Rating	Description	Instruction
+1	Controller identity is embedded as a credential linked to authoritative registries.	PII Controller credential is displayed, using a standard format with machine readable language and linked, for example, in an http header in a browser
0	PII Controller Identity prominently displayed on first view – prior to processing first page of viewing, the assessment question would be	PII Controller Identity or credential is provided in first notice
-1	Privacy signal Is not first presented – but is linked and one click and screen away	The Controller Identity, or screen with the Controller Identity is one screen and click away. For example, the privacy policy link in the footer of a webpage
- 3	Identity or credential is two or more screens of view away	PII Controller Identity is not accessible enough to be considered ‘provided’

Table 2: TPI Schema

TPI 1
Notification Timing
Timing of Data Collection

Table 3 : Transparency Performance Indicator Record Rating Example

Field Name	Field Description	Requirement: Must Shall May	TPI 2 Available Not Available	TPI 3 Rate: +1, 0, -1, -3,	TPI 4 Certificate or Key CN-Matches OU – Match Jurisdiction – Match (optional)
Notice Location	Location the notice was read/observed	MUST	Present	+1	found
PII Controller Name	Name of presented organization	MUST	Present	0	Match
PII Controller Address	Physical organization Address	MUST	Present	0	Not match
Privacy Contact Point	Location/address of Contact Point	MUST	Present	1	Not match
Privacy Contact Method	Contact method for correspondence with PII Controller	MUST	Present	-1	No Match
Session key or Certificate	A certificate for monitored practice	MUST	Present (or Not-found)	1 (or –3 )	Present (or No Security Detected)

...

TPI 4 validates for the individual if security adds up? address a critical security gap that exist today.

Notice Record Schema

¹ Lizar, M, Pandit, H, Jesus, V, “Privacy as expected Consent Gateway”, Next Generation Internet (NGI) Grant [Access July 4] privacy-as-expected.org/