...
This ANCR Record specification provides a methodology to audit a notice to produce a notice record and produce a consent(ric) receipt. The objective of this documents is to
- Provide a set of instructions for recording a notice and its purpose specification in order to capture the in a standard consent record information structure
- To then compare the conformance of the record with a control from ISO/IEC 29183 (as an example set of rules or regulations referred to here as a for regulations and code of practice.)
Methodology
This method describes, how to audit a notice to generate an ANCR- Notice Record using ISO/IEC 29100 derived receipt format, which is now published in the ISO/IEC 29184 Annex D,
...
- Notice Information Layers
- ISO/IEC References for Notice
- ISO 29184
- Notice Signal
- Privacy as Expected Consent Gateway - a project to produce a privacy notice signal in this work group
- Notice pop-up
- notice statement
- notice privacy overview
- notice privacy policy
- notice policy clause
- ISO/IEC References for Notice
Instructions
- Read a notice
- capture the name of the notice provider and enter this into the PII Controller field
- collect down the PII Controller Address
- collect contact information
- what type - use appendix to indicate dynamic, out-of band, static, in person active
- collect link to privacy policy
- collect any links to privacy access information
- Indicate in which concentric manner data has been
- Capture the legal justifications for processing
- Capture the Notice
- indicate what the expected consent type is prior to the notice
- indicate if personal identifiers are collected prior to presenting the notice
- Indicate the legal justification from the 6 categories -
- indicate the personal data is sensitive
- capture purpose description
- capture the authorization scope
- frequency
- duration
...
Q's to add to instructions
- is the notice linked
- is their there a notice of risk and harms risks or possible harms?
- is there a privacy information service point / api for dynamic data controls?
...
- Privacy Cafe Narrative
- Scenario 1 imagine - first time to a privacy cafe
- new country, differ different language, different types of coffee, different currency, different technology, different measures, different indegrediants ingrediants eg. type of sugar, cream, milk and cup size measures
- Scenario 2 - a known regular at a privacy cafe close to your home or work
- the user experience with high level of consentconsensus
- Scenario 3 - Digitally Twinning both scenarios for governance online- Digital Twin - Transparency - creating a record and providing receipts
- withdraw consent
- access to use surveillance
- getting a report on audit to see who benefits from personal data in the cafe, out of the cafe
- audit of the providence of authority
- Scenario 1 imagine - first time to a privacy cafe
- Main functionality point is focused on how dynamic and operational privacy performance is, in proportion to the surveillance transfer liability, and data processing surveillance.
- capacity for the notice to transfer liability for data processing and access to privacy to enable people with controls to mitigate risk
- difference between permission for a purpose, or permission for a data base field
- having to go into each service and change or withdraw permission
- or pressing one button to withdraw consent, for many services
- The Priavcy Cafe Experience
- Human XU - physical governance defaults - notice of (expected) defaults
- in this context - there can be consent
- Using the video surveillance in (or public camera outside) a privacy cafe to make a police report, without the need for an information request
- Privacy Cafe cookie (session cookies available to visitors)
- Human XU - physical governance defaults - notice of (expected) defaults
...