Versions Compared

Old Version 65

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 66

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Editors:

...

Editors:

VersionStatusWriterEditorreviewer

v.01


XMark Lizar - ; Summary of IntentMary Hodder 
v.02X Mark Lizar & Mary Hodder Stakeholder Analysis  John Wunderlich
v.03 XJohn & Mark: Summary of Compliance ContentsMary Hodder 
v.04Current

Spec Outline: Mark Lizar

PDS Respect Network Save Receipt to Cloud: Technical Walkthrough: Markus Sabadello

Open Notice Website CR Demo: Mark Lizar


John Wunderlich 

Mary Hodder

 
v.05Next Edit   

...

Table of Contents
outlinetrue
indent10px


  1. Related Documents:

...

Respect Network (RN) Technical Demo:

...

 

Specification by example (SBE) is a collaborative approach to defining requirements and business-oriented functional tests for software products based on capturing and illustrating requirements using realistic examples instead of abstract statements. It is applied in the context of agile software development methods, in particular behavior-driven development. This approach is particularly successful for managing requirements and functional tests on large-scale projects of significant domain and organisational complexity.[1] (https://en.wikipedia.org/wiki/Behavior-driven_development)

A key aspect of 'specification by example' is creating a single source of truth about required changes from all perspectives. This latest version specification with this document title is the single source of truth. 

Objective

The aim of the specification is to produce a the minimum compliant capable consent receipt that directly links all required policies (open notices) to the consent receipt. 

...

Field NameDescriptionPurpose/ExplanationReason Why This Field is Required

Cloud Receipt Capture & Sign: Format example in (XDI)

Note: following lines all prepended with ([=]!:uuid:1111/[+]!:uuid:9999)

Data Subject

Name or pseudonym of the user at minimum,

Data Subject is primary party to consent

Is the consent contributor and primary party of the consent, (which is why this is the first field of the MVCR)

if not signed by Data Subject then its use post consent may be limited.

Data Subject: Alice [=]!:uuid:1111

Address (and jurisdiction) of Data Controller

Name of the entity issuing the receipt

Should be the entity/organization that is in control of the personal data and is responsible for consent compliance.Is the Data Controller and is the primary party responsible for administration of the consent

Data Controller: Amazon [+]!:uuid:9999

PurposeThe purposes for which the personal information is being collected.this is a single purpose at minimum linked to the short purpose notice, or policy of purpose.

A purpose notice is a basic and common legal requirement and functionally a requirement of consent.

[#receipt]!:uuid:1234[<#purpose>]<@0>&/&/"We need to process your payment."

[#receipt]!:uuid:1234[<#purpose>]<@1>&/&/"We  need your data to prevent fraud."

[#receipt]!:uuid:1234[<#purpose>]<@2>&/&/"We will advertise to you."

Location of Consent

The location of the consent provision. from which the consent receipt originates.(For example the web page with the consent button. )

This indicates the 'point of consent' - hopefully a button where the user clicked "I agree" or "I consent" (i.e. the biggest lie)

Can be a URI, URL, URN, 

This can also be a physical space where surveillance legal notice requirements exist (EU) - Global Positioning System (GPS)

 

[#receipt]!:uuid:1234<#location><$uri>&/&/"....." 

Sensitive Personal Data Flag (Y/N)Flag to categorise the information collected as sensitive or not (Y/N)Each jurisdiction has classifications of sensitive personal information: The generally include health, financial, Child Protection, Religious, Union categorisations

If Yes, then additional notice requirements are needed to confirm its compliance status.

If No, then the consent is automatically compliant

[#receipt]!:uuid:1234<#sensitive>&/&/true

Third Party Sharing

Flag whether data is shared with third parties. (Y/N)

If true, then compliance is dependent upon additional notice requirements not present in a MVCR. This can be addressed with the "Third Party Sharing" extension.

If Yes, then additional notice requirements are needed to confirm its compliance status.

