Dear colleagues,

I have also provided a description for a wider "Smart Cities" use case. I think we still need a diagram. With this use case, the project supports with technology the concept of "data altruism" as used in the draft Regulation on European Data Governance (Data Governance Act). If Data Spaces are «a collection of FAIR quality data and related resources consumed, produced and provided by identified participants, each respecting societal values and operating within an explicit framework of trust and governance.», the proposal is that the city is the perfect environment for a data space to consume citizen generated data. *** We need though, many more connections -- to Signatu, to the other use case, etc. Any ideas here?

Regards, Víctor

*

Pilot 2

Smart Cities

Current Status:

In the last few years the concept of Smart Citites has been realized, and data and technology have been used to provide better services and more efficiently solve city problems. Yet, although data has become the backbone to planning and operating Smart Cities, citizen-generated data has been underused due to legal and technical barriers. Even if citizens are willing to cooperate and would like to channel their data to the local authorities for the public good, the technological means to do so, especially if personal data is involved, are missing --the citizen consents to the personal data being used but does not find a UI to do so.

The concept of data altruism, as used in the draft Regulation on European data governance («Data Governance Act», CELEX 52020PC0767), needs a technological support and Euro-CyberPERFECTiON ambitions to provide a conceptual framework that demonstrations its feasability.

Nine sectoral European’ data spaces’ were outlined in the European data strategy, public administration being one of them. In this context, city-related data constitutes a true data space within a the public administration data space, and this pilot will demonstrate the value released by altruist citizen data in this context.

Goals of Euro-CyberPERFECTION pilot:

The objectives of this pilot are:

1.

to develop a user-friendly web portal where citizens can determine their preferences about sharing their data with the local authorities for a better urban management.

2.

to develop the tools that channel smartphone-generated data to the local authorities respecting the privacy preferences of the citizens.

3.

to develop personalised services that (i) benefit the citizen and (ii) help a more efficient city management exploit the citizen data.

Two application domains have been chosen to realize the promises of this pilot.

1.

Mobility data. Connected with the Smart Car pilot, commuters will be able to share their location and temporal information on a daily basis for a limited period of time. A simulated urban mobility city planner will consider this information traffic to present the city congestion information. Unlike the existing navigation already using this type of data, the data generated through this pilot will be richer in a number of manners (i) the collected aggregated, anonymized data will be reverted to the open space by offering under open licensing terms a real-time stream of data and regular data dumps for third-party data analytics; (ii) the individual records will be traceable, and as a personalised service, the citizen will gain insight on his own-generated data, getting recommendations on alternative routes or simply obtaining statistics information (time spent on the road, carbon-footprint, etc.); (iii) leveraging identifiable private information after the user’s active consent will enable better citizen profiling and a more efficient city mobility planning. The impact of this application domain is that traffic management, urban planning and public transportation can be improved with a better knowledge of the citizen’s mobility routines. The technology necessary to implement this scenario will be developed by EURO-CyberPERFECTiON and tested in simulated scenarios (TRL4).

2.

Complaint data management. This second applicatio domain demonstrates the use of the Framework during interactions with a public administration, more precisely to let the Municipality of Zaragoza manage citizen complaints and suggestions. This municipality already offers citizens such a service through a webpage, however, no personal data can be included. Using the technologies described above, this application domain considers the ability to add personal data to the complaints in order to make their processing more effective, leveraging on smart devices or services the user may use. For instance: location information at the time of reporting (e.g. for a damaged street furniture); smart car data (e.g. by sharing data about mobility, the use of recharge points, or parking lots); citizen IoT devices (e.g. adding sonometer or a photometer data when complaining about the perceived noise or excessive street lighting). Implementing these functionalities requires both the advanced user interfaces developed in TX.Xand the backend services described in TX.X. This very concrete case will stress the Framework, by highlighting the need for safety, security and legal compliance in the way complaints and comments are managed, while enabling the citizen to perfectly understand how data is used. The technology necessary to implement this scenario will be developed by EURO-CyberPERFECTiON and tested in a real, relevant scenario (TRL4).

*

El 13/10/2021 a las 19:55, OMahony, Aidan escribió:

Hi Soheil,

Use case 1 has been elaborated on in section 1, hopefully it is sufficient.

Regards,

Aidan

*From:*EU-CONSENTiNG_consortium eu-consenting_consortium-bounces@alice.wu.ac.at *On Behalf Of *Jon Stephansen / Signatu *Sent:* 13 October 2021 18:37 *To:* Soheil Human *Cc:* eu-consenting_consortium@alice.wu.ac.at *Subject:* Re: [Eu-consenting_consortium] The description of cases

[EXTERNAL EMAIL]

Hello Soheil,

Georg and I finished our parts this afternoon. Please review and let us know if anything further is needed.

