CR v1.2 Framework

the receipt is further defined and fields and broken down for use by privacy framework for conformance assessment, which is based on the lifecycle of a specific notice for processing personal data and a specified consent grant for digital identity management system. 

• Core Flow -→ PII Principal generates an Anchor Record for Receipt Generation 

• Conformance assessment for 27560 for the PII Principal: 
  - use of receipt as evidence for user
  - use of receipts as proof of awareness for identity management system
  - use of receipt to see the state of privacy / consent lifecycle - so that people can automatically see what to expect without reading a privacy policy or terms - with access directly to digital use of privacy rights .

• Consent Grants -  Scope protocol for Identity management system permissioning 
  - Consent Grant (human scope) - Identity Management = technoal permission and access controls

Updating from v1.1 - represented by submission to ISO 27560

• delegation 
• jurisdictions 
• personal data categories
• consent record structions 
  • purpose finger print 
  • purpose 

V1.2 : Consent Receipt Conformance Framework

• Legal Use Case for inter-domain consent grant framework 
  
  • Privacy as Expected - Signalling Conformance Protocol
    • comparing two receipts - generated by the human user agent - provide independent transparency over the state of control of personal data 
      • people can control their own data - so that it doesn't need protection 
    • using DPV for notice and notifications 
    • human interaction with notice creates records and receipts 
  • IP Contribution
    • From NGI-Trust PasE:CG Project
      • applies conformance criteria to consent record structure  
  • HLT Field Requirements to Required Notice of Control & Accountability Record Fields - the capture of the identity of the controller, and the physical context of the notice for processing provided by the controller
• PasE - signalling/ communication Protocol
• Contribution as apart  of the NGI project : Sal, Vitor, Mark & Harsh 
  • comparing 2 receipts to see active state provide and active state fore more dynamic controls in identity management systems 
  • part of the NGI funded project condition was on the contribution of the protocol to the ANCR WG which would then be reflected in comments to ISO 27560
  • Description for this contribution 
    • PaE includes a stack of semantic standards 
      • 29100 is open - 
      • CR v1.1 written with 29184 
      • PaE protocol includes these control sets and through its contribution opens this work in application
    •  Dynamic Protocol for the control of personal data 
    • standardized the presentation of rights 
• Consent Receipt framework to implement PasE communication protocol 
  • Legal Justification and what privacy rights apply for each
  • Purpose Specified with data privacy control vocabulary 
  • record format specified with ISO 29100 
  • notice controls and record specification format ISO 29184 
• Notice of Control for Online Services Implementing 2FC
  • 2FC 
    • First Factor - Generated standards 
    • Second Factor (link) - existing Factor - the sign or notice or notification form the provider

• Semantic Standards Stack for Human Centric -  user centric - control semantics

  • usage of the ISO 29100 - roles and definitions for transborder flow of personal data 
    • stakeholders - 
  • usage of ISO 29184 - notice controls and record structure 
  • ISO 27560 - to. generate consent record structure for rights receipt 
  • W3C DPV - legal semantic ontology for notice and notification . 
  • ** In review - 27710
    • requirements against privacy by design and default. 
    • 27550 - Privacy Engineering - C.4 - and C.5 - \
  • Linked Data - Semantics - Human, Legal and Machine Readable framework for expectation management
    • Core Record - or Credential Record for a legal entity
    • Receipt of. notice of credential record 
    • core record id - linked reference id - PII Controller Credential
    • Consent Receipt generated for each purpose specification and linked to anchor record
      • each purpose is specifies by legal justification
      • each purpose specification uses the DPV
  • Security considerations 
    • PII Principal controls the ANCR Record
    • 3rd Party N&C Processor - Network Facilitator 
    • Consent Grant Validation 
      • Status of the PII Controller 
      • Status of the Consent 
      • Scope of Consent Grant Permissions 
      • Privacy Framework Governance 
        • required notice, timing, formats, parties according to Privacy Law
  • each, PII Controller shared, identifiers or attributes of the PII Principal is a separate risk factor
    •  impacted by the amount of PII - (digital identifiers and attributes)  Disclosed by the Controller and under what legal frameworks
    •  

V1.2.1 :  ANCR Record Conformance

• First Factor Notice for PII Principal 
• Fields for DS location require a verifier
  •  verifying (or synthetic) attribute 
  • a specified legal jurisdiction 
  • quality of notice of control receipt 
  • quality of service purpose specification receipt
• PII Controller
  • notice location
  • legal jurisdiction
  • governing framework - e.g. t&c's? 

