User Terms Continued…
User Terms Continued
Thursday 3F
Convener: Doc, Mark, Mary
Notes-taker(s):
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
If terms materially change, with no additional consent asked, there are not compliant. There is an opportunity to withdraw, but also to submit our terms to them.
Value from personal data control with terms and PDstores or other repositories we control is there. USTs could be submitted with UMA or from other PDSs.
USTs
Time Purpose Ads/ Tracking
What about gag rules where they say you can't talk about the terms (common in Health TOUs)?
Customer Commons terms are better than company's terms.. and could also really help.
And individual terms are from the other side.
Need lawyer, human and machine readable terms.
Technical requirements for Consent Receipts:
1. Restful APIs registering Consent Receipts
2. CR -> abstract data model using Json data model
3. Protected so you can see it -- needs security
Cases for CRs:
UMA
OAuth
VRM companies
Define data model:
Core object: values & structures
Define consent receipt in that form
Translate into json mode
Map actions onto api (restful where possible)
Use ISO definitions and other standard descriptors
Work with other orgs like TOS/Back and dump repository etc.