14K/ GDPR: Does the G stand for Glitter Nails? A shared Vocabulary

From IIW

GDPR: Does the G stand for Glitter Nails? A shared Vocabulary

Session Convener: Chris Kelly (DIF)

Notes-taker(s): Chris, Peter

Tags / links to resources / technology discussed, related to this session:

IDPro intro to GDPR (v2) https://bok.idpro.org/article/id/11/ ToIP Terms Wiki https://wiki.trustoverip.org/display/HOME/Terms+Wikis

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Starting with a goofy title to catch attention, highlight confusion around acronyms and the need for clear, concise communication.

Acronyms get confusing fast, even for those in the community.

Best practice is to expand the term the first time it appears and link to further info is possible (Terms wiki- ToIP etc.)

Material often goes out-of-date quickly

  • Needs to be reviewed periodically
  • Clearly marked with publish date (and edit date if needed)

Co-opting and leveraging existing concepts, use cases and terminology can be helpful

One Example is GDPR

  • Came into force in the entire EU May 2018
  • Applies even to businesses operating outside the EU with EU citizen data
  • Legal obligation and regulatory oversight
  • This forced most businesses to examine how the handled data
  • Also introduced them to identity concepts
  • Lots of localized explainer material
  • Many service providers offering middleware/compliance services/audits

Specific mention goes to terms used/defined:

  • Personal Data
  • Special Category (sensitive) Data
  • Processing
  • Data Controller
  • Data Processor

GDPR includes and is underpinned by specific concepts:

  1. Lawfulness, Fairness, Transparency:
  2. Purpose Limitation
  3. Data Minimisation
  4. Accuracy
  5. Storage [time] Limitation
  6. Integrity and Confidentiality
  7. Accountability

A number of these (eg Data minimisation - selective disclosure) maps onto some SSI tech and concepts. These terms and principles can be used to further the conversation with partners about potential benefits and goals of SSI

BONUS: Lots of material explaining these at a variety of levels is available in a variety of languages (not just EU!)

The current wave of ‘passwordless’ promotion and rollout can be another useful starting point for constructive conversations about data privacy and SSI, as well as concerns about data leaks and hacks.

The communications around SSI and decentralized ID need to be

  1. Accessible & Easy to understand
  2. Tailored to the audience
  3. Aligned across the community/orgs
  4. Accurate
  5. Current (and marked with publication dates!)

Community resource creation is an excellent way to provide resources These can serve B2C and B2B businesses in the space and help them have conversations with investors, customers, policymakers etc.

Examples of resources that can serve this purpose:

  • Lexicon of SSI terms
  • Dictionary of Acronyms
  • Simple Primers
  • Explainer articles about specific key technologies or elements
  • Example pitch decks
  • Highlight Use Cases and real-world examples
  • Sample talking points for speaking opportunities
  • Road Maps
  • Best Practice guides

Next steps

Assemble a modular toolkit for community members looking to have conversations about SSI A selection of material for a specific level and audience Refine, iterate and update these materials