[WG-InfoSharing] Privacy is not 'Agreement' & Consent is not 'Permission' - A Call for Identity Industry Privacy Best Practice

Info@SS info at smartspecies.com
Thu Mar 28 09:33:06 UTC 2019


Dear CISWG,  (sending from old account as openconsent emails are blocked) 

It’s been a bit quite in this work group, I think in part this because a tension has grown between efforts working on contact, and those working on consent.  The topics around this tension are not becoming popular and being discussed in the IEEE WG and VRM.  

Its clear now that there is a big fat gap in identity management when it comes to privacy best practices.  After almost a decade of consent advocacy in the Identity Management industry, it is also clear that the identerati have a hard time distinguishing consent from permission and privacy from agreement.  Which is not a surprise because from IdM centric perspective they look the same. 

One effort which has done a great job at distinguishing the two is the FIHR project and the creation of consent directives <http://wiki.hl7.org/index.php?title=FHIR_Consent_Directive_Implementation_Guide> which is a privacy based contract approach. 

Ultimately,  Privacy is not Agreement and consent is not permission.   Even though they look a like from an IdM perspective. 

A key difference is that privacy is based on rights and these laws are related to (define) the state of governance or the relationship state.  Agreements are contract based items that are used to maintain a state.  

This state has often been referred to as the social contract and the community bargain. 

The two, privacy and agreement can be combined, but, contact doesn’t replace privacy, and contacts that ignore privacy are found as click bait online.  Eg. - click this to agree to privacy.  This is fake privacy, and ultimately this is the problem that I was working on that led me to bring the consent receipt work to this WG. 

This is why as of next week, we (OpenConsent) are starting to make privacy profiles for identity systems, IoT/CCTV/Smart City, and most importantly surveillance and security.    If anyone is interested in trying out a privacy profile please get in touch. 

Apart of this effort to create privacy profiles, is to support/instigate an effort to generate an Identity Management Industry code of practice, to which privacy can have some default settings.  (Like Blinding Identity) I would like to be apart of such an effort to address the benign evil in this technology.   Is this something people would be interested in creating in this WG?   Is this something we should start here? 

Kind Regards, 

Mark Lizar
CEO - OpenConsent.com <https://openconsent.com/>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190328/46609e4e/attachment-0001.html>


More information about the WG-InfoSharing mailing list