The Age of Digital Consent and My Data 2018

The MyData Conference in Helsinki this year is shaping up to be the best yet.  Its a  great collaboration amongst different communities of interest in the MyData global ecosystem.

For the last 6 years,  OpenConsent has diligently lobbied, advocated and championed the use of international standards, to make interoperable, machine readable privacy and consent.   Enabling people to see (their) privacy with a common language,  across devices and contexts is key to making privacy and security operational and meaningful to people.

Since the beginning of the MyData movement at the Open Knowledge Festival and the  Consent Receipt hackathon . (See Kai in hack video) a lot has happened.  Now there are strong consent laws in the EU and consent and privacy is going machine readable, with standards and specifications designed to work at a global level.  Today companies are are using My Data tools to talk to each other.

A big part of this movement started  4 years ago,  when the hackothins happened. Now MyData has grown as a global community of people, projects and industry  interested in best that personal data control has to offer. 

My Data has grown every year, and true to the MyData promise,  has driven forward topic and culture in interoperability,  consent, and standards.  

Some of the forces coming together this year are being facilitated by Joss Langford (from Activinsights, COEL standard  at OASIS). Leading a track that includes, JLINC,  with the  Kantara Initiative, LC Chair Andrew Hughes leading an interoperability session with the Minimum Viable Consent Receipt.   

The minimum viable consent receipt is an important tool for interoperability, that is intended to enable a common data structure and protocol for explicit consent internationally.   The interoperability sessions this year will demonstrate commitment to standards and ecosystem from different companies in consent and identity management from around the world.   Showing how the use of standards, community and consent receipts create the technical transparency needed for operational privacy and freedom for people.


To Find Out More: 

For all interested and for the interop this year OpenConsent has made a consent receipt viewer, (check the link to try it out).

If you want to try it out, make a receipt with a receipt generator  http://api.consentreceipt.org

If you want to make your own Consent Receipt Generator, you can find this at our Github test site.  

If you are looking for the ability to provide consent receipts for your own organisation, check in with OpenConsent.com for a list of latest Consent Tech services.

Posted in Editorial, News | Comments Off on The Age of Digital Consent and My Data 2018

Privacy is also about “Securing physical security”

Privacy in security is a key topic for OpenConsent, we have a deep background in surveillance, privacy and identity standards and innovation.

To this end there is

“there is a drum beat around interoperability. Interoperability among global enterprise physical security systems, to this day, is nascent for the physical security functions as well as their support of information technology standards. ”

“absolutely necessary that cybersecurity and privacy best practices are put in place from the very beginning of the design stage and through prototype” (Sal D’Agostino @IDmachines )

With posts like “Securing physical security” being written by Open Consent Co-Founder, Sal D’Agostino, it should be no surprise that OpenConsent is focused on security in privacy, with the GDPR surveillance infrastructure needs an update and data breach is a critical security function for any organisation with data to protect.


Read the full article here

Securing physical security – Medium post

Posted in Editorial | Comments Off on Privacy is also about “Securing physical security”

Top Tips For Open Privacy under the GDPR

Of all the privacy risks an organisation faces today, there are 3 ways in which a regulatory audit will occur for organisations that don’t deal with special categories of data.

  1. People will complain to a regulator 
  2. A Data Breach will attract a regulator
  3. Whistle Blowing will out you to a regulator

Tip #1 Be Aware of your own Open Public Privacy Profile

Most organisations are not even aware that they have a public privacy profile and are under an assumption that a privacy policy is all that is public.   An organisations public privacy profile is what a regulator looks at first when a company comes to their attention. 

Note: In the future, there will be certifications and trust-marks that will help to automate public privacy for organisations.  The European Union is currently building this infrastructure, so until there are standards, or you find some technology that enables your organisation to let people control their own data, it’s up to your organisation to be on its best behaviour.

Tip #2: Register with the ICO

Be publicly open and register with an authoritative 3rd party like the UK ICO data controller registry while you can, not only is it inexpensive, but this provides an independent point of privacy transparency to increase a brand’s trust.  The ICO data controller registry provides a means for organisations to show off some privacy prowess and be used as apart of a way to show low compliance risk with EU regulations via an independent public privacy profile.

Tip  #3 Privacy Response

1. Make sure you have basic privacy controller identity, address and linkable contact information in your privacy policy.

2. Respond in the allotted time by UK regulation, regardless of where your organisation resides in the world, and if you do, a regulator won’t easily have the opportunity to audit you.

Posted in Editorial, Privacy 2.0 | Comments Off on Top Tips For Open Privacy under the GDPR

Promise of Privacy 2.0

Privacy by default, is the promise of Privacy 2.0 which is marked as starting when the Privacy laws become enforceable in the EU May 25th,  2018.      Its also marked as the day digital technology is recognised in terms of the threat to personal security.

On May 25th, Public Privacy gets an upgrade in the EU and privacy regulators in the rest of the world are task with demonstrating equivalence.

The expected results is  societal evolution along the lines of  usable digital privacy rights for people.

Stay tuned for announcement for May- Privacy & Industry 2.0 activities and events being planned for May 22-23 in London on the Southbank.

Posted in Editorial, Privacy 2.0 | Comments Off on Promise of Privacy 2.0

Why Consent Management is Merging into Identity Management

Mark Lizar in an interview with unBoundID, explains the experiences people have with consent.

“If you look at the experience that most people go through, such as entering in passwords or resetting passwords, the uncertainty about where your data is going and how it is being used, it is not a friendly process. People are stuck in a situation where they have to give consent to complete an action online but there is no transparency. As a result, people feel isolated, forced to lie and agree to terms not read, and are not empowered. Each organization’s policies are a closed, bespoke, policy framework, where you are more often than not, agreeing to consent forever.”

The OpenConsent solution, is to let people manage consent independently, enabling consent to be freely given and easily withdrawn.  But for consent to be open companies need to have publicly usable privacy profiles, or people still need to go to each company, one at a time.



Posted in Editorial, Privacy 2.0 | Comments Off on Why Consent Management is Merging into Identity Management