Stream: implementers
Topic: Consent withdrawal
Jose Costa Teixeira (Sep 08 2020 at 13:58):
Has anyone implemented the withdrawal of consent (and the impact/propagation)?
John Moehrke (Sep 08 2020 at 16:44):
the impact on future would naturally happen with the Consent being deleted or updated with a deny... but propitiation (ala GDPR) would need to be done as a workflow, likely based on looking through history of export events, and sending them some indication of the Consent withdrawal. Based on the purposeOfUse of that export, the target recipient might have regulated reasons to maintain. I expect most reasonable is to inform the individual of all these data flows, as part of the transparency requirement. This is the extent of the discussions that we have had in the Security WG.
John Moehrke (Sep 08 2020 at 16:45):
@Alexander Henket or @Alexander Mense ?
Alexander Henket (Sep 10 2020 at 09:39):
The basics are that deny becomes allow or vice versa. We have no defined workflow for active propagation, but:
We've defined that in exchange scenarios you shall always check consent for that. These would be kept in a central national service. This is not live yet, but in my mind that makes active (pushed) propagation unnecessary for this type of consent.
Last updated: Apr 12 2022 at 19:14 UTC