Regards

Jon

On Wed, Oct 13, 2021 at 6:00 PM Soheil Human <soheil.human@wu.ac.at mailto:soheil.human@wu.ac.at> wrote:

Dear all,

This is a kind reminder that the description of the cases are
still missing in the excellence section (1.2.1.2 Use-case Pilots).
I’d appreciate it if you kindly finalise them asap (by
tonight/tomorrow early morning).

Aidan/Merry: the first case / smart cars => Jon/George will kindly
update the diagram

@Beatriz/victor: the second case / smart cities

@Jon @George @Rigo: the third case: consent management platform /
finalisation

Thank a lot,

Best,

Soheil


--

*Director*
Sustainable Computing Lab
https://www.sustainablecomputing.eu [sustainablecomputing.eu]
<https://urldefense.com/v3/__https:/www.sustainablecomputing.eu/__;%21%21LpKI%21zgneto-lf7E_CSZJHrSEIv6sW2x6gOSDG_eZ0pK205qjln3csniOeh-cYocOi4pC0Q$>

Institute for Information Systems and New Media,
Vienna University of Economics and Business (WU Wien)
https://nm.wu.ac.at/human [nm.wu.ac.at]
<https://urldefense.com/v3/__https:/nm.wu.ac.at/human__;%21%21LpKI%21zgneto-lf7E_CSZJHrSEIv6sW2x6gOSDG_eZ0pK205qjln3csniOeh-cYof51KhmAA$>

*Lecturer*
Department of Philosophy, University of Vienna

-- 
EU-CONSENTiNG_consortium mailing list
EU-CONSENTiNG_consortium@alice.wu.ac.at
<mailto:EU-CONSENTiNG_consortium@alice.wu.ac.at>
http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium
[alice.wu.ac.at]
<https://urldefense.com/v3/__http:/alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium__;%21%21LpKI%21zgneto-lf7E_CSZJHrSEIv6sW2x6gOSDG_eZ0pK205qjln3csniOeh-cYoe_SNfYbg$>

Internal Use - Confidential

Hello Victor,

This is a great description, Victor, and I also appreciate the idea of data altruism.

## Regarding the 2nd application domain: Do you want to update the T5.2 accordingly? So far it’s only focusing on the 2nd application domain... I can also do that, tell me.

## My comments for the 1st application domain: - I hope smart cities will also encompass other mobility systems than just smart cars. May be a re-wording of the 1st sentence would reduce the risk of misunderstanding:

• Mobility data. Connected with the Smart Car pilot, but open to other types of personal mobility, commuters will be able to share their location and temporal information on a daily basis for a limited period of time.

- When I read:

[…] (ii) the individual records will be traceable, and as a personalised service, the citizen will gain insight on his own-generated data, getting recommendations on alternative routes or simply obtaining statistics information (time spent on the road, carbon-footprint, etc.); (iii) leveraging identifiable private information after the user’s active consent will enable better citizen profiling and a more efficient city mobility planning.

It is clear that this use-case includes major security and privacy risks that are so far totally ignored. Individual mobility traces are meaningful and can easily be used to infer sensitive information (in the GDPR meaning, attending health centers or places of worship). Even stored in a pseudonymised manner (which will undoubtedly be the case), this is worrisome. We can keep this goal but we need to highlight we’ll consider appropriate security measures and will discuss all of this in the DPIA. I suggest adding:

Great care will be put on the security of non-anonymized mobility data (cases (ii) and (iii) above), given the privacy risks for the citizens. A detailed privacy impact assessment (DPIA) will be conducted prior to the launch of this service.

- Otherwise, can you copy this to the Google Doc document so that we all work on the same version.

Thanks.

Cheers, Vincent

Le 14 oct. 2021 à 09:11, Rigo Wenning rigo@w3.org a écrit :

\o/

Thanks for adding the concept of data altruism, You're my hero :)

--Rigo

On Thu, 2021-10-14 at 08:20 +0200, Víctor Rodríguez Doncel wrote:

...

I have also provided a description for a wider "Smart Cities" use case. I think we still need a diagram. With this use case, the project supports with technology the concept of "data altruism" as used in the draft Regulation on European Data Governance (Data Governance Act). If Data Spaces are «a collection of FAIR quality data and related resources consumed, produced and provided by identified participants, each respecting societal values and operating within an explicit framework of trust and governance.», the proposal is that the city is the perfect environment for a data space to consume citizen generated data.

---

-- EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium

I concur with Vincent.

IMHO, we should reduce the role of CMP and Consent in the narrative and besides them also consider: — other privacy meta data — HALE related metadata, e.g. transparency, explainability, ... — Security metadata — security threads (detection, communication)… — data and meta data related to federated computation as well as how it will be performed — Supports that we provide for the users, e.g. CCC supports, Personal Data Protection and Consenting Assistant Systems, DCS User interfaces, etc… that are a part of our narrative. — …

Thanks a lot, Best, Soheil

--

Director Sustainable Computing Lab https://www.sustainablecomputing.eu https://www.sustainablecomputing.eu/ Institute for Information Systems and New Media, Vienna University of Economics and Business (WU Wien) https://nm.wu.ac.at/human https://nm.wu.ac.at/human Lecturer Department of Philosophy, University of Vienna

On 14.10.2021, at 17:37, Vincent Roca vincent.roca@inria.fr wrote:

Hello Aidan and Jon, all,

I’ve been through your proposed text in 1.2.1.2 Pilot 1 and have many comments. I won’t list them but basically, I have the feeling it comes from a very classic view of the job of a CMP. And we cannot say it will be « for the benefit of the car driver and potentially smart city » whereas we see many service providers that are eager to collect and cross this new type of data for their own purposes.

