Friday, June 28
8:30 - 9:20 am
An Interoperable Personal Data Receipt Ecosystem in Practice
This LIVE DEMO shows six Kantara Initiative Working Group participants’ products interoperating to generate, store, present, and act on Personal Data Receipts. We have assembled a non-commercial Privacy Control Panel system and want to show it off to you!
Today, online service providers get information from or about you so that they can provide services. New privacy and data protection regulations have been coming into effect, which increase the requirement for notice, transparency and accountability when your data is collected and processed. Service providers are required to keep records about their terms of service and your agreement.
At their core, these regulations embody variations of the OECD basic principles of privacy protection which suggest the obligations of providers and the rights of the individual.
There are very few tools available to the individual internet user to help them understand, manage and control their online information.
This creates a power imbalance if one wants to go back later and exercise rights with respect to data – because you probably don’t remember who, what, where, when and how the service provider got your information.
There’s a solution!
Imagine if the service provider offered you a “Personal Data Receipt”. This receipt would include timestamps, the contents of the privacy notice you saw, what data was collected for what purposes, conditions like ‘delete-by-date’ instructions, and other useful facts. Just like a store checkout receipt, if there’s an issue later on or if you want to look back to see what you did last year, you can open up the receipt and take action.
In 2018, Kantara Initiative published the “Consent Receipt Specification v1.1” which is an interoperable Personal Data Receipt specification tailored to a specific legal basis for processing. This demo shows real products in action working with these receipts.