Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kantara Privacy Control Panel demonstration 2019 05-15

243 views

Published on

This presentation describes the concept of Personal Data Receipts, also known as Consent Receipts, developed by the Kantara Initiative Consent & Information Sharing Working Group. We have assembled a non-commercial Privacy Control Panel system and are showing it at conferences throughout 2019!
Today, online service providers get information from or about you so that they can provide services. New privacy and data protection regulations have been coming into effect, which increase the requirement for notice, transparency and accountability when your data is collected and processed. Service providers are required to keep records about their terms of service and your agreement.
At their core, these regulations embody variations of the OECD basic principles of privacy protection which suggest the obligations of providers and the rights of the individual.
There are very few tools available to the individual internet user to help them understand, manage and control their online information.
This creates a power imbalance if one wants to go back later and exercise rights with respect to data – because you probably don’t remember who, what, where, when and how the service provider got your information.
There’s a solution!
Imagine if the service provider offered you a “Personal Data Receipt”. This receipt would include timestamps, the contents of the privacy notice you saw, what data was collected for what purposes, conditions like ‘delete-by-date’ instructions, and other useful facts. Just like a store checkout receipt, if there’s an issue later on or if you want to look back to see what you did last year, you can open up the receipt and take action.
In 2018, Kantara Initiative published the “Consent Receipt Specification v1.1” which is an interoperable Personal Data Receipt specification tailored to a specific legal basis for processing. This demo shows real products in action working with these receipts.