## Comments about the figure:

• it mixes (i) 3rd party registration with the CMP (steps 1 to 4) which is done once (and updated with a low frequency) and (ii) car/3rd party communications when a driver is looking for a parking lot (steps 5 to 11). The result is confusing.
• I’m not sure about step 5, I’d say it’s in the other direction, and triggered by a driver who wants to park their car.
• I do not like the big (CMP) in the middle, this is an implementation detail (there’s a CM). I’d rather put « Framework » since this is the component that will orchestrate the whole thing and the goal of this project. In practice, a CMP could implement part of it and sell its services, but that’s not what I think we should highlight here.
• this scenario is very « traditional CMP » oriented. I recognize the logic behind the current web consent banners business. Do we want to mimic this logic in our project? At this level, I’m not sure although I’m convinced CMP have a key role.

Could you update the figure accordingly (if you agree)? Thanks.

## Here’s the text I’d propose as a replacement:

Current Status:

The smart car (also called Intelligent Connected Vehicle, ICV) domain is at the center of many profound changes. In particular, the traditional model of a personal car owned by the driver has exploded. This trend is essential as it deeply impacts the user interactions: spending half an hour for fine tuning one’s own car is acceptable, doing the same for a shared one is not.

Then, the advent of smart cars also means that the number of stakeholders involved in personal data collection has significantly increase, with multiple data controllers/processors, from the car manufacturer to various third parties in charge of sub-systems or peripheral services, including the in-vehicle infotainment system. And since a smart car system will keep on changing over the time (like a smartphone through app additions and software updates), the same is true for the stakeholders and their data collection practices.

Finally, new economic models arrive, leveraging on new types of data made available by smart car. Big technology providers are already part of the game (e.g., Google’s Android Automotive operating system, see: https://source.android.com/devices/automotive?hl=en https://source.android.com/devices/automotive?hl=en), which is not through hazard. This situation raises major questions, in particular: how to consent for personalized services, when the system learns the driver's habits and records them in the cloud, supposedly for improved services? And one can easily imagine marketing strategies with discounts on smart car prices in exchange of personalized assistance and hints. Where is the boundary between a fair personalized service and user manipulation, and how to interface with the user given the complexity of the services provided? When nobody understands, trust is not possible.

Goals of Euro-CyberPERFECTION pilot:

Pilot 1 addresses all the requirements related to user information, user consent, transfer of consent to data controllers and processors, and accountability. The Framework designed during WP3 and 4, is the cornerstone of this construction, potentially under the control of a CMP which can implement and propose its services to the various stakeholders.

The Framework will propose a rich set of consent services, like contextualized and personalized user information to enable all users to understand the data collection practices, in an inclusive manner, without any prerequisite. Fine grained and advanced consent management is needed too, in particular to enable pre-filled user profiles to be automatically communicated to data controllers. A formal description of both services and user profiles, an automated reasoning and reconciliation service to quickly find and solve incoherencies, are needed to achieve that goal while minimizing user interaction. The user engagement through the framework also needs to be dynamically updated, as smoothly as possible. The Framework will bring transparency, trust and accountability, which is required to build new services to the benefit of all stakeholders, users included.

Cheers,

Vincent

---

Vincent Roca, PhD/HDR, PRIVATICS team leader, Inria research institute, France https://privatics.inrialpes.fr/people/roca/ https://privatics.inrialpes.fr/people/roca/

...

Le 13 oct. 2021 à 19:55, OMahony, Aidan <Aidan.Omahony@dell.com mailto:Aidan.Omahony@dell.com> a écrit :

Hi Soheil,

Use case 1 has been elaborated on in section 1, hopefully it is sufficient.

Regards, Aidan

From: EU-CONSENTiNG_consortium <eu-consenting_consortium-bounces@alice.wu.ac.at mailto:eu-consenting_consortium-bounces@alice.wu.ac.at> On Behalf Of Jon Stephansen / Signatu Sent: 13 October 2021 18:37 To: Soheil Human Cc: eu-consenting_consortium@alice.wu.ac.at mailto:eu-consenting_consortium@alice.wu.ac.at Subject: Re: [Eu-consenting_consortium] The description of cases

[EXTERNAL EMAIL]

Hello Soheil,

Georg and I finished our parts this afternoon. Please review and let us know if anything further is needed.

