******. Position Statement ***** Input From Kantara CISWG: For Data Privacy Controls & Vocabularies https://lists.w3.org/Archives/Public/public-new-work/2018Jan/0017.html Consent and Information Sharing WG (CISWG ) at the Kantara Initiative , is focused on creating an open machine and human usable consent receipt format. A format useful to data privacy controls and vocabularies for being interoperable. Used to map to international standards and consent based legal notice requirements, which vary from jurisdiction to jurisdiction and context to context. The CISWG work is developed from the perspective that privacy is not primarily about companies compliance, but about personal control of data and data processing transparency. The Consent Receipt v.1.1 format captures the identity of the privacy controllers and processors, maps the purpose to personal data categories and to data types, then uses this specified purpose transparency to provide a receipt for the consent. In terms of legal language and interoperoperabtly, the consent receipt was built and designed with key documents based on their legal providence, which are the 1980 OECD FIPS principles and its derivatives. In addition, the lexicon has been taken from the ISO 29100 Privacy Framework , which was determined to be the international standard (between regions). The ISO 29100 framework effort co-ordinated inputs from regulators and the Art29WP, as well as taking inputs from long standing contributors in the space. This WG approach to developing the specification was used in order to make the consent receipt backward compatible legally with the core privacy notice requirements across jurisdictional domains for explicit consent (which was a core use case) . With the v1.1 almost finished, the next opportunity for CISWG is to explore how it can best support the use of the receipt specification. It is hoped that the Consent Receipt specification is attractive for other work group efforts so that it can be extended for their use cases with “Vocabularies to link privacy policies, regulations and involved (business) processes” For example the COEL-TC specification at OASIS and User Managed Access (UMA ) WG at the Kantara Initiative. . The Consent Receipt specification is being adopted by people facing technologies who realise the economic benefits of consent interoperability. This is in no small part due to the GDPR, privacy by default/design expectations that are projected to shift the burden of privacy from people to organisations. From this context, of interoperable privacy & transparency, the CISWG would also like to explore links and synergies using Linked Data vocabularies, in the context of related efforts such as those listed by W3C. Consent Receipt Status Update Consent Receipt Specification has now reached a v1.1 as this has gone through a 45 day public IPR review and 3 rounds of public comments. The next steps are for a WG ballot then it will go to an all community ballot for a vote from the Kantara Community before it is published. Comments Unnamed CIS Work Group Participant: "The Consent Receipt is designed to future proof any computer application that deals with human identities. It fully comprehends current understanding of the requirements of the GDPR + other regulations in such a way as to provide evidence of compliance with restrictions that are expected to soon become the law of the EU and apply to any EU citizen or resident no matter where or when data is collected about them. No organization expecting to do any business outside of their home country can ignore the impact of these regulations and should pay careful attention to the solutions proposed in the Consent Receipt."