The mission:
An alternative policy and identity management protocol for authorization and privacy online that is more performative, beneficial, compliant and empowering for the PII Principal than it is today. (the answer to digital privacy and trust)
The ANCR WG is eager to announce an alternative to the Opt In and Opt-Out terms and conditions and privacy policies online. To offer a tool for digital identity access and management that evolves the authorization process to include the PII Principal in the scope of access and data controls.
The deliverable:
To produce an alternative to the 'I Agree" (to things I don't read or understand). This challenge in tonline services and the embedded contract based policy terms of services. Tjos reqiores an alternative that scales, with common international specifications tused to standardize notice and consent online.
Notice and consent standards can provide the alternative format focused on transparency, laws and practice operationally consistent across privacy jurisdictions.
The result is trust for people that scales across digital identity management system and privacy regulation.
The goal is to create a state of trust that provides people with choice to choose what is best for them in context. The result is freedom to choose from a place you (people) control regardless objective is to create an Active State of trust in surveillance and digital identity, for dynamic data control and automated governance. The result must be the freedom to control your personal information, to choose who benefits from it, and be empowered with our own personal big data.
AuthC specifies a two factor notice (2FN) and two factor Notice for Consent (2FC) flow for presenting digital privacy transparency, accountability and rights access.
2FN + 2FC produces legal proofs (computational privacy) that can be used to enhanced access and mobility services so they can be better used directly by people. regardless of physical or digtial technology or data governance providence (digi-space). This specification for 2FN is designed to produce 'Privacy Assurance', (versus the existing framework of IAL, AAL, FAL), a new category of eConsent and identity management. 2FN + 2FC produces legal proofs (computational privacy) that can be used by people for access and mobility services to greater value with greater assurance and control as the alternative.
The work builds on a decade of effort, much of it in Kantara workgroups. The Consent Receipt has been widely recognized and adopted, with iteration and implementations since the publication of the Consent Receipt and then is includesion in the ISO 29184 annex.
2FN and 2FC expresses exprected system use experiences as policy for access. This is the alternative to surveillance by default. As a result consent receipts (capture of state) can be generated and recorded independently by both parties specifies how consent receipts be used to provide proof of notice for any legal justification for processing, and how ANCR Records and Consent Receipts can be generated by either party (the PII Controller and the PII Principal) or together by both parties for advanced Auth C based preference and permission exchangestakeholders, for active state privacy and security.
To learn more, check out the first draft of the 2FN and 2FC Introduction
Take For a sneak preview, take a look at ANCR: Consent Receipt Section 1 - which is the work to specify the ANCR Notice Record Format for generating Notice and Consent Receipts - for PII Controller and Principal processing records
...