March 2024 - Wg-pemc - mailman.kantarainitiative.org

adoption of document for purpose and consent
by Tom Jones 20 Mar '24

20 Mar '24

This document was adopted for development by the Reliable Identifier for the Underserved Populations (RIUP) Kantara work group. This is just an informative notice and does require any action by the PEMC. But feedback from the members would be highly appreciated. https://docs.google.com/document/d/1n7HobJ6QTsNld5rn1uuIiNw0A__L44ug/edit?u… ..tom

1 0

making a difference
by Tom Jones 06 Mar '24

06 Mar '24

I am having trouble getting privacy enhancing techniques into the wallet-verifier communications in OpenID and OWF. If we don't have a doc (even a draft) to show the standards makers soon it will be too late to make a difference. I have included an attachment that shows the problem i am having even getting a user friendly name of the verifier into the wallet. ..tom

1 0

interesting view on observability and purpose from EU
by Tom Jones 01 Mar '24

01 Mar '24

We now have new requirements - observability and purpose - it seems that the idea of a general purpose wallet has been effectively eliminated in the EU and by those states that mandate their own wallets for their own creds. Statement by the Commission on unobservability on the occasion of the adoption of Regulation 2024/... + The Commission welcomes the agreement reached, which in its view, confirms that this amending Regulation does not allow for the processing of personal data contained in or arising from the use of the European Digital Identity Wallet by the Wallet providers for other purposes than delivering wallet services. The Commission also welcomes the inclusion of the concept of *unobservability in Recital (11c) of the draft amending Regulation, which should prevent wallet providers from collecting and seeing the details of user’s day-to-day transactions.* The Commission is of the view that this concept means that there should not be correlation of data across different services for the purposes of user tracking or tracing or for determining, analysing and predicting personal behaviour, interests or habits. At the same time, the Commission acknowledges that, in full compliance with Regulation (EU) 2016/679, the providers of European Digital Identity Wallets may access certain categories of personal data with the user’s explicit consent, such as in order to ensure continuity in the provision of wallet services or to protect users from disruptions in their provision.* That data should be limited to what is necessary for each specific purpose.’ * AM_Ple_LegStatOther (europa.eu) <https://www.europarl.europa.eu/doceo/document/A-9-2023-0038-AM-007-007_EN.p…>

2 1