Versions Compared

Old Version 3

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 4

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Update 

This document presents a summary update to the ANCR WG and Consent Receipt community on of some of key issues and solutions that address them since MVCR v0.8  (when spec was frozen) for review by ANCR WG 

...

  1. The ISO/IEC SC 27 Committee in April 2020 to start an ISO Working Draft based on the Consent Notice Receipt
  2. The Consent Notice Receipt was published in appendix D, of ISO/IEC 29184 (June 6,2020)  titled 'Online privacy notice and consent' 
    1. this establishes  the Consent Notice Receipt as an authoritative data governance tool to provide transparency over the control and interoperability of data processing by services between jurisdictions     
  3. V1.1  to V 1.2 Notice; regarding 'well known issues and developments' (WKID) Updates, 
    1. delegation (on-behalf)
    2. proof of notice receipt
    3. Consent Notice Receipt (Human Definition) 
      1. a receipt to prove awareness of any policy or notice regarding surveillance; a physical sign, a blinking light, T&C's, privacy policies, cookie notices and online consent forms inform people about their own understanding of consent.  Consent is a human term which is technically a multi-permissoned active state at any one point of time reflecting hidden and personal capabilities per context, biological, social, legal, but more importantly, the physical environment which dictates security and controls considerations for the individual.  
      2. generated from the notice and or sign presented to the Individual in the individuals physical context indicating the system permissions/data protection and controls scopes/ relevant to the person and context. 
      3. the consent
      receipt core purpose is
      1. notice receipt MUST function to link
      and rendering privacy 
      1. privacy rights information and access into
      a receipt  independent of service context 

 

How Notice Standard Record is Global Interop Technology (in a nutshell) 

The Consent Notice Receipt Framework, is a semantically standardized notice and notification framework for the processing of personal and sensitive data, with the maximum explicit consent record structure as the base  (or first legal processing notice receipt schema specified),  

      1. the processing context, using a receipt for proof and post interaction access to those rights. 
    2. a key challenge was the legal ontology for Purpose Specification
      1. to address this, Kantara CISWG members supported
        1. the launch of the W3C Data Privacy Vocabulary Group on the eve of the GDPR @ ODI in London in conjunction with MIT Media Labs 
      2. updating / replacing the MVCR Appendix with the contributions of the Personal Data Categories from Jason Cronk (revised by the Open Consent Group), now an agreed and adopted category basis for semantic control interoperability 
      3. Purpose category better defined as a  trust framework, for code of conduct and practices better nuanced as  identity governance scheme, as an audit or (micro)credential and certification.  Codes of conduct are often championed at a national and international to be approved by Data Protection and Privacy Regulators for an industry and sector. 
    3. Legal Justifications for Processing
      1. For people the purpose is used to make choices and decisions it is used to inform people so they can grant consent or assent in some way for a specified purpose.
      2.  Behind this purpose specification is the legitimacy of the processing which is technically broken down into recognized legal reasons for surveillance 
        1. Now greatly simplified with the GDPR  setting an international standard and ISO 29184, as a set of standard legal justifications,.
        2. Consent
        3. Contract
        4. Legitimate Interest
        5. In the Pubic's Interest
        6. for the Vital Interest of the Individual
        7. for a required  legal obligation
      3.  with a conformity assessment built in,  any notice can be extended to provide a consent notice receipt to a person - where by standards are used to specifying the legal justification, purpose, data categories, so that the rights available for person are accessible and viewable in context. (the objective of the CR receipt format ) Regardless of service and terms

 

Governance Interoperability: Standardized Privacy Notice Semantics for Transborder identity and data governance 

Governance Interoperability is a core focus of the work, primarily from the human to technology governance interoperability, Standardizing Notice law, technical formats and semantics in the notice provides the framework for all processing activities to be relayed to a person in a consistent language and format.  

The Notice framework here is a semantic governance framework for digital twin of a physical notice using standards, or assessed against standards, independent of service provider and jurisdiction.  

across

Human 

People first must have some sort of notice that they are providing consent before consent is possible.  People must first be aware of surveillance before it can be trusted / consistently depended upon, or trustworthy in context This is required for human usability and is described  in  terms of transparency (or conformance assessment) of the notice and its effectiveness for  privacy risk management and  data governance

 Legally 

A privacy notice is the only required elements for all personal data privacy processing across all privacy legislated jurisdictionsThe harmonization's of the legal semantics, via international standards and the adoption of best practices.   Notice is the most similar across all jurisdictions and it is also the only privacy element that is constant in all frameworks.  

Notice for security, privacy, health and safety is universally required in governance, and where there is none. Like big data, there is little to no providence 

HumanTechnically 

People first must have some sort of notice that they are providing consent before consent is possible.  People must first be aware of surveillance before it can be trusted, or trustworthy 

Technically 

For active surveillance with digital identity management technology, whether it is Sovreign or not. It is untrustworthy, unless it is proportionatedemocratic, : Decentralized Governance 

Active state event receipts enable in context transparency to support rights that are proportionate and reciprocal, meaning that the Individual can see the active state of the legal entity and status of the service, independent of the service, ( with reciprocal transparency) and then have the choice to use rights as defined by legal justification and contextNotice Record Structure 

Legal Justifications Justification Standards for Dynamic Data Flow Controls

For a high privacy assurance notice governed data flow, the specified purpose of use, is what governs the data flow and processing.   A notice record is required for any processing and to start a relationship.  The Notice type is further extended by the legal justification for processing and often identified as a services 

There is more than one type of identity relationship for a legal justification for processing, and opf there are multiple relationships for a processing activity – which would required multiple legal justifications.  

