AdvCIS Conformance

Owned by Mark Lizar
Last updated: Nov 12, 2020
2 min read

Objectives

To test and develop conformance tools for the Notice and Consent Receipt.

Objectives

Success Metric(s)

Objectives

Success Metric(s)

test interoperability of standardised data governance framework - with consent and privacy law

production of a draft spec v1.2 Consent Receipt - (before v.Next - for explicit interoperable consent)

walkthrough and if possible Implement the RFC -Privacy Agreement - explicit consent lifecycle control - reference implementation

ability to specify an implementation

test as a prototype -

conduct a gap and requirements analysis

test the CR v1.2 specification draft

Look at an open inter

 

Adv-CIS : Use Cases

The list of use cases can cover a range of components, with the aim of having a single scenario that fits all the components, with sub-use cases to cover specific components.

The scenario example discussed in last Meeting 27, Nov.

  • Privacy rights use cases and requirements 

    • Explicit consent to access and transfer personal health records to a data trust for commercial research purposes. 

      • between two registered controllers 

      • between 1 registered controller an a 3rd party 

    • Privacy rights to;

      • achieve on going usable transparency, 

      • privacy rights to manage the control and access to personal data, 

    • Features to Explore

      • to delete and to mask (pseudo-anonymise) 

 

Project Plan Roadmap

 

Nov2019DecJan2020FebMarAprMayJunJulAugSepOctMarker 1
Aries RFC: Privacy Agreement
Implementation

RFC: Privacy Agreement Dev

CR-V2: ISO Input Kantara Liaison Group

Data Control Vocabulary, Data Cat, Compliance, Data Control

Demo Component (use case) Development

RFC-Draft 2: Control Terms

Reference Demo Implementation/Prototype

Prototype Reference Implementation

 

Use Case Interoperability Requirements

Requirement

User Story

Importance

Jira Issue

Notes

Requirement

User Story

Importance

Jira Issue

Notes

1

Consent Receipt v1.2

HIGH

 

 

2

COEL

used to record events and track the access to health data by the data subject 

 

 

 

3

W3C DPV

used to standardise the vocabulary for privacy control functions

 

 

 

4

Personal Data Categories

a set of standardised categories for international interoperability

 

 

 

5

Blinding Identity Taxonomy

security rules on the data capture of attributes related to personal data categories

 

 

 

6

AdvCIS: privacy agreement

Data subject created consent token built with the consent receipt

 

 

 

 

7

ODCA - Open Source

ODCA - a middleware tool for building schema - data capture to schema conversion - auto builds the json constructs

  • spreadsheet

  • machine a readable spec - parsing - program - to ODCA - middle ware to

  • dominant design model -

 

 

User interaction and design

To be discussed (currently out of scope until demo design stage)

 

 

Open Questions

Question

Answer

Date Answered

Question

Answer

Date Answered

 

Out of Scope