<image001.png> <image002.png>

Regards Jon

On Wed, Oct 13, 2021 at 6:00 PM Soheil Human <soheil.human@wu.ac.at mailto:soheil.human@wu.ac.at> wrote: Dear all,

This is a kind reminder that the description of the cases are still missing in the excellence section (1.2.1.2 Use-case Pilots). I’d appreciate it if you kindly finalise them asap (by tonight/tomorrow early morning).

Aidan/Merry: the first case / smart cars => Jon/George will kindly update the diagram @Beatriz/victor: the second case / smart cities

@Jon @George @Rigo: the third case: consent management platform / finalisation

Thank a lot, Best, Soheil

--

Director Sustainable Computing Lab https://www.sustainablecomputing.eu [sustainablecomputing.eu] https://urldefense.com/v3/__https:/www.sustainablecomputing.eu/__;!!LpKI!zgneto-lf7E_CSZJHrSEIv6sW2x6gOSDG_eZ0pK205qjln3csniOeh-cYocOi4pC0Q$ Institute for Information Systems and New Media, Vienna University of Economics and Business (WU Wien) https://nm.wu.ac.at/human [nm.wu.ac.at] https://urldefense.com/v3/__https:/nm.wu.ac.at/human__;!!LpKI!zgneto-lf7E_CSZJHrSEIv6sW2x6gOSDG_eZ0pK205qjln3csniOeh-cYof51KhmAA$ Lecturer Department of Philosophy, University of Vienna

-- EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at mailto:EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium [alice.wu.ac.at] https://urldefense.com/v3/__http:/alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium__;!!LpKI!zgneto-lf7E_CSZJHrSEIv6sW2x6gOSDG_eZ0pK205qjln3csniOeh-cYoe_SNfYbg$

Internal Use - Confidential

EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at mailto:EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium

Thanks a lot Vincent, I go through it asap.

Cheers, Soheil

--

Director Sustainable Computing Lab https://www.sustainablecomputing.eu https://www.sustainablecomputing.eu/ Institute for Information Systems and New Media, Vienna University of Economics and Business (WU Wien) https://nm.wu.ac.at/human https://nm.wu.ac.at/human Lecturer Department of Philosophy, University of Vienna

On 14.10.2021, at 18:11, Vincent Roca vincent.roca@inria.fr wrote:

Soheil,

I have duplicated (!) Pilot 1 description with the text proposed and no figure (I’m not sure of the added value at this level). Choose which one to keep and improve, remove the other one. I inserted a mention to the HALE principle, but we can probably do much better.

Cheers, Vincent

...

Le 14 oct. 2021 à 17:44, Soheil Human <soheil.human@wu.ac.at mailto:soheil.human@wu.ac.at> a écrit :

I concur with Vincent.

IMHO, we should reduce the role of CMP and Consent in the narrative and besides them also consider: — other privacy meta data — HALE related metadata, e.g. transparency, explainability, ... — Security metadata — security threads (detection, communication)… — data and meta data related to federated computation as well as how it will be performed — Supports that we provide for the users, e.g. CCC supports, Personal Data Protection and Consenting Assistant Systems, DCS User interfaces, etc… that are a part of our narrative. — …

Thanks a lot, Best, Soheil

--

Director Sustainable Computing Lab https://www.sustainablecomputing.eu https://www.sustainablecomputing.eu/ Institute for Information Systems and New Media, Vienna University of Economics and Business (WU Wien) https://nm.wu.ac.at/human https://nm.wu.ac.at/human Lecturer Department of Philosophy, University of Vienna

...

On 14.10.2021, at 17:37, Vincent Roca <vincent.roca@inria.fr mailto:vincent.roca@inria.fr> wrote:

Hello Aidan and Jon, all,

I’ve been through your proposed text in 1.2.1.2 Pilot 1 and have many comments. I won’t list them but basically, I have the feeling it comes from a very classic view of the job of a CMP. And we cannot say it will be « for the benefit of the car driver and potentially smart city » whereas we see many service providers that are eager to collect and cross this new type of data for their own purposes.

## Comments about the figure:

• it mixes (i) 3rd party registration with the CMP (steps 1 to 4) which is done once (and updated with a low frequency) and (ii) car/3rd party communications when a driver is looking for a parking lot (steps 5 to 11). The result is confusing.
• I’m not sure about step 5, I’d say it’s in the other direction, and triggered by a driver who wants to park their car.
• I do not like the big (CMP) in the middle, this is an implementation detail (there’s a CM). I’d rather put « Framework » since this is the component that will orchestrate the whole thing and the goal of this project. In practice, a CMP could implement part of it and sell its services, but that’s not what I think we should highlight here.
• this scenario is very « traditional CMP » oriented. I recognize the logic behind the current web consent banners business. Do we want to mimic this logic in our project? At this level, I’m not sure although I’m convinced CMP have a key role.

Could you update the figure accordingly (if you agree)? Thanks.

