Update the introduction to clarify the use of terminology

[dturnerx]

We need to be clear that the CR spec is not the authoritative source for definitions and be clear that implementers must follow the appropriate definitions according to their relevant jurisdictions.

[smartopian]

A new abstract.

"Abstract: A Consent Receipt is the focus for an open standard, because it is a machine readable record of a consent that is converted into a (re usable) human readable format. The OECD Guidelines Council of Europe Convention, and European Union Data Protection Directive[8] relied on FIPs as core principles. All three organizations revised and extended the original U.S. statement of FIPs Due to the international and cross domain use of a consent receipt this document refers to the 1980 OECD Guidelines consent international transfer of personal data focusing on consent using the ISO 29100 lexicon A Consent Receipt is a record of consent used by a PII Controller (or Data Controller) as their authority to collect, use and disclose a PII Principal’s (or Data Subjects) personally identifiable information (PII). The Consent Receipt will be provided to the PII Principal that gave the consent. This specification defines the requirements for the creation of a consent record and the provision of a human readable receipt provided to the PII Principal. The receipt includes links to existing privacy notices & policies as well as a description of what information will be collected, the purposes for that collection and relevant information about how that information will be used or disclosed.

Although, this specification uses the ISO 29100 lexicon, its use of this language is non prescriptive and the terms should be replaced according to the jurisdiction that regulates its provision. The specification is based on privacy and data protection principles as set out in various data protection laws, regulations and international standards."

[TomCJones]

Shouldn't an abstract be legible to a casual readier? this sounds like complete legalistic mumbo jumbo.

[andrewhughes3000]

Hi Tom - please stick to constructive comments.

Do you have alternative text to contribute?

On Sun, Jul 9, 2017 at 4:07 PM tom jones notifications@github.com wrote:

Shouldn't an abstract be legible to a casual readier? this sounds like complete legalistic mumbo jumbo.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/KantaraInitiative/CISWG/issues/97#issuecomment-313971570, or mute the thread https://github.com/notifications/unsubscribe-auth/ASYM_MD5HIiSHbLo9AgF-h56PCy5LiuYks5sMV0jgaJpZM4N-iuw .

--

Andrew Hughes CISM CISSP Independent Consultant In Turn Information Management Consulting

o +1 650.209.7542 m +1 250.888.9474 1249 Palmer Road, Victoria, BC V8P 2H8 AndrewHughes3000@gmail.com ca.linkedin.com/pub/andrew-hughes/a/58/682/ Identity Management | IT Governance | Information Security

[TomCJones]

I believe that an abstract should be legible to a casual reader. If that is not constructive I am not sure what is.

[smartopian]

:-) I think you are right.- not only is it suppose to be an intro - but - it packs all the items that I think were missing into an abstract. - best to work these in an intro (or supplemental guidance) and explain better .

On 10 Jul 2017, at 00:07, tom jones notifications@github.com wrote:

Shouldn't an abstract be legible to a casual readier? this sounds like complete legalistic mumbo jumbo.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/KantaraInitiative/CISWG/issues/97#issuecomment-313971570, or mute the thread https://github.com/notifications/unsubscribe-auth/AGPq5-3ibjD4NlGvSKwB7pb8BEjcCpx_ks5sMV0jgaJpZM4N-iuw.

[iainh1]

We still need an intro that addresses the needs of the marketing function; they are the ones that make the bulk of the decisions and fund areas that require consent. I'm happy to have a stab at that once we have something solid enough in v1.1 to describe to that audience.

On 10 Jul 2017, at 13:15, Mark Lizar notifications@github.com wrote:

:-) I think you are right.- not only is it suppose to be an intro - but - it packs all the items that I think were missing into an abstract. - best to work these in an intro (or supplemental guidance) and explain better .

On 10 Jul 2017, at 00:07, tom jones notifications@github.com wrote:

Shouldn't an abstract be legible to a casual readier? this sounds like complete legalistic mumbo jumbo.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/KantaraInitiative/CISWG/issues/97#issuecomment-313971570, or mute the thread https://github.com/notifications/unsubscribe-auth/AGPq5-3ibjD4NlGvSKwB7pb8BEjcCpx_ks5sMV0jgaJpZM4N-iuw.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[dturnerx]

@iainh1 I'm not sure how you address the needs of one audience or industry (e.g. marketers) and not cover all the other scenarios (e.g., healthcare, employer, etc.).

[dturnerx]

@smartopian I think the 2nd paragraph ("The OECD Guidelines Council...") and the last paragraph are better suited to the Introduction.

[iainh1]

Well right now I don’t think we are addressing any of them. I’m currently about 2/3rd of the GDPR compliance programme in large scale financial services co (marketing, onward sharing and employee scenarios), spending several million with one of the big consultancies. I’ve brought up the concept of the consent receipt, pointed them to the material and suggested it might be helpful - to date none have seen any relevance whatsoever. I would contend that is because of how we are framing it, not because of the core consept.

Iain

On 11 Jul 2017, at 19:47, dturnerx notifications@github.com wrote:

@iainh1 https://github.com/iainh1 I'm not sure how you address the needs of one audience or industry (e.g. marketers) and not cover all the other scenarios (e.g., healthcare, employer, etc.).

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/KantaraInitiative/CISWG/issues/97#issuecomment-314536972, or mute the thread https://github.com/notifications/unsubscribe-auth/ADgak-t7HvcnBv8cN2-tMU8WwxtceV0bks5sM8M3gaJpZM4N-iuw.