OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

coel message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: COEL-54 Consent

Working with potential customers for the COEL standard, I have noticed that main concern for the larger customers in this space is currently managing consent – proving to themselves that they have the consent for any action, acting on the consent wishes of their customers and the ability to demonstrate this to the regulator.


The atom structure has the potential for us to record the consent associated with any piece of data within the data. In addition, we can use an atom to record consent activities (providing, changing, revoking, agreeing to data sharing, etc.). A proposed solution for issue COEL-54 is to add an optional field to the BAP for consent recording and raise an issue to include consent actions into the COEL model.


There is an existing stream of work in this area called the Minimum Viable Consent Receipt (MVCR) which has many of the attributes that we would need:




I have spoken with one of the chairs, Mark Lizar, and he is keen to explore how we might work together. This open standard work is based in JSON on very similar IPR terms to ours.


The MVCR programme has a wider scope that we initially need but provides the basic information needed to record consent (which I have summarised below). The programme extends to a registry of privacy policies and a consent receipt management system. I believe we could choose at which level we wanted to integrate – the BAP and COEL model additions would be a simple and productive first step.


Consent fields:


Jurisdiction                                                         New BAP field (country look-up)

Timestamp                                                         New BAP field (date when consent was given)

Method of collection                                      New BAP field (look-up)

Consent provider                                             Possible new BAP field (this provides the link to the consent record management)

Unique ID                                                            Possible new BAP field (unique ID for consent record management)

PII principle                                                        Not needed (ConsumerID)

Data controller                                                  Not needed (ServiceProviderID)

Privacy Policy URL                                            New BAP field (could be IDA, or other, inc policy notice)

Purposes                                                             New BAP field (look-up http://tinyurl.com/zchqhut)

Sensitive Personal Information                  Not needed (all COEL might be sensitive)

3rd Party Sharing of Personal Info            Possible New BAP field (might help with data sharing between Service Providers)

Link to short privacy notice                          Not sure we need this (see above)

Oauth Scope                                                      Not sure we need this

(Retention period)                                          New BAP field (this is not in the MVCR spec but I think it is useful)


Best regards




Joss Langford

Technical Director

Activinsights Ltd


Tel: 01480 862080

MBL 07712 886208



Important Information:  The contents of this email are intended for the named addresses only and contain information which is confidential and which may also be privileged.  Unless you are the named addressee (or authorised to receive for the addressee) you may not copy,  use it, or disclose it to anyone else.  If you received it in error, please notify us immediately at enquiries@activinsights.co.uk and then destroy it.  Further, whilst we make efforts to keep our network free from computer viruses, etc., you do need to check this email and any attachments to it for viruses as we can take no responsibility for any viruses which might be transferred by way of this email.


Activinsights Limited, Unit 11, Harvard Industrial Estate, Kimbolton, Cambs, PE28 0NJ.  A company registered in England & Wales. Registered number: 06576069


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]