The MyData Conference in Helsinki this year is shaping up to be the best yet. Its a great collaboration amongst different communities of interest in the MyData global ecosystem.
For the last 6 years, OpenConsent has diligently lobbied, advocated and championed the use of international standards, to make interoperable, machine readable privacy and consent. Enabling people to see (their) privacy with a common language, across devices and contexts is key to making privacy and security operational and meaningful to people.
Since the beginning of the MyData movement at the Open Knowledge Festival and the Consent Receipt hackathon . (See Kai in hack video) a lot has happened. Now there are strong consent laws in the EU and consent and privacy is going machine readable, with standards and specifications designed to work at a global level. Today companies are are using My Data tools to talk to each other.
A big part of this movement started 4 years ago, when the hackothins happened. Now MyData has grown as a global community of people, projects and industry interested in best that personal data control has to offer.
My Data has grown every year, and true to the MyData promise, has driven forward topic and culture in interoperability, consent, and standards.
Some of the forces coming together this year are being facilitated by Joss Langford (from Activinsights, COEL standard at OASIS). Leading a track that includes, JLINC, with the Kantara Initiative, LC Chair Andrew Hughes leading an interoperability session with the Minimum Viable Consent Receipt.
The minimum viable consent receipt is an important tool for interoperability, that is intended to enable a common data structure and protocol for explicit consent internationally. The interoperability sessions this year will demonstrate commitment to standards and ecosystem from different companies in consent and identity management from around the world. Showing how the use of standards, community and consent receipts create the technical transparency needed for operational privacy and freedom for people.
To Find Out More:
For all interested and for the interop this year OpenConsent has made a consent receipt viewer, (check the link to try it out).
If you want to try it out, make a receipt with a receipt generator http://api.consentreceipt.org
If you want to make your own Consent Receipt Generator, you can find this at our Github test site.
If you are looking for the ability to provide consent receipts for your own organisation, check in with OpenConsent.com for a list of latest Consent Tech services.
Privacy in security is a key topic for OpenConsent, we have a deep background in surveillance, privacy and identity standards and innovation.
To this end there is
“there is a drum beat around interoperability. Interoperability among global enterprise physical security systems, to this day, is nascent for the physical security functions as well as their support of information technology standards. ”
“absolutely necessary that cybersecurity and privacy best practices are put in place from the very beginning of the design stage and through prototype” (Sal D’Agostino @IDmachines )
With posts like “Securing physical security” being written by Open Consent Co-Founder, Sal D’Agostino, it should be no surprise that OpenConsent is focused on security in privacy, with the GDPR surveillance infrastructure needs an update and data breach is a critical security function for any organisation with data to protect.
Read the full article here
Of all the privacy risks an organisation faces today, there are 3 ways in which a regulatory audit will occur for organisations that don’t deal with special categories of data.
- People will complain to a regulator
- A Data Breach will attract a regulator
- Whistle Blowing will out you to a regulator
Tip #1 Be Aware of your own Open Public Privacy Profile
Note: In the future, there will be certifications and trust-marks that will help to automate public privacy for organisations. The European Union is currently building this infrastructure, so until there are standards, or you find some technology that enables your organisation to let people control their own data, it’s up to your organisation to be on its best behaviour.
Tip #2: Register with the ICO
Be publicly open and register with an authoritative 3rd party like the UK ICO data controller registry while you can, not only is it inexpensive, but this provides an independent point of privacy transparency to increase a brand’s trust. The ICO data controller registry provides a means for organisations to show off some privacy prowess and be used as apart of a way to show low compliance risk with EU regulations via an independent public privacy profile.
Tip #3 Privacy Response
2. Respond in the allotted time by UK regulation, regardless of where your organisation resides in the world, and if you do, a regulator won’t easily have the opportunity to audit you.
Privacy by default, is the promise of Privacy 2.0 which is marked as starting when the Privacy laws become enforceable in the EU May 25th, 2018. Its also marked as the day digital technology is recognised in terms of the threat to personal security.
On May 25th, Public Privacy gets an upgrade in the EU and privacy regulators in the rest of the world are task with demonstrating equivalence.
The expected results is societal evolution along the lines of usable digital privacy rights for people.
Stay tuned for announcement for May- Privacy & Industry 2.0 activities and events being planned for May 22-23 in London on the Southbank.
Mark Lizar in an interview with unBoundID, explains the experiences people have with consent.
“If you look at the experience that most people go through, such as entering in passwords or resetting passwords, the uncertainty about where your data is going and how it is being used, it is not a friendly process. People are stuck in a situation where they have to give consent to complete an action online but there is no transparency. As a result, people feel isolated, forced to lie and agree to terms not read, and are not empowered. Each organization’s policies are a closed, bespoke, policy framework, where you are more often than not, agreeing to consent forever.”
The OpenConsent solution, is to let people manage consent independently, enabling consent to be freely given and easily withdrawn. But for consent to be open companies need to have publicly usable privacy profiles, or people still need to go to each company, one at a time.