Versions Compared

Old Version 9

changes.mady.by.user Mark Lizar

Saved on

compared with

New Version 10

changes.mady.by.user Mark Lizar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

This (N&)Consent Receipt Framework v1.2, illustrates  the  CR v1.1 consent receipt record field structure for consent as the privacy rights paradigm in which other legal justifications are presented as derogation to the state of consent, captured with a consent receipt.

...

  1. the initial receipt is used to create an Ancr recored for the implementation of data sovereignty by PII Principal

  2. Use the ANCR record to generate a consent receipt by choosing / confirming the legal justification, which represents a consent type and onto of this the legal justification is layered.

  3. **  implement this specification choose the receipt type for the legal justification, display the consent label in the receipt and privacy rights information access for the context of processing  

  4. The notice receipt is extended by the legal justification for processing

    1. Each type of Notice receipt is defined by a legal justification mapped to a consent type label for human record processing and privacy rights. 

    2. The legal justifications are represented generically, and based on those defined in the GDPR and  guidelines like those found in Canadian  privacy for meaningful consent.

Table 1: ConReceipt Types for Legal Justifications & Consent Type Labels for Notice Liability Transfer

Master Data Controls - matching - Privacy Rights to data controls that re specified for data context governance and trust.

...

  1. N/A - Not A Privacy/Surveillance Notice - no legal justification present : No valid notice for processing personal data provided.

  2. Contract Notice Receipt - Contractual Necessity - used for any type of contract | Implicit-Contactual necessity

  3. Legal Notice Receipt - Legal obligation to process personal data | Consent not applicable

  4. Emergency Notice Receipt - Vital interest of the Individual (Master data controller) | No consent needed

  5. Public Notice Receipt - processing in the vital interest of the public - (e.g. pandemic) | No consent needed

  6. Legitimate Processing Notice Receipt - processing is necessary for the purpose of legitimate interest | No consent needed

  7. Implicit Consent Notice Receipt - consent is implicit through the record action of the master data controller | Implicit

  8. Implied Consent Notice Receipt - this is where the service provider implies a mutual state of awareness and understanding from a previous and still valid explicit consent | Implied Consent

  9. Consent Notice Receipt - an explicit notice receipt for providing privacy risk information and for a consent receipt (see Appendix ISO 29184)| Explicit Consent or consent

  10. Consent Directive Notice Receipt - explicit pre-defined consent and permissions for contributing data to research, data commons, community health etc. | Consent Directive.  Consent Directives themselves can / are themselves standardised with a privacy agreement framework 

Terms & Definitions

  • Operational Notice Receipt Type(s) -  A Consent Notice Receipt is defined in Table 1 refer to the type of legal justification use for processing personal information, which may be utilised by any legally defined justification

  • Consent Type Label - Record Processing Label for Human Centric Privacy AI

  • Consent Type Profiles - A consent type label defined by a legal justification for processing personal data/meta-data/identifiers, mapped to the GDPR privacy rights, which are linked in an Operational Notice & Consent Receipt V1.2

  • Master Data Clause/Controls - for Operational Notices & Consent Receipt

  • Notice & Consent Receipt V1.2 Specification

Proposed for automated Privacy rights administration specifying Consent Type Label defined by legal justifications for processing personal data. 

Notes on making class : liability of processing – (movement of processing liability between parties for use of rights)

  • Legal Justification + Purpose of Use define obligations - The roles are obligated according to how the controller is engaged. This obligations provide liabilities -

  • Consent - Take liability for claim/responsibilty -= withdraw consent - remove the credit and liability -

...


Data subjects have the right to object to you processing their data. You can only override their objection by demonstrating the legitimate basis for using their data. 

Notes for Implementors Conformance Testing Consent Types

To determine a consent type,

...

Always ensure that a link to find more information is directly connected or even linked from the Consent Type for best practice.

Test 2: Instructions for Deploying a Consent Type

To use a consent type,

  1. First identify the legal justification for processing personal data

    1. if base legal justification is consent (subject to Terms of Service) this is fake privacy and not consent

  2. Use the table to find the Receipt Type - and use the corresponding consent type label in the receipt provided

  3. Add the Consent Type to the first Notice a person encounters

  4. Link the notice to the policy explaining its use

...