Versions Compared

Old Version 6

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 7

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Privacy as Expected is explained technically in this use case for proving a general took for identity and trust governance interoperability.  E.g. the use of rights based controls
le decentralized identity and data governance framework for humans based on semantic standards for notice and consent.  (Human centric Identity & Trust)  The ISO standardized notice and consent semantics for data controls.  

The principle of PaE is that people can see surveillance and privacy risks independently of the systems and grant consent for a system to provides digital identity permissions for the use of . 

...

definition and terms provide an international basis for legal notice and consent governance semantics and interabioity.   These are used to standardize (or provider transparency over) system identity permissions and data controls, independent of the service, to provide a privacy as  expected signs.  

Simply put, standardized notice infrastructure, for messaging  (aka receipt) architectures.   As humans we are decentralized, in the physical world the trust framework is about social protection, policing, justice etc.   To extend this digitally, these standards are used to provide a broadcasted identity and trust  UI that a is human 'Consent Centric".  Conceptually this is public set of rules people can use to see, share and communicate about the surveillance and privacy risks, independently of the systems that grant consented permission for surveillance of identifiers.


Method of Signalling:  Active State Risk Transparency


PaECG project, which created the technical assets and framework for implements a simple visual signal to show if the state of the surveillance is the same as expected.   This means seeing who the legal entities are behind services, as well as the beneficial owner of the data collective by the serviceprivacy and consent is what is expected.  The first step, is display the  controller's credential, (a bound legal entities and accountable person credential) for a specific service and data processing context.  

Privacy as expected is theExpected,  legal expression of the state of notice people should have over privacy risk, in order to have privacy they expect.  Online 

Online, these privacy risks extend to digital identity, surveillance and the security of the surveillance.  Without clarity of transparency over these relationships, it is hard to mitigate risks so people can trust independently of the service being provided. the technology is un-trustworthy.

To achieve this a first consent notice receipt (from the first time a service is permissions) can be receipt is generated and this then provides the baseline for the active state of the controller.   This is then compared against the current state of privacy by comparing the next notice receipt state to that of the ANCR receipt.   This produces a standards based universal privacy state signal, and is demonstrated with the PaE:Consent Gateway project funded by the EU NGI Trust grant. 

...