[WG-InfoSharing] Removing Subject ID Field from receipt fields
jricher at mit.edu
Fri Mar 11 06:41:47 CST 2016
I don't understand what you mean by something being "in the payload" but
not "in the receipt", since technologically speaking the payload *is*
the receipt. What does the data structure you're envisioning look like?
On 3/10/2016 7:53 PM, Mark Lizar - OCG wrote:
> Hello CISWG,
> I have added a new issue to Github for discussion. Another one of
> those long outstanding issues about how to present and transfer PII in
> the receipt. This is relative to the specification review of the
> table fields.
> The issue #23
> <https://github.com/KantaraInitiative/CISWG/issues/23> is a suggestion
> to remove the subject id field from the consent receipt field so that
> the consent receipt fields don't contain PII, but, instead, attached
> is the receipt payload with all of the data entered by the consent
> The benefit would be that the receipt fields themselves don't contain
> PII, thus are less sensitive themselves, with the PII entered into
> the receipt delivered in the receipt payload. The payload of PII data
> would be provisioned to the consent grantee, but not displayed on the
> website, via the consent receipt as to protect privacy and be privacy
> by design.
> All thoughts welcome, especially on how to specify this in the
> specification (if it should be specified).
> WG-InfoSharing mailing list
> WG-InfoSharing at kantarainitiative.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-InfoSharing