...
Main Goal of this meeting: Agree next steps on deliverables.
Attendees: Judith FleenorsankarshanPhil Wolff, Kaliya Young; Mark Lizar ; Vikas Malhotra ; Jim StClair
Agenda
Time | Item | Lead | Notes |
5 min | | Kalin | |
10 mins | Introduction of new members & Updates | All | Mark Lizar- Working on field of Notice & Consent for a long time, and couple of projects - specification of notice & consent standards & data governance for that. Privacy as Expected, EU-funded project uses notice / receipts for privacy as expected signals over time to remove need for reading privacy policies. Based in Canada close to Toronto. Forthcoming Expert Series: May 19th AGENCY Project: Reducing complex online harms using user-centred tech and governance - title TBC Dr Karen Elliot (Associate Professor & Senior Lecturer in Enterprise/Innovation (FinTech)) & Professor Aad van Moorsel (Professor of Distributed Systems) both from Newcastle University (UK). 2nd June : “How Might we Design Consent Experiences for Data Sharing?” Dr Arianna Rossi & Xengie Doan both from the Interdisciplinary Center for Security, Reliability and Trust (SnT) at the University of Luxembourg Judith Fleenorsee template for posting linked in events in Comms Committee G-Drive |
10min | Follow up on Actions & Decisions from the last meeting | Kalin | - Nicky to coordinate w/ John Phillips & Jo Spencer to get HX-APAC meetings set up and underway. Agreed to participate in SSI Harms TF, along with other APAC members. Nicky to hook in w/APAC meeting & sankarshan
- Judith to send links to HXWG G-Drive - all formal ToIP deliverables, only intended to be accessed by ToIP Members are stored there. Others can be on private drives.
Where developing outside the G-Drive (not for specifications), then make sure you include a short-cut in the ToIP members only share drive so that members can easily find it. - Andrew to help comms-committee with YouTube top & bottom for Expert 1 - Lisa
- Andrew to do the edited 2nd Expert - Amber Case - see Comms Committee G-Drive, Video Creation Folder
- Nicky to send Judith Announcement Article for HXWG include SSI Harms TF, Expert Series forthcoming
|
20 mins | Deliverables | AndrewNicky | - Video update (Kalin)Scenario-building (Andrew & Bentley)- Nicky is purchasing the video content and donating to ToIP
- Comms Committee: can't funnel funds through ToIP as directed funding, be cautious
- Brief can serve when we find alternative provider who can support within the $1k budget
- Informed Consent (Jim St Clair) potential link with Notice & Consent TF from ISWG
- Focused on extending a notice record to controller credential - aim is to embed transparency & compliance information into a credential
- Evolved from Identity Commons, to Kantara to ISO - designed for anyone to be able to take a record of a notice and then assess that and see who controls your data, part of trust building.
- Can generate a receipt every time you use a service and check against last time you used the service and then compare the quality of data controler-ship
- How can this work in ToIP? Have doc, 'controller credential' - notice credential (privacy, AI, Health & Safety) - controller type included in the credential schema, identifies the scope of provenance, legal mandate, accountability and traceability baked into the credential, regulated credential. Knowing who is the controller of personal data, public policy infrastructure law rather than contract law. Put operational privacy policies into tech so that his scales through the supply line.
- 2 factor notice - generates a record and receipt - improve UX by reducing friction.
- Liability transference and tracking, signals support human decision-making - operational privacy is measured using KPI.
- Access in context to privacy rights - can audit on the basis of these KPI's measuring operational privacy - can benchmark
- Defining terms related to trust, trustworthiness vs assurance, consent vs permission. Human meaning vs Computer meaning
- Phil WolffConsent scales far beyond any human capacity to deal, thousands per day, per hour, per minute. So we turn to agents, bots that act on our behalf. /1 How do we learn to trust our consent bots? There's an engineering view, doing their job well. But even if it runs perfectly, how do you know that this particular bot is trustworthy? /2 We need user research to inform #uxdesign for consent agents. To understand how to present and navigate consent space. To learn the flavors and boundaries of cognitive burden that interactions must fit in. To learn what agency feels like, vs overwhelm. /3 We also need #userresearch about how people understand a bot's contexts. Its legal power, jurisdictions, and its legal limits. It's ownership. How it is governed. How it chooses consent actions, and why. When to distrust your bot. What to do about it. /4 As data protection laws craft roles for trusted "intermediaries", as personal data holders aspire to fiduciary status, we need HX for these new relationships. /5
- Jim StClairproblems in healthcare - consent fatigue, education levels, instructional aids, & tools, cognitive bots, who watches the watchers
- Mark Lizaraim is to standardise those mechanisms of consent and condense or simplify them. Micro-credentials that are effectively 'consent tokens' - semantically enforceable, and machine readable, proof of knowledge also needed.
- Blog post on research agenda - what do we know / what don't we know.
- Jim StClairhas a use case he can share
- Not covered
|
5 | Wrap-up / Action Items |
| |