Introduction 

This document presents a summary update to the ANCR WG and Consent Receipt community on of some of key issues and solutions that address them since MVCR v0.8  (when spec was frozen) for review by ANCR WG.  

The Original Use Case – To replace/ advance the  Online opt-in's to terms and condition based US contract based privacy model) with  a privacy agreement model that organizations opt into instead.  

This model has had a tremendous amount of interfernece from surveillance capitalism based systems and has requied the development of international standards and enforceable privacy law.  

and consent in many jurisdictions as it is a contract of adhesion based on contract terms and conditions, with privacy considerations inherent to the Terms and conditions and service contract, not respective of privacy regulations that implement rights or local context of the person.  

The v1.2 completes this use case by providing a consent record notice receipt and specifies a notice for any type of legal processing, (consent/consensus) processing.   Implementing a notice receipt framework that is human centric first and  is extended by digital identity and trust frameworks.  

The key challenges of a) enforceable privacy law (GDPR) and b) standards for notice and consent (ISO 29100 and 29184) have now been addressed.  

With the addition of delegation and jurisdictional fields to the Consent record architecture, people are technically able to generate a receipt for a identity relationship  and use it to request the technical information from a company to enable automatic use of privacy rights and information discovery.  

The standardization of data control language and record format for making data transparency requests are a key starting point for implementing the personal data control transparency framework, and for organizations to be able to provide dynamic data controls to people.  

• (Add link) OCG Announcement ISO & GDPR provide framework for implementing consent  
• Organisations can add to their existing privacy framework –updates for broadcasting this information using standards – automatically.  

Contract of adhesion -  

• Contract of adhesion – solving t&c’s with a privacy agreement called the GDPR  

• Equals permissions for processing and conditions of use  
• Privacy is a policy inherent to context of adhesion – aka psuedo-consent  

So – it is pseudo consent link 

*** 

With the publication of ISO 29184, the consent notice receipt is published in an international ISO and IEC standard for identity management (in the appendix). Published as an example of receipt for the consented transborder flow of personal information, 

This update aims to address critical issues with the CR V1.1:  

Primarily, to address well known issues and developments (WKID) to enable a consent receipt to be use for legal purposes independently of service providers by the PII Principle.  

• evidence, compliance,  
• the automated use of privacy rights, (for reciprocal security and transparency)  
• The extension of the core legal, technical, social, contexts digital and physical use cases 
• The further extension and utility 
• e.g. to digital ledger consent technology 
  Appendix replaced  

• Personal data categories – Jason Cronk  

• Open Consent Group and DPV CG Update 

• DPV Vocabulary v0.2 -  

How Notice Standard Record is Global Interop Technology (in a nutshell) 

The Consent Notice Receipt Framework, is a semantically standardized notice and notification framework for the processing of personal and sensitive data, with the maximum explicit consent record structure as the base  (or first legal processing notice receipt schema specified),  

Interoperability: Standardized Privacy Notice Semantics for Transborder identity and data governance 

Governance Interoperability is a core focus of the work, primarily from the human to technology governance interoperability, Standardizing Notice law, technical formats and semantics in the notice provides the framework for all processing activities to be relayed to a person in a consistent language and format.  

The Notice framework here is a semantic governance framework for digital twin of a physical notice using standards, or assessed against standards, independent of service provider and jurisdiction.  

Legally,  

A privacy notice is the only required elements for all personal data privacy processing across all privacy legislated jurisdictions. The harmonization's of the legal semantics, via international standards and the adoption of best practices.   Notice is the most similar across all jurisdictions and it is also the only privacy element that is constant in all frameworks.  

Notice for security, privacy, health and safety is universally required in governance, and where there is none. Like big data, there is little to no providence,  

Human 

People first must have some sort of notice that they are providing consent before consent is possible.  People must first be aware of surveillance before it can be trusted, or trustworthy.  

Technically 

For active surveillance with digital identity management technology, whether it is Sovreign or not. It is untrustworthy, unless it is proportionate, democratic, and reciprocal, meaning that the Individual can see the active state of the legal entity and status of the service, with reciprocal transparency. Notice Record Structure 

Legal Justifications 

For a high assurance notice governed data flow, the specified purpose of use, is what governs the data flow and processing.   A notice record is required for any processing and to start a relationship.  The Notice type is further extended by the legal justification for processing and often identified as a services.  

