...
- the initial receipt is used to create an Ancr recored anchored record for the implementation assertion of data sovereignty by PII Principal
Use the ANCR record to generate a consent receipt by choosing / confirming the legal justification, which represents a consent type and onto of this the legal justification is layered.
** implement this specification choose the receipt type for the legal justification, display the consent label in the receipt and privacy rights information access for the context of processing
The notice receipt is extended by the legal justification for processing
Each type of Notice receipt is defined by a legal justification mapped to a consent type label for human record processing and privacy rights.
The legal justifications are represented generically, and based on those defined in the GDPR and guidelines like those found in Canadian privacy for meaningful consent.
Table 1:
...
Consent Receipt Types for Legal Justifications & Consent Type Labels for Notice Liability Transfer
Master Data Consent Paradigm Controls - matching - Privacy Rights to data controls that re specified for data context governance and trust.
Layering legal justifications onto of a consent receipt to modify the rights and permission scopes.
“Consent is not the only lawful basis for the processing of PII and thus not always required. “ The aim of this specification is to modernize the consent exceptions to account for new digital realities that were not anticipated when these laws were originally adopted.
In some jurisdictions, other lawful basis includes 29184, generic set of lawful basis are adopted and specified from the GDPR.
consent
contractual necessity,
compliance with legal obligations,
vital interest,
public interest, and
legitimate interests
...
Notes for Implementors Conformance Testing Consent Types
Checklist: To determine a consent type,
...
Notice have the 4 minimum requirements:
identity of controller and accountable point of contact
contact
...
information for privacy rights access
purpose description
legal justification for processing personal data (or consent type)
In this policy context ; Does does the notice have ?
Dark patterns are identified, is there an appropriate ;
opt-in,
opt-out
no opt-in (or) opt-out -
Terms of Service Framework
No Transbordar - metadata privacy mechanism
presentation of risks ]
Is this notice, a notification of an existing Notice or Consent - already active ?
yes
no
...