[WG-InfoSharing] Reminder: CIS WG Consent Receipt Call

Andrew Hughes andrewhughes3000 at gmail.com
Fri May 31 17:02:22 UTC 2019


The general comments back were along the lines of: regulatory incentives
can be punitive or supportive (can't find the right word right now).
Punitive could be fines or fees or restrictions. Supportive could be that
the regulator recognizes the actions of the companies and uses that as the
basis for some benefit - perhaps "if you meet this standard, then you don't
have to do that other burdensome thing" kind of thing.

That's about the gist of it - I don't have insight into what specifics they
have in mind, if they even have specifics in mind :)

In other domains you'd typically see stuff like: 'must be certified by xxx
and if not certified must submit to direct audit' - similar concept but not
the same

*Andrew Hughes *CISM CISSP
*In Turn Information Management Consulting*

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road, Victoria, BC V8P 2H8
AndrewHughes3000 at gmail.com
*https://www.linkedin.com/in/andrew-hughes-682058a
<https://www.linkedin.com/in/andrew-hughes-682058a>*
*Digital Identity | International Standards | Information Security *


On Thu, May 30, 2019 at 11:08 PM James Aschberger <james at onethingless.com>
wrote:

> Dear Andrew,
>
>
>
> Can you please elaborate via email or on the next call a bit more on the
> regulator feedback you have received, especially how they imagine the
> incentives part by offering a break from other rules?
>
>
>
> As discussed at the EIC based our one year pilot phase experience with
> One.Thing.Less, essentially all companies we interacted with did only see
> more risk and little upside to providing individuals with
> confirmations/receipts. Hence, orchestrating and calibrating the right
> incentives is critical from our point of view.
>
>
>
> Cheers,
>
> James
>
>
>
> *From: *WG-InfoSharing <wg-infosharing-bounces at kantarainitiative.org> on
> behalf of Andrew Hughes <andrewhughes3000 at gmail.com>
> *Date: *Thursday, 30 May 2019 at 15:52
> *To: *Iain Henderson <iainhenderson at mac.com>
> *Cc: *Kate Downing <kdowning2002 at gmail.com>, Margo johnson
> <margo at transmute.industries>, Karyl Fowler <karyl at transmute.industries>,
> Information Sharing Work Group <wg-infosharing at kantarainitiative.org>
> *Subject: *Re: [WG-InfoSharing] Reminder: CIS WG Consent Receipt Call
>
>
>
> Yes - that is a good visualization :-)
>
>
>
> And yes - to paraphrase: the 'death of informed choice by a thousand "I
> agree" buttons' is a challenge for sure.
>
>
>
> In my thinking, the automation of personal record collecting a.k.a.
> 'receipts' is one piece of the mosaic. It's mostly in the realm of
> 'recourse', of course - not preventative but corrective post-bad-event. But
> at least it could support person-tools that allow the individual to be
> passive until action is required.
>
> In that way it can be useful for transparency - and I do envision a class
> of 'small data' personal data analytics tools that could do local analysis
> then signal out to a collective that could take the aggregated signals to
> take class action or something. To inspire thinking about this I usually
> say "Imagine if <insert evil data mining corp here> gives out different
> personal data processing terms and notices to people based on their
> (surveillance) profile? How would anyone be able to discover this?"
>
>
>
> The few US-based regulators (primarily in the consumer protection domain)
> that I've had the opportunity to discuss this receipt concept with are
> quite excited. Not for the 'shall not' aspects but for the 'shall' side
> incentives - something like: if companies offer receipts then maybe they
> get a break from other rules.
>
>
>
> So yah - notice and consent sucks due to factors related to shifting
> towards a user-burden self-service mode of operation.
>
> *Andrew Hughes *CISM CISSP
> *In Turn Information Management Consulting*
>
> o  +1 650.209.7542
> m +1 250.888.9474
> 1249 Palmer Road, Victoria, BC V8P 2H8
> AndrewHughes3000 at gmail.com
> *https://www.linkedin.com/in/andrew-hughes-682058a
