user consent, which SPs should trigger these screens ?

[Steven Carmody]

Hi,

I see that sites (including mine) are starting to experiment with User 
Consent to Attribute release -- I'd be interested in hearing what people 
are thinking about how to approach the question of when to present the 
browser user with the Consent screens... some thoughts and examples  ..

-- always present the Consent screen to every student who has opt'ed out 
under FERPA. This rule overrides all of the others.

-- we have contracts with a number of commercial SPs (eg Canvas, the LMS 
people; Workday; etc). We want to suppress consent in these cases. Do we 
add each one to a blacklist ? Or does it make better sense to TAG them 
in some way, and use the TAG value to suppress ?

-- R&S. Always release the standard R&S bundle to R&S SPs ? Or always 
present the Consent screens, and let individuals decide what to release?

-- should we TAG ALL (or most) of the local SPs, and release all the 
required attributes, and bypass Consent ? "we trust ourselves".

-- are there other well known and easily identifiable Categories of 
sites that we should try to implement ?

-- should we provide users with an out-of-band management console where 
they could specify some "global rules" to control how Consent works for 
them ? (eg Always/Never ask for my Consent, and presumably some 
in-between possibilities.) Presumably this would also include a 
mechanism to revoke Consent.

Thanks for your thoughts !