Security Experts:

Connect with us

Hi, what are you looking for?



Kantara Initiative Assists With EU Privacy and GDPR Issues

The US-based Kantara Initiative announced today that it has joined the European Trust Foundation to help its non-EU government and corporate members engage with Europe on pan-jurisdiction federated digital identity, trust and privacy initiatives.

The US-based Kantara Initiative announced today that it has joined the European Trust Foundation to help its non-EU government and corporate members engage with Europe on pan-jurisdiction federated digital identity, trust and privacy initiatives.

The advent of the General Data Protection Regulation (GDPR) turns Kantara’s development of good business practices into legal requirements for any enterprise that has a single customer within the European Union. The new alliance will make it easier for US business to engage with the European Commission over such issues.

There are still fundamental misconceptions in the common understanding of the GDPR: firstly, that it only involves European companies; and secondly, that it solely concerns the protection of personal data from being hacked. Neither are true. Any company anywhere in the world that trades with Europe is affected; and data protection now involves far more than the protection of data. GDPR shifts emphasis from company security to involved customer protection: secure customer relations are now a focus.

The issue is demonstrated by GDPR’s ‘consent’ requirements. For a business to process personal data, it must now obtain consent, defined in article 4(11) as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

The detail, requiring explicit informed consent (tick boxes and obscure T&Cs are no longer sufficient) will require changes to business practices. But consent can also be withdrawn — and that will require changes to business processes. Commercial enterprises will need to manage consent as effectively as they manage identity; and indeed, the two become woven together.

This is where Kantara comes in. Its Consent Receipt Specification is a record of consent provided to an individual at the time the consent is given. The purpose is effectively to verify a consent contract, but it also provides a mechanism for the withdrawal of that consent. Coupled with a second evolving Kantara specification, User Managed Access (UMA) — which enables the user to control how his or her data is shared — these new initiatives could help provide a solution to the GDPR consent requirements. 

Kantara’s new relationship with the European Trust Foundation, which has a history of working closely with the European Commission, will help US consent mechanisms be accepted as adequate for the GDPR. But it is not just a one-way matter of compliance. It doesn’t simply provide part of the legal basis for the transfer of personal data out of the EU; it is also part of the legal basis for making automated decisions relating to that personal information. 

Consent receipts and user managed access are not simply a GDPR solution, they are good practices for the modern world. User trust in vendors’ use of PII is low. If that can be improved so that secure customer relations can replace old-style hidden and obfuscated personal data collection, then new avenues for business will emerge.

In Kantara’s own words, “When individuals are forced to sign organization-centric privacy policies/ terms of use, then this places limitations on the information that will be shared. If such constraints were removed, and capabilities built on the side of the individual, then new, rich information will flow — including actual demand data (as opposed to derived/ predicted demand).”

But whatever solutions to GDPR requirements are chosen by US (or any non-EU) business, they will need to be accepted as adequate by the European Union — and this is the aim of the new relationship between Kantara and the European Trust Foundation. “The European Trust Foundation aims to provide a valuable service to Kantara members located outside of Europe by helping to streamline the engagement process with the EU,” said Colin Wallis, executive director, Kantara Initiative.  “The foundation and organizations like Kantara act as a ‘staging area’ to help expedite the process of gathering information and presenting a common voice for non-EU countries to approach and engage with the EU on GDPR.”

Written By

Click to comment

Expert Insights

Related Content


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...


The Federal Communications Commission (FCC) is proposing tighter rules on the reporting of data breaches by wireless carriers.The updated rules, the FCC says, will...