Versions Compared

Old Version 2

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 3

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Update 

This document presents a summary update to the ANCR WG and Consent Receipt community on of some of key issues and solutions that address them since MVCR v0.8  (when spec was frozen) for review by ANCR WG 

The Original Use Case – To replace/ advance the  Online opt-in's  to terms and condition based US contract based privacy model) with contract of adhesions, with  a privacy agreement model that organizations opt into instead.  

This model has had a tremendous amount of interfernece from surveillance capitalism based systems and has requied the development of international standards and enforceable privacy law.  

and consent in many jurisdictions as it is a contract of adhesion based on contract terms and conditions, with privacy considerations inherent to the Terms and conditions and service contract, not respective of privacy regulations that implement rights or local context of the personinclude standardized privacy rights access, independent of the technology and service provider. In such a way the 'concerns' are separated and the service providers can dramatically reduce data processing risk, transfer liability, and reduce the burden of policy on people with an international standard.   

The v1.2 completes this use case by providing a consent record notice receipt and specifies a notice for any type of legal processing, (consent/consensus) processing.   Implementing a notice receipt framework that is human centric first and  is extended by digital identity and trust frameworks.  The key challenges of aMinimum Viable Consent Receipt use case which started the consent receipt work.  Including an analysis on what was broken in the v1.1, preparing the way forward for a V2 receipt specification.  This  receipt specification scope is on the legally required technical fields for extending personal data governance online. 

Key challenges were a lack of maturity and granularity in operational semantics of the legal frameworks , specifically  a) the technical semantics of delegation, authority, and control b) enforceable privacy law (GDPR) and bc) standards for notice and consent (ISO 29100 and 29184) have now been addressed.  

With the addition of delegation and jurisdictional fields to the Consent record architecture, people are technically able to generate a receipt for a identity relationship  and use it to request the technical information from a company to enable automatic use of privacy rights and information discovery.  

The standardization of data control language and record format for making data transparency requests are a key starting point for implementing the personal data control transparency framework, and for organizations to be able to provide dynamic data controls to people 

  • (Add link) OCG Announcement ISO & GDPR provide framework for implementing consent  
    • Organizations can add to their existing privacy framework –updates for broadcasting privacy information, and updates to privacy.  information using standards – automatically. 
  • Alternative to Contract of adhesion -  
  • Contract of adhesion – solving t&c’s with a privacy agreement called the GDPR  
  • Equals permissions for processing and conditions of use  
  • Privacy is a policy inherent to context of adhesion – aka psuedo-consent  

So – it is pseudo consent link 

*** 

 

With the publication of ISO 29184the consent notice receipt is published in an international ISO and IEC standard for identity management (in the appendix). Published as an example of receipt for the consented transborder flow of personal information, 

This update aims to address critical issues with the CR V1.1:  

Primarily, taddress well known issues and developments (WKID) to enable a consent receipt to be use for legal purposes independently of service providers by the PII Principle.  

  • evidence, compliance,  
  • the automated use of privacy rights, (for reciprocal security and transparency)  
  • The extension of the core legal, technical, social, contexts digital and physical use cases 
  • The further extension and utility 
  • e.g. to digital ledger consent technology 
    Appendix replaced  
  • Personal data categories – Jason Cronk  
  • Open Consent Group and DPV CG Update 

...

.  Thus addressing an International set of terms, definitions Notice content controls and consent structure format, so that people can consent to control and transfer their own data to another entity (locally or across jurisdictions)

With a focus on the  delegation of authority and the jurisdictional fields for a proof of notice and consent record. Called an ANCR Record in this v1.2, people can technically own their own records of consent and data control.  Generate with trusted 3rd Party Notary, proof of notice and evidence of consent.  Track ones own consent and purposes and because of this technically generate notification for access and rights, requesting standardized transparency with a Consent Receipt.  

The standardization of terminology, controls, notice and notification for maintaining a state of consent can all be automated with Consent Receipts.   Utilizing standards for legal semantics to implement the power of linked data and render records/receipts to provide people with transparency over risk and performance of human centric data controls. 

Key Updates

  1. The ISO/IEC SC 27 Committee in April 2020 to start an ISO Working Draft based on the Consent Notice Receipt
  2. The Consent Notice Receipt was published in appendix D, of ISO/IEC 29184 (June 6,2020)  titled 'Online privacy notice and consent' 
    1. this establishes  the Consent Notice Receipt as an authoritative data governance tool to provide transparency over the control and interoperability of data processing by services between jurisdictions     
  3. V1.1  to V 1.2 Notice; regarding 'well known issues and developments' (WKID) Updates, 
    1. delegation (on-behalf)
    2. proof of notice receipt
    3. Consent Notice Receipt (Human Definition) 
      1. a receipt to prove awareness of any policy or notice regarding surveillance; a physical sign, a blinking light, T&C's, privacy policies, cookie notices and online consent forms inform people about their own understanding of consent.  Consent is a human term which is technically a multi-permissoned active state at any one point of time reflecting hidden and personal capabilities per context, biological, social, legal, but more importantly, the physical environment which dictates security and controls considerations for the individual.  
      2. generated from the notice and or sign presented to the Individual in the individuals physical context indicating the system permissions/data protection and controls scopes/ relevant to the person and context. 
    4. the consent receipt core purpose is to link and rendering privacy rights information and access into a receipt  independent of service context 

 

How Notice Standard Record is Global Interop Technology (in a nutshell) 

...