Commonly referred to as the ANCR TPS Assessment Scheme : Parts 1 and 2 for measuring conformance, compliance, performance and security of Transparency and Consent
| Anchor | ||||
|---|---|---|---|---|
|
...
08
ANCR refers to an Anchored Notice & Consent Receipt, it is a record that is generated using the Transparency Performance Indicator assessment, which provides a standard measure of operational conformance, compliance and trust performance of the present presented PII Controller’s security and privacy session information.
Note: In ANCR Consent Notice Receipt specification, the record and receipt is generated with a PII Controller Identity
Editor(s):
Mark Lizar, WG Co-Chair, WG Editor
...
Sal D’Agostino, WG Co-Chair
Gigi Agassini, WG Secretary
| Table of Contents |
|---|
IPR Option:
This ANCR Record Specification TPS Assessment Scheme is a specification is required to be open, as specified under a Patent & Copyright: Reciprocal Royalty Free with Opt-out to Reasonable and Non-discriminatory (RAND) license agreement at the Kantara Initiative for submission contribution to ISO/IEC SC 27 WG 5.
Any derivative use of this specification must not create any dependency that limits or restricts the use, accessibility, and availability of the scheme and/or its use to evaluate the performance of transparency and/or the ability for the PII Principal to provide and manage consent records.
Suggested Citation: (upon WG approval)
ANCR Digital Identity Trust Transparency Assessment Performance Scheme , (DITTAS) Part 1 & 2 v1v0.0 8
| Anchor | ||||
|---|---|---|---|---|
|
This specification relies on (open access to) ISO/IEC 29100 Security techniques, Privacy framework and ISO/IEC 29184 online privacy notices and consent, and the Consent Notice Receipt in the Appendix B, further specified by ANCR Mirrored Record Information Structure,3 Consent Notice Receipt Format as specified in the Kantara Initiative ANCR WG Mirrored Record information structure, extending the CISWG MVCR and , which is a digitally twinned record information structure, Consent Receipt v1.1.4
| Anchor | ||||
|---|---|---|---|---|
|
License Condition:
This document has been prepared by participants of Kantara Initiative Inc. ANCR-WG. No rights are granted to prepare derivative works of this ANCR Scheme outside of the ANCR WG. Entities seeking permission to reproduce this document, in whole or in part, for other uses must contact the Kantara Initiative to determine whether an appropriate license for such use is available.
Implementation or use of this document may require licenses under third party intellectual property rights, including without limitation, patent rights. The Participants participants and any other contributors to the Specification specification are not and shall not be held responsible in any manner for identifying or failing to identify any or all such third-party intellectual property rights. This Specification is provided "AS IS," and no Participant in Kantara Initiative makes any warranty of any kind, expressed or implied, including any implied warranties of merchantability, non-infringement of third-party intellectual property rights, or fitness for a particular purpose. Implementers of this Specification Digital Trust Transparency Scheme specification are advised to review the Kantara Initiative’s website (Kantara Initiative: Trust through ID Assurance ) for information concerning any Necessary Claims Disclosure Notices that have been received by the Kantara Initiative Board of Directors.
...
| Anchor | ||||
|---|---|---|---|---|
|
Thank you for downloading reviewing this publication prepared by the international community of experts that comprise the Kantara Initiative. Kantara specification in its preparation for publication and contribution. The Kantara Initiative is a global non-profit ‘commons dedicated to improving secure, private and trustworthy use of digital identity and personal data identifier surveillance through innovation, standardizationstandardisation, and good practice.
The Kantara is known around the world for Initiative, known internationally for incubating innovative concepts, operating an Identity Trust Frameworks Assurance Framework to assure digital identity and privacy service providers and developing community-led best practices and specifications. Its efforts are acknowledged by OECD ITAC, UNCITRAL, ISO SC27, other consortia and governments around the world. “Nurture, Develop,
| Anchor | ||||
|---|---|---|---|---|
|
...
| Anchor | ||||
|---|---|---|---|---|
|
Abstract
Since the first signatory in 1980, the international standardisation of Security and Privacy law has been underway to become formalised into regulation, and as of March 2024, into enforceable law, which is now implemented in the EU through the General Data Protection Regulation. This has paved the way for the ratification of the updated to the 108 Convention from the Council of Europe to Convention 108+. The international commonwealth privacy framework, which is interoperable with the ISO/iEC 29100 security and privacy framework, also widely adopted and open access.
...
In Part 2 of the scheme (in the Appendix A) a transparency information request is sent to the controller using the PII Controller Record that is generated in Part 1 of the assessment scheme to; a) test the operational performance of transparency and consent information by making a rights request or complaint and, b) assess compliance in accordance to the international adequacy baseline.
...
Application
4 Transparency Performance Indicators asses transparency signalling in Part 1,
when PII Controller Identity information is provided in accordance to when data is captured, to assess the security and privacy risk and complianceWhat , to determine the legal validity of consent.
If required PII Controller Identity information is provided and its operational performance the assess ability . to assess operational complinace for any legal justification or authority.
Accessibility & Authenticity the presentation accessibility of the PII Controller Identity Information and Privacy Notice in digital context, and the terms and definitions used in the notice, notification or disclosure. assess data sovereignty security risk, - digital security certificate integrirty, , taking into account device accessibility, the language and number of screens to access privacy information. in order to then assess the terms and their definition against the legal (and expected) terms and definitions.
Security integrity, of a SSL Certificate (or token) - digital security certificate integrity, asses its OU, Jurisdiction, and Name, to match the PII Controller Information, registration or noticeand risks presented in notice.
In Part 2,
The record is used to send a digital privacy rights request, which is then made to
operational performance and integrity of the notice, notification and disclosures.
