To innovate: privacy legal framework provide a legal standard called “Privacy as Expected” in which the expectations for data processing are shared between the PII Principal (Individual) and the PII Controller (Service Provider via a RP).
Receipts when compared - provide a tool for innovation for decentralized legal governance. The ANCR v1.2 Framework needs to be usable for lawyers and identity protocols, and enable the enhancement of existing privacy policies wit clauses that are applied based on context.
Notice Receipt Types
This is a (N&)Consent Receipt v1.2 and updates the v1.1 with a notice receipt types, which is used as standard semantic basis for data processing and receipt generation.
To implement this specification choose the receipt type for the legal justification, display the consent label in the receipt and privacy rights information access for the context of processing
The notice receipt is extended by the legal justification for processing
Each type of Notice receipt is defined by a legal justification mapped to a consent type label for human record processing and privacy rights.
The legal justifications are represented generically, and based on those defined in the GDPR and guidelines like those found in Canadian privacy for meaningful consent.
Table 1: Receipt Types for Legal Justifications & Consent Type Labels for Notice Liability Transfer
Master Data Controls - matching - Privacy Rights to data controls that re specified for data context governance and trust.
“Consent is not the only lawful basis for the processing of PII and thus not always required. “
In some jurisdictions, other lawful basis includes
consent
contractual necessity,
compliance with legal obligations,
vital interest,
public interest, and
legitimate interests
[ISO/IEC 29184]