[WG-InfoSharing] Removing Subject ID Field from receipt fields

Mark Lizar - OCG m.lizar at openconsentgroup.com
Fri Mar 11 08:19:11 CST 2016


Very good question. 

I am not quite sure myself actually.  (please clarify)  In reviewing the Kantara beta implementation of  the consent receipt https://kantarainitiative.org/beta-signup/ <https://kantarainitiative.org/beta-signup/>  the “id of the natural person”  was rendered on to the screen. 

 What I am suggesting is that this should not be a specific field in the receipt, but that this should be a part of the data payload which could include data collected about the user or provided by the user and that this would be stuffed in JWT .  Logically separating the data about the receipt itself i.e. data controller, jurisdiction, timestamp, purpose, etc, (non PII data) from the PII collected in a web form and ensuring that the data collected is not rendered visible on the website.  (or anywhere else)  except for the user or the organisation. 

In the Kantara Implementation,  this would/could include field names and the data:

***
- First Name
- Last Name
- Email Address
- Company/Affiliation
- Telephone

I agree I have the authority (Y/N)

Participatory Status
Non-voting/Voting

I agree to a IPR policy
****

I know that Oliver believes that the form and the data submitted to the form is separate from the receipt. 

- Mark



> On 11 Mar 2016, at 12:41, Justin Richer <jricher at mit.edu <mailto:jricher at mit.edu>> wrote:
> 
> I don't understand what you mean by something being "in the payload" but not "in the receipt", since technologically speaking the payload *is* the receipt. What does the data structure you're envisioning look like?
> 
>  -- Justin
> 
> On 3/10/2016 7:53 PM, Mark Lizar - OCG wrote:
>> 
>> Hello CISWG, 
>> 
>> I have added a new issue to Github for discussion.  Another one of those long outstanding issues about how to present and transfer PII in the receipt.  This is relative to the specification review of the table fields.  
>> 
>> The issue #23 <https://github.com/KantaraInitiative/CISWG/issues/23> is a suggestion to remove the subject id field from the consent receipt field so that the consent receipt fields don't contain PII, but, instead, attached is the receipt payload with all of the data entered by the consent grantee.
>> The benefit would be that the receipt fields themselves don't contain PII, thus are less sensitive themselves, with the PII entered into  the receipt delivered in the receipt payload. The payload of PII data would be provisioned to the consent grantee, but not displayed on the website, via the consent receipt as to protect privacy and be privacy by design.
>> 
>> All thoughts welcome, especially on how to specify this in the specification (if it should be specified). 
>> 
>> Best, 
>> 
>> Mark 
>> 
>> 
>> _______________________________________________
>> WG-InfoSharing mailing list
>> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
>> http://kantarainitiative.org/mailman/listinfo/wg-infosharing <http://kantarainitiative.org/mailman/listinfo/wg-infosharing>
> 
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org <mailto:WG-InfoSharing at kantarainitiative.org>
> http://kantarainitiative.org/mailman/listinfo/wg-infosharing

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20160311/f8966d23/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3591 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20160311/f8966d23/attachment-0001.p7s>


More information about the WG-InfoSharing mailing list