These are used to asses if
consent is valid
how operation it is
how inclusive and authentic
how secure the transparency and consent is
| Anchor | ||||
|---|---|---|---|---|
|
Normative
CoE Convention 108+
ISO/IEC 29100 security and privacy framework standard maps terms in the standard itself, for example PII Principal is mapped to the Data Subject.
Term Mapping
The ANCR Record Framework is used to specify Transparency Performance Indicators (TPIs)
...
| Anchor | ||||
|---|---|---|---|---|
|
4 TPI’s
The 4 Transparency Performance Indicators capture transparency and data capture practices in context and are used to test the self-asserted information for its operational usability.
...
This is a 1.0 document; we look forward to its evolution.
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
The following describes an assessment using the TPIs to measure Operational Transparency and assurance.
...
Transparency is required to be available in context, i.e., during the time when PII is obtained (found in Transparency Statement or Privacy Policy).8
Time period data stored.
Existence of rights/controls to access and rectify.
Existence of right to manage consent.
Existence of right to lodge a complaint with a Data Protection Authority (DPA).
Whether processing is based under a statutory, or contractual context, or whether necessary for entering a contract, if the PII is obliged, and the consequences of failure to provide this data.9
Existence of
AI, or any automated decision-making technology
Digital identity management surveillance technologies
Any profiles, or graphs generated
Meaningful information about the logic involved
Significance in overall policy or processing and decision making
Expected consequences for and to PII Principal - Data Subject
| Anchor | ||||
|---|---|---|---|---|
|
The TPI Rating system is designed to measure the operational performance of the information, for example if only a mailing address is provided for a privacy contact on a website, this is considered non-operable according to the context. This means that privacy access and specific information is not retrievable in the context of data collection. The TPIs measure adequacy and demonstrate non-performance by PII Controllers as a form of data co-governance.
The associated Conformity Assessment: uses the open ISO/IEC 29100 security framework for generating interoperable records and receipts of data processing activity, according to transparency in context.
| Anchor | ||||
|---|---|---|---|---|
|
a. TPI 1 measuring the point when the individual is notified versus when personal information/digital identifiers are collected and processed. The scheme starts by capturing the timing of notice presentation in relation to first data capture, and first contact.10
...
Combined, these TPIs provide an overall Indication of the operational state of digital privacy.
| Anchor | ||||
|---|---|---|---|---|
|
Rating - Instruction | TPI 1 Timing (with regards to processing) | TPI 2 Required Information | TPI 3 Accessibility | TPI 4 - Digital Security |
+1 (assured) | PII Controller credential is displayed, using a standard format with machine readable language, and linked, for example, in an http header in a browser | The Controller is discoverable prior to session (out of band) in a machine-readable format: 1.Controller Registry 2.A client-side record of processing (via a wallet or browser) | Controller identity is presented prior to data collection | Security is required prior to collection (digital wallet based)
|
0 (dynamic assurance) | PII Controller Identity or credential is provided in first notice | Credential is presented just in time (automated check and first-time notice) | Embedded as a credential and dynamically available upon access (almost just in time) | Assurance provided– e.g., certificate is specific to and matches controller and context. |
-1 (analogue assurance - online) | The Controller Identity, or screen with the Controller Identity is one screen and click away. For example, the privacy policy link in the footer of a webpage | Controller information is accessible (not presented) during collection | PII Controller Identity prominently displayed on first view – prior to processing first page of viewing | Not-specific to controller - does not match jurisdiction. |
-2 - (not mandatory in flow) |
| Controller Credential information is linked during collection | is linked not presented | Does not match OU |
-3 (non-operative) | PII Controller Identity is not accessible enough to be considered ‘provided’ | Controller information not present | Identity or credential is not accessible in context - e.g., two or more screens of view away, or privacy contact is mailing g address and non-operative in context of data collection. | It is not a valid, secure, or recognized provider. |
| Anchor | ||||
|---|---|---|---|---|
|
This appendix is an example of a notice record and the schema and can be used as a template for the information record, rating, and analysis.
...
FIELD NAME | FIELD DESCRIPTION | REQUIREMENT: MUST, SHALL, MAY | FIELD DATA EXAMPLE |
Notice Location | Location the notice was read/observed | MUST | http://Walmart.com (actual link) |
PII Controller Name | Name of presented business | MUST | Walmart |
Controller Address | The physical address of controller and/or accountable person | MUST | 1940 Argentina Road Mississauga, Ontario L5N 1P9 |
PII Controller Contact Type | Contact method for correspondence with PII Controller | MUST | Email, phone |
PII Controller-Correspondence Contact | General contact point | SHALL | |
Privacy Contact Type | The Contact method provided for access to privacy contact | MUST | Email, or other |
Privacy Contact Point | Location/address of Contact Point | MUST | |
Session Certificate | A certificate for monitored practice | Optional | TLS, Transparency, Policy (OID) Context |
| Anchor | ||||
|---|---|---|---|---|
|
These digital transparency code of conduct rules coincide with the TPIs presented and reference the international adequacy requirements for transparency required for digital identifier management. In Report on the Adequacy of Digital Identity Governance for cross border transparency and consent:
...
Provide their PII Controller Notice Credentials, before or at the time of processing personal information (TPI 1), Article 14.1
PII Controller credential information must be accessible
PII Controller credential information must be operationally capable for access to rights with evidence of notice & consent
The security context must match the controller’s jurisdiction where it is assumed PII is processed
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
...
3 Mirrored Record Information Structure, 2024, ANCR WG Kantara Initiative { ANCR: Consent Receipt V2: Consent Token Information StructureNotice Receipt }
4 Consent receipt v1, CISWG Kantara Initiative https://kantarainitiative.org/download/7902/
...