I hope I'm posting in the right place:

Eve suggested that I take a few minutes in the next legal working group to walk through how CommonAccord handles text. I could do mechanics, or could focus on an example. If an example, it could be one that Adrian and I are working on, but the recent decision throwing the EU-US personal data Safe Harbor into question seems an attractive opportunity. It allows starting from nothing, and an opportunity to use open source collaboration to create the documents of a new regime. The current regime, both both technical and textual, needs an upgrade. The textual part includes contracts, legislation, and the things in between such as model agreements and "my company's form." Traditionally, these have suffered from bottlenecks and procrustean compromises. Open source collaboration side steps the limitations.

With that in mind, I made a little stub of a "Consent" to transfer of personal data. It started as a single sentence. It is now expressed as an agreement and has stubs of sections for a few of the topics covered. The goal is to show how pieces can be put together. It is a Socratic document - stubs as questions intended to evoke answers.

I invite people to kick tires, suggest a full outline of provisions, section completions, or use cases. If even a few people have had an opportunity to have their suggestions integrated (I will add all comers - the data model permits even inconsistent variations), then we might have a richer conversation on Friday.

In parallel, Adrian and I are making progress on the really important patient consent use case.

Framework for Alice-originated consents:

http://new.commonaccord.org/index.php?action=source&file=GHx/KantaraInitiative/EU-US/Form/Doc_v0.md

On Tue, Oct 6, 2015 at 6:33 PM, James Hazard <james.g.hazard@gmail.com> wrote:

FWIW:

http://new.commonaccord.org/index.php?action=source&file=GHx/KantaraInitiative/EU-US/Form/Doc_v0.md

On Tue, Oct 6, 2015 at 6:17 PM, Adrian Gropper <agropper@healthurl.com> wrote:
+1 Mark. UMA enables data to be accessed by reference instead of by value and reduces the need to copy it. With UMA, authorization servers become the primary point of aggregation (as well as notice for transparency) and the need for data brokers and deletion problems is reduced.

UMA shifts the discussion to control and transparency of surveillance and aggregation, and it scales to serve personal, family, local, virtual community, national, and international "clouds".

Adrian

On Tue, Oct 6, 2015 at 11:18 AM, Mark Lizar <mark@smartspecies.com> wrote:
Very much agree Jon,

Personal data control, what is achieved through ‘real' consent, is required for many things - among them is managing commercial relationships with vendors. But, VRM, in my opinion, would not be the only core driver for change. I still think compliance, combined with customer experience, is going to be the market driver.

Personal data does not need to be destroyed if access to it only needs to be revoked, i.e. with UMA. I wrote a piece on this in 2011 for Identity Trust discussing how data protection industry is destroying privacy and undermining national security (not only the individual). The long and short version being, volunteered personal information is much more valuable to organisations. Personal control over my data is the best method of transferring data internationally with compliance and high levels of customer experience.

- Mark

On 6 Oct 2015, at 14:53, James Hazard <james.g.hazard@gmail.com> wrote:

Do you mean that consent of the person permits transfer of data, but consent is necessarily revocable and data must be destroyed?

On Oct 6, 2015 3:40 PM, "Neiditz, Jon" <JNeiditz@kilpatricktownsend.com> wrote:
Why?

The Advocate General's opinion and the Court's decision both turn on the inability of Safe Harbor to prevent surveillance. NO permitted basis for data transfer prevents surveillance, not Model Clauses, not Binding Corporate Rules (BCRs). Logically, if probably not in immediate corporate and EU national practice, the only bulletproof basis for data transfer to the US is now the ever-so-revocable CONSENT, which presumes no fictitious protection from surveillance.

See also: https://www.linkedin.com/pulse/good-morning-safe-harbor-dead-what-does-mean-now-later-jon-neiditz?trk=prof-post

Your thoughts?

Jon Neiditz
Kilpatrick Townsend & Stockton LLP
Suite 2800 | 1100 Peachtree Street NE | Atlanta, GA 30309-4528
office 404 815 6004 | cell 678-427-7809 | fax 770 234 6341
jneiditz@kilpatricktownsend.com | www.kilpatricktownsend.com

________________________________

Confidentiality Notice:
This communication constitutes an electronic communication within the meaning of the Electronic Communications Privacy Act, 18 U.S.C. Section 2510, and its disclosure is strictly limited to the recipient intended by the sender of this message. This transmission, and any attachments, may contain confidential attorney-client privileged information and attorney work product. If you are not the intended recipient, any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is STRICTLY PROHIBITED. Please contact us immediately by return e-mail or at 404 815 6500, and destroy the original transmission and its attachments without reading or saving in any manner.

________________________________

***DISCLAIMER*** Per Treasury Department Circular 230: Any U.S. federal tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma

--

Adrian Gropper MD

PROTECT YOUR FUTURE - RESTORE Health Privacy!
HELP us fight for the right to control personal health data.
DONATE: http://patientprivacyrights.org/donate-2/

--
@commonaccord

@commonaccord