[WG-InfoSharing] WG-InfoSharing Digest, Vol 105, Issue 3

David Turner david.turner at voltagegate.com
Mon Aug 6 17:41:52 UTC 2018


I believe Mark's description is a useful way to position CRs, and a means
to address the common concerns now being raised by multiple jurisdictions.

When we started working on the specification we called it the  Minimum
> Viable Consent Receipt MVCR, which was mapped to ISO terms and definitions
> required to make a consent record.   With the idea that we can then map any
> set of laws to the CR.  The theory being that this is how to make a
> specification for an internationally interoperable specification.


This issue is very similar to the debate many years ago about standardizing
the structure of invoices. Most invoices have a standard set of elements
(customer data, invoice total, payment terms, etc.) even while there will
endless debates about what goes IN the payment terms field (can you say
"consent termination"). The fact that two data structures can both be
identified as invoices has value in itself. However, the body of the
invoice from a lawyer will NEVER be the same as one from an auto parts
supplier. So the need for domain-specific invoice structures is now well
understood and accepted. Our situation is probably more similar to the
differences between an invoice from an accountant and a lawyer.




On Sat, Aug 4, 2018 at 12:28 PM, Mark Lizar <mark at openconsent.com> wrote:

> Hi Tom,,
>
> This is a great comment - am actually thinking about the same topic.
>
> When we started working on the specification we called it the  Minimum
> Viable Consent Receipt MVCR, which was mapped to ISO terms and definitions
> required to make a consent record.   With the idea that we can then map any
> set of laws to the CR.  The theory being that this is how to make a
> specification for an internationally interoperable specification.
>
> After that version of the specification stumbled a bit, CISWG (the royal
> we here) decided to simplify and change from the MVCR, to Consent Receipt.
>      Since then, the GDPR was announced and now CCPA.
>
> The MVCR would then be the use of the receipt to create an extension for
> CCPA and GDPR and then these two jurisdictions would have the ability to
> provide  interoperable consent receipts.
>
> - Mark
>
>
> On 4 Aug 2018, at 19:55, Tom Jones <thomasclinganjones at gmail.com> wrote:
>
> While I support Mark's request for alignment with GDPR, I would also
> support alignment with the California regulation, in part because I am
> interested in improving that regulation as it roles out in other
> jurisdictions. As important as the EU might be, I suspect their efforts to
> export those to other parts of the world will fail.
>
> N.b. the problem with pii as a term is that it is not descriptive of the
> problem as understood today. In fact there are NO personal attributes that
> are not pii, so it's misleading at best. What I really need to understand
> is what user information needs user consent to share. I suspect there will
> never be agreements with the European countries on that.
>
> thx ..Tom (mobile)
>
> On Sat, Aug 4, 2018, 5:00 AM <wg-infosharing-request at kantarainitiative.org>
> wrote:
>
>> Send WG-InfoSharing mailing list submissions to
>>         wg-infosharing at kantarainitiative.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>         https://kantarainitiative.org/mailman/listinfo/wg-infosharing
>> or, via email, send a message with subject or body 'help' to
>>         wg-infosharing-request at kantarainitiative.org
>>
>> You can reach the person managing the list at
>>         wg-infosharing-owner at kantarainitiative.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of WG-InfoSharing digest..."
>>
>>
>> Today's Topics:
>>
>>    1. Critical CR and CISWG Issue and Solution (Mark Lizar)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Fri, 3 Aug 2018 14:10:24 +0100
>> From: Mark Lizar <mark at openconsent.com>
>> To: "wg-infosharing at kantarainitiative.org"
>>         <wg-infosharing at kantarainitiative.org>
>> Subject: [WG-InfoSharing] Critical CR and CISWG Issue and Solution
>> Message-ID: <60173568-227D-4FF4-9B9E-AF3FE829C9B2 at openconsent.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> HI CISWG,
>>
>>
>> It has increasingly come to my attention, that the Consent Receipt work
>> is coming under attack.    People in  and out of our community have been
>> talking about how operationally unsuitable the consetn receipt
>> specification is, and as we have not produce a lot documentation about why
>> it was built this way.  This is understandable.
>>
>> In addition, we have not provided the GDPR update, for the CR. Which I
>> believe would go a long way towards explaining the CR for us.
>>
>>  For example statements like this:
>>
>> "The Consent Receipt uses obsolete technical terms like "Personally
>> Identifiable Information (PII)" rather than the more generic term from the
>> GDPR of Personal Information <http://tcwiki.azurewebsites.
>> net/index.php?title=Personal_Information&action=edit&redlink=1> or the
>> more descriptive of what we should control Personal Private Information <
>> http://tcwiki.azurewebsites.net/index.php?title=Personal_
>> Private_Information&action=edit&redlink=1>, although with the Right to
>> be Forgotten <http://tcwiki.azurewebsites.net/index.php?title=Right_to_
>> be_Forgotten&action=edit&redlink=1> there may no distinction between
>> those two terms in the EU.?
>>
>>
>> Statements like these are understandable but mis-informed,because;
>>
>> 1. The consent receipt uses international lexicon not a jurisdictional
>> lexicon that is only relevant in a jurisdiction, this is for
>> A) international use. - all the systems in the world dont use GDPR, and
>> GDPR with all its greatness has many flaws - for example it is focus on
>> Data Protection not so much Privacy.  Something this WG is very aware of.
>>
>> B) It references on OECD and FIPS  and terms like PII - so that the
>> receipt spec will be backwards compatible - with the existing global
>> infratructure, not one that is emerging over the next 5 years and only
>> enforced in 28 countries.
>>
>> Ether way, I think its really important to get a GDPR Extension for our
>> CR together and into the WG, and out for the community of CR adopters that
>> support this work, before My Data.
>>
>> To this end,
>>
>> 1. would there be any objections for a CISWG funding application to the
>> Kantara Board of Directors for an Editor and funds to cover the costs the
>> initial authoring the a CR v1.1 GDPR spec extension and its contribution to
>> this WG?
>>
>> 2. Are there any supporters for this action to happen asap?
>>
>> Best Regards,
>>
>>
>> Mark Lizar | Open Consent | 22 Wenlock Rd, London|  N1 7GU
>> P +44 (0) 208 123-2476 | E mark at openconsent.com
>> | Twitter @smartopian | Web https://www.openconsent.com |
>>
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <http://kantarainitiative.org/pipermail/wg-infosharing/
>> attachments/20180803/de395488/attachment-0001.html>
>>
>> ------------------------------
>>
>> Subject: Digest Footer
>>
>> _______________________________________________
>> WG-InfoSharing mailing list
>> WG-InfoSharing at kantarainitiative.org
>> https://kantarainitiative.org/mailman/listinfo/wg-infosharing
>>
>>
>> ------------------------------
>>
>> End of WG-InfoSharing Digest, Vol 105, Issue 3
>> **********************************************
>>
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> https://kantarainitiative.org/mailman/listinfo/wg-infosharing
>
>
>
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> https://kantarainitiative.org/mailman/listinfo/wg-infosharing
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20180806/d3f08a52/attachment-0001.html>


More information about the WG-InfoSharing mailing list