User Terms Continued…

From IIW

User Terms Continued

Thursday 3F

Convener: Doc, Mark, Mary

Notes-taker(s):

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

If terms materially change, with no additional consent asked, there are not compliant. There is an opportunity to withdraw, but also to submit our terms to them.

Value from personal data control with terms and PDstores or other repositories we control is there. USTs could be submitted with UMA or from other PDSs.

USTs

Time Purpose Ads/ Tracking

What about gag rules where they say you can't talk about the terms (common in Health TOUs)?

Customer Commons terms are better than company's terms.. and could also really help.

And individual terms are from the other side.

Need lawyer, human and machine readable terms.


Technical requirements for Consent Receipts:

1. Restful APIs registering Consent Receipts

2. CR -> abstract data model using Json data model

3. Protected so you can see it -- needs security


Cases for CRs:

UMA

OAuth

VRM companies


Define data model:

Core object: values & structures

Define consent receipt in that form

Translate into json mode

Map actions onto api (restful where possible)


Use ISO definitions and other standard descriptors

Work with other orgs like TOS/Back and dump repository etc.