[WG-InfoSharing] Critical CR and CISWG Issue and Solution

Mark Lizar mark at openconsent.com
Fri Aug 3 13:10:24 UTC 2018


It has increasingly come to my attention, that the Consent Receipt work is coming under attack.    People in  and out of our community have been talking about how operationally unsuitable the consetn receipt specification is, and as we have not produce a lot documentation about why it was built this way.  This is understandable.  

In addition, we have not provided the GDPR update, for the CR. Which I believe would go a long way towards explaining the CR for us.  

 For example statements like this: 

"The Consent Receipt uses obsolete technical terms like "Personally Identifiable Information (PII)" rather than the more generic term from the GDPR of Personal Information <http://tcwiki.azurewebsites.net/index.php?title=Personal_Information&action=edit&redlink=1> or the more descriptive of what we should control Personal Private Information <http://tcwiki.azurewebsites.net/index.php?title=Personal_Private_Information&action=edit&redlink=1>, although with the Right to be Forgotten <http://tcwiki.azurewebsites.net/index.php?title=Right_to_be_Forgotten&action=edit&redlink=1> there may no distinction between those two terms in the EU.”

Statements like these are understandable but mis-informed,because; 

1. The consent receipt uses international lexicon not a jurisdictional lexicon that is only relevant in a jurisdiction, this is for 
A) international use. - all the systems in the world dont use GDPR, and GDPR with all its greatness has many flaws - for example it is focus on Data Protection not so much Privacy.  Something this WG is very aware of. 

B) It references on OECD and FIPS  and terms like PII - so that the receipt spec will be backwards compatible - with the existing global infratructure, not one that is emerging over the next 5 years and only enforced in 28 countries. 

Ether way, I think its really important to get a GDPR Extension for our CR together and into the WG, and out for the community of CR adopters that support this work, before My Data. 

To this end, 

1. would there be any objections for a CISWG funding application to the Kantara Board of Directors for an Editor and funds to cover the costs the initial authoring the a CR v1.1 GDPR spec extension and its contribution to this WG?   

2. Are there any supporters for this action to happen asap? 

Best Regards, 

Mark Lizar | Open Consent | 22 Wenlock Rd, London|  N1 7GU
P +44 (0) 208 123-2476 | E mark at openconsent.com 
| Twitter @smartopian | Web https://www.openconsent.com |

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-infosharing/attachments/20180803/de395488/attachment.html>

More information about the WG-InfoSharing mailing list