Versions Compared

Old Version 22

changes.mady.by.user Salvatore D'Agostino

Saved on

compared with

New Version 23

changes.mady.by.user Salvatore D'Agostino

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Transparency Performance Indicator’s (TPI’s) are introduced here as an object of conformity used to capture the presentation of that captures the presented PII Controller (Credential) information, to measure this information to determine its completenesstiming, content, accessibility and security. Its The operational data governance context and capacity per context can then be assessed measured against the existing international adequacy baseline for compliance.

In this way TPI’s can quickly be used to determine the validity, quality, and governance of data process for digital and physical assessment contexts.

The TPI’s are employed to assess digital privawcy transparency for human contextnotice and consent compliance.

About the Scheme

The TPI Scheme presented here is scoped to international/internet scale digital commonwealth transparency adequacy baseline for trans-border digital consent capable records of transparency. The TPS includes:

...

Part 2 is Appendix A and uses the ANCR record to audit the Adequacy adequacy of the captured controller elements as specified in the Council of Europe, Conv. 108+. Article 14, Transparency Modalities.

...

The scheme employs TPI’s to measure the operational performance of transparency and accountability. This is used to determine the capacity for dynamic control of personal data, in an online service context. .

The ANCR record is produced from a TPI Assessment assessment which captures the identity of the controller and accountable person, contact and physical address. In this way the presented digital governance and surveillance context can be assessed for compliance for (transborder) flows of data.

What Do TPI’s Measure

...

Indicators are captured at the point of notice presentation to capture of the required PII Controller privacy rights information access point(s), and the governance framework personal data processing is being governed.

How Does the Scheme Work

The TPI’s for conformance in the capture of privacy information or services are mapped to analogue legal requirements which measure response times in days, out of technical context.  the governance framework under which personal data processing is being governed.

How Does the Scheme Work

TPIs all measure how dynamic privacy service information is in context, and provide each provides a rating, from -3 to +1, in which +1 is for a Dynamic, dynamic data in context in context transparency performance indicator. This introduces the concept of a shared active privacy state transparency, comprised of the signal that transparency state. This dial tone/signal indicates if the privacy is as expected in context.

Anchor
_Toc155867436
_Toc155867436

...

The TPIs here are used to assess session-based data capture and self-asserted information by organizations to specify a public level of trust assurance that is provided in an online context.

Anchor
_Toc145501334
_Toc145501334
5

TPI 1 - Measures the Timing of PII Controller Identity Notification:

This TPI captures when the Controller's legal entity and Accountable Person or Privacy Officer provides their identifiers. This is measured to see if the notice is delivered

...

By assessing dynamic and operational transparency, as opposed to static, infrequent information, it provides a way for an individual to assess if they can trust a service or not. This is also assessing compliance with Article 14.1, and specifically defined in Article, 15 1, a) and b).

Information to be provided where personal data are collected from the data subject

  1. Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:

(a)  the identity and the contact details of the controller;

(b)  the contact details of the data protection officer;

...

...

TPI 2 - Measures Required Data Elements

This TPI captures whether the required security and privacy attributes are provided,6 These are required to provide the PII Controller information for all accountable parties. Namely who and what information about them is legally required. In “all” cases, there is a requirement for a Notice of who is processing your data, who is accountable, and the privacy contact information for access to personal information and rights and as required. [Art 14.1]

...

  1. Legal Entity Identity Name,

  2. Address, Contact information

  3. Name or role of Data Privacy Officer (or the authoritative owner and Accountable Person (AP) in charge of that legal entity.

  4. Privacy services access and contact point information.

  5. Privacy or other policy governing the processing of personal information.

  6. Transparency information before use

    1. Digital governance framework

    2. Legal Basis for Purpose of initial Processing of PII

    3. Recipients or categories of recipients if any

    4. Transfer of data on networks out of Country, to a 3rd Country,

    5. The existence of adequacy,

    6. Existence of safeguards, where to get a copy of them, or where they have been made available.7

...

TPI 3 - Measure of Transparency Accessibility

This TPI measures the performance of transparency in terms of accessibility to the information in TPI 2. For example, is the information readily available, ideally prior to the digital session and capture of PII. For example, is TPI-2 information presented in a pop-up notice at the initiation of a digital service session, or is it required to click a link, e.g., to a privacy policy, and then access additional link. , Is the operational transparency information on the first screen, or is it at the bottom reached only after scrolling multi-pages, with links not highlighted, and not accessible to children or parents.

...

  • Cookie = Digital receipt - nmis-information - cause mass damage - liable -

...

TPI 4: A Measures security information integrity

This TPI captures the relevant digital certificates, (e.g. x.509), or security token (e.g. JOSE) and keys to compare the security meta-data, and policy objects against the required information in TPI 2. It checks for consistency and continuity in the security provided and is it adequate for the task. E.g., does an SSL certificate Organization Unit and Jurisdiction fields match the captured legal entity information? How do the policy and jurisdiction there relate to other beneficial entities? Importantly does this align with the policy expectations of the person?

...