Transparency Performance Reporting (TPR) is a new type of novel approach to digital transparency ( and data control ) reporting, pioneered in by the same people and organisation that specified reporting and has just been submitted as a Kantara Recommendation for public comment by the Anchored Notice and Consent Receipts at the Kantara Initiative. Which is an amazing invention for decentralising data governance, security and privacy in data flows.
The first Transparency Performance Report, is focused on determining if consent is valid, secure, sovereign and accountable. This follow up from the same people the consent receipt specification, for comment, Standard transparency over data sovereignty and the validity of consent with the use of digital identification systems.
“ Transparency reporting, is a revolution in digital governance, while we have had the standad for a consent receipt since 2014, standard transparency over whether consent is valid is required to use consent for international data transfers. Transaprency reporting is required to scale meaningful consent, which means transparency reporting is not just another compliance tool. “
says Mark Lizar, Editor of the ANCR v1. Transparency Performance Valid Consent Report. The ANCR TPR, just posted Feb 14 for public review by the Kantara Initiative Community.
The ANCR transparency and consent work has quite the 'bottom up' history as the Notice and Consent Receipt that was brought to Kantara in 2013, by the Open Notice Initiative, and before the Identity Commons in California. The initiative was launched to created the standards required (ANCR) Work Group. TPR uses 4 transparency performance indicators (TPIs) to measure the transparency of the PII Controller notice of risk to the personal data of the PII Principal. This represents a significant advancement for decentralizing digital identification and data surveillance governance within data flows. TPR was developed through volunteer work over three years in the ANCR workgroup and represents a means of understanding and addressing ubiquitous platform and application surveillance and promotes glass-box security and privacy legal standards.
The ANCR WG transparency and consent work has a 'bottom-up' history, originating in the Notice and Consent Receipt brought to Kantara in 2013 by the Open Notice Initiative. It stemmed from the Identity Commons in California just before that, an endeavor that aimed to create standards to address “the Biggest Lie on the Internet” a campaign against terms and conditions in support of do no track. Transparency performance reporting, makes it clear to everyone, when a notice and consent receipt is required. The Notice and . In 2019 Kantara published the Consent Receipt v1.1 specification as been very successful, as it was eventually drafted in conjunction with SO/IEC , which in 2020 was drafted into ISO/IEC 29184:2020 Online privacy notice and consent standard (29814). Known as the , under JTC 1, SC 27, WG WG 5, that is the international standards – the ISO work group focused on privacy and identity management. Through participation with the Kantara Initiative, this project which started originally at Identity Commons, made it all the way to the international commons. The Notice and Consent receipt schema, has now itself become an ISO/IEC technical standard, currently called 27560 Consent recored information structure.
The ANCR specification for Transparency Reporting introduce four transparency performance indicators (TPI’s) that are used to assess if consent for digital identification management is valid. .
This TPR report, in development for 3 years in the ANCR workgroup is a significant development towards addressing big-tech surveillance, tracking, and promotes the glass-box Commonwealth security and privacy legal standards.
The timing of this announcement is significant, in 2025, the ratification of the international Commonwealth treaty, Convention 108+, effectively creates the only global rules set The schema from the consent receipt is incorporated into the ISO/IEC 27560 Consent record information structure which may become freely available, as is the case with the ISO/IEC 29100:2024 Privacy framework.
Transparency performance reporting clarifies when a notice and consent receipt is required and its validity and provides a litmus test for valid consent.
The initial Transparency Performance Report is focused on evaluating the validity, security, sovereignty, and accountability of digital consent. It is a tool to expose dark patterns and secret surveillance. It builds on the consent receipt specification by adding standardized transparency with regards to the sovereignty of data and consent and its validity in conjunction with digital identification systems.
The four TPIs used in reporting measure:
Timing of notice
Regarding the initiation of surveillance
Content of notice
PII Controller required disclosures (.. Controller Record)
PII Controller Reverse Cookie (could be captured in a receipt and record for the PII Principal)
Who, where, what, why, how, when
Access and usefulness of notice
Taste of the Cookie
How good were the answers including their veracity to the above
Sovereignty of authority and security
Jurisdictions (Legal) of Principal and Controller
Cryptographic (Technical)
Linked by policy (objects)
The TPR document includes mapping to privacy frameworks including Convention 108+, a commonwealth data governance framework that cover 2.5 billion people and with it an interoperable set of requirements for security and privacy, that is rights, common-law , and Commons based. The only foundation suitable to a common set of rules for people to use, to hold services account to international (internet) standard for data governancemappings show how the TPIs address the requirements for records of processing activities (GDPR Article 30) and enable services to be accountable to international (internet) standards for data governance. It creates a technical record foundation in a common set of rules allowing people to have their own authoritative records of digital identification relationships.