Consent: Difference between revisions
(15 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Full Title or Meme== | ==Full Title or Meme== | ||
In the context of [https://tcwiki.azurewebsites.net/index.php?title=Identity_Management Identity Management] [[Consent]] will mean the determination of the [[Intent]] of a [[Subject]] to [[Authorization|Authorize]] the release of data on a [[Resource Server]] whose release is controlled by the [[Subject]]. | In the context of [https://tcwiki.azurewebsites.net/index.php?title=Identity_Management Identity Management] [[Consent]] will mean the determination of the [[Intent]] of a [[Subject]] to [[Authorization|Authorize]] the release of data that might be in the message or on a [[Resource Server]] whose release is controlled by the [[Subject]]. | ||
==Context== | ==Context== | ||
* The term Resource Owner (RO) is often used for the entity that control release of information. That term is misleading in that many controllers do not, in fact or in law, own the data. | |||
* Notice and consent have reviewed by an eminent committee from the [http://www3.weforum.org/docs/WEF_Redesigning_Data_Privacy_Report_2020.pdf World Economic Forum] which summarized the situation as: | |||
<Blockquote>The model of Notice & Consent, therefore, is no longer relegated strictly to the legal realm; it is inherently a human-technology interaction problem, one that requires the expertise of those professionals and academics versed in human-computer interaction issues and, ideally, public policy and ethics. | |||
As discussed above, taking a step back to adopt a global, technologically neutral approach that | |||
is ethical, includes an awareness of society and involves industry is key. And, critically, professional UX designers – who fundamentally understand how people interact with technology – will need to tap into design thinking to try to address this intractable problem. | |||
How do we move forward? | |||
Industry must be included in this conversation at all stages or we risk | |||
a race towards compliance for compliance’s sake. | |||
</Blockquote> | |||
Or in other words, the creation of any standard inevitably results in a race to the bottom, where every participants does only the minimum necessary to meet the standards. But this has been true of any standard, even, like ladders, which included the manufacturers of ladders in the standard development. | |||
==Problems== | ==Problems== | ||
* Advertisers and social media are perfectly happy with the current environment. | |||
* The major problem with determining the [[Intent]] of the user is that the users are not willing to spend much time entering the data needed to be sure that their intent has been accurately captured. | |||
==Solutions== | ==Solutions== | ||
* The WEF report mentioned above also suggested the following: | |||
==References== | ==References== | ||
* See also wiki page [[Consent Grant]] | |||
* [https://www.ga4gh.org/wp-content/uploads/GA4GH-Final-Revised-Consent-Policy_16Sept2019.pdf Global Alliance for Genomics and Health: = Consent Policy] | |||
[[Category:Glossary]] | [[Category:Glossary]] | ||
[[Category:Privacy]] |
Latest revision as of 05:02, 3 August 2020
Full Title or Meme
In the context of Identity Management Consent will mean the determination of the Intent of a Subject to Authorize the release of data that might be in the message or on a Resource Server whose release is controlled by the Subject.
Context
- The term Resource Owner (RO) is often used for the entity that control release of information. That term is misleading in that many controllers do not, in fact or in law, own the data.
- Notice and consent have reviewed by an eminent committee from the World Economic Forum which summarized the situation as:
The model of Notice & Consent, therefore, is no longer relegated strictly to the legal realm; it is inherently a human-technology interaction problem, one that requires the expertise of those professionals and academics versed in human-computer interaction issues and, ideally, public policy and ethics.
As discussed above, taking a step back to adopt a global, technologically neutral approach that is ethical, includes an awareness of society and involves industry is key. And, critically, professional UX designers – who fundamentally understand how people interact with technology – will need to tap into design thinking to try to address this intractable problem.
How do we move forward? Industry must be included in this conversation at all stages or we risk a race towards compliance for compliance’s sake.
Or in other words, the creation of any standard inevitably results in a race to the bottom, where every participants does only the minimum necessary to meet the standards. But this has been true of any standard, even, like ladders, which included the manufacturers of ladders in the standard development.
Problems
- Advertisers and social media are perfectly happy with the current environment.
- The major problem with determining the Intent of the user is that the users are not willing to spend much time entering the data needed to be sure that their intent has been accurately captured.
Solutions
- The WEF report mentioned above also suggested the following:
References
- See also wiki page Consent Grant
- Global Alliance for Genomics and Health: = Consent Policy