New requirements for consent management
| Coversheet | RDM-2024-0053 |
|---|---|
| Meeting ID | RDM #67 |
| Source | Sejong University (JaeSeung Song, jssong@sejong.ac.kr / Jieun Lee, love9ly@sju.ac.kr) |
| CR Title | New requirements for consent management |
| CR Against Release | Rel-4 |
| CR Against TS/TR | TS-0002 V5.3.0 |
| Work-item | WI-0001 |
| Reason | oneM2M TR-0062 studied privacy regulations such as GDPR, and recommended to address various issues in oneM2M Systems including consent management. |
"Under GDPR, processing personal data is generally prohibited, unless it is expressly allowed by law, or the data subject has consented to the processing by the owner of the data. According to GDPR, consent must be freely given, specific, informed and unambiguous. In order to obtain freely given consent, it must be given on a voluntary basis. Therefore, it is very important how to manage consent in IoT platforms."
This contribution proposes to add new requirements to TS-0002 v5.3.0 to address issues related to the consent management, which is specified in the privacy regulations such as GDPR. Especially, this contribution proposes to add requirements to support consent management mechanisms in oneM2M based on its referencing regulations. Please refer Section 10 Conclusion in TR-0062 "oneM2M System Enhancement to Support Privacy Data Protection Regulations". | | Type of change | New feature or functionality | | Clauses | Section 6.4 Security Requirements | | Other comments | |