[WG-InfoSharing] Reminder: CIS WG Consent Receipt Call

James Aschberger james at onethingless.com
Fri May 31 06:08:56 UTC 2019

Dear Andrew,


Can you please elaborate via email or on the next call a bit more on the regulator feedback you have received, especially how they imagine the incentives part by offering a break from other rules? 


As discussed at the EIC based our one year pilot phase experience with One.Thing.Less, essentially all companies we interacted with did only see more risk and little upside to providing individuals with confirmations/receipts. Hence, orchestrating and calibrating the right incentives is critical from our point of view.





From: WG-InfoSharing <wg-infosharing-bounces at kantarainitiative.org> on behalf of Andrew Hughes <andrewhughes3000 at gmail.com>
Date: Thursday, 30 May 2019 at 15:52
To: Iain Henderson <iainhenderson at mac.com>
Cc: Kate Downing <kdowning2002 at gmail.com>, Margo johnson <margo at transmute.industries>, Karyl Fowler <karyl at transmute.industries>, Information Sharing Work Group <wg-infosharing at kantarainitiative.org>
Subject: Re: [WG-InfoSharing] Reminder: CIS WG Consent Receipt Call


Yes - that is a good visualization :-) 


And yes - to paraphrase: the 'death of informed choice by a thousand "I agree" buttons' is a challenge for sure.


In my thinking, the automation of personal record collecting a.k.a. 'receipts' is one piece of the mosaic. It's mostly in the realm of 'recourse', of course - not preventative but corrective post-bad-event. But at least it could support person-tools that allow the individual to be passive until action is required. 

In that way it can be useful for transparency - and I do envision a class of 'small data' personal data analytics tools that could do local analysis then signal out to a collective that could take the aggregated signals to take class action or something. To inspire thinking about this I usually say "Imagine if <insert evil data mining corp here> gives out different personal data processing terms and notices to people based on their (surveillance) profile? How would anyone be able to discover this?" 


The few US-based regulators (primarily in the consumer protection domain) that I've had the opportunity to discuss this receipt concept with are quite excited. Not for the 'shall not' aspects but for the 'shall' side incentives - something like: if companies offer receipts then maybe they get a break from other rules.


So yah - notice and consent sucks due to factors related to shifting towards a user-burden self-service mode of operation. 

Andrew Hughes CISM CISSP 
In Turn Information Management Consulting

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road, Victoria, BC V8P 2H8
AndrewHughes3000 at gmail.com 
Digital Identity | International Standards | Information Security 



On Thu, May 30, 2019 at 6:24 AM Iain Henderson <iainhenderson at mac.com> wrote:

Apologies, I won’t make the call today.


But I did come across this cartoon which might amuse/ inform - it’s not every day you see a cartoon about consent….




The text under the cartoon is also informative; and represents the current status of sophisticated marketers - largely beyond GDPR, but worried about customer experience. The one specific quote below is also very informative and play into our thinking about v.2; i.e. more negative comment on the notice and consent model from informed observers.

As Laura Jehl a partner at law firm BakerHostetler put it,

“I’m kind of a conscientious objector to the notice and consent model. It’s offloading too much responsibility to the individual … If you have a job, or kids, or hobbies, or a life, you can’t do that, keeping track of all that.  It would be a full-time job to protect your privacy in a notice and consent model.”



On 29 May 2019, at 22:13, andrewhughes3000 at gmail.com wrote:


Main agenda item is the 'Spec v2' project - discussion about how to contribute use cases, overall concept of requirements elicitation and drafting text, schedule, other details.

CIS WG Consent Receipt Call - Recurring meeting series

WG Wiki page: https://kantarainitiative.org/confluence/display/infosharing/Home
Meeting notes: https://kantarainitiative.org/confluence/display/infosharing/Meetings+and+Minutes
Please join my meeting from your computer, tablet or smartphone. 
https://global.gotomeeting.com/join/323930725 Time zone converter: www.thetimenow.com/time-zone-converter.phpYou can also dial in using your phone. 
United States: +1 (669) 224-3318 Access Code: 323-930-725 More phone numbers 
Australia: +61 2 9091 7603 
Austria: +43 1 2530 22500 
Belgium: +32 28 93 7002 
Canada: +1 (647) 497-9376 
Denmark: +45 32 72 03 69 
Finland: +358 923 17 0556 
France: +33 170 950 590 
Germany: +49 692 5736 7300 
Ireland: +353 15 360 756 
Italy: +39 0 230 57 81 80 
Netherlands: +31 207 941 375 
New Zealand: +64 9 282 9510 
Norway: +47 21 93 37 37 
Spain: +34 932 75 1230 
Sweden: +46 853 527 818 
Switzerland: +41 225 4599 60 
United Kingdom: +44 330 221 0097 First GoToMeeting? Let's do a quick system check: https://link.gotomeeting.com/system-check
Thu May 30, 2019 07:30 – 08:30 Pacific Time - Vancouver
GoToMeeting (GTM1) (map)
•Andrew Hughes - organizer
•wg-infosharing at kantarainitiative.orgkdowning2002 at gmail.com
WG-InfoSharing mailing list
WG-InfoSharing at kantarainitiative.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190531/7db6e46e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5328 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190531/7db6e46e/attachment-0001.p7s>

More information about the WG-InfoSharing mailing list