The ANCR WG is pleased to announce that the WG effort to specify a PII Controller credential for enabling a standard for Digital Privacy and Privacy by Design. A credential which is comprised of publicly required privacy information, (digital privacy transparency) that is directly regulated by international privacy law. Providing a notice credential using an international standard security + privacy ISO/IEC framework of standards that are interoperable. Building upon Transparency that supports the operationalization of privacy by design service infrastructure. The effort here recognizes the gap in public benefit infrastructure to which this Notice Controller Credential is focused. Specifying the publicly required privacy information elements in law and referenced standards to be an operationally co-regulated privacy credential. Referreing specifically to standardized digital privacy transparency requirements that are directly regulated through international and national privacy laws.
The Open Notice Controller Record is specified to capture and record Transparency Performance Indicators (TPI’s) that are specified separately from the Notice Controller Credential. The record is the minimum viable version of a credential, a digital transparency notice, or record. Used for the individual to see at a glance basic privacy performance of digital services.
The Open Notice Controller Credential builds upon the record, utilizing the international standard security and privacy framework of standards to provide space for architectures with broad data governance scope and interoperability. Accretive to the ISO 31700-1:2023(en) Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements. ISO/IEC 31700 updates the international privacy standard landscape consolidating many references into a privacy by design framework to support privacy definednext generation digital security and privacy engineering and, data governance interoperability. It’s intended use is to enhance
The controller credential contributes to this landscape by enhancing the digital privacy transparency and as a result the operational usability and the adequancy of a requirements and their utility for conformance for use in digital privacy notice, notifications or and disclosures.
It adds the next layer to the notice record and consent receipt framework for generating records of processing activities for people. It provides the capability for new network architectures, where a micro-notice credentials can provide proof of digital notice and where consent receipt tokens are used for evidence of consent.
...
Open for people, as a record for digital privacy transparency, Data Control Privacy, and Data Co-Regulation Privacy Risk Vectors,
Open, in that it is specified to international standards and laws that are openly accessible, binding and interoperable with security and privacy best practices.
Open for business - usable for people to use to access business service data directly (without intermediaries and for public benefit) increasing trust and value in a dynamic (personal) data economy. Data Governance (concentric) driven business, legal and technical frameworks.
[Updated: Feb 8, 2023]