 

IN 29184, the legal justifications for the use with identity management systems are generically defined as  a Notice for 

...

and transparency an online privacy notice can be structure and labelled to automate the permissioning over the  flow and control of processing  

For online services, there are more that one legal justification operating at once, for example, explicit consent to a PII Controller most often requires secondary processing by a third party with a contract based framework, legitimate interest for tracking service renewals, legal obligations to flag fraud, and implmentation safeguards for public and vital interest access. E.g. the emergency health responder. 

An Individual manages/ governs by  consent to purpose, and  a Systems authority is provided by specifying  the legal  justification a key point and nuance to highlight in order to understand how notice can aid in the interoperability of governance between system

For transparency, a consent notice receipt can come in these 6 legal flavours of purpose specification, framed by privacy regulation as the overarching scheme/trusted framework for all parties. 

  1. Explicit Consent Notice Receipt   
  2. Contract Notice Receipt 
  3. Vital Interest of Individual (Vital Interest Notice Receipt) 
  4. Legal Obligation - ( Legal Notice of Monitoring Receipt  
  5. Legitimate Interest - Essential-Use - Notice Receipt  
  6. Public Interest - Public Health, Safety, Security Notice Receipt \


In these legal contextsall  contexts, notifications inform a  inform the lifecycle of legal justification for processing and its relationship, in addition and receipts render this lifecycle  making transparent active state to which rights apply in context, and what the performance of those rights ares legally expected by people.  

...

The CR V1.2 Updates the CR V1.1 Structure to a more modular structure 

Notice Fields  

  • Notice Receipt (core field set)comprised of the fields for notice that are required for all legal justification for processing.  
  • The Notice Receipt by itself indicates the security first, the PII Controller, and representative. 
  • Notice Receipt Utilities  
  •  Without a legal justification this notice mitigates the risk and can technically start the process of transferring liability for processing to the Individual (PII Principal) n legal entities and the provider of notice,  
  • Notice with a notification payload,  
  • In a specific context a legal Notice can be used to deliver a notification 
  • Meaningful consent requires a notice of risk  
  • A notice receipt for a notification of risk, in addition to a consent notice receipt provides 2 factors of notice,  
  • Utilizing the same two factor messaging pattern for semantic harmonization 
  • Consent is not possible without a Notice of,  
  • Processing and operational understanding  
  • Directed & Altruistic Consent 
  • PII Principles provide the notice themselves  
  • Go 

Vectors of Consent  

 

Quality of Consent 

...

Structure & Generation of a Receipt

the receipt is further defined and fields and broken down into

  1. Part 1 :  Required Notice of Controller Identity Fields - the capture of the identity of the controller, and the physical context of the notice for processing provided by the controller
  2. Part 2: Legal Justification and (services) purpose specification to generate a consent notice receipt from the notice presented to the Individual
  3. Part 3: the human interaction point - in which proof of notice being provided/read is captured and a Consent Notice Receipt is generated. 

Additional information for data control & accountability providence can be nested in the receipt to provide a higher level of automated privacy assurance to better mitigate risk and liability   

 Consent Types Defined in v1.2

  • explicit
  • implied
  • directed
  • altruistic

Consent Notice Receipt (MVCR Finished = v1.2)  


Extending a Notice Receipt with Consent as the legal justification, requires purpose specification, for a service,  In summary,

The CR v1,1 as published contains the fields for the specification of a purpose for consent,  The vocabulary and categories required to  harmonize semantics for data control where know issues that have been focused on for the last 3 years.  The Personal Data Categories are used to specify the purpose, while the Data Privacy Vocabulary, provides a machine-readable legal ontology for specifying data types, and treatment. All of which are required to specify a purpose for dynamic data flows that people can a) see b) human understandable c) interact with in a meaningful way , d) while also semantically harmonized in containers that are machine readable.  published known challenges have been addressed and are specified here in the v1.2 update.  


CR v1,2  : Core Format Structure and fieilds

  

  1. Notice Receipt  field object
    1. Location & Time 
    2. Location – twin - 
    3. Physical Device - 
     
  1. Digital - 
  1. PII Controller  object
    1. Jurisdictions, 
  2. Link to physical notice 
  3. Extend it (Legal Justification)  
  4. Privacy Stakeholders 
  5. Categories of controllers  
  6. Consent Purpose Specification (v.1.1) 
  7. Purpose Category 
  8. Purpose Descriptions  
  9. Purpose Sensitive Categories of Data  
  10. Sensitive data category  
  11. Personal Data Category  
  12. Personal Data Types/attributes etc  
  13. Personal Data Processing Treatment 
  14. Storage 
  15. Security (cert/sighed key) 
  16. Extensions –Requirements (according to Context)  

...