There is more than one type of identity relationship for a legal justification for processing, and opf there are multiple relationships for a processing activity – which would required multiple legal justifications.  

IN 29184, the legal justifications for the use with identity management systems are generically defined as  a Notice for:  

1. Consent;  (consent as the framework notice and consent by design)  

1. Contract Notice Receipt 

1. Vital Interest of Individual (Vital Notice Receipt) 

1. Legal Obligation - Legal Notice Receipt  

1. Legitimate Interest - Essential-Use - Notice Receipt  

1. Public Interest - Public Notice Receipt 

In these legal contexts, notifications inform the lifecycle of legal justification for processing and its relationship, in addition to which rights apply in context, and what the performance of those rights ares legally expected by people.  

The CR V1.2 Updates the CR V1.1 Structure to a more modular structure 

Notice Fields  

• Notice Receipt (core field set), comprised of the fields for notice that are required for all legal justification for processing.  
• The Notice Receipt by itself indicates the security first, the PII Controller, and representative. 
• Notice Receipt Utilities  

•  Without a legal justification this notice mitigates the risk and can technically start the process of transferring liability for processing to the Individual (PII Principal) n legal entities and the provider of notice,  

• Notice with a notification payload,  

• In a specific context a legal Notice can be used to deliver a notification 

• Meaningful consent requires a notice of risk  

• A notice receipt for a notification of risk, in addition to a consent notice receipt provides 2 factors of notice,  

• Utilizing the same two factor messaging pattern for semantic harmonization.  

• Consent is not possible without a Notice of,  

• Processing and operational understanding  
• Directed & Altruistic Consent 

• PII Principles provide the notice themselves  
• Go 

Vectors of Consent  

Quality of Consent 

• Weak transparency over legal entities and beneficiaries of data processing 
•  

Consent Notice Receipt (MVCR Finished = v1.2)  

Extending a Notice Receipt with Consent as the legal justification, requires purpose specification, for a service,  

The CR v1,1 as published contains the fields for the specification of a purpose for consent,  The vocabulary and categories required to  harmonize semantics for data control where know issues that have been focused on for the last 3 years.  

The Personal Data Categories are used to specify the purpose, while the Data Privacy Vocabulary, provides a machine-readable legal ontology for specifying data types, and treatment. All of which are required to specify a purpose for dynamic data flows that people can a) see b) human understandable c) interact with in a meaningful way , d) while also semantically harmonized in containers that are machine readable.  

CR v1,2  : Core  

...

The Consent Receipt Framework exposes the legal requirements that are required to administrate consent, further define the governance of permissions and application of preference.  Online, or with sensory infrastructure, consent (and consensus) is implied in public spaces when processing personally identifiable information. 

The CR CV1.2. WD 2,  generates a consent record from an interaction with a Notice or Sign,  which for security, the PII Controller needs to be identifiable, and verifiable.  The ANCR Record is an iteration of the prefix of the CR V1.1.   

The consent receipt framework is consent by default and the anchor record is the Consent Receipt prefix and is used to capture legal entity information and used to generate a consent notice receipt. 

The receipt is further defined and fields broken down for use by privacy framework for conformance assessment, which is based on the lifecycle of a specific notice for processing personal data and a specified  purpose, the purpose is used to define the consent grant which provide the scope of permissions for a digital identifier management system. 

• Flow of Architecture PII Principle Creates and controls  Anchored privacy notice records for Privacy Assurance 

• For Example

  • a self-asserted PII Controller ANCR record provides a tier 0 privacy assurance, 

    • if held by PII Controller, on behalf of the PII Subject then this is not compliant
      • must be witnessed by 3rd Party Privacy Assurance Provider 

  • 
    

    • a self-asserted PII Principle ANCR Record 
      • is held by PII Principle, used to generate consent notice receipts

• Conformance assessment use cases for 27560 for the PII Principal: 
  - use of receipt as evidence for proof of notice and consent. 
  - use of receipts as proof of awareness for identity management system
  - use of receipt to see the state of privacy / consent lifecycle - so that people can automatically see what to expect without reading a privacy policy or terms - with access directly to digital use of privacy rights .

