This is very interesting and I agree. I had accodified ( Eve ;) ) the European text so that one can rehash it and make deep links into it. E.g.: http://www.commonaccord.org/index.php?action=doc&file=Wx/eu/europa/europarl/2012-0011/Form/0.md#Article.18.2.sec My sense is that such requirements can drive adoption of good (even best) practices, for instance regarding retention and access: http://www.commonaccord.org/index.php?action=doc&file=Wx/eu/europa/europarl/2012-0011/Form/0.md#Article.23.2.sec Those requirements could be baked into agreements with users and governments, such as Appendix 2 to the "Model Clauses" (the tan-colored part near the end of the document): http://www.commonaccord.org/index.php?action=doc&file=Dx/Acme_UK/01-EU-US-DataTransfer/Doc_v0.md On Thu, Jan 14, 2016 at 3:13 PM, Adrian Gropper <agropper@healthurl.com> wrote:
In the last month two very important regulatory guidance documents have been released by the EU and US governments respectively:
http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm and
http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.htm...
By adding to these regulations a single constraint - that an individual can own and specify the UMA Authorization Server if they choose to - I think we can derive a complete UMA Legal profile and associated clauses.
I've started analysis of the US reg at http://bit.ly/HEARTfromHIPAA I think a similar analysis could be interesting for the EU regs.
Adrian
--
Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy! HELP us fight for the right to control personal health data. DONATE: http://patientprivacyrights.org/donate-2/
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma
-- @commonaccord