Create a PII principal – PII Controller Secure channel
PII Controller
YES
Extension
Exchange digitally Consent related artefacts securely (prevent usurpation of identity and tampering of artefacts)
Non Functional Requirement
- Did com controller used in OCM/ CloudPCM
(used to share invitation link)
- then OID Protocol used
- OID for VCI and VP
- Possible to extend with custom protocol
1b
Create a PII Controller – PII Controller Secure channel
PII Controller
YES
Extension
Exchange digitally Consent and PII Access related artefacts securely (prevent usurpation of identity and tampering of artefacts)
Non Functional Requirement
- Did com controller used in OCM/ CloudPCM
(used to share link)
- then OID Protocol used
2a
Receiving Privacy Notice – Human Readable
PII Principal
YES
ISO 29184
ISO/GDPR conformity – Enabling PII Principal to decide if he consents on collection and usage of PII Data by a PII Collector for a specific purpose.
- CloudPCM-OCM used for issuance of a Credential - Resolving "Privacy notice" is in the Consent Mgt Plugin
Challenge 1: Definition of Privacy notice and how to embed the content in the credential such that it is tamper proof.
Solution Idea :
- The evidence like a Hash of file. (But drawback : insufficient as not showing/giving access to the details of the notice. - "ZUGFeRD", JSON, pdf ,
Challenge 2 : If a link with hash is used as evidence, a broken link would result in an invalid consent but then a technical solution would be needed to revoke the consent automatically.
Challenge 3 : the privacy notice content might need to be "Private". 2 examples :
- if the notice includes personal information. - if the notice is derived from a product sold/licensed.by e.g. a lawyer
If you verify the validity of the consent and understand what was consented to, the content of the privacy notice is needed.
Solution Ideas :
- Decentralised Ledger tamper-proof but public ?
- The public ledger can be protected. (e.g. encryption key as an attribute in the consent to enable holder to access content of the notice)
- Misusing techno approach like DID Method and its resolution to retrieve a DID document. (instead of a DID document, retrieval of the privacy notice
Challenge 4: The privacy notice has to be accessible for different PII Controller (e.g. in Health sector several doctors for instance)
Other requirement : Versioning of privacy notice. Embedded link shall point to one specific Version.
2b
Provide Privacy Notice - Human Readable
PII Controller
ISO 29184
See comments in 2a (Here the issuer of the Privacy Notice Credential is the OCM on PII Controller side)
3
Receiving Consent Receipts
PII Principal
YES
ISO 29184 / 27560
ISO/GDPR conformity –
Enabling PII Principal to make inquiries and complaints toward PII controller
- CloudPCM-OCM used for issuance of a Credential (like privacy notice) - Resolving "Consent Receipt" is in the Consent Mgt Plugin
4
Sending Consent Receipts
PII Controller
YES
ISO 29184 / 27560
ISO/GDPR conformity –
Enabling PII Principal to make inquiries and complaints toward PII controller
This System Use case 4 "Sending Consent Receipts" can be executed several times after Sys UC 6 .
The Consent Mgt Plugin needs at least one Consent Receipt Credential per Consent Credential.
The issuance of consent Receipt may be synchronous to the reception of a consent credential or asynchronous
5a
Delivering a principal consent information to a PII Controller who sent previously a Privacy Notice.
PII Principal
YES
ISO 29184 / 27560
ISO/GDPR conformity – Enabling PII Principal to decide if he consents on collection and usage of PII Data by PII Controller and Processor
Issuer of Credential is here opposite to Privacy notice and Consent Receipt : The Cloud PCM (PII Principal)
- Either with
synchronous REDIRECT to the PII Controller shall happen to continue the process on the PII Controller side.
This REDIRECT is triggered from the Plugin when giving Consent
- or asynchronous delayed consent
The retrieval of the Consent Credential by the PII Controller (OCM) can trigger an action at the PII Controller side e.g. "Sending Consent Receipt" Sys UC 4
5b
Delivering a revocation about a consent information to a PII Controller who sent previously a Privacy Notice.
PII Principal
YES
ISO 29184 / 27560
ISO/GDPR conformity –
Enabling PII Principal to revoke previously consented privacy notice.
The revocation shall not give public information that can be linked to a person.
The VERIFIER shall verify before using a consent.
A consent can be valid very long time. (many years)
IDEA Solutions :
- Dispute mechanism is not anymore W3C compliant - Revocation List of Consent ID + flag - Did/verification Method from the consent Credential deleted - expiration parameter in the consent
6
Receiving and Storing consent information (or revocation) in Consent Record for further processing
PII Controller
YES
ISO 29184 / 27560
ISO/GDPR conformity –
Enabling PII Controller to fullfill his legal obligations (incl. revocation)
MS: not moved as I'm unsure if this belongs to SeSoMan
7a
Present a consent information to request PII access and ...
- upon success : 7b
PII Controller
YES
Extension
Automate collection of PII Data (through the consent information)
MS: not moved as I'm unsure if this belongs to SeSoMan
7b
Receiving in return of 7a access key and address to a PII hosted by another PII Controller
PII Controller
Extension
Automate collection of PII Data (through the consent information)
MS: not moved as I'm unsure if this belongs to SeSoMan
8a
Receiving consent information for PII access request and...