• Consent Grant Roadmap  -  Scope protocol for Identity management system permissioning 
  - Consent Grant (human scope) - Identity Management = technoal permission and access controls

Updating from v1.1 - represented by submission to ISO 27560

• delegation 
• jurisdictions 
• personal data categories
• consent record structions 
  • purpose finger print 
  • purpose 

V1.2 : Consent Receipt Framework

Intro - Implements PasE Protocol with 2FC

V1.2.1 :  ANCR Record Conformance

• First Factor Notice for PII Principal 
• Fields for DS location require a verifier
  •  verifying (or synthetic) attribute 
  • a specified legal jurisdiction 
  • quality of notice of control receipt 
  • quality of service purpose specification receipt
• PII Controller
  • notice location
  • legal jurisdiction
  • governing framework - e.g. t&c's? 

V1.2.2 : Consent (Notice) Receipt:27560

• Extend with Legal justification to specify purpose for a service 
  1. Specifying the Legal Justification for data processing in a notification 
  2. Specifying Data Categories
  3. Specifying Data Treatment   
  4. Specifying Security 

V 1.2.3 : Rights Access & Automation 

• rights with ANCR Record
  • universal context right
    • right to information about privacy and security 
      • right to see contoller and purpose(s)
      • legal requirement for presenting risk 

V 1.2.4 : Consent Validation - The Life cycle of a consent 

• Active State of Consent Validation 
  • identity governance controls and scope
• Consent Grant for Identity Protocol Governance 
  • Scope of a Consent Grant Represented in the User Managed Access Protocol 
    • use of consent gateway for consent grant validation

• Protocol Scope Use Cases

  • UMA

  • SAML / eIDAS

  • FAPI
  • GNAP

V 1..2.5 : 

1. Privacy as Expected - Part 3:  Consent by Design - operational conformance - standardizing  signalling - UI interaction point conformance - proof of notice and transparency/accountability assurance 
   1. 29184 notice controls and consent structure 

V 1.2.6 Data Governance Interoperability 

• Privacy Framework for Gov interop for Security/Surveillance, Evidence and Policing
• Re-Issuing Identity Credentials with a native and local identity service - rather than exporting a federation into foreign governance models (e.g. Contracts / T&C's) 

1. Transparency Assurance

V 1.2.6 Topics Raised to be Reviewed / Refined and Addressed in Roadmap to V2

• Delegation
• Jurisdiction (physical location proof) 
• Consent Types Defined in v1.2
  • explicit
  • implied
  • directed
  • altruistic

WKD ISSUES

The CR v1,1 as published known challenges have been addressed and are specified here in the v1.2 update.  

• See V1.1 Update https://kantarainitiative.org/confluence/x/VYSVC
  • V1.1 (2017) addressed with GDPR and then adopted to ISO 
  • V1.1 completed with comments to ISO 
    • delegation 
    • Jurisdiction 
    • PII categories 

CR v1.2  Format Structure and fields

1. Notice field object
   1. Location & Time 
   2. Location – twin - 
   3. Physical Device - 
    

1. Digital - 

1. PII Controller  object
   1. Jurisdictions, 
2. Link to physical notice 
3. Extend it (Legal Justification)  
4. Privacy Stakeholders 
5. Categories of controllers  
6. Consent Purpose Specification (v.1.1) 
7. Purpose Category 
8. Purpose Descriptions  
9. Purpose Sensitive Categories of Data  
10. Sensitive data category  
11. Personal Data Category  
12. Personal Data Types/attributes etc  
13. Personal Data Processing Treatment 
14. Storage 
15. Security (cert/sighed key) 
16. Extensions –Requirements (according to Context)  

Notice & Notifications

A Notice can itself be extended with a Notification for the maintenance of a consent record, and consent based relationship.  Notice Receipt Receipts facilitate a Semantic Governance Framework  

A notice of controller is the first section of the receipt  1, can be extended with these receipt profiles  

• Contract Notice Receipt 
• Vital Notice Receipt  
• Notice of (legal) Obligation Receipt  
• Legitimate Interest Notice Receipt  
• Public Interest Notice Receipt  

Notification  

notifications 

Rights Consent Notice Receipt 

Privacy and Surveillance based rights are applied to context according to the legal justification, which is confusing even for the experts.  

• Withdraw Consent 

Consent Notice Receipts (Lifecycle)   `

The spectrum of consent has multiple vectors  

...

1. Consent Notice Receipts 

1. Anchor receipt