Published in: Business
  • Be the first to comment

Kantara Privacy Control Panel demonstration 2019 05-15

  1. 1. Privacy Control Panel A live demonstration for EIC May 2019 Andrew Hughes AndrewHughes3000@gmail.com Leadership Council Chair, Kantara Initiative 1
  2. 2. 2 » Personal Data (Consent) Receipt » The Kantara Initiative Privacy Control Panel Demo » Kantara Initiative Consent & Information Sharing Work Group Copyright © 2019 Kantara Initiative Inc.
  3. 3. 3 A simple approach A standardized data format A basis for invention & innovation Copyright © 2019 Kantara Initiative Inc.
  4. 4. WHAT IS A RECEIPT? 4Copyright © 2019 Kantara Initiative Inc.
  5. 5. 5 A sales receipt is: » A personal record » Independent of the receipt issuer » Evidence of the event » Contains interaction ‘metadata’ » Timestamps, Contact information, Verification codes » Transaction details, Cryptographic elements & signatures » Points to or contains issuer’s policy statements Copyright © 2019 Kantara Initiative Inc.
  6. 6. RECEIPTS AND THE ‘AGREEMENT FLOW’ 6Copyright © 2019 Kantara Initiative Inc.
  7. 7. 7Copyright © 2019 Kantara Initiative Inc.
  8. 8. 8Copyright © 2019 Kantara Initiative Inc.
  9. 9. 9Copyright © 2019 Kantara Initiative Inc.
  10. 10. 10Copyright © 2019 Kantara Initiative Inc.
  11. 11. 11Copyright © 2019 Kantara Initiative Inc.
  12. 12. 12Copyright © 2019 Kantara Initiative Inc.
  13. 13. 13Copyright © 2019 Kantara Initiative Inc. The ‘agreement flow’ illustrates important interactions » Offer—accept terms » ‘Meeting of the minds’ » Intent to enter into agreement » Record keeping » Exchange of ‘valuable consideration’
  14. 14. 14Copyright © 2019 Kantara Initiative Inc. Sales receipts are required by law (AUS, NZ, others) or by custom Why not Personal Data Receipts?
  15. 15. 15 When personal data is involved: » Privacy Notice » Privacy Statement » Purpose of processing » Data controller contact information » PLUS Additional details that are very familiar to Data Protection Officers (but not to regular people) Copyright © 2019 Kantara Initiative Inc.
  16. 16. 16Copyright © 2019 Kantara Initiative Inc. The Kantara Initiative Consent Receipt * Privacy Statement & Notice Personal Data Receipt* Data Subject Rights
  17. 17. 17Copyright © 2019 Kantara Initiative Inc. The ‘agreement flow’ illustrates that the independent personal record-keeping function is not supported for data-related interactions!
  18. 18. 18 A personal data receipt is: » A personal record » Independent of the receipt issuer » Evidence of the event » Contains interaction ‘metadata’ » Timestamps, Contact information, Verification codes » Transaction details, Cryptographic elements & signatures » Points to or contains issuer’s policy statements Copyright © 2019 Kantara Initiative Inc.
  19. 19. 19 Standardized Personal Data Receipts offered to you whenever you agree to personal data processing will help enable a product ecosystem that assists you to exercise your data rights… Copyright © 2019 Kantara Initiative Inc.
  20. 20. 20Copyright © 2019 Kantara Initiative Inc.
  21. 21. THE DEMO NARRATIVE 21Copyright © 2019 Kantara Initiative Inc.
  22. 22. Imagine in a few years: you have ‘agreed’ at 500 services Copyright © 2019 Kantara Initiative Inc. 22
  23. 23. Now What?
  24. 24. Use Your Kantara Initiative Privacy Control Panel! (of course) Copyright © 2019 Kantara Initiative Inc. 24
  25. 25. 25Copyright © 2019 Kantara Initiative Inc.
  26. 26. The Simple Demo GET STORE VIEW Copyright © 2019 Kantara Initiative Inc. 26
  27. 27. Featuring Kantara Members Copyright © 2019 Kantara Initiative Inc. 27
  28. 28. Now For The Live Demo Copyright © 2019 Kantara Initiative Inc. 28
  29. 29. The order of demonstrations l Consentua: Paper Cup Shop l Ubisecure: API & Privacy Control Panel (Keith Uber) l Sphere Identity (Asya Ivanova) l Transmute Industries (Margo Johnson) l digi.me 29Copyright © 2019 Kantara Initiative Inc.
  30. 30. 30Copyright © 2019 Kantara Initiative Inc. What will you invent next?
  31. 31. WHAT HAPPENS NEXT? 31Copyright © 2019 Kantara Initiative Inc.
  32. 32. 32Copyright © 2019 Kantara Initiative Inc. Next work items l Discover more implementations l Next version of the specification l Functional & structural updates l Additional use case requirements l Specification v2 project starts next week l Introduce personal data receipt concept to Privacy Engineering community l Update the Receipt Generator site to current
  33. 33. 33Copyright © 2019 Kantara Initiative Inc. Automatic Receipt Generation & Offer l Define the ‘Shoebox’ API l Sites should offer receipts by default l Develop browser add-ons to convert existing information to Kantara standard receipt (e.g. IAB.EU cookie) l Once people have many receipts, control panel apps can be invented for management and action
  34. 34. 34Copyright © 2019 Kantara Initiative Inc. Known Implementations Tell us about your project! kantarainitiative.org/confluence/display/infosharing
  35. 35. Kantara Initiative Groups Contact Kantara Initiative: - the global consortium improving trustworthy use of identity and personal data kantarainitiative.org kantarainitiative.org/membership/ colin@kantarainitiative.org Consent & Information Sharing WG: - Consent Receipt specification - Interop demo development - Data sharing specifications kantarainitiative.org/confluence/display/infosharing andrewhughes3000@gmail.com JOIN: https://kantarainitiative.org/gpa-signup/?selectedGroup=3 Consent Practices WG: - Common practices for consent management kantarainitiative.org/confluence/display/consentmanagement andrewhughes3000@gmail.com JOIN: https://kantarainitiative.org/gpa-signup/?selectedGroup=40 Copyright © 2019 Kantara Initiative Inc. 35
  36. 36. Nurture. Develop. Operate. – that’s what we do Colin Wallis, Executive Director colin@kantarainitiative.org Twitter: @KantaraColin, @KantaraNews Join us at https://kantarainitiative.org/membership/ Ethics & Conformance Trust Marked 36

×