Identity Trust Charter

From IdCommons

Name

Human Trust for Identity Technologies (trustworthiness)

Charter Purpose

To advocate and facilitate open (not closed) internet policy notices and terms that enable people to control personal information. Enabling a rich ecosystem of granualr controls to set personal information free from its current privacy prison.

Both Consent and Notice are primary tools online used to legally control and administer the flow of personal sharing and disclosure of information online. At this time this policy infrastructure is a relic of the industrial age, broken by surveillance capitalists, and not usable for privacy rights in context with identity management.

Industrial Age Notice is the existing policy infrastructure that is easily identified by a check box or i agree button to administer the control and use of personal data and contract terms, but it is ad-hoc. Meaning that each organisation has its own policy in their own format, placed in various places on websites. The most typical sign of Industrial Age Notices is that the law in most countries in the world stipulates, that if an organization wishes to, they can require people to provide a written request for access to personal information. Thus restricting people to analog (not in context access to personal information) An issue, with a simple standard for an open notice format, could easily be addressed with a twitter address.

Practices

To work towards towards a global legal entity policy frameworks for notice and consent. Collaborate, lobby and facilitate opportunities in the development of Notice and Consent online. Activities consist of posting articles of interest to the list and to share research pertaining to the advancement of notice and creation of consent management for identity management. Anyone can participate.

trust@smartspecies.com

There are a growing number of efforts in the space of identity management online. This charter calls for more focused discussion, on the core issues of personal data control, security and consent to develop the use of notices for the autonomous control of personal information.

"Identity Trust 2008 Think Tank - Topic List"

  • User-Centric Consent tracking
  • Advocate for an Open Online Notice Standard for policy and consent notices
  • Support the evolution of Data Portability by digitizing and standardizing Legal Subject Access Requests
  • Analyzing/Measuring the new trust/privacy strategies and regulatory initiative (do they really work?)
  • Mapping Governance: tracing the control infrastructure of choice, consent, and policy notices
  • Exploring Consent and Notice Metrics for uniform enforceability across jurisdictions
  • Identity Rights Framework - How to independently measure the quality of rights protections in online information policy?
  • How to Regulate? What to Regulate? Where to Regulate?
  • Legal and Illegal use of notice and consent in surviellance

(Invitation, Please email topics to trust@smartspecies.com)

History of Works

Notice & Consent for trust in the use of identity or : 'Identity Trust' Presented at IIW in 2006 by Mark Lizar & Louis Monvoisin

Influential Works & Events

Some Papers, Presentations & Hackathons: international privacy

2007

  • Privacy Icon's work led by Mary Rundle, made it's way to the OECD in 2007, and was presented to British Parliament.
  • [OECD - From Person Hood To Digital Identity][1]
  • [Royal Academy of Engineering – Dilemmas in Privacy and Surveillance, 2007][2]
  • [House of Commons Home Affairs Committee: A Surveillance Society? Fifth Report of Session 2007-08 - pg 201 Appendix 29 Memorandum submitted by Identity Trust to support a Community Interest Company CIC approach to generating a public fiduciary framework for identity management][3]


2012

  • Lizar, Mark; Potter, Gary. ... Lizar, M & Potter, G 2012, [Towards a framework of contextual integrity : legality, trust and compliance of CCTV signage][4]; In A. Doyle, R. K. Lippert, & D. Lyon (Eds.), [Eyes everywhere: the global growth of camera surveillance][5] Abingdon: Routledge .
  • The Open Notice Initiative: [TOS Didn't Read][6], [Common Terms and the Biggest Lie ][7] launched a new initiative for advancing notice and consent standard to address the fake "I agree" and "I understand" online forms for taking peoples data.


