Re: Proposal and notes for Consent Concepts

Hi. Thank you for the comments. My replies are inline.

On 19/07/2022 13:14, Mark Lizar wrote:
> Although in data protection law, explicit, informed, and meaningful consent is defined. This represents one data governance risk vector but doesn’t actually address the individuals governance risk vector or a shared/community  governance risk frameworks.

I've just transposed the legal requirements, nothing else here. 
Everything else is subjective and difficult to represent in the 
interests of interoperability.
>> On Jul 15, 2022, at 7:07 PM, Harshvardhan J. Pandit<>  wrote:
>> **New Concepts**
>> 1.  ConsentRecord subtype of DataProcessingRecords
>> 2.  ConsentStatus subtype of Status, with subtypes Unknown, Requested, Refused,
>>     Given, Expired, Invalidated, Revoked, Reaffirmed
>> 3.  ConsentExpression with subtypes UninformedConsent, and InformedConsent - which
>>     has more subtypes as ImpliedConsent, and ExpressedConsent - which has more
>>     subtypes as ExplicitlyExpressedConsent.
> # 3 seems very complicated -

Not complicated enough - it doesn't include Freely Given, Unambigious, 
etc ... ;) But we'd add these in DPV-GDPR.

>  From the human centric perspective everything can be interpreted as sometype of consent .

We're scoping ourselves to data protection / privacy laws and terms for 
the group.

> e.g. implied, implicit, explicit, directed or even altruistic - the quality of the consent provided can be informed, meaningful and explicit, and all of these indicate a state of consent.  But not it’s status - which is missing - and I like

Not sure what you mean by status, but there is a concept for the 
state/status of consent as expected for its validity.

>> **Breaking backwards compatibility**
>> -   IF there are strong considerations for existing use of these properties, we
>>     can offer a "sunset period" where the current concepts/properties will
>>     continue to be in DPV for a period of time after which they will be
>>     retired, with a note to this effect in the spec. The new concepts will be
>>     added now and will be indicated as the preferred ones.
> Which properties ?

Existing properties specified for consent, i.e.

>> -   It is no longer possible to express both 'given time' and 'withdrawal time'
>>     over the same instance of consent. However, this loss has made awy to indicate
>>     a wider range of 'states' such as refused and reaffirmed which need their own
>>     timestamps (such as under GDPR and EU-DSA)
> Does re-affirmed = renewed?

Yes, reaffirmed means to affirm or confirm something (again). "renew" 
would mean to repeat or reaffirm as well, but I chose what I thought was 
the most clear term to indicate confirming/granting again (i.e. 
repetition) that would not be confused again (e.g. repeating earlier 

Harshvardhan J. Pandit, Ph.D
Research Fellow
ADAPT Centre, Trinity College Dublin

Received on Tuesday, 19 July 2022 15:08:21 UTC