Adrian;Isn't it the case that notice requires a recipient. The actual address to which this is delivered can be transient, anonymous, or permanent. From my point of view the consent receipt will deliver a record of what information was collected, by whom, and for what purposes. The presence of a GUID on the receipt means that the transaction can be both anonymous and verifiable after the fact - if both parties keep a copy of the receipt. And it is certainly the case that the consent receipt format can be used to deliver a notice - i.e. "Here is the receipt you will get if you register with our site. Should we proceed, or should we delete your information and end the transaction?"So to your question about where to work this out, I would suggest that there is no normative or canonical answer to this question. If and when the notion of a receipt for the collection of personal information becomes normalized, then there will be many contextual choices. Hopefully most of them will meet the spec we are building - but that spec has to do with the information IN the receipt, not how it is transmitted.Adoption will be driven by the ability of providers to use the API we are devloping in multiple contexts, to meet their own and their customers needs - while providing evidence to regulators where needed.On 23 October 2015 at 10:07, Adrian Gropper <agropper@healthurl.com> wrote:Apologies for continuing this valuable cross-posting.Notice, first and foremost, requires a destination address. This address can be either:
- arbitrarily specified by the subject of the PII (the principal)
- specified by the vendor or service provider
- chosen, NASCAR-style, from a list of well-known intermediaries
- sent to a public ledger like a blockchain
Where do we work out which of these meets our intent and drives adoption?
Adrian
--On Fri, Oct 23, 2015 at 8:11 AM, Mark Lizar <info@smartspecies.com> wrote:Some background on the thinking that has gone into the design of a consent receipt specific to safe harbour.One of the biggest issues with moving data across jurisdictions is the different laws. This is in addition to the complexity of difference cultures and different contexts that create expectations of data use. This is why data protection and privacy in the context of cross border data transfers is so difficult.A preferred way to expedite data transfers is for people to control their own data and to consent to its access, rather than only its transfer. (A new and developing layer of technical capability affectionately called Consent 2.0)A consent receipt is like a reverse (VRM) cookie, its a record that people get to track organisations and what they share about them. It collects the identity attributes that are provided, the purpose they are provided for and who they are shared with. The Consent Receipt can also carry assurances, trust marks, security promises and even reputations.
Combined with UMA, a consent receipt is a tool to show how personal control over data means that it can stay in a jurisdiction, and be shared with others. In essence people can control access to data and create their own safe harbour to transfer data across borders.Regardless of who the data controller is, a key benefit of a consent receipt for organisations is the ability to add, record and provide jurisdictionally based notice requirements to a consent notice. Demonstrating compliance (or not) by the notices provided with the privacy policy for sharing and data use. Combined with model contract clauses, which are used to assure liability and define data controls, consent receipts address Privacy Policies while model contracts address Terms of Use policies.In the EU, notice and consent is required for all personal data collection and sharing. In the US, explicit notices are required for consent for sensitive data. Data covered by federal laws like COPPA, GBLA, HIPPA, and the like.In every jurisdiction sensitive data comes with specific, legally defined, notice requirements, that are localised. All sensitive personal data transfer requires explicit consent and notice that are intended to assure informed consent. It is for this reason that a consent receipt has been designed to highlight sensitive data, both what an individual considers sensitive and what the law considers sensitive, so that PII can be shared.If an organisation doesn’t meet legal notice requirements across jurisdictions, then it doesn’t matter what model contract clauses are used, the consent is not informed and compliant for sensitive data collection and sharing. In fact, model clauses can become a source of toxic liability and can be used to hold the data controller or processors liable. (which builds trust)Adrian Gropper MD
PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.