## Here’s the text I’d propose as a replacement:

Current Status:

The smart car (also called Intelligent Connected Vehicle, ICV) domain is at the center of many profound changes. In particular, the traditional model of a personal car owned by the driver has exploded. This trend is essential as it deeply impacts the user interactions: spending half an hour for fine tuning one’s own car is acceptable, doing the same for a shared one is not.

Then, the advent of smart cars also means that the number of stakeholders involved in personal data collection has significantly increase, with multiple data controllers/processors, from the car manufacturer to various third parties in charge of sub-systems or peripheral services, including the in-vehicle infotainment system. And since a smart car system will keep on changing over the time (like a smartphone through app additions and software updates), the same is true for the stakeholders and their data collection practices.

Finally, new economic models arrive, leveraging on new types of data made available by smart car. Big technology providers are already part of the game (e.g., Google’s Android Automotive operating system, see: https://source.android.com/devices/automotive?hl=en https://source.android.com/devices/automotive?hl=en), which is not through hazard. This situation raises major questions, in particular: how to consent for personalized services, when the system learns the driver's habits and records them in the cloud, supposedly for improved services? And one can easily imagine marketing strategies with discounts on smart car prices in exchange of personalized assistance and hints. Where is the boundary between a fair personalized service and user manipulation, and how to interface with the user given the complexity of the services provided? When nobody understands, trust is not possible.

Goals of Euro-CyberPERFECTION pilot:

Pilot 1 addresses all the requirements related to user information, user consent, transfer of consent to data controllers and processors, and accountability. The Framework designed during WP3 and 4, is the cornerstone of this construction, potentially under the control of a CMP which can implement and propose its services to the various stakeholders.

The Framework will propose a rich set of consent services, like contextualized and personalized user information to enable all users to understand the data collection practices, in an inclusive manner, without any prerequisite. Fine grained and advanced consent management is needed too, in particular to enable pre-filled user profiles to be automatically communicated to data controllers. A formal description of both services and user profiles, an automated reasoning and reconciliation service to quickly find and solve incoherencies, are needed to achieve that goal while minimizing user interaction. The user engagement through the framework also needs to be dynamically updated, as smoothly as possible. The Framework will bring transparency, trust and accountability, which is required to build new services to the benefit of all stakeholders, users included.

Cheers,

Vincent

---

Vincent Roca, PhD/HDR, PRIVATICS team leader, Inria research institute, France https://privatics.inrialpes.fr/people/roca/ https://privatics.inrialpes.fr/people/roca/

...

Le 13 oct. 2021 à 19:55, OMahony, Aidan <Aidan.Omahony@dell.com mailto:Aidan.Omahony@dell.com> a écrit :

Hi Soheil,

Use case 1 has been elaborated on in section 1, hopefully it is sufficient.

Regards, Aidan

From: EU-CONSENTiNG_consortium <eu-consenting_consortium-bounces@alice.wu.ac.at mailto:eu-consenting_consortium-bounces@alice.wu.ac.at> On Behalf Of Jon Stephansen / Signatu Sent: 13 October 2021 18:37 To: Soheil Human Cc: eu-consenting_consortium@alice.wu.ac.at mailto:eu-consenting_consortium@alice.wu.ac.at Subject: Re: [Eu-consenting_consortium] The description of cases

[EXTERNAL EMAIL]

Hello Soheil,

Georg and I finished our parts this afternoon. Please review and let us know if anything further is needed.

<image001.png> <image002.png>

Regards Jon

On Wed, Oct 13, 2021 at 6:00 PM Soheil Human <soheil.human@wu.ac.at mailto:soheil.human@wu.ac.at> wrote: Dear all,

This is a kind reminder that the description of the cases are still missing in the excellence section (1.2.1.2 Use-case Pilots). I’d appreciate it if you kindly finalise them asap (by tonight/tomorrow early morning).

Aidan/Merry: the first case / smart cars => Jon/George will kindly update the diagram @Beatriz/victor: the second case / smart cities

@Jon @George @Rigo: the third case: consent management platform / finalisation

Thank a lot, Best, Soheil

--

Director Sustainable Computing Lab https://www.sustainablecomputing.eu [sustainablecomputing.eu] https://urldefense.com/v3/__https:/www.sustainablecomputing.eu/__;!!LpKI!zgneto-lf7E_CSZJHrSEIv6sW2x6gOSDG_eZ0pK205qjln3csniOeh-cYocOi4pC0Q$ Institute for Information Systems and New Media, Vienna University of Economics and Business (WU Wien) https://nm.wu.ac.at/human [nm.wu.ac.at] https://urldefense.com/v3/__https:/nm.wu.ac.at/human__;!!LpKI!zgneto-lf7E_CSZJHrSEIv6sW2x6gOSDG_eZ0pK205qjln3csniOeh-cYof51KhmAA$ Lecturer Department of Philosophy, University of Vienna

-- EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at mailto:EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium [alice.wu.ac.at] https://urldefense.com/v3/__http:/alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium__;!!LpKI!zgneto-lf7E_CSZJHrSEIv6sW2x6gOSDG_eZ0pK205qjln3csniOeh-cYoe_SNfYbg$

Internal Use - Confidential

EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at mailto:EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium

Jon,

in the goals section of case 3 we wanted to implement a generic permission application (like the secure confirmation apps in banking) to grant permissions. This is needed in use case one and 2, but could be a central goal for the support of the SMEs you mention in case 3.