> <https://www.linkedin.com/in/andrew-hughes-682058a>*
> *Digital Identity | International Standards | Information Security *
>
>
>
>
>
> On Thu, May 30, 2019 at 6:24 AM Iain Henderson <iainhenderson at mac.com>
> wrote:
>
> Apologies, I won’t make the call today.
>
>
>
> But I did come across this cartoon which might amuse/ inform - it’s not
> every day you see a cartoon about consent….
>
>
>
> https://marketoonist.com/2019/05/data-privacy-consent-fatigue-and-gdpr.html
>
>
>
> The text under the cartoon is also informative; and represents the current
> status of sophisticated marketers - largely beyond GDPR, but worried about
> customer experience. The one specific quote below is also very informative
> and play into our thinking about v.2; i.e. more negative comment on the
> notice and consent model from informed observers.
>
> As Laura Jehl a partner at law firm BakerHostetler put it
> <https://www.cnbc.com/2019/05/04/gdpr-has-frustrated-users-and-regulators.html>
> ,
>
> *“I’m kind of a conscientious objector to the notice and consent model.
> It’s offloading too much responsibility to the individual … If you have a
> job, or kids, or hobbies, or a life, you can’t do that, keeping track of
> all that.  It would be a full-time job to protect your privacy in a notice
> and consent model.”*
>
>
>
> Iain
>
>
>
> On 29 May 2019, at 22:13, andrewhughes3000 at gmail.com wrote:
>
>
>
> Main agenda item is the 'Spec v2' project - discussion about how to
> contribute use cases, overall concept of requirements elicitation and
> drafting text, schedule, other details.
> andrew.
> CIS WG Consent Receipt Call - Recurring meeting series
>
>
> WG Wiki page:
> https://kantarainitiative.org/confluence/display/infosharing/Home
> <https://www.google.com/url?q=https%3A%2F%2Fkantarainitiative.org%2Fconfluence%2Fdisplay%2Finfosharing%2FHome&sa=D&usd=2&usg=AFQjCNFVWymwknh7XkAQplPLvtZG5SeSrw>
> Meeting notes:
> https://kantarainitiative.org/confluence/display/infosharing/Meetings+and+Minutes
> <https://www.google.com/url?q=https%3A%2F%2Fkantarainitiative.org%2Fconfluence%2Fdisplay%2Finfosharing%2FMeetings%2Band%2BMinutes&sa=D&usd=2&usg=AFQjCNHw5peanGeloc-3FLyHOkvT8YtNxw>
> Please join my meeting from your computer, tablet or smartphone.
> https://global.gotomeeting.com/join/323930725
> <https://www.google.com/url?q=https%3A%2F%2Fglobal.gotomeeting.com%2Fjoin%2F323930725&sa=D&usd=2&usg=AFQjCNH4AweD79h9CIJ0u3iuTUFsCNrMQw>
>
> Time zone converter: www.thetimenow.com/time-zone-converter.php
> <https://www.google.com/url?q=http%3A%2F%2Fwww.thetimenow.com%2Ftime-zone-converter.php&sa=D&usd=2&usg=AFQjCNEWnB3VBf5bOs5kyDAicNbBrhaZLA>
>
> You can also dial in using your phone.
> United States: +1 (669) 224-3318
>
> Access Code: 323-930-725
>
> More phone numbers
> Australia: +61 2 9091 7603
> Austria: +43 1 2530 22500
> Belgium: +32 28 93 7002
> Canada: +1 (647) 497-9376
> Denmark: +45 32 72 03 69
> Finland: +358 923 17 0556
> France: +33 170 950 590
> Germany: +49 692 5736 7300
> Ireland: +353 15 360 756
> Italy: +39 0 230 57 81 80
> Netherlands: +31 207 941 375
> New Zealand: +64 9 282 9510
> Norway: +47 21 93 37 37
> Spain: +34 932 75 1230
> Sweden: +46 853 527 818
> Switzerland: +41 225 4599 60
> United Kingdom: +44 330 221 0097
>
> First GoToMeeting? Let's do a quick system check:
> https://link.gotomeeting.com/system-check
> <https://www.google.com/url?q=https%3A%2F%2Flink.gotomeeting.com%2Fsystem-check&sa=D&usd=2&usg=AFQjCNHAdjHRf35qTE95e6qEH5ynQU7XfQ>
>
> When
>
> Thu May 30, 2019 07:30 – 08:30 Pacific Time - Vancouver
>
> Where
>
> GoToMeeting (GTM1) (map
> <https://maps.google.com/maps?q=GoToMeeting+%28GTM1%29&hl=en>)
>
> Who
>
>>
> Andrew Hughes - organizer
>
>>
> wg-infosharing at kantarainitiative.org
>
>>
> kdowning2002 at gmail.com
>
> _______________________________________________
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
> https://kantarainitiative.org/mailman/listinfo/wg-infosharing
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20190531/43d5b656/attachment-0001.html>


More information about the WG-InfoSharing mailing list