...
Receipt Type | GDPR Legal Justification | Definition | Privacy Rights (7) | Consent Type Label - Profile Label (Art 30) | Liability Controller / Provider liability in the chain for personal data |
---|---|---|---|---|---|
#FakePrivacy | NA | when their are not enough information elements for a notice to provide a consent type. | N/A - To provide legal notice - which includes what notice Fake Notice Should Be Reported by Investigator | no legal justification type detected or contact of adhesion defined as consent | OPN-MDC-Receipt transfers liability.
|
Contract Notice Receipt | Contractual Necessity | personal data should be processed on the basis of the consent of the data subject concerned or some other legitimate basis, laid down by law, either in this Regulation or in other Union or Member State law as referred to in this Regulation, including the necessity for compliance with the legal obligation to which the controller is subject or the necessity for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. | Subject Access, Rectification, Restrict Processing (3) Note; must by binding on processors to be valid. | Implicit-Contractual Necessity | |
Legal Notice Receipt | Legal Obligation | processing is necessary for compliance with a legal obligation to which the controller is subject. | Subject Access, Rectification, Restrict Processing (3) | Consent Not Applicable | |
Emergency Notice Receipt | Best/Vital Interest of Data Subject, | When consent is not required is when it is legally deemed in the best interest of the data subject to disclose and process personal information. Vital interests are intended to cover only interests that are essential for someone's life. | Subject Access, Rectification, Restrict Processing, Automated Individual Decision Making(4) | No Consent is Needed | |
Public Notice Receipt | Public Interest, Public Org Surveillance | ask carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1)(e) and Recital 45 | Subject Access, Rectification, Restrict Processing, Object, Automated Individual Decision Making (5) | Consent Not Required | |
Legitimate Notice Receipt | Legitimate Interest |
| Subject Access, Rectification, Erasure, Restrict Processing, Object, Automated Individual Decision Making (6) | No Consent Needed | |
Consent Notification Receipt | Consent | consent is implicit by the action of PII Principle, in accordance with a Notice or Notification | Subject Access, Rectification, Erasure, Restrict Processing, Object, Automated Individual Decision Making (6) | Implicit Consent | |
Implied-Consent Notice Receipt | Consent - Explicit Consent | consent is in some way implied through the action of the person, e.g. walking through door, entering personal data in a form, or opting-out | Subject Access, Rectification, Erasure, Restrict Processing, Data.Portability (5) | Implied Consent | |
Consent Notice Receipt (ISO 29184 Appendix) | Consent | a notice and consent receipt which provides a record of an explicit consent. | Subject Access, Rectification, Erasure, Restrict Processing, Data.Portability (5) | Explicit Consent | |
Altruistic Consent Notice Receipt | Consent - Explicit (pre)defined consent | the Person defines the privacy requirements of the consent in a Privacy Agreement, where the individual understands and is aware, because the person set the terms. The consent still needs to conform to the legal requirements of Explicit Consent |
| Consent Directive - Certified Awareness Level |
N/A - Not A Privacy/Surveillance Notice - no legal justification present : No valid notice for processing personal data provided.
Contract Notice Receipt - Contractual Necessity - used for any type of contract | Implicit-Contactual necessity
Legal Notice Receipt - Legal obligation to process personal data | Consent not applicable
Emergency Notice Receipt - Vital interest of the Individual (Master data controller) | No consent needed
Public Notice Receipt - processing in the vital interest of the public - (e.g. pandemic) | No consent needed
Legitimate Processing Notice Receipt - processing is necessary for the purpose of legitimate interest | No consent needed
Implicit Consent Notice Receipt - consent is implicit through the record action of the master data controller | Implicit
Implied Consent Notice Receipt - this is where the service provider implies a mutual state of awareness and understanding from a previous and still valid explicit consent | Implied Consent
Consent Notice Receipt - an explicit notice receipt for providing privacy risk information and for a consent receipt (see Appendix ISO 29184)| Explicit Consent or consent
Consent Directive Notice Receipt - explicit pre-defined consent and permissions for contributing data to research, data commons, community health etc. | Consent Directive. Consent Directives themselves can / are themselves standardised with a privacy agreement framework
Terms & Definitions
Operational Notice Receipt Type(s) - A Consent Notice Receipt is defined in Table 1 refer to the type of legal justification use for processing personal information, which may be utilised by any legally defined justification
Consent Type Label - Record Processing Label for Human Centric Privacy AI
Consent Type Profiles - A consent type label defined by a legal justification for processing personal data/meta-data/identifiers, mapped to the GDPR privacy rights, which are linked in an Operational Notice & Consent Receipt V1.2
Master Data Clause/Controls - for Operational Notices & Consent Receipt
Notice & Consent Receipt V1.2 Specification
Proposed for automated Privacy rights administration specifying Consent Type Label defined by legal justifications for processing personal data.