Re: DPV consent standards work wins Best Paper at Annual Privacy Forum from Harshvardhan J. Pandit on 2024-09-10 (public-dpvcg@w3.org from September 2024)

From: Harshvardhan J. Pandit <me@harshp.com>
Date: Tue, 10 Sep 2024 09:44:21 +0100
To: "Info @ OC" <info@openconsent.com>
Cc: Jan Lindquist <jan@linaltec.com>, Georg Philip Krog <georg@signatu.com>, public-dpvcg@w3.org
Message-ID: <8ea5b79d-2260-46c4-b56c-69c6e2599b5b@harshp.com>
Hi Mark.
Thank you.

Its good to see progress in your work. Please share it back with the 
group when it is feasible to do so.

This would not be the correct forum to discuss ISO NWI or 27569 so I 
will refrain from commenting on that here. But the general gist is that 
standards start with a very specific scope - so its a question of best 
fit as well as having agreement in the groups.

Regards,
Harsh

On 09/09/2024 13:28, Info @ OC wrote:
> Hi Harsh,  (Congratulation guys)
> 
> It is great news bringing this work forward, we also have progressed / finished the minimum viable consent receipt work in the ANCR WG @ Kantara. In addition we have a transparency performance scheme, to measure the validty of consent etc.
> 
> Some of the break throughs and. updates to share.   the MVCR (which is a notice receipt) works with any legal justification, implement global privacy rights labels, enable people to self-identify and most importantly to control their own personal data.
> 
> The power and potential of this work to address wide ranging security and privacy challenges, has kept me motivated.  But, the 27560 as it stands is a permission management service, its not consent.   To scale consent, transparency needs to be standardised.  Confusing the two is really dangerous as it advnaces the concepts aroudn conumer prtection and privacy.  Currently in Canada, there is a federal privacy bill which aims to introduce a new term called Consumer Privacy, and it uses the 27560 concept of consent.   This is a tremendous problem as US based consent protection does not treat privacy as fundamental right.
> 
> So, there is a lot of work still to be done and I  would like to collaborate again with you on it.  Georg has been there since the beginning on this topic in 2016.  I  hope we could continue working on receipts as an International tool.  (not just GDPR).
> 
> We have the next version in draft, the question is wether we should start a new NWIP proposal at ISO, or submit it as a 27569 contribution,   (your thoughts are very welcome)
> 
> Kind Regards,
> 
> 
> - Mark
> 
> On Monday, 9 September 2024 at 07:29, Harshvardhan Pandit <me@harshp.com> wrote:
> 
>> Hi All.
>> On behalf of myself, Jan Lindquist, and Georg Krog - who are all
>> contributing members to the DPVCG, I'm happy to announce our paper "
>> Implementing ISO/IEC TS 27560: 2023 Consent Records and Receipts for
>> GDPR and DGA" was awarded the "Best Paper Award" at the Annual Privacy
>> Forum 2024 (APF) organised by ENISA and the EU Commission.
>>
>> As the chair of the DPVCG, I'm delighted with this impact and
>> recognition of the hard and excellent work that we have been doing. The
>> presentation at APF also enabled putting DPV in front of several Data
>> Protection Authorities and practioners - which is another milestone.
>>
>> The paper is based heavily only the DPV implementation guide for consent
>> as per the ISO/IEC TS 27560:2023 standard - of which Jan was a co-editor
>> and I was a contributor. We explain how the standard aligns with GDPR,
>> and how to create interopreable standards-based consent records and
>> receipts with DPV. We also discuss how this DPV work will work with the
>> DGA and eIDAS as well as EUDI Wallets (which Jan has ongoing work on).
>>
>> The paper is available as open access:
>> https://doi.org/10.1007/978-3-031-68024-3_12
>> The slides are available online:
>> https://harshp.com/presentations/2024/APF-27560/APF-27560.pdf
>> Annual Privacy Forum: https://privacyforum.eu/
>>
>> For further work in this particular area, both Jan and myself has
>> proposed that the 27560 standard be made free / open-access in the
>> interest of public benefit similar to other ISO standards. We are
>> awaiting a formal reply on the matter. Separately, we are also exploring
>> how to adopt this standard as an EN - which will permit its formal
>> recognition and use in regulations/policies within EU.
>>
>> To further enable the use of DPV and ISO/IEC TS 27560:2023, myself and
>> Georg (Signatu) are creating a technical 'schema' for communicating and
>> interpreting consent records and receipts. This addresses the potential
>> 'infinite combinations' problem of using DPV as different entities can
>> create different schemas and interpret it in different ways. Instead, we
>> are working on a technical specification that allows use of JSON/JSON-LD
>> where the schema and interpretation are fixed/determinisitc - based on
>> the practical use-cases and experience of Signatu as a Consent
>> Management Platform.
>>
>> If you are interested in this work, or want to implement or support its
>> development, please reach out to us.
>>
>> Regards,
>> --
>> ---
>> Harshvardhan J. Pandit, Ph.D
>> Assistant Professor
>> ADAPT Centre, Dublin City University
>> https://harshp.com/

-- 
---
Harshvardhan J. Pandit, Ph.D
Assistant Professor
ADAPT Centre, Dublin City University
https://harshp.com/
Received on Tuesday, 10 September 2024 08:44:28 UTC