V1.2.2 : Consent (Notice) Receipt:27560

• Extend with Legal justification to specify purpose for a service 
  1. Specifying the Legal Justification for data processing in a notification 
  2. Specifying Data Categories
  3. Specifying Data Treatment   
  4. Specifying Security 

V 1.2.3 : Rights Access & Automation 

• rights with ANCR Record
  • universal context right
    • right to information about privacy and security 
      • right to see contoller and purpose(s)
      • legal requirement for presenting risk 

V 1.2.4 : Consent Validation - The Life cycle of a consent 

• Active State of Consent Validation 
  • identity governance controls and scope
• Consent Grant for Identity Protocol Governance 
  • Scope of a Consent Grant Represented in the User Managed Access Protocol 
    • use of consent gateway for consent grant validation

• Protocol Scope Use Cases

  • UMA

  • SAML / eIDAS

  • FAPI
  • GNAP

V 1..2.5 : 

1. Privacy as Expected - Part 3:  Consent by Design - operational conformance - standardizing  signalling - UI interaction point conformance - proof of notice and transparency/accountability assurance 
   1. 29184 notice controls and consent structure 

V 1.2.6 Data Governance Interoperability 

• Privacy Framework for Gov interop for Security/Surveillance, Evidence and Policing
• Re-Issuing Identity Credentials with a native and local identity service - rather than exporting a federation into foreign governance models (e.g. Contracts / T&C's) 

1. Transparency Assurance

V 1.2.6 Topics Raised to be Reviewed / Refined and Addressed in Roadmap to V2

• Delegation
• Jurisdiction (physical location proof) 
• Consent Types Defined in v1.2
  • explicit
  • implied
  • directed
  • altruistic

WKD ISSUES

The CR v1,1 as published known challenges have been addressed and are specified here in the v1.2 update.  

• See V1.1 Update https://kantarainitiative.org/confluence/x/VYSVC
  • V1.1 (2017) addressed with GDPR and then adopted to ISO 
  • V1.1 completed with comments to ISO 
    • delegation 
    • Jurisdiction 
    • PII categories 

CR v1.2  Format Structure and fields

1. Notice field object
   1. Location & Time 
   2. Location – twin - 
   3. Physical Device - 
2. PII Controller object
   1. Jurisdictions, 
3. Link to physical notice 
4. Extend it (Legal Justification)  
5. Privacy Stakeholders 
6. Categories of controllers  
7. Consent Purpose Specification (v.1.1) 
8. Purpose Category 
9. Purpose Descriptions  
10. Purpose Sensitive Categories of Data  
11. Sensitive data category  
12. Personal Data Category  
13. Personal Data Types/attributes etc  
14. Personal Data Processing Treatment 
15. Storage 
16. Security (cert/sighed key) 
17. Extensions –Requirements (according to Context)  

Notice & Notifications

A Notice can itself be extended with a Notification for the maintenance of a consent record, and consent based relationship.  Notice Receipts facilitate a Semantic Governance Framework  

A notice of controller is the first section of the receipt  1, can be extended with these receipt profiles  

• Contract Notice Receipt 
• Vital Notice Receipt  
• Notice of (legal) Obligation Receipt  
• Legitimate Interest Notice Receipt  
• Public Interest Notice Receipt  

Notification  `

The spectrum of consent has multiple vectors  

1. Is the relationship vector: 

1. Starting at the first notice for consent, then lasting for the lifecycle of Consent and permission 

1. This first Notice for Consent receipt is the Anchor receipt and is maintained with linked notices 

1. Consent Notice Receipts 

1. Anchor receipt