sakimura at gmail.com
Wed Sep 3 23:26:03 CDT 2014


Is that something on "Personal Data Licensing" that the companies has to
accept before use?


2014-09-04 13:17 GMT+09:00 Doc Searls <dsearls at cyber.law.harvard.edu>:

> Customer Commons' need is for sharing with Harvard Law folks thinking
> about terms individuals can assert in online dealings with sites and
> companies. We'd like them to have something about consent receipt to chew
> on. Okay if I share both the long and the light bulb versions? And/or a
> link to something?
>
> Adding Joyce, who was in on our meeting at Harvard today.
>
> Doc
>
> On Sep 3, 2014, at 4:52 PM, Iain Henderson <iain.henderson at gmail.com>
> wrote:
>
> I'm basing the need for a very short version on a conversation I had on
> the subject with colleagues in corporate land. When I gave them the version
> about trust frameworks, transparency etc etc etc - I was met with a lot of
> blank looks.
>
> When I gave the short version, the light bulbs went on and the
> conversation quickly turned to 'that making sense'.
>
> As I have mentioned before, there is no technical barrier to organisations
> with a half decent web site or CRM system providing consent receipts. Many
> will want to do so, because it gets them around some compliance issues. The
> main barriers I see getting in the way, would be over-complicating the
> proposition in its early phase.
>
> Iain
>
>
> On 3 September 2014 19:15, Mark Lizar <mark at smartspecies.com> wrote:
>
>> Thats a short version for defining the consent receipt.  But, this is not
>> really what the consent receipt is about.  In this email to Doc, I went
>> with the purpose and reason for the consent receipt, rather than a simple
>> definition.
>>
>> The truth is there are many ways to describe the receipt depending on the
>> context and who the stakeholder is.
>>
>>
>>    - For organisations its a way to streamline trust services innovate
>>    customer service and save a lot of money.
>>    - For regulators its a co-regulatory tool that enables the
>>    marketplace to self regulate, like a receipt.
>>    - For people, its a way to see if organisations comply with
>>    transparency obligations of the data subjects jurisdiction and use control
>>    privacy with organisations independently. .
>>
>> But I do like your version.
>>
>> Mark,
>>
>> PS Another favourite version is:
>>
>> "A minimum viable consent receipt on the Internet is intended to serve
>> the same purpose as a receipt for a cash transaction. It will provide a
>> record of a transaction where notice of intent to process personal
>> information is provided and consent for personal data processing is
>> returned. Receiving a consent receipt immediately after a web transaction
>> provides an individual with an opportunity to confirm and challenge the
>> collection of their personal information. Similarly, the consent receipt
>> gives the data controller a clear signal as to what they can and cannot do
>> with that person's information. The consent receipt provides protection for
>> both sides against misunderstanding and can demonstrate compliance with
>> regulations in the jurisdiction in which it was issued.
>>
>> Key to the design of the MV consent receipt is its ability to be extended
>> to carry links trusted services directly to the data subject in a way that
>> is usable independently of the service provider."
>>
>>
>>
>> On 3 Sep 2014, at 17:21, Iain Henderson <iainhenderson at mac.com> wrote:
>>
>> Hi Mark, isn’t there an easier nutshell version than that? The one liner.
>>
>> *Consent receipt is built on the simple concept that if a person shares
>> their data with an entity, they get a digital receipt that, at it’s core,
>> sets out what was shared, when, by whom, with whom, for what purpose.*
>>
>> …. just like they get a receipt when they exchange value by buying
>> something - except the consent receipt is designed out of the box to be
>> digital.
>>
>> Lot’s of complexity packed in there obviously, but isn’t that the essence
>> of it?
>>
>> Cheers
>>
>> Iain
>>
>>
>> On 3 Sep 2014, at 14:22, Mark Lizar <mark at smartspecies.com> wrote:
>>
>>
>> Hi Doc,
>>
>> Apologies for the delay in returning your email.
>>
>> The consent receipt at its most simple incarnation is about creating some
>> systemic and open transparency for the individual around consent,
>> jurisdictional compliance for legal transparency obligations, and
>> simplifying the compliance for organisations so this transparency is
>> meaningful to everyone.
>>
>> As this issue, which Open Notice has advocated as “The Biggest Lie”, is
>> bigger than one champion, one company, even one government, the underlying
>> philosophy and aim of this work was (is) to collaborate and team up against
>> the large forces and market players that are undermining personal data
>> control.  We co-wrote a paper that we  submitted this to the W3C workshop
>> at Berkeley in 2012. called ‘Opening The Online Notice Infrastructure: A
>> Call For Collaboration’. This paper illustrates the position and purpose
>> for the effort.
>>
>> As a result of this paper we started an effort which evolved into the
>> consent receipt (at the Kantara Initiative) and it is very much intended to
>> facilitate collaboration amongst a competitive trusted services community.
>>  Creating a way to deliver trusted services directly, and independently, to
>> the person who provides consent.   As an open standards candidate the
>> consent receipt proposes a common format so that individual can use the
