...
As oppose to just T&C's this can be further enhanced to enable people and orgs to use privacy law as a trust framework directly, to supersede terms and conditions, with transparency independent of services and in-additions to terms and conditions.
Protocol Outline
- Consent Receipt framework to implement PasE communication protocol
- Legal Justification and what privacy rights apply for each
- Purpose Specified with data privacy control vocabulary
- record format specified with ISO 29100
- notice controls and record specification format ISO 29184
- Notice of Control for Online Services Implementing 2FC
- 2FC
- First Factor - Generated standards
- Second Factor (link) - existing Factor - the sign or notice or notification form the provider
- 2FC
Semantic Standards Stack for Human Centric - user centric - control semantics
- usage of the ISO 29100 - roles and definitions for transborder flow of personal data
- stakeholders -
- usage of ISO 29184 - notice controls and record structure
- ISO 27560 - to. generate consent record structure for rights receipt
- W3C DPV - legal semantic ontology for notice and notification .
- ** In review - 27710
- requirements against privacy by design and default.
- 27550 - Privacy Engineering - C.4 - and C.5 - \
- Linked Data - Semantics - Human, Legal and Machine Readable framework for expectation management
- Core Record - or Credential Record for a legal entity
- Receipt of. notice of credential record
- core record id - linked reference id - PII Controller Credential
- Consent Receipt generated for each purpose specification and linked to anchor record
- each purpose is specifies by legal justification
- each purpose specification uses the DPV
- Security considerations
- PII Principal controls the ANCR Record
- 3rd Party N&C Processor - Network Facilitator
- Consent Grant Validation
- Status of the PII Controller
- Status of the Consent
- Scope of Consent Grant Permissions
- Privacy Framework Governance
- required notice, timing, formats, parties according to Privacy Law
- each, PII Controller shared, identifiers or attributes of the PII Principal is a separate risk factor
- impacted by the amount of PII - (digital identifiers and attributes) Disclosed by the Controller and under what legal frameworks
- usage of the ISO 29100 - roles and definitions for transborder flow of personal data