If No, then the consent is automatically compliant

[#receipt]!:uuid:1234<#third><parties>&/&/true

TimestampWhen consent was obtainedTo record when the user, either by implication or explicity, granted consent for the purposes described. [#receipt]!:uuid:1234<$t>&/&/"2014-07-13T21:32:52"
Privacy PolicyThe issuing entity's privacy policy (either inline copy, or reference to URI)If not available, should provide a notice that it is missingIs the minmum Policy (or short notice) Needed to create a consent receipt.

[#receipt]!:uuid:1234<#privacy><#policy>&/&/"copy of privacy policy here"

or

 

[#receipt]!:uuid:1234<#privacy><#policy><$uri>&/&/"https://..."

     
ContextOperational Context FlagFlag wether the Operational Requirements are present or not. (Y/N/Unknown)For the presentation of consent there are contextual and prescriptive requirements in legislation, a check list of these elements is being crated in this draft below. (this list is living draft )

Consent has contextual compliance requirements for the notice to be sufficent. These depend on the location and format of the consent and data subject.notices

An organisation can agree to add address this list when implementing displays agreement (or not) to implement these OC requirements and this is reflected on the consent receipt.

 

 

...

Notice Legal Requirements Included for the MVCR

...

Format (in progress)

...

operation Context is for receipt provisioner to provide.  Context of a consent can vary dramatically. location and type of data provided is much different. 

Each jurisdiction has prescriptive text which need to accompany specific types of consent as well as legally written terminology for these requirements.   With notices there are also contextual and prescriptive requirements in legislation.

This table will collect  a check list of these elements is being crated in this draft below.

...

 

 

To indicate what is required and optional information to provide for consent
Notice Requirements Receipt MeetsDescriptionUK

UK DPA 1998

http://www.legislation.gov.uk/ukpga/1998/29

EU

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML

EUUSACanada
website consent form

To provide notice at point of consent the consequences of not provisioning consent

XX  
website consent form

USA

For Sharing Personal Sensitive Information with 3rd Parties

CanadaAPECP3PFTC FIPPSOECD FIPPS
Contact of Data Controller (DC)Legally required to provide contact details of the DCXX      
Address of Data Controller (DC)Legally required to provide contact details of the DCXX  mobile application     
Entering Physical SpaceSign posted upon entry to physical spacePurpose(s)Legally required to provide purpose for data controlXX      

...

EU
Third Party Legal Requirements TransparencyThis is a flag to see if additional notice extensions are requirements to assess complianceXX  Notice Requirements Receipt MeetsDescriptionUK

UK DPA 1998

http://www.legislation.gov.uk/ukpga/1998/29

    
Sensitive Personal Information Collection TransparencyThis is a flag to see if additional notice extensions are requirements to assess complianceXX      

 

Extensions for the MVCR

An extension can be appended to the MVCR to strengthen the compliance of a consent receipt,

Extension Types

  • Operational Context:
    •  Note for the MVCR First Draft there is only the online website format context, additional context can be added by extension
  • core extension
  • Trusted Services - Trust Framework Extensions

Operational Context (OC): Legal Requirements for MVCR Context (in progress)


Each jurisdiction has prescriptive text which need to accompany specific types of consent as well as legally written terminology for these requirements.   With notices there are also contextual and prescriptive requirements in legislation.

As a part of creating a receipt for a service user an organisation displays that they have agreed to implement (or not) the OC requirements checklist that accompanies the receipt. This is a flag yes or no,  If yes then their is a self assertion that the notice will be provided in a fair manner with all of the required considerations as prescribed in law in that jurisdiction.  This is then reflected on the consent receipt.

Instructions: This is a self asserted option, the Operational Context is a yes or no flag that the receipt provisioner turns on or off.    Operational context is dependent on the location of consent, the use of personal data, the origin of the data, and type of data provided. As Context of a consent can vary significantly operational requirements will also vary.  

This table will collect  a check list of these elements is being crated in this draft below.