  • W3C Do Not Track and beyond - [Call for Collaboration][8] Mark Lizar and Reuben Binns - A call for standards to be open and interoperable for notice and consent.
  • ACM Paper [Usable Consents][9] - Mary Hodder & Mar Lizar
  • New York Legal Hackers - Data Protection Legal Hackathon - London - NewYork - San-Francisco [Mozilla, EFF, Kantara, OKF, New York Law School, ] With a lot of help from Dazza Greenword - MIT Law and Media Labs][10]


2013

  • [Aaron Swartz - Theory of Change][11]
  • Open Notice Initiative Report: Moves on Next Steps - After a lot of work, it has become clear that 3 key things are required for Open Notice:

1. Privacy Laws Need to be updated - See 2007 Report 2. Standards for Consent are needed (Not Just Notice) - See Hackathons 3. Laws for Notice and Consent Need to Be Enforced -

  • [ISO 29100 Security Privacy Framework][12] is voted to be made a public document


2014

  • [Converge-A-thon](https://www.youtube.com/watch?v=SOhnElkSSj0) - Satellite Hack-a-thon event co-hosted with Dazza Greenwood from MIT. (all star IdC community Line up) hacking identity governance
  • Information Sharing Label, User Submitted Terms


2015

  • Kantara Initiative Minimum Viable Consent Receipt - With input to sister specification through Kantara Liaison --> ISO 291984 [Online privacy notices and consent][13]

2016

  • Kantara Initiative CISWG: MVCR (Minimum Viable Consent Reciept v0.7) - with placeholder annex's for Purpose Categories and Persona Data Categories
  • OASIS COEL Adpots CR v0.7 format.
    • At this point we realise that there are more efforts working on the same problem set, and frameworks, independently. In addition, the GDPR draft was leaked which enables us to fill in some of the required compliance schema for defining some standards components.
  • Innovate UK - Digital Catapult - Personal Data & Trust Workshops - 6 work shops delving into meaningful consent for people - Consent is first and foremost a human term - translated into law -

2017

  • Consent Receipt v.1 [Kantara CISWG][14] This and the 1.1 are the pre-gdpr Consent Receipt, without deletion. The full global schema and taxonomy, became a standards issue officially when the GDPR came into force, and the preparations for Data Privacy Vocabulary work began with the Horizon 2020 Special Project.
  • [Special Project:][15] - Independent EU funded consortium with a mandate to have an open standard for data privacy vocabulary, independent of any previous works. (Scalable Policy-aware Linked Data Architecture For Privacy, Transparency and Compliance)


2018

  • EU- General Data Protection Regulation comes into force - Making Consent Records mandatory for digital identity in the EU
  • May -Consent Receipt v1.1 [Kantara ISWG][16].
  • May - 24th - End of Privacy 1.0 - Joint Organisations --> MIT Media Labs/MyData/OpenConsent/ODI/Kantara - With MIT HackDay [GIT][17] - [Video][18]
- [End of Privacy 1.0 Report - Kantara Initiative][19]
  • May 24th --> W3C - Data Privacy Vocabulary Controls Community Group was Launched

Kantara Initiative CISWG and the W3C DPV - Adopt the Personal Data Categories from Enterprise Privacy for the Consent Receipt V 1.1

2019

  • Jan [Canada: Meaningful Consent Legislation came into force][20]
  • Feb [Canada: Supreme Court for Public Expectation of Privacy][21]

Large Scale Notice Violation Enforcement

  • EU: France - CNIL - 50 million fine for lack of Notice & Consent

Consent Receipt interoperability - Updates in 2019

  • Kantara CISWG- [Consent Tech Demo's][
  • [OASIS COEL (Classification Of Everyday Life Standard)[22] Published - with use of the Consent Receipt format
  • W3 DPV [Data Privacy Vocabulary v.1][23]
  • W3 [DPV Report][24] [Link for providing feedback][25]
  • Kantara Consent Receipt [GDPR extension for the DPV][26]
  • Nov - Panel of top Global Regulator Experts, the progress of harmonisation for global privacy laws [41 ICDPP2019][27]
  • CNIL Fines Google first major fine of 50 mill Euros, for illegal notice and consent
  • Kantara Consent WG (Demo Day - May 24 - 2019)[28]


2020

  • California Consumer Privacy Act
  • IS0/IEC 29184: Online Privacy Notice & Consent: with The Consent Notice Receipt added as an example of a distributed consent record notice in the appendix
  • GDPR - Consent Legal Requirements come into force May 4th
  • Kantara Consent Receipt voted by ISO to become a standard ISO 27560 - Consent Record Structure
  • Data Governance Act is Drafted
  • Canadian Consumer Privacy Act : Enforceable Privacy Law Proposed
  • Bill 64 - Quebec Privacy Law Update
  • MyData 2020: [Data Governance Landscape][29]

