Versions Compared

Old Version 3

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 4

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Draft:  starting outline

...

Active State Risk Transparency


PaECG project, which created the technical assets and framework for a simple visual signal to show if the state of the surveillance is the same as expected.   This means seeing who the legal entities are behind services, as well as the beneficial owner of the data collective by the service. 

...

In the PaE.G project we specifying the use of the Active State Risk(ASR) signal for use with web browsers, to show the active state of Surveillance capitalism is what people expect, and to provide a way for people to use their rights (with a receipt) independent of the website. 

What is the Challenge?

The internet is missing the active state, or context of people, and most identity management efforts are about activating the identifier for the individual. Representing the  signalling gap required to indices a level of (trustworthiness). 

...

  • a person generates  a notice receipt for an online website based interaction, and then when returning to this website generates another receipt, then compares the state of these two receipts to see if privacy is as expected.

    • if the signal is green - their is no need for a cookie notice or privacy ritual 
    • if the signal is yellow - then legally a notice is required to be provided, the person can ignore, accept, refuse these notices 
    • if the signal is red - then a notice is legally required to maintain system permissions and to manage a consent (which is technical no longer valid) for example a data breach. 
  • Extending the existing policy, security, technical laws and standards with PaeCG, is the design goal of the effort. 

 Overview  Privacy as Expected : Consent Gateway

In this document there is the principle reference and any new/proposed principles for the use of receipts for Active State Transparency and with Semantic Governance. 

The aim of the PaeCG signalling protocol is to extend existing security and privacy governance schemes with an overarching privacy operator risk and liability scheme for digital identity technologies

This project was named as it is intended to be promoted as a consent gateway for browsers and services online, for active state or OPN-Broadcasting privacy with online services. 

The way it works, the first time a receipt is captured for a  notice  provided for permission/consent, an identifier relationship is created and tracked, this removes the need to provide the same notice of who the controller is, everytime a person access a website.  

Protocol

The receipt signal is generated after the first notice is provided and a receipt is stored by the person in some manner. (aka MC-plugin) as a proof of notice.  This first receipt becomes the ANCR receipt id for that relationship for the person software to identify the org.

The next time a person comes to this website the notice of controller receipt is generated and then linked to the ANCR receipt IDIf it is the same - the signal in the icon will be green, if it is the same legal entity and privacy policy.  If there is a change, then the icon would be yellow or red, depending on how material the change in state in the legal entity state is since the last time the receipt is provided. 

Context Notice (based on standards)  

This provides an active state notice that specific to the person (human centric) view of  the state of Controller (legal entity and accountable person) of the website.  This transparency is a universal notice requirement for processing personal data, unless their are specified legal exemptions and derogations.   

The opposite of a cookie, it captures the identity surveillance relationship and the policy state so that people can see a) the relationship and b ) what state it is in the next time the service is used and or wants to process personal information. 

This basic signalling protocol, can be further extended to the services that process personal data for notice of consent, and can then be used to manage rights and the relationship of the consent for a consent lifecycle. 

This then becomes usable for a consent by design protocol - where notice and consent is mutual - providing a meaningful notice and consent framework for online service.  As oppose to T&C's this , enables people and orgs to use privacy law trust framework directly, with privacy la independent of services and in-additions to terms and conditions.