This is very interesting and I agree.

I had accodified ( Eve ;) ) the European text so that one can rehash it and make deep links into it. E.g.:

http://www.commonaccord.org/index.php?action=doc&file=Wx/eu/europa/europarl/2012-0011/Form/0.md#Article.18.2.sec

My sense is that such requirements can drive adoption of good (even best) practices, for instance regarding retention and access:

http://www.commonaccord.org/index.php?action=doc&file=Wx/eu/europa/europarl/2012-0011/Form/0.md#Article.23.2.sec

Those requirements could be baked into agreements with users and governments, such as Appendix 2 to the "Model Clauses" (the tan-colored part near the end of the document):

http://www.commonaccord.org/index.php?action=doc&file=Dx/Acme_UK/01-EU-US-DataTransfer/Doc_v0.md

On Thu, Jan 14, 2016 at 3:13 PM, Adrian Gropper <agropper@healthurl.com> wrote:

In the last month two very important regulatory guidance documents have been released by the EU and US governments respectively:

http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm
and
http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access/index.html

By adding to these regulations a single constraint - that an individual can own and specify the UMA Authorization Server if they choose to - I think we can derive a complete UMA Legal profile and associated clauses.

I've started analysis of the US reg at http://bit.ly/HEARTfromHIPAA I think a similar analysis could be interesting for the EU regs.

Adrian

--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma

@commonaccord