coel message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [coel] RE: COEL-54 Consent
- From: Paul.Bruton@tessella.com
- To: Joss <Joss@activinsights.co.uk>
- Date: Mon, 8 Feb 2016 15:42:00 +0000
Well spotted joss, and apologies to you all. I just clicked a 'helpful'
add-to-calendar button Notes to remind me to look at this tomorrow. No
meeting necessary
Sorry!
Paul
Dr. Paul Bruton
Tessella
Chadwick House, Birchwood Park, Warrington, WA3 6AE
E: Paul.Bruton@tessella.com,
T: +44 (0)7557 916535
www.tessella.com
Registered in England No. 1466429
Please consider the environment
and do not print this e-mail unless you really need to.
This message is commercial in confidence and
may be privileged. It is intended for the addressee only. Access to this
message by anyone else is unauthorised and strictly prohibited. If you
have received this message in error, please inform the sender immediately.
Please note that messages sent or received by the Tessella e-mail system
may be monitored and stored in an information retrieval system.
From:
Joss <Joss@activinsights.co.uk>
To:
"coel@lists.oasis-open.org"
<coel@lists.oasis-open.org>
Date:
08/02/2016 14:06
Subject:
[coel] RE: COEL-54
Consent
Sent by:
<coel@lists.oasis-open.org>
Some useful context to why consent documentation will
become increasingly more important in the EU:
http://www.eudataprotectionlaw.com/consent-under-the-general-data-protection-regulation/
Joss
Important Information: The contents of this email
are intended for the named addresses only and contain information which
is confidential and which may also be privileged. Unless you are
the named addressee (or authorised to receive for the addressee) you may
not copy, use it, or disclose it to anyone else. If you received
it in error, please notify us immediately at enquiries@activinsights.co.uk
and then destroy it. Further, whilst we make efforts to keep our
network free from computer viruses, etc., you do need to check this email
and any attachments to it for viruses as we can take no responsibility
for any viruses which might be transferred by way of this email.
Activinsights Limited, Unit 11, Harvard Industrial Estate,
Kimbolton, Cambs, PE28 0NJ. A company registered in England &
Wales. Registered number: 06576069
From: Joss
Sent: 07 February 2016 08:57
To: coel@lists.oasis-open.org
Subject: COEL-54 Consent
Working with potential customers for the COEL standard,
I have noticed that main concern for the larger customers in this space
is currently managing consent – proving to themselves that they have the
consent for any action, acting on the consent wishes of their customers
and the ability to demonstrate this to the regulator.
The atom structure has the potential for us to record
the consent associated with any piece of data within the data. In addition,
we can use an atom to record consent activities (providing, changing, revoking,
agreeing to data sharing, etc.). A proposed solution for issue COEL-54
is to add an optional field to the BAP for consent recording and raise
an issue to include consent actions into the COEL model.
There is an existing stream of work in this area called
the Minimum Viable Consent Receipt (MVCR) which has many of the attributes
that we would need:
https://kantarainitiative.org/groups/ciswg/
https://github.com/KantaraInitiative/CISWG/blob/master/MVCR-Spec/mvcr-v.08/MVCR%20v0.7.1.md
http://mvcr.herokuapp.com/
I have spoken with one of the chairs, Mark Lizar, and
he is keen to explore how we might work together. This open standard work
is based in JSON on very similar IPR terms to ours.
The MVCR programme has a wider scope that we initially
need but provides the basic information needed to record consent (which
I have summarised below). The programme extends to a registry of privacy
policies and a consent receipt management system. I believe we could choose
at which level we wanted to integrate – the BAP and COEL model additions
would be a simple and productive first step.
Consent fields:
Jurisdiction
New BAP field (country look-up)
Timestamp
New BAP field (date when consent was given)
Method of collection
New BAP field (look-up)
Consent provider
Possible new BAP field (this provides the link to the consent record management)
Unique ID
Possible new BAP field (unique ID for consent record management)
PII principle
Not needed (ConsumerID)
Data controller
Not needed (ServiceProviderID)
Privacy Policy URL
New BAP field (could be IDA, or other, inc policy notice)
Purposes
New BAP field (look-up http://tinyurl.com/zchqhut)
Sensitive Personal Information
Not needed (all COEL might be sensitive)
3rd Party Sharing of Personal Info
Possible New BAP field (might help with data sharing between Service Providers)
Link to short privacy notice
Not sure we need this (see above)
Oauth Scope
Not sure we need this
(Retention period)
New BAP field (this is not in the MVCR spec but I think it is useful)
Best regards
Joss
Joss Langford
Technical Director
Activinsights Ltd
Tel: 01480 862080
MBL 07712 886208
www.geneactiv.co.uk
Important Information: The contents of this email
are intended for the named addresses only and contain information which
is confidential and which may also be privileged. Unless you are
the named addressee (or authorised to receive for the addressee) you may
not copy, use it, or disclose it to anyone else. If you received
it in error, please notify us immediately at enquiries@activinsights.co.uk
and then destroy it. Further, whilst we make efforts to keep our
network free from computer viruses, etc., you do need to check this email
and any attachments to it for viruses as we can take no responsibility
for any viruses which might be transferred by way of this email.
Activinsights Limited, Unit 11, Harvard Industrial Estate,
Kimbolton, Cambs, PE28 0NJ. A company registered in England &
Wales. Registered number: 06576069
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]