[WG-ISI] This weeks WG meeting

John Wunderlich john at wunderlich.ca
Thu Oct 1 13:14:55 UTC 2020


Mark;

That's a lot of heavy lifting for one field:

Legal Basis => set of 6 in the GDPR. I note that Data Privacy Vocabulary
identifies 17 classes arising from this:
https://www.w3.org/ns/dpv-gdpr#a6-1-d
Rights => Whose rights? Civil rights? Property rights? Human rights?
Obligations => Usually set out by contract or legislation
Derogations => To override all of the above
Notice Profile => Notice may or may not be required, and may be required
NOT to be there

All of the above in one field mapping?


Have a better than average day,
John

"The sad truth is that most evil is done by people who never make up their
minds to be good or evil.” ― Hannah Arendt
<https://www.goodreads.com/author/show/12806.Hannah_Arendt>, The Life of
the Mind <https://www.goodreads.com/work/quotes/122534>


On Wed, 30 Sep 2020 at 19:33, Mark Lizar <mark at openconsent.com> wrote:

> Hi Iain,
>
> The consent type field in the receipt is what we are still working on, its
> used to  map the legal basis + rights + obligations and derogation to a
> notice profile in order to generate legally usable receipts.
>


> The consent type is effectively the evolution of work in this group from
> standard label to consent receipt for human centric - master data controls.
>     Now its also the way to use the ISO Framework for transboarder
> interoperability.  This is huge !!
>
> For PDUR - there are lot of useful things that could be profiled and the
> receipt interop proposal from last year was that PDUR be used for contract
> types  and the contract legal basis e.g. personal data contract receipt
> profile.  Which is a way to do privacy to contract interop and overnight
> ToS now that the laws have come into effect.
>
> Its been a long time, but the purpose of the receipt work was to build a
> tool for interop so that VRM terms and permissions can be use.   The method
> of approach for the receipt has alway been human interop with tech, with
> human to infrastructure law (aka privacy law).    To this end, this has
> been incredibly successful and can now be leverage to address a lot of
> challenges this field of work has faced.
>
> In fact, isn’t it the purpose of this community groups to work on interop
> ?
>
> The profile categories for the Notice & Consent Receipt are legal
> justification based.   Now there is a gap is in the business infrastructure
> and contract layer to operationalise data rights and terms.  E.g. how do
> orgs/lawyers deal with rights that conflict with terms of use?
>
> For a hackathon next week I am working on the legal basis matrix for
> interop with contracts - this I hope will generate a contract legal profile
> for receipts that contract lawyers can use with their Terms of Use.   The
> consent receipt being the human interop component, which needs to be
> extended with data permission profiles in accordance with legal
> justification.
>
> Mark
>
> PS  The IAB is a big example of why we all should be working from the same
> hymn sheet rather than divided.   There is a lot of support from that in
> the Ed-Tech compliance and children’s advertising space ..   in fact next
> week there is a workshop /hackathon with Stanford and aNG to address the
> ToS contract with privacy rights ( over riding ToS) so that permissions
> frameworks can b inserted like Me2B and Jlinc.   E.g.  provide the space to
> apply or negotiate terms (finally) back to the reason we started in the
> first place.  The CR as apart of ISO make this all possible now.
>
>
> On 29 Sep 2020, at 09:48, Iain Henderson <iain at jlinclabs.com> wrote:
>
> Ok thanks. It would be good to also get some thought in the report about
> the issue I flagged around legal basis for processing.
>
> For anyone not paying attention to the IAB framework 2.0 now live in EU;
> there is a land grab going on as I speak that will see the data on hundreds
> of millions of people become accessible to adtech providers through
> manipulation of legal basis from consent to legitimate interest. That’s a
> big deal that either the framework needs to have a view on; or consciously
> not have a view on/ leave that to profile builders.
>
> Iain
>
> On 29 Sep 2020, at 14:25, John Wunderlich <john at wunderlich.ca> wrote:
>
> 
> Hi;
>
> I will be unable to attend this week's meeting. I suggest that we skip
> this meeting to allow Andrew time to review the suggested changes from Mary
> and Lisa and to draft the report he has been talking about and come back
> refreshed on October 8th.
>
>
>
> John Wunderlich, BA, MBA
> @PrivacyCDN <https://twitter.com/PrivacyCDN>
>
>
>
> *Privacy Tools*
>
> JLINC Labs <https://www.jlinc.com/>: Tech for Permissoned Data
> <https://www.jlinc.com/technology>
> Kantara Initiative <https://kantarainitiative.org/>: Consent Receipt
> Specification
> <https://kantarainitiative.org/confluence/display/infosharing/Consent+Receipt+Specification>
>
> MyData Global <https://www.mydata.org/>: MyData Declaration
> <https://www.mydata.org/declaration>
>
> "The sad truth is that most evil is done by people who never make up their
> minds to be good or evil.” ― Hannah Arendt
> <https://www.goodreads.com/author/show/12806.Hannah_Arendt>, The Life of
> the Mind <https://www.goodreads.com/work/quotes/122534>
>
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the system manager.
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and
> delete this e-mail from your system. If you are not the intended recipient
> you are notified that disclosing, copying, distributing or taking any
> action in reliance on the contents of this information is strictly
> prohibited.
> _______________________________________________
> Wg-isi mailing list
> Wg-isi at kantarainitiative.org
> https://kantarainitiative.org/mailman/listinfo/wg-isi
>
> _______________________________________________
> Wg-isi mailing list
> Wg-isi at kantarainitiative.org
> https://kantarainitiative.org/mailman/listinfo/wg-isi
>
>
>

-- 


This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed. If you have received this email in error please notify the 
system manager. This message contains confidential information and is 
intended only for the individual named. If you are not the named addressee 
you should not disseminate, distribute or copy this e-mail. Please notify 
the sender immediately by e-mail if you have received this e-mail by 
mistake and delete this e-mail from your system. If you are not the 
intended recipient you are notified that disclosing, copying, distributing 
or taking any action in reliance on the contents of this information is 
strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-isi/attachments/20201001/dce413ec/attachment.html>


More information about the Wg-isi mailing list