...
New Field - name, description, reference
Notice Location:
PASP - Privacy Access Service Point - define digital contact point information, for proportionate access to rights information
- there are different performance levels for privacy information access and rights which is captured in this assessment,
- Performance
- if online and access is provided with a PISP which is an api access fore in conxt privacy then privacy information and controls can be dynamic
- this field has dynamic,
- out-of-band,
- static
- Access Conformance
- access to information in the information according to context
- linked data -
- access to information in the information according to context
- if online and access is provided with a PISP which is an api access fore in conxt privacy then privacy information and controls can be dynamic
- Confromance
- a) if using standards, information access has a higher level of transparency
- a person,
- self-service
- bot
- mailbox
- answering machine
- a) if using standards, information access has a higher level of transparency
- Performance
Consent Type
...
Defaults
Consent Types refers to the context of Notice which covers the array of concentric engagement points in which humans provide permissions to generate digital identifiers.
...
- Other: Not Consent,
- delegated
- Implied
- implicit
- expressed
- explicit
- directed
- altruistic
*****************
Field Glossary
(Note: all terms refer to ISO/IEC 29100 and ISO/IEC 29184, Kantara Consent Receipt, adopted for - for terms, unless they are specified here to further extend terms or definitions in a more granular manner,
...
Field Name | Type | PII(Y) | Field Label | Description | Required/Optional |
version | string | Schema Version | The version of specification used to which the receipt conforms. To refer to this version of the specification, the string "v1" or the IRI "https://w3id.org/OPN/v1" should be used. | Required | |
profile | string | Privacy Profile URI | Link to the controller's profile in its registry. | Required | |
Notice ReceiptLocation | string Array | Type of Notice ReceiptRecord | Label Notice Receipt | Required | |
id | string | Receipt ID | A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122]. | Required | |
timestamp | integer | Timestamp | Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch). | Required | |
key | string | Signing Key | The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance. | Optional | |
language | string | Language | Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'. | Required | |
controllerID | string | Controller Identity | The identity (legal name) of the controller. | Required | |
| Controller Address | |||||
jurisdiction | string | Legal Jurisdiction | The jurisdiction(s) applicable to this notice | Required | |
controllerContact | string | Controller Contact | Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle. | Required | |
notice | string | Link to Notice | Link to the notice the receipt is for | Optional | |
policy | string | Link to Policy | Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided | Required | |
context | string | Context | Method of notice presentation, sign, website pop-up etc | Optional | |
| Receipt Type | The human understandable label for a record or receipt for data processing. This is used to extend the schema with profile for the type of legal processing - and is Used to identify data privacy rights and controls | ||||
| PASP | array | Privacy access service points of contact and access, email, ph, etc. - or PaeCG signal
| |||
| Consent Type | |||||
| Payload | Notice Text | Accountable Person Role |
****
(To be Moved Later) Case Study: privacy cafe
- Privacy Cafe Narrative
- Scenario 1 imagine - first time to a privacy cafe
- new country, different language, different types of coffee, different currency, different technology, different measures, different ingrediants eg. type of sugar, cream, milk and cup size measures
- Scenario 2 - a known regular at a privacy cafe close to your home or work
- the user experience with high level of consensus
- Scenario 3 - Digital Twin - Transparency - creating a record and providing receipts
- withdraw consent
- access to use surveillance
- audit to see who benefits from personal data in the cafe, out of the cafe
- audit of the providence of authority
- Scenario 1 imagine - first time to a privacy cafe
- Main functionality point is focused on how dynamic and operational privacy performance is, in proportion to the data processing surveillance.
- capacity for the notice to transfer liability for data processing and access to privacy to enable people with controls to mitigate risk
- difference between permission for a purpose, or permission for a data base field
- having to go into each service and change or withdraw permission
- or pressing one button to withdraw consent, for many services
- The Priavcy Cafe Experience
- Human XU - physical governance defaults - notice of (expected) defaults
- in this context - there can be consent
- Using the video surveillance in (or public camera outside) a privacy cafe to make a police report, without the need for an information request
- Privacy Cafe cookie (session cookies available to visitors)
- Human XU - physical governance defaults - notice of (expected) defaults
...