...

ANCR Digital Transparency Performance Scheme: Parts 1 and 2

Anchor
_Toc155867426
_Toc155867426
Conformity & Compliance Assessment v0.9.9

ANCR refers to an Anchored Notice & Consent Receipt, it is a record that is generated using the Transparency Performance Indicator assessment, which provides a standard measure of operational performance of the present PII Controller’s security and privacy session information.

...

This specification relies on (open access to) ISO/IEC 29100 Security and privacy techniques, to provide framework and ISO/IEC 29184 Online Privacy Notice information structure, Consent Notice Receipt in the Appendix B, further specified by ANCR Mirrored Record Information Structure,³ Consent Notice Receipt Format as specified in the Kantara Initiative ANCR WG Mirrored Record information structure, extending the CISWG MVCR and Consent Receipt v1.1.⁴

Anchor
_Toc155867428
_Toc155867428
Conditions for use

License Condition:

This document has been prepared by participants of Kantara Initiative Inc. ANCR-WG. ~~Permission is hereby granted to use the document~~ ~~solely for the purpose of implementing the Specification for public benefit~~. No rights are granted to prepare derivative works of this Scheme outside of the ANCR WG. Entities seeking permission to reproduce this document, in whole or in part, for other uses must contact the Kantara Initiative to determine whether an appropriate license for such use is available.

...

The TPS addresses this issue by providing a standard digital trust conformance and compliance record harness for assessing the performance of transparency and accountability when PII Controllers process personal data.

<snip>

The ANCR mirrored record information structure defines 3 types of digital trust, and provides transparency assessment scheme for primary digital trust, (also referred to as a human centric) data control and accountable transparency.

Primary Digital Trust –
1. when the PII Principle Controls their own PII, enabling transparency over processing, like on a local device
Secondary Digital Trust
1. When the PII is held by a PII Controller
Exterritorialy
1. When PII is disclosed and controlled by a 3^rd party (not a PII Processor)
  1. Emergency services
  2. Security Services



~~If the PII Principal is not able to “see” how PII (Personally Identifiable Information) is shared, disclosed, or managed it is not possible to make the choice to trust the service processing PII.~~

For people, consent by default requires assurances that personal data is being processed and transparency exists in a meaningful and operationally manner StandardStandardized, and operational transparency enabled by standardized schema, and record formats (Notice Receipts) are needed so that people can keep, and own, and to control personal information and private its use by “AI”. what

This requires can makemaking meaningful consent meaningful by default. To support this, and Tto create and scale trust in digital contexts a Digital Transparency Code of Conduct is introduced. The goal is to leverage, simplify, and clarify, and standardize requirements and for the use of CoE 108+ Chapter 1 Transparency Modalities, ~~which is~~ mirrored in the GDPR Article 12, ‘Transparent information, communication and modalities for the exercise of the rights of the data subject’.

Simply summarized

If the PII Principal is not able to understand and “see” how PII (Personally Identifiable Information) is shared, disclosed, or managed it is not possible to trust the service processing PII with any additional assurancs.

Data Control and the expectations of that control are assessed in this Scheme by making a record, called a consent notice receipt, of the transparency provided in context, From what is generally referred to as a notice notification, sign, policy, privacy policy, contract, web-page, web-page link and or icon, or any type of governing framework agreement.

Scheme Applicability

All data processing must have a record of notified processing activity. ~~In order to~~This is a requirement to be digitally transparent. The exception is when ~~it is , unless required not to be~~there is a by legal derogation, which is required notification, often as risk that is provided prior to consent based processing of PII. Even Iin such an instance, the processing must be transparent to the appropriate regulatory authority, according to the context of processing.
This assessment scheme in this way, can be applieds to ~~all~~ any services context and ~~every~~ stakeholder; , PII Controller, PII Processor, PII Principal’s, the PII Co-Regulating Authority and delegates.
All processing with consent already requires ~~a record of the~~ privacy notice and privacy policy link, ~~which~~ in this assessment scheme, the record that is generated for assessment ~~in this document is referred to as~~is called a Notice Receipt~~, also known a~~ in the ~~s the~~ ANCR mirrored record ~~of consent~~information structure. ~~, and referred to as a consent record in ISO/IEC 27560 Consent record information structure.~~
In GDPR and ~~Records and receipts provided in this scheme as are specified in~~ Convention 108+, Art 31 these records are called a Record of Processing Activity (RoPA), used in this framework as proof of transparency/knowledge. . ~~The consent receipt is effectively a digital twin,~~ ~~of this RoPA,~~ ~~which is a mirrored~~ ~~– linked~~ ~~notice and consent~~ ~~micro-data~~ ~~record, which is~~ ~~also~~ ~~held by the individual.~~ ~~This Record can then effectively become the authoritative consent record.~~



A Notice Receipt ~~can be created by any~~is created to assess in this framework ~~stakeholder to identify a PII Controller.~~

An Anchored Notice and Consent Receipt can be used as a record of consent to access data subjects' rights, for example, and/or to test and assess the operational performance of PII Controllers’ digital privacy performance in digital contexts.

