2022-05-05 HXWG Meeting
16.00 UTC = 9:00 PT = 12.00 ET =18:00 CEST = 21:30 IST Zoom Meeting Link https://zoom.us/j/99429712733?pwd=K214bTM4cG54YzZYVnZCL1I5MEdQQT09
Main Goal of this meeting: Expert Series 3.
Attendees: Nicky Hickman Former user (Deleted) Phil Wolff Andrew Slack Rebekah Skeete, Xengi Doan, Arianna Rossi, Burak Serdar Anita Rao, Iain Agnew; Judith Fleenor Ifeoma Iilobodo.
Time | Item | Lead | Notes |
2 mins |
| Andrew |
|
8 mins | Intro's & Updates | Andrew | Jan Lindquist - from Privacy & Risk TF, Co-editor of 27560 ISO Standard on consent & receipts Iain Agnew - Nat West Group, Head of Marketing Preference Strategy - How do we capture consents for data capture & processing. Anita Rao - W3C & ToIP member, very interested in how this impacts experiences Rebekah Skeete - new to ToIP from Schellman, Information Security Analyst for Schellman Burak Serdar - Co-Founder of Cloud Privacy Labs, work involves consent mgt Phil Wolff - Consultant at Wider Team, participant in ToIP Harms TF, HXWG and EFWG, also at DIF and Sovrin and some IEEE groups Andrew Slack - Design Strategist at SICPA working with digital ID and digital currencies, consent mgt is a large part of role |
40 mins | “How Might we Design Consent Experiences for Data Sharing?” | Dr Arianna Rossi & Xengie Doan | Summary: The complex ecosystem where manifold transactions can be automatically enabled by smart contracts contributes, at least in principle, to establish greater transparency about data use towards the many parties involved. However, the mere fact of building such a verifiable and traceable architecture does not automatically translate into understandable communications, easily applicable instructions and smooth transactions for human beings. For instance, informed consent is hindered by the complex mix of legal, medical and technical information through which participants need to orient themselves when they make decisions about data sharing permissions. In data-driven environments, the way options are designed and presented can stimulate privacy-preserving practices or, on the contrary, unwanted data disclosure. This talk will address some challenges and discuss possible solutions currently experimented in consent design. Speakers Arianna Rossi is an associate researcher at the Interdisciplinary Center for Security, Reliability and Trust (SnT) of the University of Luxembourg. She carries out research at the intersection between design, computer science, law, and linguistics concerning online manipulation, usable privacy and legal design. Arianna has a mixed background, with a joint international Doctoral Degree in Law, Science and Technology (University of Bologna) and a Ph.D. degree in Computer Science (University of Luxembourg). She holds a M.Sc. in Linguistics with a focus on Natural Language Processing. She has been an invited speaker at international conferences in EU and US and she routinely gives seminars about law, design and technology to academic students and practitioners. Xengie Doanreceived a Master’s in Bioinformatics from the University of Oregon and a Bachelor’s in Biology from Willamette University where their interest in collaborative research began. Prior to joining the Interdisciplinary Centre for Security, Reliability and Trust (SnT) at the University of Luxembourg, they worked as a bioinformatician at the Stowers Institute for Medical Research and at Sage Bionetworks in the US. Their PhD topic is part of Legality-Attentive Data Scientists (LeADS), an EU funded project, with the IRISC lab researching transparent, secure, and private user-centered eHealth data sharing for the EU. Notes and Discussion Applied and original research with partnerships with industry Unique and new (2 years) focused on socio-technical systems Transparency mentioned by many but very often limited in different ways - can mean many things Still dealing with lots of complexity and not fit for the intended audience, some innovation recently introduced by GDPR, some examples of how to enhance transparency 1st layer of 2 layered privacy policy which developed in our group. Licensed under Creative Commons Completely different needs and abilities - e.g. this co-designed with kids Also been working on design patterns e.g. Timelines. This example refers to the withdrawal of consent. Time matters!!! Everything up-front, but shouldn't be only time, look at different dimensions of presenting consents EG contextual permissions in mobile apps How can we proactively make sure that people know how their data is used? This in healthcare for clinical trials - INFORMED Consent Consent as a process not a single event, enable user to change preferences over time Some caveats but many benefits There should be 3 layers of licensing had same process for developing By formalising the GDPR concepts through the computational ontology, combined with co-design workshops for developing icons . Iterative design Using legal coding language able to automatize presentation of correct icons (great example of how governance flows through tech to HX) Other ideas: Privacy Ratings Current research project Comic lowest ranking DISCUSSION Former user (Deleted)- Just in Time consent presentation - how do you include purpose, finer detail of how data is shared and used? Very crucial question - relevant information that is concise but still needs to be complete - especially with shrinking screen sizes and attention spans, so layered approach is needed. Key is understandability - less is more, so use of settings for general preferences then not Area of interest in ToIP - how to manage presentation exchanges in holder, issuer, verifier triangle Many contextual variations, many differences as to what is understanding. How do you customize enough but can also scale and personalise. Andrew Slackcommented not over-burdening users, have you looked into gamification to promote engagement in consents. Interesting concept but can't oblige people to participate in a game, and second can you really gamify everything Former user (Deleted)commented that standardised icons are useful, but Arianna commented that there are limits, and should limit to key concepts, who certifies that use of icons represents use of the practices Concerns ref consent overload - how much will folks tolerate? Many layers of consent and complexity - how do we resolve? Another topic, trust does not only require transparency, in fact sometimes when you are too transparent you get to the opposite of trust. EG Certifications, Trust Marks, metrics and thresholds that measure trust - calculated. |
5 mins | Follow up on actions / decisions from last meeting | Kalin |
|
5 mins | A.O.B. | Kalin | |
New Actions |
|