Objective
...
Spec for ANCR Record
...
- Provide a set of instructions for recording a notice in a consent(ric) record information structure derived for a Consent Receipt (ref)
- To then compare the conformance of the record with a control from ISO/IEC 29183 (a set of rules set by regulations for notice & consent transparency)
Methodology
This method describes, how to audit a notice to generate an ANCR- Notice Record using ISO/IEC 29100 derived receipt format, which is now published in the ISO/IEC 29184 Annex D,
The resulting audit is then used for assessing conformance with an ISO/IEC 29184 Online Privacy Notice and Consent control. In order to demonstrate how the ANCR Notice Record for assessing conformance when creating a digital identifier and processing personal data.
...
- For Security
- here is a record for identifying if there is enough security for privacy
- who is the controller,
- what are the applicable laws, and rights
- and how are these accessed.
Here are fieilds
- to create this security audit record
Notice Location:
PASP - Privacy Access Service Point - define digital contact point information, for proportionate access to rights information
- there are different performance levels for privacy information access and rights which is captured in this assessment,
- Performance
- if online and access is provided with a PISP which is an api access fore in conxt privacy then privacy information and controls can be dynamic
- this field has dynamic,
- out-of-band,
- static
- Access Conformance
- access to information in the information according to context
- linked data -
- access to information in the information according to context
- if online and access is provided with a PISP which is an api access fore in conxt privacy then privacy information and controls can be dynamic
- Confromance
- a) if using standards, information access has a higher level of transparency
- a person,
- self-service
- bot
- mailbox
- answering machine
- a) if using standards, information access has a higher level of transparency
- Performance
Consent Type Defaults
Consent Types refers to the context of Notice which covers the array of concentric engagement points in which humans provide permissions to generate digital identifiers.
...
- Other: Not Consent,
- delegated
- Implied
- implicit
- expressed
- explicit
- directed
- altruistic
****
Here is how to use it →
Audit / use for conformance
Objective
This ANCR Record specification provides a methodology to audit a notice to produce a Notice Record for generating a Consent Receipt. The objective of this documents is to
- Provide a set of instructions for recording a notice in a consent(ric) record information structure derived for a Consent Receipt (ref)
- To then compare the conformance of the record with a control from ISO/IEC 29183 (a set of rules set by regulations for notice & consent transparency)
Methodology
This method describes, how to audit a notice to generate an ANCR- Notice Record using ISO/IEC 29100 derived receipt format, which is now published in the ISO/IEC 29184 Annex D,
The resulting audit is then used for assessing conformance with an ISO/IEC 29184 Online Privacy Notice and Consent control. In order to demonstrate how the ANCR Notice Record for assessing conformance when creating a digital identifier and processing personal data.
New Field - name, description, reference
*****************
Field Glossary
...
Field Name | Type | PII(Y) | Field Label | Description | Required/Optional |
version | string | Schema Version | The version of specification used to which the receipt conforms. To refer to this version of the specification, the string "v1" or the IRI "https://w3id.org/OPN/v1" should be used. | Required | |
profile | string | Privacy Profile URI | Link to the controller's profile in its registry. | Required | |
Notice Location | Array | Notice Record | Label Notice Receipt | Required | |
id | string | Receipt ID | A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122]. | Required | |
timestamp | integer | Timestamp | Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch). | Required | |
key | string | Signing Key | The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance. | Optional | |
language | string | Language | Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'. | Required | |
controllerID | string | Controller Identity | The identity (legal name) of the controller. | Required | |
| Controller Address | |||||
jurisdiction | string | Legal Jurisdiction | The jurisdiction(s) applicable to this notice | Required | |
controllerContact | string | Controller Contact | Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle. | Required | |
notice | string | Link to Notice | Link to the notice the receipt is for | Optional | |
policy | string | Link to Policy | Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided | Required | |
context | string | Context | Method of notice presentation, sign, website pop-up etc | Optional | |
| Receipt Type | The human understandable label for a record or receipt for data processing. This is used to extend the schema with profile for the type of legal processing - and is Used to identify data privacy rights and controls | ||||
| PASP | array | Privacy access service points of contact and access, email, ph, etc. - or PaeCG signal
| |||
| Consent Type | |||||
| Payload | Notice Text |
****
(To be Moved Later) Case Study: privacy cafe
...