There has been some good forward movement on resolving long outstanding issues in advancing the work from the ANCR WG. Below I explain why I would like
to propose that we take our v2 notice and consent receipt work to Data Governance Standards Institute (DGSI), a Canadian national standards body, as
soon as possible.
For those of you who don’t know, there are some known challenges to progress the notice and consent receipt work. In summary:
For these reasons and more, the
ANCR WG has always been viewed as a place to incubate standards for industry and regulatory use. This is why we have worked on a companion TP-Scheme that uses this specification to demonstrate conformance and compliance. The idea being that we, the ANCR WG,
work on the scheme, and support its use and extension for a Kantara programme, or one that Kantara collaborates with.
The ANCR WG demo, in collaboration with a specification at DGS is what is ultimately being proposed here as the immediate path forward
DGSI are now recognised, accredited to make national and international standards, and have a direct route
to ISO/IEC. Even more importantly, DGSI have an arrangement with ISO because their standards are open, the standards put forward to ISO will also be free and open to access. This provides us with a clear path for our v2 Notice and Consent specification to
ISO, with national regulatory input, at no cost.
To this end, the next plenary for ISO is coming up at the end of this month and comment is needed next week (w/c 9 September).
I suggest we put forward to the 27560 that we have a proposed v2 to be developed in collaboration with DGSI, and that we have a TPS at Kantara, to assess validity of consent,
Suggesting We move the TP-Scheme forward in this context - and from this context work on the AuthC SiG.
Please comment and respond before next weeks meeting (Wed 12th of September)
- Mark