Versions Compared

Old Version 22

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 23

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Status: WG Draft v0.8.9 (WG Review)

The ANCR record objective is to provide operational transparency over data control and processing that works to regulate surveillance from offline and online activities, in much the same way as financial transactions are now regulated and tracked.

The Anchored Notice and Consent Receipt (ANCR) Record specification enables individuals (i.e., a PII Principal) to employ a 3-layer notice record schema to indicate knowledge of processing, and in this context indicate consent and or permissions as appropriate. Required for a specific data exchange. PII Principals can enhance the single use record schema with a layer 2 schema that incorporates a digital identifier to serve a ‘proof of notice’ record for repeated use in concentric data exchanges.

The 3rd notice record schema is the anchored notice records is a private information (identity relationship) record, which considers security requirements as a pre-condition for generating records and receipts in identifier management systems.

Finally, an active technical record of processing activities provides for the PII Principal in context transparency over who is accountable for — and is a pre-condition of — processing Personally Identifiable Information (PII) for human interoperable governance and security.

In this first rendition of the ANCR framework specification it is the PII Principal who manages consented surveillance, and the processors who each manage and comply with the permissions granted for a specified purpose and scope. To this point, this specification focuses on transparency performance for the assessment of data control and it’s impact. Including 3 ANCR Framework Extensions summarized in the Appendix for extending the transparency over data control with,

  • Extension 1: consented purpose specification

  • Extension 2: data treatment and right based controls

  • Extension 3: bundling codes of conduct and practice in implementation

Subsequent iterations and extension of this specification focus on a Controller Credential agnostic to identifier technology. The use of notice records as a Micro- credentials and consent receipt as tokens for proof of notice for any of the 6 legal justifications for processing as well as evidence of electronic consent.

NOTES TO READER

This Kantara Initiative work effort began when Liberty Alliance became the Kantara Initiative, and the Consent and Information Sharing Working Group formally began in 2015. That Working Group’s activities carried on through the ANCR Working Group.

...