Part 1 of the scheme introduces 4 Transparency Performance Indicators; these are used to measure and rate the conformance of transparency. In Part 2 of the scheme (in the Appendix A) a transparency information request is sent to the controller to; a) test the controller information and, b) measure how compliant the performance of digital transparency is, to both legal expectations, and the personal privacy expectations of the PII Principal.

, n

Anchor
_Toc155867431
_Toc155867431

Anchor
_Toc155867432
_Toc155867432
Terms & Definitions

Anchor
_Toc155867433
_Toc155867433
Normative to Council of Europe, Convention 108+,

The normative language for the TPI Scheme is defined by Convention 108+, the commonwealth privacy convention the GDPR (General Data Protection Regulation) 108+ was created to establish a set of principles and rules to effectively safeguard personal data and facilitate cross-border data flows

...

Anchor

	_Toc155867437
	_Toc155867437

4 TPI’s

The 4 Transparency Performance Indicators capture transparency and data capture practices in context and are used to test the self-asserted information for its operational usability.

...

This is a 1.0 document; we look forward to its evolution.

Anchor
_Toc155867448
_Toc155867448
TPI Compliance Assessment Scheme Part 2

Anchor
_Toc155867449
_Toc155867449
Operational Transparency Assessment

The following describes an assessment using the TPIs to measure Operational Transparency and assurance.

...

Transparency is required to be available in context, i.e., during the time when PII is obtained (found in Transparency Statement or Privacy Policy).⁸
1. Time period data stored.
2. Existence of rights/controls to access and rectify.
3. Existence of right to manage consent.
4. Existence of right to lodge a complaint with a Data Protection Authority (DPA).
5. Whether processing is based under a statutory, or contractual context, or whether necessary for entering a contract, if the PII is obliged, and the consequences of failure to provide this data.⁹
6. Existence of
  1. AI, or any automated decision-making technology
  2. Digital identity management surveillance technologies
  3. Any profiles, or graphs generated
  4. Meaningful information about the logic involved
    1. Significance in overall policy or processing and decision making
    2. Expected consequences for and to PII Principal - Data Subject

Anchor
_Toc155867450
_Toc155867450
TPI Assessment Guidance

The TPI Rating system is designed to measure the operational performance of the information, for example if only a mailing address is provided for a privacy contact on a website, this is considered non-operable according to the context. This means that privacy access and specific information is not retrievable in the context of data collection. The TPIs measure adequacy and demonstrate non-performance by PII Controllers as a form of data co-governance.

The associated Conformity Assessment: uses the open ISO/IEC 29100 security framework for generating interoperable records and receipts of data processing activity, according to transparency in context.

Anchor
_Toc155867451
_Toc155867451
TPIs are captured in sequence

a. TPI 1 measuring the point when the individual is notified versus when personal information/digital identifiers are collected and processed. The scheme starts by capturing the timing of notice presentation in relation to first data capture, and first contact.¹⁰

...

Combined, these TPIs provide an overall Indication of the operational state of digital privacy.

Anchor
_Toc155867452
_Toc155867452
TPI – Scheme 1, Part 1(S1-P1) metric logic

Rating - Instruction	TPI 1 Timing (with regards to processing)	TPI 2 Required Information	TPI 3 Accessibility	TPI 4 - Digital Security
+1 (assured)	PII Controller credential is displayed, using a standard format with machine readable language, and linked, for example, in an http header in a browser	The Controller is discoverable prior to session (out of band) in a machine-readable format: 1.Controller Registry 2.A client-side record of processing (via a wallet or browser)	Controller identity is presented prior to data collection	Security is required prior to collection (digital wallet based)
0 (dynamic assurance)	PII Controller Identity or credential is provided in first notice	Credential is presented just in time (automated check and first-time notice)	Embedded as a credential and dynamically available upon access (almost just in time)	Assurance provided– e.g., certificate is specific to and matches controller and context.
-1 (analogue assurance - online)	The Controller Identity, or screen with the Controller Identity is one screen and click away. For example, the privacy policy link in the footer of a webpage	Controller information is accessible (not presented) during collection	PII Controller Identity prominently displayed on first view – prior to processing first page of viewing	Not-specific to controller - does not match jurisdiction.
-2 - (not mandatory in flow)		Controller Credential information is linked during collection	is linked not presented	Does not match OU
-3 (non-operative)	PII Controller Identity is not accessible enough to be considered ‘provided’	Controller information not present	Identity or credential is not accessible in context - e.g., two or more screens of view away, or privacy contact is mailing g address and non-operative in context of data collection.	It is not a valid, secure, or recognized provider. Not security operational (proving nonreciprocal security assurance)

Anchor
_Toc155867453
_Toc155867453
1.2. Table 2: ANCR Mirrored Record Schema Example

This appendix is an example of a notice record and the schema and can be used as a template for the information record, rating, and analysis.