>> meta-data from a consent receipt to view consent on aggregate.
>>
>> The aim is for many service ratings, icons, contexts, trusted networks
>> and standards to be used to extend the consent receipt to address the many
>> use cases for complex consent, compliance and transparency
>> requirements across jurisdictions.
>>
>> As a result, a consent receipt becomes a tool of interoperability, where
>> multiple rating systems, trusted services infrastructure components, can be
>> put together (on a receipt) to provide greater value to all stakeholders.
>>  This proposed to achieve the goal of providing the basic infrastructure so
>> that the champions in this space can team up.  But most importantly, the
>> consent receipt proposes a way for people to not only have greater
>> transparency but also meaningful choices.
>>
>> The work over the last year has shown that their is a dynamic group of
>> privacy champions and data control entrepreneurs that are not specifically
>> represented in the market.  Some of the lessons that we have learned is
>> that their is a great opportunity for a trusted services community to be
>> formed in this space.  A community that can push adoption of a consent
>> receipt standard, lobby as a group and act in unison to open the way for a
>> trusted services market that scales the globe.
>>
>> In this regard, we are now looking to see if their is interest for
>> evolving Open Notice into a trusted services Cooperative (or industry
>> group) that will be responsible for creating an assessment for verifying
>> the legal compliance and utility of trusted services to organisations.
>>
>> If there is enough interested, I propose that we start a trusted services
>> thread that will initiate a members based organisation, an open source
>> dashboard for trusted services (which is apart of the EU proposal
>> recently submitted) and develop an international lobby that not only
>> represents trusted services, but fights to open and keep open the data
>> control infrastructure for privacy and data control.
>>
>> So, that is the consent receipt effort it in a nutshell!
>>
>> Kind Regards,
>>
>> Mark Lizar
>>
>> PS. In the past year we have attended a few workshops, had a couple of
>> hacking events, submitted many proposal and a few papers (linked below).
>>  Finally, we have something stable enough to present and share.
>>
>> CMU Consent & Choice Workshop, June 2014: "Usable Consent" -
>> https://www.cylab.cmu.edu/news_events/events/fopnac/pdfs/lizar.pdf
>> UbiComp Sept 2014 - "Usable Consents: Tracking and Managing Use of
>> Personal Data With a Consent Transaction Receipt” In process to be published
>> Future of Privacy Forum: Papers for Policy Makers - "Policy Paper:
>> Minimum Viable Consent Receipt” (was a draft)
>>
>> Kantara Initiative: Open Draft for the”  Minimum Viable Consent Receipt”
>> Policy Paper, anyone can comment and sign up to edit.
>>
>>
>> On 28 Aug 2014, at 17:38, Doc Searls <dsearls at cyber.law.harvard.edu>
>> wrote:
>>
>> For ProjectVRM and some other work going on (or possibly going on) around
>> Harvard and other places that care about this kind of stuff, it would be
>> good for me to have in my head (and in a bookmark or two) a
>> summary statement of what the consent receipt is about. If one of you can
>> provide that, it would be most cool.
>>
>> Thanks!
>>
>> Doc
>>
>> On Aug 28, 2014, at 12:01 PM, Mark Lizar <mark at smartspecies.com> wrote:
>>
>>
>> Hello All,
>>
>> Just to update everyone.  We have successfully put forward a proposal for
>> the consent receipt specification for EU scale implementation.  In this
>> proposal we have illustrated how the consent receipt would be used
>> to channel PETs and Trusted Services which include; reputations, ratings,
>> trusted networks, icons, assurance frameworks, standards and the like.
>> we hope that this will create, support and ignite a market explosion for
>> all the services and projects that champion privacy, trust, transparency
>> and personal data control that exist in and out of this Open Notice group.
>>
>> We have illustrated how many of the projects and services here can co
>> exist to increase transparency, trust, personal data value and the economic
>> performance of privacy for people.  With the intent upon funding to
>> support the transformation of this Open Notice effort into a properly
>> funding trusted services community and cooperative.   All comments on this
>> objective are welcome.
>>
>> Kind Regards,
>>
>> Mark
>> _______________________________________________
>> WG-InfoSharing mailing list
>> WG-InfoSharing at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing
>>
>>
>> _______________________________________________
>> WG-InfoSharing mailing list
>> WG-InfoSharing at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing
>>
>>
>> _______________________________________________
>> WG-InfoSharing mailing list
>> WG-InfoSharing at kantarainitiative.org
>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing
>>
>>
>> This email and any attachment contains information which is private and
>> confidential and is intended for the addressee only. If you are not an
>> addressee, you are not authorised to read, copy or use the e-mail or any
>> attachment. If you have received this e-mail in error, please notify the
>> sender by return e-mail and then destroy it.
>>
>>
>>
>
>
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20140904/a2893f56/attachment-0001.html>


More information about the WG-InfoSharing mailing list