The Consent Receipt Framework exposes the legal requirements that require that are required to administrate consent, further defined permissionsdefine the governance of permissions and application of preference. Online, or with sensory infrastructure, consent is implied through receipt be provided by or to a person, when processing their personal (and consensus) is implied in public spaces when processing personally identifiable information.
The framework creates a CR CV1.2. WD 2, generates a consent record from an interaction with an Online notice, by itself or in conjunction with a physical or verbal notice, which is used to provide the required verified organisation legal entity information, or privacy notice controller credential information required to initiate a purpose specification for the processing of personal informationNotice or Sign, which for security, the PII Controller needs to be identifiable, and verifiable. The ANCR Record is an iteration of the prefix of the CR V1.1.
This record prefix is used to capture Privacy notice information and the used to generate a consent notice receipt.
The consent receipt framework is consent by default,
...
The receipt is further defined and fields broken down for use by privacy framework for conformance assessment, which is based on the lifecycle of a specific notice for processing personal data and a specified purpose, the purpose is used to define the consent grant which provide the scope of permissions for a digital identifier management system.
an Anchor Record is generated for the PII Principle Flow of Architecture PII Principle Creates and controls Anchored privacy notice records for Privacy Assurance
For Example
a self-asserted PII Controller ANCR record provides a tier 0 privacy assurance,
- if held by PII Controller, on behalf of the PII Subject then this is not compliant
- must be witnessed by 3rd Party Privacy Assurance Provider
- if held by PII Controller, on behalf of the PII Subject then this is not compliant
- a self-asserted PII Principle ANCR Record
- is held by PII Principle, used to generate consent notice receipts
- a self-asserted PII Principle ANCR Record
Conformance assessment use cases for 27560 for the PII Principal:
- use of receipt as evidence for proof of notice and consent.
- use of receipts as proof of awareness for identity management system
- use of receipt to see the state of privacy / consent lifecycle - so that people can automatically see what to expect without reading a privacy policy or terms - with access directly to digital use of privacy rights .Consent Grant Roadmap - Scope protocol for Identity management system permissioning
- Consent Grant (human scope) - Identity Management = technoal permission and access controls
...
- Delegation
- Jurisdiction (physical location proof)
- Consent Types Defined in v1.2
- explicit
- implied
- directed
- altruistic
WKD ISSUES
The CR v1,1 as published known challenges have been addressed and are specified here in the v1.2 update.
...
- Notice field object
- Location & Time
- Location – twin -
- Physical Device -
- PII Controller object
- Jurisdictions,
- Link to physical notice
- Extend it (Legal Justification)
- Privacy Stakeholders
- Categories of controllers
- Consent Purpose Specification (v.1.1)
- Purpose Category
- Purpose Descriptions
- Purpose Sensitive Categories of Data
- Sensitive data category
- Personal Data Category
- Personal Data Types/attributes etc
- Personal Data Processing Treatment
- Storage
- Security (cert/sighed key)
- Extensions –Requirements (according to Context)
Notice & Notifications
A Notice can itself be extended with a Notification for the maintenance of a consent record, and consent based relationship. Notice Receipts facilitate a Semantic Governance Framework
...