- if the consent is successfully verified (8b)
- provide access keys and address to a PII under my control (8c)
PII Controller
Extension
Automate collection of PII Data (through the consent information)
MS: not moved as I'm unsure if this belongs to SeSoMan
8b
Verify a consent legitimacy to confirm if 8a is successfull or not
PII Controller
YES
Extension
Automate collection of PII Data (through the consent information)
MS: not moved as I'm unsure if this belongs to SeSoMan
8c
Providing access keys and address to a PII under my control
PII Controller
Extension
Automate collection of PII Data (through the consent information)
MS: not moved as I'm unsure if this belongs to SeSoMan
9
Extension of Services 2 to 8 to handle not only a consent on a PII type but on a very specific instance of PII Data. (The consent is not valid for the PII type in general but ONLY for a unique PII_identifier)
PII Controller / PII Principal
YES
Extension
handling of uniquely identified PII data set.
And not only PII type.
To clarify how to enable this and such that the artefacts remain ISO Conform.
(How does the ISO understand a consent on PII type with a PII identifier ? Is the identifier only informational and an example of a PII Type or does it restrict the consent to that identifier ?)
MS: also not moved as this comprises several services
10
- Automated Consent functions limitation for Principal with legal representant
- Forward Privacy Notice / Delegate Consent function to another PII Principal (An official Legal representative of the under aged PII Principal)
PII Principal
NO
Extension
Enable Use Case where the Principal is not yet legally in age to give himself a consent (Child/Parent)
Note : PII Controller would not be able to find the other principal (only the contact of the one who sends the consent is known)
11
Same as 5 but the consent shall contain additionally:
- legal representative PII Principal Information who signed the consent.
PII Principal
NO
Extension
Enable Use Case where the Principal is not yet legally in age to give himself a consent (Child/Parent)
Note : PII Controller would not be able to find the other principal (only the contact of the one who sends the consent is known)
12
Browse and Read Consent Artefacts and their status (Privacy Notice received, Consent given, Consent Receipt received, Consent revoked or declined)
PII Principal
YES
ISO/GDPR conformity –
Enabling PII Principal to make inquiries and complaints toward PII controllers
13
Browse and maintain Consent Records
PII Controller
NO
ISO/GDPR conformity –
Fullfill a part of the legal responsibilities of a PII Controller
MS: not merged as this is part of service app but not of SeSoMan
14
Validate PII Attributes
PII Controller
NO
Extension
Enabling PII controller to validate if the PII attributes collected match expectation the controller expectation
MS: not merged as this is part of service app but not of SeSoMan
(used to share invitation link)
- then OID Protocol used
- OID for VCI and VP
- Possible to extend with custom protocol
(used to share link)
- then OID Protocol used
- Resolving "Privacy notice" is in the Consent Mgt Plugin
Challenge 1: Definition of Privacy notice and how to embed the content in the credential such that it is tamper proof.
Solution Idea :
- The evidence like a Hash of file. (But drawback : insufficient as not showing/giving access to the details of the notice.
- "ZUGFeRD", JSON, pdf ,
Challenge 2 : If a link with hash is used as evidence, a broken link would result in an invalid consent but then a technical solution would be needed to revoke the consent automatically.
Challenge 3 : the privacy notice content might need to be "Private". 2 examples :
- if the notice includes personal information.
- if the notice is derived from a product sold/licensed.by e.g. a lawyer
If you verify the validity of the consent and understand what was consented to, the content of the privacy notice is needed.
Solution Ideas :
- Decentralised Ledger tamper-proof but public ?
- The public ledger can be protected. (e.g. encryption key as an attribute in the consent to enable holder to access content of the notice)
- Misusing techno approach like DID Method and its resolution to retrieve a DID document. (instead of a DID document, retrieval of the privacy notice
Challenge 4: The privacy notice has to be accessible for different PII Controller (e.g. in Health sector several doctors for instance)
Other requirement : Versioning of privacy notice. Embedded link shall point to one specific Version.
(Here the issuer of the Privacy Notice Credential is the OCM on PII Controller side)
Enabling PII Principal to make inquiries and complaints toward PII controller
- Resolving "Consent Receipt" is in the Consent Mgt Plugin
Enabling PII Principal to make inquiries and complaints toward PII controller
The Consent Mgt Plugin needs at least one Consent Receipt Credential per Consent Credential.
The issuance of consent Receipt may be synchronous to the reception of a consent credential or asynchronous
- Either with
synchronous REDIRECT to the PII Controller shall happen to continue the process on the PII Controller side.
This REDIRECT is triggered from the Plugin when giving Consent
- or asynchronous delayed consent
The retrieval of the Consent Credential by the PII Controller (OCM) can trigger an action at the PII Controller side e.g. "Sending Consent Receipt" Sys UC 4
Enabling PII Principal to revoke previously consented privacy notice.
The VERIFIER shall verify before using a consent.
A consent can be valid very long time. (many years)
IDEA Solutions :
- Dispute mechanism is not anymore W3C compliant
- Revocation List of Consent ID + flag
- Did/verification Method from the consent Credential deleted
- expiration parameter in the consent
Enabling PII Controller to fullfill his legal obligations (incl. revocation)
- upon success : 7b
- if the consent is successfully verified (8b)
- provide access keys and address to a PII under my control (8c)
And not only PII type.
(How does the ISO understand a consent on PII type with a PII identifier ? Is the identifier only informational and an example of a PII Type or does it restrict the consent to that identifier ?)
MS: also not moved as this comprises several services
- Forward Privacy Notice / Delegate Consent function to another PII Principal (An official Legal representative of the under aged PII Principal)
- legal representative PII Principal Information who signed the consent.
Enabling PII Principal to make inquiries and complaints toward PII controllers
Fullfill a part of the legal responsibilities of a PII Controller