The Emerging Field of Consent Management – Next Gen UI Infrastructure Under the Hood
The Emerging Field of Consent Management
Tuesday 2D
Convener: Ken K.
Notes-taker(s): Eric J.
Tags for the session - technology discussed/ideas considered:
PrivacyLens, Consent
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Links
https://work.iamtestbed.internet2.edu/drupal/
https://spaces.internet2.edu/display/scalepriv/Scalable+Privacy
Notes
Consent is not understandable; you only find out what information is being shared, not why. Consent for Google does not say “yes” or “no”, it’s continue/cancel, which is a different thought process
It is because they want to get the user through the flow, not because they don’t want users to know about the privacy details
Has optional as well as required attributes that are releasable
Shows value that the user gets for each privacy element
Consent revocation as a major flow
Unfortunately, most apps are not granular based on privacy elements released
[Paul] I saw that there are two kinds of attributes; capabilities, and information – should there be a separation?
Determining the minimum required entitlements required.
It’s really hard to get more granular than type of attribute, but even the specific attributes that they access or need, but it’s a goal.
[Eve] It feels like consent dialogs are not the question I want [technical things], but I want a different question: “You want goal X right? How much are you willing to let pass?”
[Paul] The UI doesn’t tell me the consequences of not releasing
General agreement that a better UI would not focus on attribute release, but more on what you get for it. But that’s also of an app design issue, and it’s common that apps get it wrong.
[Eve] Non-correlating IDs alone are not enough; some scenarios like sharing need a correlating ID.
Example – New Zealand ID
There are only 2-3 types of attributes that may need meta-attributes. One example is name. Since there often isn’t a name field stored by the IDP as opposed to first/last name, etc.
Applications don’t care what group a person is in – example – A may want to care whether you are a manager or not.
With revocation, consent suppression becomes really easy.