...
- Provide a set of instructions for recording a notice and its purpose specification in order to capture the consent record information structure
- To then compare the conformance of the record with a set of rules or regulations referred to here as a code of practice.
...
The resulting audit is then used for assessing conformance with an ISO/IEC 29184 Online Privacy Notice and Consent control. In order to demonstrate how the ANCR Notice Record for assessing conformance when creating a digital identifier and processing personal data.
New Field - name, description, reference
PISP - Privacy Information Service Point Point - further define contact information
- there are different performance levels for privacy information access and rights which is captured in this assessment,
- Performance
- if online and access is provided with a PISP which is an api access fore in context conxt privacy then privacy information and controls can be dynamic
- this field has dynamic,
- out-of-band,
- static
- Access Conformance
- access to information in the information according to context
- linked data -
- access to information in the information according to context
- if online and access is provided with a PISP which is an api access fore in context conxt privacy then privacy information and controls can be dynamic
- Confromance
- a) if using standards, information access has a higher level of transparency
- a person,
- self-service
- bot
- mailbox
- answering machine
- a) if using standards, information access has a higher level of transparency
- b)
- Performance
Consent Type
Field Glossary
(Note: all terms refer to ISO/IEC 29100 and ISO/IEC 29184, Kantara Consent Receipt, adopted for - for terms, unless they are specified here to further extend terms or definitions in a more granular manner,
Consent Types are for a specific purpose of processing which is determined by context,
- Other: Not Consent,
- not requireddelegated
- Implied
- implicit
- expressed
- explicitAltruistic
- directed
- altruistic
This refers to the initial state or context of processing, and data's subject knowledge and or expectation, prior to the notice or notification.
Other is used to indicate that the context is not consent, as there is not enough information in the notice, or a data processing context doesn't include consent or a choice for the individual. These context may be predetermined to be a notice for a different legal justification, exemption, derogation, and the purpose for this. e.g. your data if you continue, will be processed for security purposes - a) to check for fraud,
This can be included in the consent context, or the context might be for public surveillance and security where people have no choice. e.g. at the airport.
Notice
in this document a) refers broadly to any privacy or surveillance notice, notification or disclosure, b) a notice that is presented or represented in a layered information fashion and a linked manner according to context
Layered/Linked Notice
- Notice Information Layers
- ISO/IEC References for Notice
- ISO 29184
- Notice Signal
- Notice pop-up
- notice statement
- notice privacy overview
- notice privacy policy
- ISO/IEC References for Notice
Research Findings:
- people are unable to natively use digital identifiers, credentials or digital wallets. e.g. unable to use a computer or phone to download a QR code, for a wide spectrum of accessibility issues
Instructions
- Read a notice
- capture the name of the notice provider and enter this into the PII Controller field
- collect down the PII Controller Address
- collect contact information
- what type - use appendix to indicate dynamic, out-of band, static, in person active
- collect link to privacy policy
- collect any links to privacy access information
- Indicate in which concentric manner data has been
- Capture the legal justifications for processing
- Capture the Notice
- indicate what the expected consent type is prior to the notice
- indicate if personal identifiers are collected prior to presenting the notice
- Indicate the legal justification from the 6 categories -
- indicate the personal data is sensitive
- capture purpose description
- capture the authorization scope
- frequency
- duration
Q's to add to instructions
- is the notice linked
- is there their notice of risk and harms?
- is is there a privacy information service point / api for dynamic data controls?
...
- Privacy Cafe Narrative
- Scenario 1 imagine - first time to a privacy cafe
- new country, differ language, different types of coffee, different currency, different technology, different measures, different indegrediants eg. type of sugar, cream, milk and cup size measures
- Scenario 2 - a known regular at a privacy cafe close to your home or work
- the user experience with high level of consent
- Scenario 3 - Digitally Twinning both scenarios for governance online
- withdraw consent
- access to use surveillance
- getting a report on who benefits from personal data in the cafe, out of the cafe
- Scenario 1 imagine - first time to a privacy cafe
- Main functionality point is focused on dynamic privacy performance in proprotion to the surveillance
- this transfers liability, and enable people with controls to mitigate risk
- difference between Permission for a purpose, or permission for a data base field -
- having to go into each service and change or withdraw permission -
- or pressing one button to withdraw consent, for many services
- For Example the Priavcy Cafe
- Human XU - physical governance defaults - Notice for this
- in this context - there can be consent
- Using the video surveillance in (or public camera outside) a privacy cafe to make a police report
- Privacy Cafe, making the session cookie for the web server -
- Human XU - physical governance defaults - Notice for this
Field Name | Type | PII(Y) | Field Label | Description | Required/Optional |
version | string | Schema Version | Required | ||
profile | string | OPN Privacy Profile URI | Link to the controller's profile in the OPN registry. | Required | |
Notice Receipt | string | Type of Notice Receipt | Label Notice Receipt | Required | |
id | string | Receipt ID | A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122]. | Required | |
timestamp | integer | Timestamp | Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch). | Required | |
key | string | Signing Key | The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance. | Optional | |
language | string | Language | Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'. | Required | |
controllerID | string | Controller Identity | The identity (legal name) of the controller. | Required | |
Controller Address | |||||
jurisdiction | string | Legal Jurisdiction | The jurisdiction(s) applicable to this notice | Required | |
controllerContact | string | Controller Contact | Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle. | Required | |
notice | string | Link to Notice | Link to the notice the receipt is for | Optional | |
policy | string | Link to Policy | Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided | Required | |
context | string | Context | Method of notice presentation, sign, website pop-up etc | Optional | |
Receipt Type | The human understandable label for a record or receipt for data processing. This is used to extend the schema with profile for the type of legal processing - and is Used to identify data privacy rights and controls | ||||
Notice Text | |||||
Accountable Person Role | |||||
Case Study: privacy cafe
- Privacy Cafe Narrative
- Scenario 1 imagine - first time to a privacy cafe
- new country, differ language, different types of coffee, different currency, different technology, different measures, different indegrediants eg. type of sugar, cream, milk and cup size measures
- Scenario 2 - a known regular at a privacy cafe close to your home or work
- the user experience with high level of consent
- Scenario 3 - Digitally Twinning both scenarios for governance online
- withdraw consent
- access to use surveillance
- getting a report on who benefits from personal data in the cafe, out of the cafe
- Scenario 1 imagine - first time to a privacy cafe
- Main functionality point is focused on dynamic privacy performance in proprotion to the surveillance
- this transfers liability, and enable people with controls to mitigate risk
- difference between Permission for a purpose, or permission for a data base field -
- having to go into each service and change or withdraw permission -
- or pressing one button to withdraw consent, for many services
- For Example the Priavcy Cafe
- Human XU - physical governance defaults - Notice for this
- in this context - there can be consent
- Using the video surveillance in (or public camera outside) a privacy cafe to make a police report
- Privacy Cafe, making the session cookie for the web server -
- Human XU - physical governance defaults - Notice for this
Identity Governance Findings
- people are unable to natively use digital identifiers, credentials or digital wallets. e.g. unable to use a computer or phone to download a QR code, for a wide spectrum of accessibility issues, that might be inherent to the services provided, or for situational, security, personal, physical, age, or simply just knowledge or access to a technology
- this is why proof of notice is required for confirming if a person has the capacity to provide consent with the use of a digital identifier, in any context, and especially for online services.