[WG-InfoSharing] Reminder: Notice & Consent Call Tomorrow

Mark @ OC

unread,

May 12, 2020, 9:54:45 AM5/12/20

to wg-info...@kantarainitiative.org

Friendly Reminder,

There is a Notice & Consent Call tomorrow, we are looking at the requirements for the ISO input, which is suspect means starting with the ISO vocabulary updates, then perhaps field changes/updates to accommodate the GDPR (referencing DPV). With perhaps putting the Unified DPV and mapping table in the appendix.

If anyone has any input or requirements for format for ISO that would be really helpful to provide via email or on the call over the next week.

Kind Regards,

- Mark

Agenda for Tomorrow,

Updates

IIW
Inputs

Review of the GDPR Consent Receipt

Proposing this update be a ISO to GDPR?

Changes in receipt - to align with GDPR

Compare contrast table
Appendix - ISO to Unified to GDPR

Changes in Receipt to include 29184

Notice and notification

Terms
Identity Delegation
Key changes in the receipt.

Wed 11:00 am EDT
- alternating focus every week between spec and use case - in medical health, with Digital Ledger Consent RFC
Goto Meeting: (temp line) https://global.gotomeeting.com/join/266513109

Vitor Jesus

unread,

May 12, 2020, 10:16:14 AM5/12/20

to Mark @ OC, wg-info...@kantarainitiative.org

Hi Mark,

Thanks for the agenda.

For a few scenarios I have in mind, I see the following extra fields

A “session-id” field, in order to support transactions and context; alternatively, a “previous-receipt-id” so that receipts can be linked together and establish an underlying context of referrals
A “control-url” field – to provide a recorded point of contact to the Data Controller. I am imagining a URL that Subjects can use to, e.g., request deletion of their personal data or simply to revoke consent. It does not have to be a URL, of course, and could some other locator or identifier
An “authorization-token”, which should be kept fairly secret between the Controller and Subject that allows the receipt to be used as a bearer token that uniquely identifies and authorises the bearer as owner of the personal data.

These fields resolve a number of problems I am seeing in businesses.

I would further suggest if we could think of a way to offer user-defined fields, e.g., a particular industry might need something specific to them and appending a new field (say, at the end of the receipt) could provide a future-proof approach. If so, I’d suggest a “header field” in the receipt that simply lists the appended user-defined to protect its integrity (subject of the Security Considerations” section in the spec).

Hope this makes sense

Best

--v

Vitor Jesus
http://www.vitorjesus.com

_______________________________________________
WG-InfoSharing mailing list
WG-Info...@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-infosharing

Richard Gomer

unread,

May 12, 2020, 10:26:15 AM5/12/20

to Vitor Jesus, Mark @ OC, wg-info...@kantarainitiative.org

Been out of the loop on this for so long, sorry all!

Some of these suggestions sound like things we'd collected together in github - is that still the best place to collect suggestions together?

I'll try and join tomorrow to resync :)

Reply all

Reply to author

Forward