...
The core of the issue with AI is questions around the role of a technical or legal intermediary and the control of personal data access and processing. The Data Governance Act looks to address these roles in practice. Practices in which a consent receipt is required as vehicle for micro-credentias, managed in software systems. Providing a data governance wrapper for digital identity.
In this WG's effort to address these core technical and governance issues 2FN and 2FC has worked to separate technical permissions in the context of access management and human permission in the context of Consent which is 'purpose of use' management. Not separating system permissions from consent is an identified dark parttern which 2FN is specified in ANCR to address. This has been made more difficult through a consolidated industry effort to conflate these two types of permission (as digital trust) for commercializing digital identity as security services.
...