I don't want to introduce text before I have some agreement. We need to make space for Uni-Luxembourg who will provide lots of insight in UX and has lots of resources there. This is currently not reflected in the use cases. IMHO, having a consent app may be central to that.

--Rigo

On Thu, 2021-10-14 at 17:18 +0100, Jon Stephansen / Signatu wrote:

Hello Vincent,

Both Georg and I have reviewed your *current state* and *goals* description and we think it's a great improvement. We are happy to use it as the basis of what's required of Signatu.

If an updated and new illustration is required, we can put that together tomorrow.

Hello Vincent,

Thank you for this.

Harsh proposed that CMP should be a standalone use-case to make sure that the CMP is best placed, and that the criteria are best defined for the smart car and smart city use-cases. The metadata analysis will also feed directly into this.

It might be best to have the CMP as case1 and then Smart Car as case2 and Smart City as case3.

It is our understanding that Rigo was enthusiastic about this too. We've discussed this in the meetings as well, and Signatu have confirmed that this is OK for Signatu.

Harsh and Rigo - please let us know if this is in line with your understanding.

Regards Jon

On Fri, Oct 15, 2021 at 2:02 PM Vincent Roca vincent.roca@inria.fr wrote:

Rigo, Jon,

As is, this Pilot 3 is strange because:

• it does not define a clear use case (it's more a general need),
• it’s obvious to me that Signatu will « integrate solutions developed

within CoCoDat with their existing solutions ». In fact I thought it was already part of WP3/4 deliverables and integrated in use cases 1 and 2.

We do need the features, but do we need it as a well identified separate pilot? Should it be integrated in T5.3 « cross case integration and studies »? It would than be less visible but still present in WP5.

What do you think?

And yes, if this is a pilot, we need to update WP5 accordingly. I haven’t done anything so far.

Cheers,

Vincent

...

Le 14 oct. 2021 à 20:42, Rigo Wenning rigo@w3.org a écrit :

Jon,

in the goals section of case 3 we wanted to implement a generic

permission

...

application (like the secure confirmation apps in banking) to grant permissions. This is needed in use case one and 2, but could be a central goal for the support of the SMEs you mention in case 3.

I don't want to introduce text before I have some agreement. We need to make space for Uni-Luxembourg who will provide lots of insight in UX and has lots of resources there. This is currently not reflected in the use cases. IMHO, having a consent app may be central to that.

--Rigo

On Thu, 2021-10-14 at 17:18 +0100, Jon Stephansen / Signatu wrote:

...

Hello Vincent,

Both Georg and I have reviewed your *current state* and *goals* description and we think it's a great improvement. We are happy to use it as the basis of what's required of Signatu.

If an updated and new illustration is required, we can put that together tomorrow.

Vincent,

the idea of the 3rd use case was to create an App on a mobile phone being able to make permission of consent without being actually in the smart city or car app. "Une sorte de secure pass" like in the french banking applications.

I have seen the description and it misses this cornerstone. But I can't write it, because I can't programme it. So I need buy in from Jon. In short, use case 3 is the Signatu - App. They describe the backend, but not the frontend (yet)

So all of the use case can then be also used with the App from use case 3. UC3 has no "instance data" case like the others, because it is generic. But it could be aligned with smart cities or smart cars.

--Rigo

On Fri, 2021-10-15 at 15:02 +0200, Vincent Roca wrote:

Rigo, Jon,

As is, this Pilot 3 is strange because:

• it does not define a clear use case (it's more a general need),
• it’s obvious to me that Signatu will « integrate solutions developed

within CoCoDat with their existing solutions ».   In fact I thought it was already part of WP3/4 deliverables and integrated in use cases 1 and 2.

We do need the features, but do we need it as a well identified separate pilot? Should it be integrated in T5.3 « cross case integration and studies »? It would than be less visible but still present in WP5.

What do you think?

And yes, if this is a pilot, we need to update WP5 accordingly. I haven’t done anything so far.

Cheers,

Vincent

...

Le 14 oct. 2021 à 20:42, Rigo Wenning rigo@w3.org a écrit :

Jon,

in the goals section of case 3 we wanted to implement a generic permission application (like the secure confirmation apps in banking) to grant permissions. This is needed in use case one and 2, but could be a central goal for the support of the SMEs you mention in case 3.

I don't want to introduce text before I have some agreement. We need to make space for Uni-Luxembourg who will provide lots of insight in UX and has lots of resources there. This is currently not reflected in the use cases. IMHO, having a consent app may be central to that.

--Rigo

On Thu, 2021-10-14 at 17:18 +0100, Jon Stephansen / Signatu wrote:

...