...

FIELD NAME	FIELD DESCRIPTION	REQUIREMENT: MUST, SHALL, MAY	FIELD DATA EXAMPLE
Notice Location	Location the notice was read/observed	MUST	Walmart.com (actual link)
PII Controller Name	Name of presented business	MUST	Walmart
Controller Address	The physical address of controller and/or accountable person	MUST	1940 Argentina Road Mississauga, Ontario L5N 1P9
PII Controller Contact Type	Contact method for correspondence with PII Controller	MUST	Email, phone
PII Controller-Correspondence Contact	General contact point	SHALL	Privacy@org.com
Privacy Contact Type	The Contact method provided for access to privacy contact	MUST	Email, or other
Privacy Contact Point	Location/address of Contact Point	MUST	Org.com/privacy.html
Session Certificate	A certificate for monitored practice	Optional	TLS, Transparency, Policy (OID) Context

Anchor
_Toc155867454
_Toc155867454
Digital Transparency Code of Conduct

These digital transparency code of conduct rules coincide with the TPIs presented and reference the international adequacy requirements for transparency required for digital identifier management. In Report on the Adequacy of Digital Identity Governance for cross border transparency and consent:

...

Provide their PII Controller Notice Credentials, before or at the time of processing personal information (TPI 1), Article 14.1
PII Controller credential information must be accessible
PII Controller credential information must be operationally capable for access to rights with evidence of notice & consent
The security context must match the controller’s jurisdiction where it is assumed PII is processed

Anchor
_Toc155867455
_Toc155867455
Appendix D. References

Council of Europe 108+

Anchor
_Toc155867456
_Toc155867456
Appendix F. ISO scheme Profile

Anchor

	_Toc155867457
	_Toc155867457

...

⁶ This is the most common legislated privacy element in the world, required and mappable to all privacy legislation and instruments. (ISTPA 2007)p.64

⁷ An international repository would be an ideal for framework when accessing thes first-time sign or notice.

...

Versions Compared

Old Version 1

New Version Current

Key

ANCR Digital Transparency Performance Scheme: Parts 1 and 2

Anchor
_Toc155867426
_Toc155867426
Conformity & Compliance Assessment v0.9.9

Anchor
_Toc155867428
_Toc155867428
Conditions for use

Anchor
_Toc155867431
_Toc155867431

Anchor
_Toc155867432
_Toc155867432
Terms & Definitions

Anchor
_Toc155867433
_Toc155867433
Normative to Council of Europe, Convention 108+,

4 TPI’s

Anchor
_Toc155867448
_Toc155867448
TPI Compliance Assessment Scheme Part 2

Anchor
_Toc155867449
_Toc155867449
Operational Transparency Assessment

Anchor
_Toc155867450
_Toc155867450
TPI Assessment Guidance

Anchor
_Toc155867451
_Toc155867451
TPIs are captured in sequence

Anchor
_Toc155867452
_Toc155867452
TPI – Scheme 1, Part 1(S1-P1) metric logic

Anchor
_Toc155867453
_Toc155867453
1.2. Table 2: ANCR Mirrored Record Schema Example

Anchor
_Toc155867454
_Toc155867454
Digital Transparency Code of Conduct

Anchor
_Toc155867455
_Toc155867455
Appendix D. References

Anchor
_Toc155867456
_Toc155867456
Appendix F. ISO scheme Profile

Page Comparison

Versions Compared

Old Version 1

New Version Current

Key

<span class="diff-html-changed" data-a11y-before="Start of changed content" data-a11y-after="End of changed content" id="changed-diff-0">[data-colorid=</span>

<span class="diff-html-added" data-a11y-before="Start of added content" data-a11y-after="End of added content" id="added-diff-6">uouy5t98bk</span><span class="diff-html-changed" data-a11y-before="Start of changed content" data-a11y-after="End of changed content" id="changed-diff-7">]{color:</span>

<span class="diff-html-added" data-a11y-before="Start of added content" data-a11y-after="End of added content" id="added-diff-8">uouy5t98bk</span><span class="diff-html-changed" data-a11y-before="Start of changed content" data-a11y-after="End of changed content" id="changed-diff-9">]{color:</span>

Anchor_Toc155867426_Toc155867426Conformity & Compliance Assessment v0.9.9

Anchor_Toc155867428_Toc155867428Conditions for use

Anchor_Toc155867431_Toc155867431

Anchor_Toc155867432_Toc155867432Terms & Definitions

Anchor_Toc155867433_Toc155867433Normative to Council of Europe, Convention 108+,

4 TPI’s

Anchor
_Toc155867426
_Toc155867426
Conformity & Compliance Assessment v0.9.9

Anchor
_Toc155867428
_Toc155867428
Conditions for use

Anchor
_Toc155867431
_Toc155867431

Anchor
_Toc155867432
_Toc155867432
Terms & Definitions

Anchor
_Toc155867433
_Toc155867433
Normative to Council of Europe, Convention 108+,