[WG-InfoSharing] [WG-Consent-Management] News from EIC Munich - Data receipt demo sessions

Jim Pasquale jim at digi.me
Thu May 16 11:54:42 UTC 2019


Yes everyone this is exactly what we are proposing as the basis of v 2. something. Our belief is the CSM group needs to define and flesh out these general types of receipts for mobility i.e. no vender lock-in, more freedom of choice to move what Andrew calls the shoebox of receipts across privacy control panel. In other words the “DEMO” he just did.

Exciting times to really have an impact around the individual.

On May 16, 2019, at 3:25 AM, Andrew Hughes <andrewhughes3000 at gmail.com<mailto:andrewhughes3000 at gmail.com>> wrote:

Thanks everyone

Iain: Yes. No. Maybe.  ;-)

What I'm proposing right now is that the current and evolved Consent Receipt is actually a specialization of a more generalized data receipt. The generalized data receipt does not exist and I believe that's where we need to move towards for v2. Conceptually, anyone should be able to pick up that general data receipt specification and 'specialize' or 'profile' it to meet the requirements of their situation. Two of the key specializations are "GDPR-Consent" and maybe something like "CCPA-Consumer Protection" - same core fields, similar data dictionary, specialized fields and values based on specific regulation.

I'd like v2 to retain requirements traceability properties - that's critical if we want the specification to have smooth intake to international standards bodies. This will look like a 'use case gathering' phase; a requirements derivation phase; a 'features' prioritization phase; and a specification writing phase.

We have been encouraging people to think about and contribute use cases into the pool so that we have a good set or sources to feed into the overall process.

One possible process way to retain the 'consent' receipt and also build the 'general' receipt spec is to categorize the requested 'features' into 'functional requirements' requests and 'non-functional requirements' requests. That way we can incorporate improvements into the v1.1 spec and also use the new requirements to flesh out the general data receipt.

I makes sense to me - but I'm pretty badly jetlagged at the moment :-)

andrew.

Andrew Hughes CISM CISSP
In Turn Information Management Consulting

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road, Victoria, BC V8P 2H8
AndrewHughes3000 at gmail.com<mailto:AndrewHughes3000 at gmail.com>
https://www.linkedin.com/in/andrew-hughes-682058a<https://www.linkedin.com/in/andrew-hughes-682058a>
Digital Identity | International Standards | Information Security


On Thu, May 16, 2019 at 8:36 AM Iain Henderson <iainhenderson at mac.com<mailto:iainhenderson at mac.com>> wrote:
Thanks Andrew, that all looks very positive.

So can I assume that for v 2 that we are making the leap to a more generalised data receipt as the deliverable rather than one that focuses on where consent is the basis for processing?

Iain

On 15 May 2019, at 17:13, Andrew Hughes <andrewhughes3000 at gmail.com<mailto:andrewhughes3000 at gmail.com>> wrote:

The slide deck that we presented around the demo is now on Slideshare:
https://www.slideshare.net/AndrewHughes6/kantara-privacy-control-panel-demonstration-2019-0515<https://www.slideshare.net/AndrewHughes6/kantara-privacy-control-panel-demonstration-2019-0515>

Very strong positive reaction to the demo and core data receipt concept! The audiences were engaged and we got them thinking about how the concept could be applied in their situations. We expect several new WG participants over the next few weeks.

The main goal for the demo was to inspire and inform the audience about the idea of personal receipts for data-related interactions. We were successful.

We showed a few variations of the Privacy Control Panel and receipts to make the point that implementations can be case-specific and designed to suit.

Consentua's Richard Gomer built a Chrome extension that captured any 'consent' action performed on any consentua.com<http://consentua.com/> page; and posts the Kantara receipt to the API that Keith Uber of Ubisecure; and updates a counter on the browser icon. I wrote some scripts to query and fetch from the API to show the audience some of the inner workings.

Asya Ivanova and Katherine Noall of Sphere Identity showed the consent receipt functionality of their system's mobile app.

We showed Transmute Industry's video showing how consent receipts work in their app (thanks Margo Johnson for making that).

We showed the digi.me<http://digi.me/> receipt file loader web page (built by Pas, Tarik and the team) and the digi.me<http://digi.me/> consent access certificate dashboard screens to show another display and management mode.

Mark Lizar talked about some of the future possibilities that might come out of this work.

'Kantara Consent/Data Receipts' were mentioned unprompted by a bunch of keynote speakers - which was very satisfying.

On next week's call we'll run through some of the demo material.

Thank you everyone for encouraging your product teams to make the changes needed to make this demo possible. (We need a bit more effort to prep for the Identiverse demo in a few weeks)

andrew.


Andrew Hughes CISM CISSP
In Turn Information Management Consulting

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road, Victoria, BC V8P 2H8
AndrewHughes3000 at gmail.com<mailto:AndrewHughes3000 at gmail.com>
https://www.linkedin.com/in/andrew-hughes-682058a<https://www.linkedin.com/in/andrew-hughes-682058a>
Digital Identity | International Standards | Information Security

_______________________________________________
WG-InfoSharing mailing list
WG-InfoSharing at kantarainitiative.org<mailto:WG-InfoSharing at kantarainitiative.org>
https://kantarainitiative.org/mailman/listinfo/wg-infosharing<https://kantarainitiative.org/mailman/listinfo/wg-infosharing>

_______________________________________________
WG-Consent-Management mailing list
WG-Consent-Management at kantarainitiative.org<mailto:WG-Consent-Management at kantarainitiative.org>
https://kantarainitiative.org/mailman/listinfo/wg-consent-management

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful. If you have received this email in error, please delete it and advise the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190516/305caf0b/attachment-0001.html>


More information about the WG-InfoSharing mailing list