Long Term Mission to come up with an alternative policy framework for authorization and privacy online which is more performative, beneficial, compliant and empowering than what is online today.
To produce an alternative to the 'I Agree" (to things i don't read or understand) problem with online services and to help support and produce specifications to standardize consent online to make this happen.
The aim has been to produce standards for an alternative format and transparency standards that people can trust and that scales online. The outcome objective is to provide people with choices and to choose what is best for them or their view of the world. So that the choices are trustworthy and consent is accountable.
After a tremendous amount of work, iteration and implementation, we are happy to announce an alternative to the Opt In and Opt-Out terms and policies online a tool for digital idenity access and management that evolves the authorization process to include the PII Principal in the scope of access and data controls.
2FN and 2FC is an alternative negotiation and policy agreement format which can be used independently by both parties The objective of AuthC (authorization from consent) is to create and maintain an active state of trust in surveillance with a special class of surveillance called digital identity for dynamic data control (diddc) to automate human governance. The result must be the freedom to control your personal information, to choose who benefits from it, including ourselves, to be empowered with our own record of relationships.
AuthC specifies a two factor notice (2FN) and two factor Notice for Consent (2FC) flow for presenting digital privacy transparency, accountability and rights access.
2FN ->2FC produces legal proofs (computational privacy) that can be used to enhanced access and mobility services so they can be better used directly by people. regardless of physical or digtial technology or data governance providence (digi-space). The specification for 2FN is designed to produce 'Privacy Assurance', (versus the existing framework of IAL, AAL, FAL), a new category of eConsent and identity management.
The work builds on a decade of effort, much of it in Kantara workgroups. The Consent Receipt has been widely recognized and adopted, with iteration and implementations since the publication of the Consent Receipt and then its inclusion in the ISO/IEC 29184 annex.
2FN -> 2FC specifies how consent receipts be generated from a Notice Record to provide evidence of consent and can be used for any legal justification for processing personal data. Most importantly, AuthC presents how ANCR Records and Consent Receipts can be generated by either party (the PII Controller and the PII Principal) or together by both parties for preference and permission exchange and negotiation.
Use to provide another choice, or an alternative notification layer to checkboxes like:
...
stakeholders, for active state privacy and security.
To learn more, check out the first draft of the 2FN and 2FC IntroductionTake initial document for 2FN for Data Governance 2FC for Data Controls
For a sneak preview, take a look at ANCR: Consent Receipt Section 1 - which is the work to specify the ANCR Notice Record Format for generating Notice and Consent Receipts - for PII Controller and Principal processing records
...