Objective
...
Spec for ANCR Record
...
- Provide a set of instructions for recording a notice in a consent(ric) record information structure derived for a Consent Receipt (ref)
- To then compare the conformance of the record with a control from ISO/IEC 29183 (a set of rules set by regulations for notice & consent transparency)
Methodology
This method describes, how to audit a notice to generate an ANCR- Notice Record using ISO/IEC 29100 derived receipt format, which is now published in the ISO/IEC 29184 Annex D,
The resulting audit is then used for assessing conformance with an ISO/IEC 29184 Online Privacy Notice and Consent control. In order to demonstrate how the ANCR Notice Record for assessing conformance when creating a digital identifier and processing personal data.
New Field - name, description, reference
Notice Location:
- For Security
- here is a record for identifying if there is enough security for privacy
- who is the controller,
- what are the applicable laws, and rights
- and how are these accessed.
Here are fieilds
- to create this security audit record, including locations of people and processing sufficient to provide jurisdiction
PASP - Privacy Access Service Point - define defines digital service contact point and information , for proportionate access to rights information
- there are different performance levels for privacy information access and rights which is captured in this assessment,
- Performance
- if online and access is provided with a
- Performance
...
- PASP which is an api access fore in conxt privacy then privacy information and controls can be dynamic
- this field has dynamic,
- out-of-band,
- static
- Access Conformance
- access to information in the information according to context
- linked data -
- access to information in the information according to context
- PASP which is an api access fore in conxt privacy then privacy information and controls can be dynamic
- Confromance
- a) if using standards, information access has a higher level of transparency
- a person,
- self-service
- bot
- mailbox
- answering machine
- a) if using standards, information access has a higher level of transparency
Consent Type Defaults
Consent Types refers to the context of Notice which covers the array of concentric engagement points in which humans provide permissions to generate digital identifiers.
...
- Other: Not Consent,
- delegated
- Implied
- implicit
- expressed
- explicit
- directed
- altruistic
****
Here is how to use it →
Audit / use for conformance
Objective
This ANCR Record specification provides a methodology to audit a notice to produce a Notice Record for generating a Consent Receipt. The objective of this documents is to
- Provide a set of instructions for recording a notice in a consent(ric) record information structure derived for a Consent Receipt (ref)
- To then compare the conformance of the record with a control from ISO/IEC 29183 (a set of rules set by regulations for notice & consent transparency)
Methodology
This method describes, how to audit a notice to generate an ANCR- Notice Record using ISO/IEC 29100 derived receipt format, which is now published in the ISO/IEC 29184 Annex D,
The resulting audit is then used for assessing conformance with an ISO/IEC 29184 Online Privacy Notice and Consent control. In order to demonstrate how the ANCR Notice Record for assessing conformance when creating a digital identifier and processing personal data.
New Field - name, description, reference
*****************
Field Glossary
...
Field Name | Type | PII(Y) | Field Label | Description | Required/Optional |
version | string | Schema Version | The version of specification used to which the receipt conforms. To refer to this version of the specification, the string "v1" or the IRI "https://w3id.org/OPN/v1" should be used. | Required | |
profile | string | Privacy Profile URI | Link to the controller's profile in its registry. | Required | |
Notice Location | Array | Notice Record | Label Notice Receipt | Required | |
id | string | Receipt ID | A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122]. | Required | |
timestamp | integer | Timestamp | Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch). | Required | |
key | string | Signing Key | The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance. | Optional | |
language | string | Language | Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'. | Required | |
controllerID | string | Controller Identity | The identity (legal name) of the controller. | Required | |
Controller Address | |||||
jurisdiction | string | Legal Jurisdiction | The jurisdiction(s) applicable to this notice | Required | |
controllerContact | string | Controller Contact | Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle. | Required | |
notice | string | Link to Notice | Link to the notice the receipt is for | Optional | |
policy | string | Link to Policy | Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided | Required | |
context | string | Context | Method of notice presentation, sign, website pop-up etc | Optional | |
Receipt Type | The human understandable label for a record or receipt for data processing. This is used to extend the schema with profile for the type of legal processing - and is Used to identify data privacy rights and controls | ||||
PASP | array | Privacy access service points of contact and access, email, ph, etc. - or PaeCG signal
| |||
Consent Type | |||||
Payload | Notice Text |
****
(To be Moved Later) Case Study: privacy cafe
...