XThis is a flag to see if additional notice extensions are requirements to assess compliance
Context: Location SpecificDescriptionUK

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML

USACanada
Contact of Data Controller (DC)Legally required to provide contact details of the DCXX  
Address of Data Controller (DC)Legally required to provide contact details of the DCXX  
Purpose(s)Legally required to provide purpose for data controlXX  
Third Party Legal Requirements TransparencyThis is a flag to see if additional notice extensions are requirements to assess compliance

LexUriServ.do?uri=CELEX:31995L0046:EN:HTML

EUUSACanada
website consent form

To provide notice at point of consent the consequences of not provisioning consent

X (put in legal ref)X  Sensitive Personal Information Collection Transparency
website consent formTo indicate what is required and optional information to provide for consentXX  
mobile application   

Extensions for the MVCR

An extension can be appended to the MVCR to strengthen the compliance of a consent receipt,

Extension Types

...

  
Entering Physical SpaceSign posted upon entry to physical space    

Core Extensions

In each jurisdiction there are sensitive types of personal information found in privacy and data protection law.  Each sensitive type corresponds to a jurisdiction, is defined by an industry, and has prescribed context requirements for the use of a notice.  Core extensions can be added to the MVCR to meet more complex notice requirements and meet the requirements of multiple regulatory jurisdictions.  .

...

MVCR Proposed Extensions Table (in progress) 

These are the extensions tables.  This is an active list of extensions being planned and/or developed  need to include the name of the filed, have a description, context, benefit, and examples.

...

Extension TypeField NameDescriptionInstructionsLegal Requirement Jurisdiction (this item must be listed on LR table)

Context

(this item must be listed in the Operational Requirements table)

(usability/Interoperability Benefit) XDI Example
CoreJurisdictionThe jurisdictions of the parties: the data protection authority is mandatory.
  • this is taken from the data controller address and the location of the consent.
  • optional the jurisdiction of for the data subject can be added with the consent of the data subject and if the receipt is stored directly in a personal data store.
 All Usability: enables receipt to be used as evidence or for the purpose of legal data controls out of context of the consent event.

[#receipt]!:uuid:1234<#jurisdiction>/$ref/[=]!:uuid:1111<#jurisdiction>

[=]!:uuid:1111<#jurisdiction>&/&/"US"
[+]!:uuid:9999<#jurisdiction>&/&/"DE"
CoreCollect Sensitive Personal Data  
  1. Sensitive personal data categories need to be listed by jurisdiction
  2. legal and industry notice requirements need to be listed,
  3. the OC table needs to be updated with the physical requirements


    
Core3rd Party Trusted Services Extension (this is the functionality for Registry)ability to add trusted services to the minimum viable consent receipt This incorporates 3rd party sharing and purpose listing format    
 Consent Receipt Request ExtensionThis is a button a user can press to request a consent receipt from a business
  • scrape consent session and send request to MVCR DC Contact field for a reciept (byproviding a form)
  • hypothetical: if an org responds with all of the information they automatically get an above compliant rating
This is for all contexts of the MVCRUsability 
Trusted ServricePolicy Extension for Consent Cookie Policy LinkThe issuing entity's cookie policy Link (either inline copy, or reference to URI)If not available, should provide a notice that it is missing or self assert an icon Legally in the EU a cookie requires explicit assent

 

 

[#receipt]!:uuid:1234<#cookie><#policy>&/&/"copy of cookie policy here"

or

[#receipt]!:uuid:1234<#cookie><#policy><$uri>&/&/"https://..."

Trusted ServicePolicy Extension for Terms of Service LinkThe issuing entity's terms of service (either inline copy, or reference to URI)If not available, should provide a notice that it is missing Legally Terms need to be open and accessible in order to be fair and reasonable.

 

 

[#receipt]!:uuid:1234<#tos>&/&/"copy of tos here ..."

or

[#receipt]!:uuid:1234<#tos><$uri>&/&/"https://..."

 


keep copy of all notices with receiptStore all notice data option as a part of signed receipt      

 

 

Trusted Services

Trusted services/networks and frameworks, can be used to meet or exceed notice(and therefore consent) legal requirements. Or to address the need for assurance and trust for people so that consent and its management can be automated and more usable. It is for seen that a notice registry is the natural place for trust services to register their services. 

A process for auditing and verifying all trust services needs to be in place for trust services to be trusted.  Then when an organisation enrols into the registry they can also add (or manage) trust services that has been added to the receipt.  