2021

  • Launched Kantara: ANCR WG for Advanced/Active Notice & Consent Receipts launched for input into ISO 27560
  • CR V1.2 (ANCR)

Related WG's and links support Identity & Trust

ISWG - Information Sharing Work Group ([Kantara Initiative][30] and [Identity Commons][31]) OIX WG - Open Identity Legal Analysis Work Group (Open Identity Exchange) [UMA][32] - User Managed Access (Kantara Initiative)

Key Works

2007: International Privacy and Security Trust Alliance - (later contributed to inISO)

Privacy Icons

  • M. C. Rundle, "International personal data protection and vital identity management tools", Presentation at IGF 2006 Privacy Workshop in Athens, 2006.
  • L. E. Holtz, K. Nocun, M. Hansen, "Towards displaying privacy information with icons" in IFIP PrimeLife International Summer School on Privacy and Identity Management for Life, Berlin Heidelberg:Springer, pp. 338-348, 2010.
  • V. Boehme-Nessler, Pictorial law: modern law and the power of pictures, Springer Science & Business Media, 2010.
  • J. S. Pettersson, "A brief evaluation of icons in the first reading of the European Parliament on COM (2012) 0011", Privacy and Identity Management for the Future Internet in the Age of Globalisation.
  • R. Iannella, A. Finden, S. Creations, "Privacy awareness: Icons and expression for social networks", Proc. 8th Virtual Goods Workshop and the 6th ODRL Workshop, pp. 1-15, 2010.
  • PRIME and its follow-up PrimeLife EU public private partnership research project.

(Modularized) Human Readable Privacy Policies by Max Senges, Internet Rights and Principles Coalition

  • J. Gomez, T. Pinnick, A. Soltani, Privacy coding methodology, 2009, [online] Available: http-//knowprivacy.org/policiesmethodology.html.
  • Iconset „Data-Privacy Icons v0.1“ by Matthias Mehldau wetter@berlin.ccc.de

Anyone may contribute and comment at any time.

[if you are interested in more information or a private chat send an email to [openconsentgroup@gmail.com]]

Licenses and/or Restrictions on Usage of Work Product

Creative Commons Attribution-Share Alike: For Identity Trust: Trust in Identity Research

Current Meeting Schedule

There are no meetings scheduled as of yet.

Current Deliverable and Milestones

Step 1: Aggregate interest, material and ideas.

Step 2: Organise calls for ideas, papers and events based on Step 1

Current Stewards Council Representative and Alternate

Primary: Mark Lizar Smart Species Canada Alternate: Louis Monvoisin Smart Species Canada

This Charter effort is dedicated to the memory of Nick Givotovsky a co-founder. The first Steward of the initiative to generate trust in the use of Identity management. [RIP][33]

Research References

Open Privacy Projects

  • [Open Privacy.Org][htps://openprivacy.org]

Privacy Icon Projects & Research

  • [Privacy Icon Legal Hackathon][34]

W3C Workshops:

  • [Do-Not-track] [35]- Apr 26-29, 2011 @ Princeton
  • [Internet Privacy Workshop][36] - Dec 8-09, 2010 @ MIT
  • [W3C Workshop on Privacy] [37]and data usage control 04/05 October 2010

'Reference Papers:'

  • The Evolving Privacy Landscape: 30 Years After the OECD Privacy Guidelines [38] Latest OECD Doc - Transparency and Consent are the most important principles.
  • [NSTIC Privacy Effects] [39]April 15, 2011 By Identity Finder, LLC: Aaron Titus, Todd Feinman, and David Goldman
  • Research on the Relationship between Trust and Privacy in Network Environments] [40] Feng Gao, Jingsha He, Shunan Ma, International Journal of Digital Content Technology and its Applications. Volume 5, Number 1, January 2011
  • [EU Electronics Communication Revisions] [41] April 2011
  • Morrone Adolfo, Tontoranelli, Noemi, and Ranuzzi Giulia (2009)[ How Good Is Trust? Measuring Trust And Its Role For The Progress Of Societies][42] Organisation for Economic Co-operation and Development: 38. 6963

An Original Charter Statement

This work group has been set up to develop a Master Controller Access to Consent Framework.[ Note 2006 Master Control was a long way to describe human centric privacy framework for identity management. This effort is still growing and influencing the development of global standards and regulations.]