Versions Compared

Old Version 9

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 10

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As oppose to just T&C's this can be further enhanced to enable people and orgs to use privacy law as a trust framework directly, to supersede terms and conditions, with transparency independent of services and in-additions to terms and conditions.

Protocol Outline

  • Consent Receipt framework to implement PasE communication protocol 
    • Legal Justification and what privacy rights apply for each
    • Purpose Specified with data privacy control vocabulary 
    • record format specified with ISO 29100 
    • notice controls and record specification format ISO 29184 
  • Notice of Control for Online Services Implementing 2FC
    • 2FC 
      • First Factor - Generated standards 
      • Second Factor (link) - existing Factor - the sign or notice or notification form the provider

  • Semantic Standards Stack for Human Centric -  user centric - control semantics

    • usage of the ISO 29100 - roles and definitions for transborder flow of personal data 
      • stakeholders - 
    • usage of ISO 29184 - notice controls and record structure 
    • ISO 27560 - to. generate consent record structure for rights receipt 
    • W3C DPV - legal semantic ontology for notice and notification . 
    • ** In review - 27710
      • requirements against privacy by design and default. 
      • 27550 - Privacy Engineering - C.4 - and C.5 - \
    • Linked Data - Semantics - Human, Legal and Machine Readable framework for expectation management
      • Core Record - or Credential Record for a legal entity
      • Receipt of. notice of credential record 
      • core record id - linked reference id - PII Controller Credential
      • Consent Receipt generated for each purpose specification and linked to anchor record
        • each purpose is specifies by legal justification
        • each purpose specification uses the DPV
    • Security considerations 
      • PII Principal controls the ANCR Record
      • 3rd Party N&C Processor - Network Facilitator 
      • Consent Grant Validation 
        • Status of the PII Controller 
        • Status of the Consent 
        • Scope of Consent Grant Permissions 
        • Privacy Framework Governance 
          • required notice, timing, formats, parties according to Privacy Law
    • each, PII Controller shared, identifiers or attributes of the PII Principal is a separate risk factor
      •  impacted by the amount of PII - (digital identifiers and attributes)  Disclosed by the Controller and under what legal frameworks
      •