[Proposal] Project Falcon - Global Consent DNA Bitmaps and Consent Management Service (CMS)

Information Rights define the abilities to use information as a scarce resource with competing rights. It can be defined in sentence form. The Subject (a Person, Place OR Thing) which relates to a Predicate (Organization, Program (legal use of data), AND Jurisdiction).

While a great deal of logic and circumstance can go into whether or not an enterprise can use data for a particular purpose in a particular jurisdiction (legal nexus) for a particular subject, it ultimately results in a binary conclusion of yes or no, or in computer-speak, 1 or 0.

These types of elections, and the applicable Program(s), can apply to various corrals of consent, such as accessing data from a device, selling or sharing data with 3rd parties, and sending communications to the subject. But today there is no consistent ability to resolve all of those corrals for a single use case, which leads to confusion by enterprises and complexity for users so great that there is today no meaningful end-to-end consent understanding for most significant uses of information (data). This hurts privacy and impedes enterprise profitability.

Default settings for consent for any such use can be set by policy or regulations. They can be modified by businesses on advice from their counsel, but ultimately get cast by a subject as an election. Again, it results in a 1 or a 0.

The one thing consistent for all complexities mentioned is the ultimate distillation down to a 1 or a 0.

This election, then, can reside at the intersection of the three components of the Predicate (Organization, Program, and Jurisdiction) as defined by an address: X, Y, and Z. Therefore, a collection of consents can be combined neatly, without collision, into a 3D bitmap that can be utilized by any programming language using native libraries and can be applied to any data use sentence from transactional to Big Data and anonymous to re-identified data.

This 3D cube can then be related to any Subject as a stand-alone copy that can then be updated over time by the Subject (or authorized agent) and dated/versioned off. This supports historical use of data over time against historical defaults per various jurisdictions.

The goal of Project Falcon is to normalize and standardize the approach for defining, updating, consuming, and distributing this bitmap, and by doing so, providing a new source of record for all relying systems, thereby providing the missing end-to-end consent understanding for significant uses of information (data).

Great to see fresh thinking on consent management.

I would suggest @J_PrivacyCo-op expands the proposal to follow the major chapter headings of the Advertising to Interest Groups proposal so that commentators have a little more detail.

Super suggestion! We are also working on the Tech Spec, and are welcoming collaborators on that process (ping me here or email me at jay@privacyco-op.com). I can combine both. I’ll post here with the same headings as you suggested, and also make sure they are covered in the spec. Hopefully we will be able to link the spec here soon.

Thanks again!

Here is the developing specification document: tinyurl.com/falconCNS. If you would like to become a contributor, please ping us at research@privacyco-op.com.

W3C announced a proposed group for this effort! https://www.w3.org/community/blog/2021/09/29/proposed-group-consent-name-system-community-group/

Please join us.