Defining Consent – Collecting Personal Information with Notia Consent Receipts
From IIW
Introduction to Consent Receipts
Tuesday 4A
Convener: John Wunderlich
Notes-taker(s): John Wunderlich
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Introduction to the Minimum Viable Consent Receipt:
Introduction to the MVCR.pdf https://drive.google.com/file/d/0B-W7F5c-RcqEbHJXMUxqaHc4dkk/view
Consent Receipt Demo: IIW_MVCR_Demo.pdf https://drive.google.com/file/d/0B-W7F5c-RcqEb3FVSWt1d05mRjA/view
Notes to accompany John’s slides/presentation:
- A company has a privacy policy to mitigate its risk. A Consent Receipt gives some power to the user.
- There is no informed consent for some kinds of data
- Consent Receipt gives teeth to consumer to say you do what you said you would do.
- If you “de-id” personal data properly, it is no longer personal data.
- There is a Github repository you can look at….
- This is more of a policy than a technical issue
- Sarah Squire has written an example consent receipt generator with an API, to be completed as a web form….
- This control gives a regulator the ability to go to a party… and say, show me the record.
- A signed JSON object is utilized.
- Now there is clean data, positively consented; consent means good data
- Big data is largely bad data, unconsented and randomly collected
- Consent is an audit and trust tool.