Draft: starting outlineIntro to PaeCG
Privacy as Expected Signalling: Universal Active State Risk Transparency
PaECG project, which created the technical assets and framework for a simple visual signal to show if the state of the legal entity and service surveillance is the same as expected. This means seeing who the legal entities are behind services, as well as the beneficial owner of the data collective by the service.
Privacy as expected is the legal expression of the state of notice people should have over privacy risk, in order to have privacy they expect. Online, these privacy risks extend to digital identity, surveillance and the security of the surveillance. Without clarity of these, it is hard to mitigate risks so people can trust independently of the service being provided.
Identity Trust framework focus on (trust us) technology transparency )
in the PaE.G project we are specifying a universal, decentralized identity and data governance signalling protocol for this human + legal baseline. Over trustworthiness of the transparency and accountability of data processing, collection and use with online services. This article describes this protocol for the PaE.G UI (name yet to be determined).
Note: The Open Consent Group is looking for support to open source the UI and it's binding with identity protocol's. (If you are interested in the project, please contact Mark L)
Simply put, the To achieve this a consent notice receipt (from the first time a service is permissions) can be compared against the current state of privacy by comparing the next notice receipt state to that of the ANCR receipt. This produces a standards based universal privacy state signal, and is demonstrated with the PaE:Consent Gateway project funded by the EU NGI Trust grant.
In the PaE.G project we specifying the use of the Active State Risk(ASR) signal for use with web browsers, to show the active state of Surveillance capitalism is what people expect, and to provide a way for people to use their rights (with a receipt) independent of the website.
What is the Challenge?
The internet is missing the active state/ , or context for of people, and most identity management efforts are about activating the identifier for the individual, which has revealed over time, with lots of research a signalling/security gap for people and systems (which is the security of Surveillanc tech). Represeting . Representing the signalling gap required for to indices a level of (trustworthiness).
Visual Signal Being Specified
a person generates a notice receipt for an online website based interaction, and then when returning to this website generates another receipt, then compares the state of these two receipts to see if privacy is as expected.
- if the signal is green - their is no need for a cookie notice or privacy ritual
- if the signal is yellow - then legally a notice is required to be provided, the person can ignore, accept, refuse these notices
- if the signal is red - then a notice is legally required to maintain system permissions and to manage a consent (which is technical no longer valid) for example a data breach.
- Extending the existing policy, security, technical laws and standards with PaeCG, is the design goal of the effort.
...
The aim of the PaeCG signalling protocol is to extend existing security and privacy governance schemes with an overarching privacy operator risk and liability scheme for digital identity technologies.
The PaGe
Use of PaE Notice Gateway with
...
- Notice
- Consent
- Choice
...
.
...
...
- Extending Codes of Conduct with PaeCG
- technical code of conduct = privacy/surveillance standard defaults which are then distilled into a code of practice/certification for a specific role that is registered to the code of conduct.
Use Case: Parental Consent