PaE:CG is a project funded under NGI TRUST from OCT-2020 to JUN-2021 that will provide an end-to-end, user-centric, comprehensive, open source solution to managing Consent for Personal Data. The key deliverables are open software, a public demonstrator, real-world trials, and publications.
Project Overview
Whenever a User accepts a Privacy Notice and starts sharing personal data, they will receive a cryptographic Consent Receipt (based on a secure architecture [2] and open standards [3]) which, with non-repudiation and unforgeability proves, at any time, who-what-how any conditions were accepted.
Considering the dynamic nature of the Web, a User will not have to extensively review or re-accept the same Privacy Terms. While creating an infrastructure to manage transparent, usable and accountable Consent, the User will further have access to crowd-reviewed Privacy Notices. As long as the Notice does not change, the User will not have to repeatedly re-accept. This will dramatically improve usability, while improving Transparency.
A further key deliverable of this project is to design a Consent Gateway service which, while not keeping any Personal Information, will review, for the User, and notify the User of any changes requiring re- acceptance (while still keeping previous Consent valid). Considering that a key challenge in Online Consent is Usability, this architecture is poised to make dramatic advances for all parties involved in online Consent: Users, Organisations, Data Protection Officers, Institutions and Regulatory Agencies.
This proposal is based on existing work from the Open Consent Group (affiliated with the Kantara Initiative) and academic work from Trinity College Dublin and Birmingham City University. To the best of our knowledge, such a framework does not exist anywhere and has not been proposed before despite its urgent need and demand.
Partners
The project involves three partners:
Objectives
The project aims to create and provide an end-to-end, user-centric, comprehensive, open source solution to managing Consent for Personal Data through the concept of Privacy-As-Expected (PaE) by creating, implementing and demonstrating a novel system to make online privacy practices accountable.
A further key deliverable of this project is to design a Consent Gateway (CG) service which, while not keeping any Personal Information, will review, for the User, and notify the User of any changes requiring re- acceptance (while still keeping previous Consent valid). Considering that a key challenge in Online Consent is Usability, this architecture is poised to make dramatic advances for all parties involved in online Consent: Users, Organisations, Data Protection Officers, Institutions and Regulatory Agencies.
Deliverables
The key deliverables are:
- A specification for portable, interoperable, and verifiable Consent Records as Receipts
- Browser plugin (for end-users) that handles creation, authentication, and handling of Consent Receipts
- Server component (for websites) that handles creation, authentication, and handling of Consent Receipts
- Demonstration of feasibility and usefulness through Real-world trials
- A Public Event such as a Workshop
- Publications outlining the motivation, concept, findings, and outcomes of this project