KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Kantara Workshop at the Consumer Identity World 2017 EU
Kantara Workshop at the Consumer Identity World 2017 EU
Okay. So it says, I welcome with DB is the co-chair of the new working group on management solutions. We had a long lasting discussion as usual until we knock the oxygen on the name with defense event to consent management solutions. And specifically we are focusing on BAS and practice. We're not trying to invent the whole system as a whole from the start that's impossible.
We just first see the different areas that really are changing the idea of content in the, in the, in the, in a way so that there are management solutions working group as the goal of developing consent and privacy guidelines and standards. So that's the goal, specifically guidelines and standards.
So if you, if you look at what's already in the, in the world, and there are some guidelines coming from different sources often from a different area. So maybe from regulations, DPR, or some from B two, some from HIPAA. And so what we've seen is that are many, many of those, and they look at the, to each others. So there is a similarity to a lot of them, but they're not brought together. We're trying to integrate basically these guidelines and these standards.
So make it consumable for somebody that is, has a consent kind of idea, or needs to implement that in a system or needs to offer it for legislation purposes, that it can use the material that comes out of the working group to, to guide themselves in what the best ways is to solve it and to, to use it.
And then eventually throughout the entire customer lifecycle journey, because consent is not something that is a single thing that you consent to at start, you will see that during the whole consumer lifecycle of customer lifecycle at a customer or as a government organization, that consent will change. The scope of use of the data will change, and the user will change its consent. Maybe give more consent, maybe give less consent. It's a constant data. So why is this, this typical topic of consent now coming up and why there's so many people interested?
Well, it's not only because GDPR, there was already consent working group before the GDPR basically existed or came, came across consent is long and lasting thing. And it is coming from the GDPR where we've seen it put on paper in legislation that always helps also for PSC two, where we see that there is consent needed to exchange information from, for to bank account number to a third party that some advising on that we've seen it in IOT where you need to have consent To process your personal data, to give you maybe advice on some of like house heating or your health, things like that.
And we've seen it, it's already mentioned in, and these are just a couple of them. You can add HIPAA, you can add a lot of legislation that is around the world and is really now there is no, no real definition of, or fine one that flows that, but we're not agree we're to agree on that one, but at least we want bring the best practices together. So not define already with solution for it. So scope the working group.
First, we start collecting anything that there is there in the world around in that different legislation, what they really mean by consent in that, in that, in that way, we're gonna look at the restrictions and regulations. So we know some things you can't gather around if it's GDP and there's a certain consent thing, you can't Ming around what's, there is there and maybe a guidance from an organization that how to interpret it, but that's basically it. So we gonna collect that, bring that also together.
And then we finally will take us about a year to get there, but we will get into a best practice. So we try to define what is normal best practice to, to use consent, to store consent, to change consent and things like that. Based on what we see in the market, the market has the different vendors that contribute to it, but also companies that are gonna use consent. So they can come from healthcare. They can come from government, large consumer organizations, etcetera. So that's what we try to accomplish with, with working groups. So we need people for that.
We're starting it with basically two, two vendors that know a little bit about consent. Yeah. We do a little bit that all vendors running consent platform. Yeah. But we don't know everything. And specifically, we don't know how organizations are thinking of implementing consent, where they think it should be stored, how it should be exchanged and maintain. So that's what we try to do. And therefore we need people to contribute to the working groups. So I would almost say particularly companies that have a consent yeah.
Problem they are trying to solve, or they already solved it in, in a way shape or form. That's going to be very practical.
Of course, the different S that are in this area, creating solutions. And once the initial scope is complete, will definitely go into additional publications ly. We hopefully we're get into some, some kind of standardization on things like the standard thinking of same kind of things, maybe left and right on that, on that area. A lot of texts here, a lot of this already mentioned, but this comes out of the, the charter, The work group charter.
