Defining Consent – Collecting Personal Information with Notia Consent Receipts

From IIW

Introduction to Consent Receipts

Tuesday 4A

Convener: John Wunderlich

Notes-taker(s): John Wunderlich

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Introduction to the Minimum Viable Consent Receipt:​

Introduction to the MVCR.pdf https://drive.google.com/file/d/0B-W7F5c-RcqEbHJXMUxqaHc4dkk/view

Consent Receipt Demo:  ​ IIW_MVCR_Demo.pdf https://drive.google.com/file/d/0B-W7F5c-RcqEb3FVSWt1d05mRjA/view

Notes to accompany John’s slides/presentation:

  • A company has a privacy policy to mitigate its risk. A Consent Receipt gives some power to the user.
  • There is no informed consent for some kinds of data
  • Consent Receipt gives teeth to consumer to say you do what you said you would do.
  • If you “de-id” personal data properly, it is no longer personal data.
  • There is a Github repository you can look at….
  • This is more of a policy than a technical issue
  • Sarah Squire has written an example consent receipt generator with an API, to be completed as a web form….
  • This control gives a regulator the ability to go to a party… and say, show me the record.
  • A signed JSON object is utilized.
  • Now there is clean data, positively consented; consent means good data
  • Big data is largely bad data, unconsented and randomly collected
  • Consent is an audit and trust tool.