user consent, which SPs should trigger these screens ?
steven_carmody at brown.edu
Wed Dec 2 15:05:30 EST 2015
I see that sites (including mine) are starting to experiment with User
Consent to Attribute release -- I'd be interested in hearing what people
are thinking about how to approach the question of when to present the
browser user with the Consent screens... some thoughts and examples ..
-- always present the Consent screen to every student who has opt'ed out
under FERPA. This rule overrides all of the others.
-- we have contracts with a number of commercial SPs (eg Canvas, the LMS
people; Workday; etc). We want to suppress consent in these cases. Do we
add each one to a blacklist ? Or does it make better sense to TAG them
in some way, and use the TAG value to suppress ?
-- R&S. Always release the standard R&S bundle to R&S SPs ? Or always
present the Consent screens, and let individuals decide what to release?
-- should we TAG ALL (or most) of the local SPs, and release all the
required attributes, and bypass Consent ? "we trust ourselves".
-- are there other well known and easily identifiable Categories of
sites that we should try to implement ?
-- should we provide users with an out-of-band management console where
they could specify some "global rules" to control how Consent works for
them ? (eg Always/Never ask for my Consent, and presumably some
in-between possibilities.) Presumably this would also include a
mechanism to revoke Consent.
Thanks for your thoughts !
More information about the users