So that's why I put it on the, on the slide important to mention that at the list about publication, describe the practices used by leading organizations to manage the full life cycle of an individual's consent to process that personal data. That's basically what we try to, to get around with. So that's really a useful document organizations can use and not something that is academic or something that is standardization of vendors in the consent management area. That will also be the outcome eventually.
But the idea is to get to that and the lifecycle stages, privacy notice pro for acceptance of terms, collection of consent, just, just to make, and eventually it can uses a basic for perform the assessment scheme like to solve. When Bob mentioned how the canter basically works, eventually it can go to that kind of results where you can get a certification on. But I think that's, that will be a couple of years.
Yes, we will. Okay. The audience organizations that collect personal information using in individual conceptual processing, which means it's almost half of the world.
If you, if you look at it, if big organizations have a hundred thousand millions users that may, they may have into their data store, the CRM system, cetera, and they have to process certain data that they, they can't do for the minimum allowed service, meaning that for GDPR. I, so that part is already very big. Then the identity providers, financial providers, CR providers like us and organization specifically in that area, send back my data, the internet of me.
So where you basically own your own identity and you share information with others, then privacy information as regulators, because of the regulation that is involved, some things, and then eventually platform providers. So, but I think this really starts from the top, the most important one is to get the best practices. So I would say to start there doing this together with co with Julian ranger, known person in this, in this area, very happy with that.
Andrew, I thinks also known person for, for people that for while you will be a secretary already, the side platform, we will be coming together. I think now it's not twice a week on the Monday evening. Yeah. Depends on where it's six o'clock. So that's just evening, but we can around time to make it work for everybody. We'll probably in the beginning, we'll will go to once Every week schedule knowing that not everybody can attend. So then you'll have to, you'll be in the working group more or less once every two weeks. And we'll make notes for that. So 12 months.
So it's quite a short time to come up with quite some material on this meaning we need hands, brains and contributions. So ask me, ask wherever.
If we, if we there in the break to attend to the working group, I have some slides now I, I'm not going to present cause of the time, but just to land on which, where it's consent within GDPR, I think most people know there's also explicit consent from makes more complicated than for P two. I don't know how many people know P C two, somebody that doesn't know P two. Okay.
That's so this is, this is something that comes off in the, in the banking area where you exchange information, maybe through third, third payment providers for doing payments, but also more or less advises where you can give your information that comes from bank or bench funds, etcetera. And that goes to one single data store. You have to give consent on for them processing their data and you an advice of your product, meaning there's a consent and there's even double consent because of the GDPR. So this is a very, very happy consent topic.
Maybe even more having already mentioned and IOT and condo estimate IOT. If, if you look at GDPR and the impact from IOT, we're already talking to IOT companies, we have one as a, a customer. I can tell you, this is a big topic for that. If you really want to process personal information about somebody's household or somebody's health, then you are in this, this area that you need to get that consent because of the TBT. And you cannot presume consent because somebody picked on a button on the IOT device.
So this, it has to be formed. Must be an, the clear then not just already.
Oh, see, I think I wrong that, but these are more or less building blocks, big building blocks of Mon lifecycle management. This is not specifically the thing that we're working towards for the, for the working group, but just to think of what are really the topics receivers already mentioned. So it wasn't as well request for also very obvious one storage, very obvious one. So there are building blocks beneath it that will follow apart.
But these ones in any way, shape or form will basically form by what comes out of the best practices, because basically what the market is doing and what will fit for the market will eventually drive the innovation and require on what kind of components are needed and buying APIs around the specification, things like that. So as done with receipt, but they will fall into, into place. And one of my main dreams, because I come out of the security area for, for quite a while, the most perfect thing will be if Concentra is with the data. So you can predict data nowadays.
So when it flows through the internet comes somewhere, always protecting it, but it will lose its context or maybe its information like consent. So why don't you bundle consent into it? So the one that receives the information knows that he also has the approval to do something with it. He can ignore it. There's no like enforcement on it, but if he ignores it, at least there is a proof that we receive the information vertical send that that least is using that information. So that's one of the things I would, would like to see.
