OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

coel message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: [OASIS Issue Tracker] (COEL-54) Machine-readable consent terms


    [ https://issues.oasis-open.org/browse/COEL-54?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=61773#comment-61773 ] 

David Snelling commented on COEL-54:
------------------------------------

Joss wrote:

Working with potential customers for the COEL standard, I have noticed that main concern for the larger customers in this space is currently managing consent – proving to themselves that they have the consent for any action, acting on the consent wishes of their customers and the ability to demonstrate this to the regulator.

The atom structure has the potential for us to record the consent associated with any piece of data within the data. In addition, we can use an atom to record consent activities (providing, changing, revoking, agreeing to data sharing, etc.). A proposed solution for issue COEL-54 is to add an optional field to the BAP for consent recording and raise an issue to include consent actions into the COEL model.

There is an existing stream of work in this area called the Minimum Viable Consent Receipt (MVCR) which has many of the attributes that we would need:
https://kantarainitiative.org/groups/ciswg/
https://github.com/KantaraInitiative/CISWG/blob/master/MVCR-Spec/mvcr-v.08/MVCR%20v0.7.1.md
http://mvcr.herokuapp.com/
I have spoken with one of the chairs, Mark Lizar, and he is keen to explore how we might work together. This open standard work is based in JSON on very similar IPR terms to ours.

The MVCR programme has a wider scope that we initially need but provides the basic information needed to record consent (which I have summarised below). The programme extends to a registry of privacy policies and a consent receipt management system. I believe we could choose at which level we wanted to integrate – the BAP and COEL model additions would be a simple and productive first step. 

Consent fields:

Jurisdiction                                                         New BAP field (country look-up)
Timestamp                                                         New BAP field (date when consent was given)
Method of collection                                      New BAP field (look-up)
Consent provider                                             Possible new BAP field (this provides the link to the consent record management)
Unique ID                                                            Possible new BAP field (unique ID for consent record management)
PII principle                                                        Not needed (ConsumerID)
Data controller                                                  Not needed (ServiceProviderID)
Privacy Policy URL                                            New BAP field (could be IDA, or other, inc policy notice)
Purposes                                                             New BAP field (look-up http://tinyurl.com/zchqhut)
Sensitive Personal Information                  Not needed (all COEL might be sensitive)
3rd Party Sharing of Personal Info            Possible New BAP field (might help with data sharing between Service Providers)
Link to short privacy notice                          Not sure we need this (see above)
Oauth Scope                                                      Not sure we need this
(Retention period)                                          New BAP field (this is not in the MVCR spec but I think it is useful)
                


> Machine-readable consent terms
> ------------------------------
>
>                 Key: COEL-54
>                 URL: https://issues.oasis-open.org/browse/COEL-54
>             Project: OASIS Classification of Everyday Living (COEL) TC
>          Issue Type: New Feature
>            Reporter: Joss Langford
>            Assignee: Joss Langford
>
> COEL does not currently support machine readable consent terms and this could be added to every atom



--
This message was sent by Atlassian JIRA
(v6.2.2#6258)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]