...
Rating | Description | Instruction |
---|---|---|
+1 | Controller identity is embedded as a credential linked to authoritative registries. | PII Controller credential is displayed, using a standard format with machine readable language and linked, for example, in an http header in a browser |
0 | PII Controller Identity prominently displayed on first view – prior to processing first page of viewing, the assessment question would be | PII Controller Identity or credential is provided in first notice |
-1 | Privacy signal Is not first presented – but is linked and one click and screen away | The Controller Identity, or screen with the Controller Identity is one screen and click away. For example, the privacy policy link in the footer of a webpage |
- 3 | Identity or credential is two or more screens of view away | PII Controller Identity is not accessible enough to be considered ‘provided’ |
Table 2: TPI Schema
TPI 1 | ||
---|---|---|
Notification Timing | ||
Timing of Data Collection |
Table 3 : Transparency Performance Indicator Record Rating Example
Field Name | Field Description | Requirement: Must | TPI 1 | TPI 2 Not Available | TPI 3 Rate: +1, 0, -1, -3, | TPI 4 |
---|---|---|---|---|---|---|
Notice Location | Location the notice was read/observed | MUST | Present | +1 | found | |
PII Controller Name | Name of presented organization | MUST | Present | 0 | Match | |
PII Controller Address | Physical organization Address | MUST | Present | 0 | Not match | |
Privacy Contact Point | Location/address of Contact Point | MUST | Present | 1 | Not match | |
Privacy Contact Method | Contact method for correspondence with PII Controller | MUST | Present | -1 | No Match | |
Session key or Certificate | A certificate for monitored practice | MUST | Present (or Not-found) | 1 (or –3 ) | Present (or No Security Detected) |
...
TPI 4 validates for the individual if security adds up? address a critical security gap that exist today.
Roadmap
References
Appendix A
Notice Record Schema
Endnotes
1 Lizar, M, Pandit, H, Jesus, V, “Privacy as expected Consent Gateway”, Next Generation Internet (NGI) Grant [Access July 4] privacy-as-expected.org/