2019-10-16


Agenda

Attendees

dlt.nycvip@dlt.nyc
@Jan Lindquistdativa
Todd GehrkeLuxoft
@Matthieu Lux?


















Notes:

Jan Lindquist gave a teaser on the RFC Consent in Hyperledger Aries .

The paper consists of : 

An ontology - terms that are relevant and objects that are built up from these terms

  • Legal compliance standards
  • How can DID based systems implement a consent lifecyle
  • A reference implementation of a lifecycle
  • Consent certificate + proof
  • Process Flow
  • Jan says the paper should be properly called the enforcement of a Privacy Agreement

We spoke briefly of the following hard problems

  • Hierarchy of sharing (what if the original relying party (RP) sells or shares the information to another party) and so on?
  • Selective disclosure, granularity and quality of information shared (derived information like age boundary-i.e. older than x, younger than y from birthday)
  • Meta data harvesting (IP addresses, location) and creating correlations
  • Bankruptcy and delegation of control of privacy proof 
  • Forgetting: what sort of regulation should control this
  • Common themes and ideas around sovereign or multi-state regulations (like GDPR, India Consent Layer, CCA, New York state privacy, Chinese regulation on consent) and how to implement them, are there patterns code snippets libraries

Some techniques proposed on the Semantics call

  • Adding masking layers for psuedonimisation
  • Metadata turns up as machine readable quasi-identifiers- what to do about this

Jan agreed to do a demo of the reference lifecycle in a future meeting- we will publicize this.