Hello Vincent,

Both Georg and I have reviewed your *current state* and *goals* description and we think it's a great improvement. We are happy to use it as the basis of what's required of Signatu.

If an updated and new illustration is required, we can put that together tomorrow.

George, all,

IMHO, the data subject related apps will be provided by other tasks covered by WU, UL, WF, UPM, etc. Signatu, as a CMP, will support the data controllers to manage their data/meta-data and communicate them with data subjects’ devices. What happens on the data-subjects’ side/device is not a part of CMPs responsibility.

I think we should be careful to have a solid and consistent framing throughout the proposal, cases, tasks, etc.

Just my two cents,

Thanks and cheers, Soheil

--

Director Sustainable Computing Lab https://www.sustainablecomputing.eu https://www.sustainablecomputing.eu/ Institute for Information Systems and New Media, Vienna University of Economics and Business (WU Wien) https://nm.wu.ac.at/human https://nm.wu.ac.at/human Lecturer Department of Philosophy, University of Vienna

On 15.10.2021, at 20:46, Georg Philip Krog georg@signatu.com wrote:

Rigo

Signatu is built as a platform.

On top we can build apps.

Hence, an app for data subjects to permit car data sharing.

It would be good to understand what you want the app to do frontend (and backend).

Best regards Georg

...

15.10.2021 kl. 16:51 skrev Rigo Wenning rigo@w3.org:

Vincent,

the idea of the 3rd use case was to create an App on a mobile phone being able to make permission of consent without being actually in the smart city or car app. "Une sorte de secure pass" like in the french banking applications.

I have seen the description and it misses this cornerstone. But I can't write it, because I can't programme it. So I need buy in from Jon. In short, use case 3 is the Signatu - App. They describe the backend, but not the frontend (yet)

So all of the use case can then be also used with the App from use case 3. UC3 has no "instance data" case like the others, because it is generic. But it could be aligned with smart cities or smart cars.

--Rigo

...

On Fri, 2021-10-15 at 15:02 +0200, Vincent Roca wrote: Rigo, Jon,

As is, this Pilot 3 is strange because:

• it does not define a clear use case (it's more a general need),
• it’s obvious to me that Signatu will « integrate solutions developed

within CoCoDat with their existing solutions ». In fact I thought it was already part of WP3/4 deliverables and integrated in use cases 1 and 2.

We do need the features, but do we need it as a well identified separate pilot? Should it be integrated in T5.3 « cross case integration and studies »? It would than be less visible but still present in WP5.

What do you think?

And yes, if this is a pilot, we need to update WP5 accordingly. I haven’t done anything so far.

Cheers,

Vincent

...

...

Le 14 oct. 2021 à 20:42, Rigo Wenning rigo@w3.org a écrit :

Jon,

in the goals section of case 3 we wanted to implement a generic permission application (like the secure confirmation apps in banking) to grant permissions. This is needed in use case one and 2, but could be a central goal for the support of the SMEs you mention in case 3.

I don't want to introduce text before I have some agreement. We need to make space for Uni-Luxembourg who will provide lots of insight in UX and has lots of resources there. This is currently not reflected in the use cases. IMHO, having a consent app may be central to that.

--Rigo

On Thu, 2021-10-14 at 17:18 +0100, Jon Stephansen / Signatu wrote:

...

Hello Vincent,

Both Georg and I have reviewed your *current state* and *goals* description and we think it's a great improvement. We are happy to use it as the basis of what's required of Signatu.

If an updated and new illustration is required, we can put that together tomorrow.

-- EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium

-- EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium

Soheil,

Thank you.for clarifying.

Best regards Georg

15.10.2021 kl. 20:56 skrev Soheil Human soheil.human@wu.ac.at:

 George, all,

IMHO, the data subject related apps will be provided by other tasks covered by WU, UL, WF, UPM, etc. Signatu, as a CMP, will support the data controllers to manage their data/meta-data and communicate them with data subjects’ devices. What happens on the data-subjects’ side/device is not a part of CMPs responsibility.

I think we should be careful to have a solid and consistent framing throughout the proposal, cases, tasks, etc.

Just my two cents,

Thanks and cheers, Soheil

--

Director Sustainable Computing Lab https://www.sustainablecomputing.eu

Institute for Information Systems and New Media, Vienna University of Economics and Business (WU Wien) https://nm.wu.ac.at/human

Lecturer Department of Philosophy, University of Vienna

...

On 15.10.2021, at 20:46, Georg Philip Krog georg@signatu.com wrote:

Rigo

Signatu is built as a platform.

On top we can build apps.

Hence, an app for data subjects to permit car data sharing.

It would be good to understand what you want the app to do frontend (and backend).

Best regards Georg

...

15.10.2021 kl. 16:51 skrev Rigo Wenning rigo@w3.org:

Vincent,

the idea of the 3rd use case was to create an App on a mobile phone being able to make permission of consent without being actually in the smart city or car app. "Une sorte de secure pass" like in the french banking applications.