 

  • Draft Trust Services Auditing Compliance Scale

     Type of Trust Framework
    • Consent Policy Format
    		Personal Policy Preference

     

    Consent Extension Location

    		Trusted Service Provider Examples  

    Tracker: Analytics etc:

    		 CookieDo Not Trackbrowser headercookiepedia, privacy clearing warehouse, Ghostery  

    Terms of Use Policy

     

    		 Agree to terms  TOS;DR, Citizen Me  
    Policy Tracking ServicesPolicy ComparisonHas terms materially changed ( is consent still compliant? ) TOSBack  
     Consent TypeWhat kind of consent has been receivedTo record the type of consent or whether there is an exception to the requirement for consent.   

    Reputation

     

    		Trust Framework  (all trust services provide reputation)  
     

    Privacy Icons

     

    		Pictorial Short Notices  Disconnect Me  
    Capture of Personal Preference at Time of ConsentDoes the issuing entity acknowledge DNTIf not available, should provide a notice that it is missing [#receipt]!:uuid:1234<#dnt>&/&/true  
     

    Data Control Protocol

    		   User Managed Access  
     

    Trusted Network Service

    		   Respect Network  
     

    Standards

    		      
     

    Certificates

    		   TrustE  
    Levels of Assurance   KI: Identity Assurance Framework  

 

MVCR Open Notice Mockup


The MVCR has a base template t

...

Amazon Respect Use Case: With the Respect Network and Open Notice
(Note: Amazon Respect is a Fictitious organisation used here only as an example) 

(http://open-notice.github.io/consent-receipt/amazon-mock/signup.html)

Implementation of consent receipt which is signed & created by a DC and stored in a personal Cloud. 

...

 

Each field on the MVCR contains legal notice requirements, each of these components are listed in and the presence of these are counted and a flag is added to record if any of these self asserted claims have been disputed and not resolved.  

 

The MVCR has a maximum rating of compliant.   Additional Ratings are possible with extensions. 

 

Notice Compliance Checklist

Non Compliant

Partially Compliant

Compliant

Above Compliant

TrustedUser Managed

Contact of DC

 

 

X

 

  

Address of DC

 

X

 

 

  

Purpose(s)

 

X

 

 

  

Sensitive Data (If NO)

 

 

X

 

  

Share with 3rd Party (If No)

 

 

X

 

  
Any of the above self asserted is
Disputed or un verifiable (Y/N Flag) (If No)
( if Yes and unresolved = Non-Compliant)		  X   
 

 

MVCR Compliance Scale

Each item in the MVCR will be rated with this scale presented below

 

 

 

Summary of Benefits to MVCR

  1. Transparency: The MVCR receipt is a common format for the legally required  policies which provide notice.   links to all notices and demonstrate a much higher level of minimum viable notice (for consent) legal compliance.  This standard is intended to augment the existing legal notice and consent infrastructures that is already in place and reward greater transparency of consent. .  
  2. Extensible: The MVCR Spec is intended to be easily extensible and auditable, with a jurisdicitional legal compliance audit built in for making transparent legal context and controls of a consent transaction.  Meaning that consent legal notice requirements are different by jurisdictions, industry, for various sensitive data types, for sharing to 3rd parties, tracking (cookie consents), in additional to personal and contextual consent preferences of the individual.  Extensions are notice requirements layered onto this MVCR format to meet and match legal requirements and trust frameworks to address cross jurisdictional management of consent.
  3. Trusted Services Vehicle: A receipt passed to the service user at time of consent provides a legal trust framework to build upon.  As a result it is  the MVCR  is intended as a vehicle for delivering trusted services to the individual. A stakeholder can utilise trust services, which are then linked to the receipt, which further extend the compliance and "fast track" usability of consent and identity management by using a spec compliant receipt. Eg.privacy icons, TOS reputation, certifications, trusted networks, and protocols 
  4. MVC is intended to be an all purpose consent process enhancement. 
  5. This MVCR specification is intended to be used so any organisation can implement the spec and provide a MVCR.