Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 28 Next »

Overview

The ANCR WG specifications presents the us of notice and consent receipts as credentials for authorizing digital identity relationships and consenting to the use of surveillance technologies. Operational transparency is defined by international privacy convention 108+ utilizing the open to access ISO/IEC 21900 security and privacy framework, which is used operationally (https://en.wikipedia.org/wiki/MECE_principle ) to specify roles, relationships, for security and privacy for governance interoperability online.

ANCR refers to an Anchored Notice and Consent Receipt, which are credentials anchored by human control, and they are used to enable digital security and privacy that people can trust using records of processing activities (receipts) for digital identity and surveillance technologies.

The core concept for Anchored digital trust, is the use of a receipt to automatically verify the PII Controller and ‘Active Privacy State’, in order to see and make the choice of wether or not to trust the state of digital privacy. Replacing and enhancing the ‘I Agree’ + ' Privacy Policy' check box with Digital Privacy.

Key ANCR Assurance Specification documents

  1. This introduction to Levels of Operational Transparency Risk Assurance,

  2. The Notice Receipt/Record and PII Controller Notice Credential format to identify the PII Controller (AP + Data Privacy Officer).

  3. Transparency Code of Conduct (International Convention 108+ for governance interoperability with ISO/IEC 29100 security and privacy framework for systems (as digital privacy is not valid without security)

    1. For Levels of Operational Transparency Assurance

  4. Consent Receipt v2 ANCR Credential Set (Consent Tokens)

Framework Component Specifications

  1. Differential Transparency (AuthC Protocol)

  2. Two Factor Concentric Notice

  3. Concentric Notice Labels

  4. Data Control Risk Assessment

Purpose of Use

  • Digital Privacy - Co-Regulatory Framework for all stakeholders

  • Consent for trans-boarder flows - with Consent Tokens for the individual to authorize trans-boarder flow and access control to PII Principals PII

Authoritative Law, Guidance and Standards Referenced

The core of the referencing can be found in the ANCR’D PII Controller Credential specification focused on legal authority for risk and liability governance. It is defined with reference to OECD Transborder Data Flow International and authoritative law (Convntion 108+) the EU GDPR, and ISO/IEC specifica the stakeholders are security framework is defined with the Open (not paid for) ISO/IEC 29100 security & privacy framework. International baseline for a Transparency Code of Conduct and a subsequent Digtial Privacy Code of Practice is derived in order to implement this framework for public benefits in public, privacy, people partnerships. (which this WG is looking to support)

As a result, and through active participating through Kantara ISO/IEC Liaison, and active participation with NIST, DIACC, W3C, and Kantara Community this work is contributed in multiple ways. Comments, Calls for Contribution, as a specification Editors, advocates and importantly, through the production of specifications. Like the Consent Receipt v1.1 used for trust assurance infrastructure.

  • No labels