I have seen the description and it misses this cornerstone. But I can't write it, because I can't programme it. So I need buy in from Jon. In short, use case 3 is the Signatu - App. They describe the backend, but not the frontend (yet)

So all of the use case can then be also used with the App from use case 3. UC3 has no "instance data" case like the others, because it is generic. But it could be aligned with smart cities or smart cars.

--Rigo

...

On Fri, 2021-10-15 at 15:02 +0200, Vincent Roca wrote: Rigo, Jon,

As is, this Pilot 3 is strange because:

• it does not define a clear use case (it's more a general need),
• it’s obvious to me that Signatu will « integrate solutions developed

within CoCoDat with their existing solutions ». In fact I thought it was already part of WP3/4 deliverables and integrated in use cases 1 and 2.

We do need the features, but do we need it as a well identified separate pilot? Should it be integrated in T5.3 « cross case integration and studies »? It would than be less visible but still present in WP5.

What do you think?

And yes, if this is a pilot, we need to update WP5 accordingly. I haven’t done anything so far.

Cheers,

Vincent

...

...

Le 14 oct. 2021 à 20:42, Rigo Wenning rigo@w3.org a écrit :

Jon,

in the goals section of case 3 we wanted to implement a generic permission application (like the secure confirmation apps in banking) to grant permissions. This is needed in use case one and 2, but could be a central goal for the support of the SMEs you mention in case 3.

I don't want to introduce text before I have some agreement. We need to make space for Uni-Luxembourg who will provide lots of insight in UX and has lots of resources there. This is currently not reflected in the use cases. IMHO, having a consent app may be central to that.

--Rigo

...

On Thu, 2021-10-14 at 17:18 +0100, Jon Stephansen / Signatu wrote: Hello Vincent,

Both Georg and I have reviewed your *current state* and *goals* description and we think it's a great improvement. We are happy to use it as the basis of what's required of Signatu.

If an updated and new illustration is required, we can put that together tomorrow.

-- EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium

-- EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium

I concur with Rigo - I would assume that it's in everyone's interest to better understand the full budget.

Regards Jon

On Wed, Oct 13, 2021 at 7:23 PM Rigo Wenning rigo@w3.org wrote:

We need a budget spreadsheet with the full budget exposed. I need to control my contributions and I also need to see if a point has sufficient other contributions and a realistic set of resources.

Can you please make the budget spreadsheet available to all members of the Consortium?

So far, this is the first project ever where I have to ask for this.

--Rigo

On Wed, 2021-10-13 at 18:59 +0200, Soheil Human wrote:

...

Dear all,

This is a kind reminder that the description of the cases are still missing in the excellence section (1.2.1.2 Use-case Pilots). I’d appreciate it if you kindly finalise them asap (by tonight/tomorrow early morning).

Aidan/Merry: the first case / smart cars => Jon/George will kindly update the diagram @Beatriz/victor: the second case / smart cities

@Jon @George @Rigo: the third case: consent management platform / finalisation

Thank a lot, Best, Soheil

--

Director Sustainable Computing Lab https://www.sustainablecomputing.eu < https://www.sustainablecomputing.eu/%3E Institute for Information Systems and New Media, Vienna University of Economics and Business (WU Wien) https://nm.wu.ac.at/human https://nm.wu.ac.at/human Lecturer Department of Philosophy, University of Vienna

-- EU-CONSENTiNG_consortium mailing list EU-CONSENTiNG_consortium@alice.wu.ac.at http://alice.wu.ac.at/mailman/listinfo/eu-consenting_consortium

Hi. Some of the partners have 0 PM in WP1, WP5, WP6 - which cannot be correct since everyone is involved in project management (WP1) and dissemination (WP6), and in WP5 we have to work on use-cases (other than TP21 and ASI).

On 14/10/2021 16:18, Soheil Human wrote:

The budget is available on the shared folder. The WU’s budget is not finalised, since we left it to be calculated as the last one. It’s on my ToDo list.

Best, Soheil

On Thu, 2021-10-14 at 18:39 +0200, Soheil Human wrote:

Petra and me will go through this soon and assign PMs top-down and ask everyone to review.

The best way I've seen so far, is to put all the tasks in a second sheet. Let people fill their estimate of their involvement in tasks. Then compare to the maximum set to not blow the limit. Then we could negotiate, probably next Tuesday, if at all needed.

I can help tomorrow making this second sheet, if you want. But as we have file, I don't think concurrent editing is a good idea. So I wait until you give me green light to actually make that second sheet.

--Rigo

On Fri, 2021-10-15 at 12:13 +0200, Soheil Human wrote:

...

I can help tomorrow making this second sheet, if you want. But as we have file, I don't think concurrent editing is a good idea. So I wait until you give me green light to actually make that second sheet.

Please go for it. Thanks.

Sorry, I wasn't able not make it. I will be offline for the WE. I will care Sunday evening and Monday morning.

--Rigo