Blog from January, 2023

The ANCR Report Jan 2023

ANCR WG: Announces an Open Notice Controller Credential to champion the standardization of Digital Privacy Transparency and to mark the occasion, and our activities, we use the name Digital Privacy Day.

3 New Workstreams and Projects

  1. An Open Notice Controller: TPI Record & Credential n An Open Notice Controller Credential (ONCC) contains all the required information and guidance to embed required information for self-asserted digital privacy notice records.

    1. The ONCC is specified to CoE Convention 108+, GDPR, and produces records which can be used for ISO/IEC 29184 Online privacy notice and consent, conformity assessments. This furthers the work done in the stanards development to date with a specification for standard open digital privacy access with a digital privacy framework for PII Controllers,

  2. Transparency Performance Indicators, used to make a notice record and measure transparency performance

    1. The TPIs are used to create a digital privacy transparency record with ISO/IEC 29100 privacy framework for definition and terms.

  3. 2 Factor Concentric Notice (2FCN), used to generate a proof of notice record and an evidence of consent receipt, with an Notice Record or ONCC, depending on the stakeholder generating the record.

    1. A 2FCN is used to implement or enhance existing privacy service practices and is designed to replace terms and conditions with a consent receipt, it used the core interoperable schema specification of the Consent Receipt V1.1.

Last Quarter Activity

The workgroup submitted comments to the Federal Trade Commission on its Advanced Notice of Proposed Rulemaking on Commercial Surveillance and Data Security. Advocating for;

  • Introduction of the 2FCN,

  • To legislate rules for digital privacy that scale on the internet.

  • Educate about digital transparency technology for ‘co-regulation innovation’ through standardized digital transparency that provides decentralized data governance with notice and consent.

Community News

  • DataFund.io - Demo’s: Consent Receipt Suite

  • Mark Lizar takes on role as a IEEE Sub-Committee Vice Chair, for Data Flow and Control in the Human Context. Suite

  • Jan 27, Digital Privacy Day Event: Hosted event inviting Ieee Digital Privacy Community to participate in Sc1, and introducing to Kantara ANCR Specifications.


The ANCR WG specifications measure digital transparency performance and record it in a notice credential for a personal record of digital privacy.  These are used  to implement law is code transparency that supersede ‘terms and conditions’, ‘user licenses’, ‘privacy policies’ and ‘data sharing agreements’.

The ANCR WG is pleased to announce that the WG effort to specify a PII Controller credential for enabling a standard for Digital Privacy Transparency that supports the operationalization of privacy by design service infrastructure. The effort here recognizes the gap in public benefit infrastructure to which this Notice Controller Credential is focused. Specifying the publicly required privacy information elements in law and referenced standards to be an operationally co-regulated privacy credential. Referreing specifically to standardized digital privacy transparency requirements that are directly regulated through international and national privacy laws.

The Open Notice Controller Record is specified to capture and record Transparency Performance Indicators (TPI’s) that are specified separately from the Notice Controller Credential. The record is the minimum viable version of a credential, a digital transparency notice, or record. Used for the individual to see at a glance basic privacy performance of digital services.

The Open Notice Controller Credential builds upon the record, utilizing the international standard security and privacy framework of standards to provide space for architectures with broad data governance scope and interoperability. Accretive to the ISO 31700-1:2023(en) Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements. ISO/IEC 31700 updates the international privacy standard landscape consolidating many references into a privacy by design framework to support next generation digital security and privacy engineering and, data governance interoperability.

The controller credential contributes to this landscape by enhancing the digital privacy transparency requirements and their utility for conformance for use in digital privacy notice, notifications and disclosures.

It adds the next layer to the notice record and consent receipt framework for generating records of processing activities for people. It provides the capability for new network architectures, where a micro-notice credentials can provide proof of digital notice and where consent receipt tokens are used for evidence of consent.

It’s specified scope of authority is for the notice and its linked context. We are publishing a specification in the WG that can be self-asserted (our Level 0 Digital Privacy and Transparency) and for public use, including the ability to “broadcast” digital transparency enhancing dynamic digital notifications.

The Open Notice Controller Credential is specified to be a regulated controller credential by design using ISO/IEC 29100 security and privacy techniques, ISO/IEC 29184 privacy and security controls and cross-referenced and mapped to Convention 108+, and GDPR. These requirements have been nicely rolled up and further updated by the ISO 31700-1:2023(en) Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements. Encompassing the broader systems and process components that comprise self-evaluation for data protection.

By open the Notice Controller Credential is designed to be, Open +++

  1. Open for people, as a record for digital privacy transparency, Data Control Privacy, and Data Co-Regulation Privacy Risk Vectors,

  2. Open, in that it is specified to international standards and laws that are openly accessible, binding and interoperable with security and privacy best practices.

  3. Open for business - usable for people to use to access business service data directly (without intermediaries and for public benefit) increasing trust and value in a dynamic (personal) data economy. Data Governance (concentric) driven business, legal and technical frameworks.

[Updated: Feb 8, 2023]