Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technologist Personal Data and Trust - Digital Catapult


Published on

Presentation at My Data Conference 2016 - MyData2016 - Making Trust Ecosystem Happen session

Published in: Technology
  • Be the first to comment

Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technologist Personal Data and Trust - Digital Catapult

  1. 1. Consent Receipts: The future of Personal Data Sharing? MyData 2016 Conference Day 1, August 31st, Helsinki Session: Making Trust Ecosystems Happen Michele Nati Lead Technologist Personal Data and Trust Digital Catapult, London @michelenati
  2. 2. What is a Consent Receipt? h"ps:// v0.7.9.mdC Recommenda5onC forCstandard,C KantaraCIni5a5ve,C CISWGC
  3. 3. What a Consent Receipt could be useful for? TaCsC ConsentCNo5ceC ConsentC ReceiptC AgreeCandCForgetC LieC&CAgreeC (Pre@service)CConsentCshouldCbe:C @  FreelyCgivenC @  Informed,CunambiguousCandC specificC @  NoCmoreClegi5mateCinterestC (In@service)CConsent:C @  Dynamic,CchangeCandC removeC @  TransparentC @  AuditableC @  BreachesCno5fica5onC StandardizedCprocessCandCdataC(ConsentCReceipt)C
  4. 4. Consent Receipt Ecosystem
  5. 5. Process to issue a Consent Receipt AssessmentC •  AssessCprivacyCpoliciesCofCanCorganiza5onC •  ExtractCfixedCpartCofCconsentCreceiptC Customiza5onC •  CustomizeCconsentCreceiptCgeneratorCforCaCgivenCorganiza5onCandCpolicyC IssuingC •  CollectCmissing/transac5onalCdataCspecificCtoCtheCcurrentCindividual/ organiza5onCtransac5onC(atC5meCofCsigningCforCaCservice)C •  GenerateCaCpersonalizedCreceiptC–CaddCuniqueC“pseudonymous”CIDC •  SendCaCcopyCofCreceipt,CasCplainCtext,ChumanCreadable/informa5veCC(alsoC machineCreadable)C
  6. 6. Where did we start? WorkCinCcollabora5onCwithCPhDCCandidate,CTa5anaCStyliari,CUniversityCofCNoanghamC
  7. 7. Our first result
  8. 8. Initial findings Consent Receipt design & content: ● Icons ●Text to accompany icons ● Colors (related to security level) ● Quick to scan read ●Bulletpoints ● Who, what, why, where, with whom ● Link with more info for each section ● Easy access (mobile) ● Forget me option ●Team/person details to contact for info/ complain General Feeling: •  Necessity of the consent receipt: People recognise the need to have more control over the data they share. •  Identification of a wider societal impact: collect consent receipts to distinguish your data sharing patterns.
  9. 9. Our implementation
  10. 10. Consent Receipt mockup
  11. 11. What we have learned? (after involving lawyers !) According to DPA, consent is not required for: a)  the “legitimate interests” of the data controller so long as they do not override the fundamental rights of the data subject; b)  data that it is necessary to collect or process the data to fulfill a contract the data subject asked to enter This might limit the impact of Consent Receipt and confuse end users Solution: we will issue a Personal Data Receipt (GDPR has an “Information Notice” requirement), including all the collected personal data
  12. 12. (PD) Receipt trial aims •  Educate consumers (visitors) about information receipts •  Understand the value of information receipts for consumers •  Increase transparency •  Promote good practices and adoption of information receipts across a various range of stakeholders
  13. 13. How to make this scalable? This requires: -  3rd party to provide service assessment (similar to Privacy Seal assignation) -  Standardized Privacy Policies to make it scalable -  A standardized (Consent) Information Notice to guarantee interoperability -  Maintain easiness of understanding from end-users -  We will combine with BSI PAS 4891 Initiative
  14. 14. BSI PAS 4891 •  Recommendation on how organizations communicate how they use customers personal data online •  Define the categories of information •  Provide an initial icons mockup •  Can be used in layered privacy policies (and information notice)
  15. 15. Why Digital Catapult is doing this?
  16. 16. Here to help grow the UK’s digital economy Office of National Statistics shows only 7% of UK national output comes from the digital sector significantly behind the global leader South Korea at 11%.
  17. 17. DIGITAL CATAPULTS Here to accelerate economic growth and productivity for the UK 1 A not-for-profit, private limited company2 Completely neutral3
  18. 18. HOW DO WE DO THIS? 1.Through adding technological, business expertise and academia o  Help SMEs to scale faster o  Help businesses with digital transformation 2.Tackle large scale digital challenges that are too complex, financially risky or take too long 3.Use Research & Development to open up new markets and commercial opportunities
  19. 19. FIVE CENTRES ACROSS THE UK We work across the UK with •  Digital communities •  Innovation clusters •  Businesses (all sizes) •  Public sector •  Research •  Government •  Universities and academics •  Not-for-profit organisations
  20. 20. WE WORK ACROSS A RANGE OF TECHNOLOGY LAYERS Next generation Internet: Internet of Things, distributed ledger technologies, decentralised web, 5G and low powered wide area networks Data-driven: trust, privacy, identity and security Intelligent: machine learning and artificial intelligence
  21. 21. Personal Data and Trust Network PDTNC SMEsC CorporatesCUniversi5esC 600+ Innovators in Personal Data and TrustC
  22. 22. We help others work together.
  23. 23. Want to contribute? Get engaged with us and help to replicate!!
  24. 24. THANK YOU! #DigiCatapult 0300 1233 101 Digital Catapult /DigitalCatapult @DigitalCatapult