Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Objective

This ANCR Record specification provides a methodology to audit a notice and produce a consent receipt.  The objective of this documents is to

  1. Provide a set of instructions for recording a notice and its purpose specification in order to capture the consent record information structure
  2. To then compare the conformance of the record with a set of rules or regulations referred to here as a code of practice. 

Methodology

This method describes, how to audit a notice to generate an ANCR Record using ISO/IEC 29100 receipt format, which is published in the ISO/IEC 29184 Annex D, 

The resulting audit is then used for assessing conformance with an ISO/IEC 29184 Online Privacy Notice and Consent control.  In order to demonstrate how the ANCR Notice Record for assessing conformance when creating a digital identifier and processing personal data.

New Field - name, description, reference  


PISP - Privacy Information Service Point - further define contact information

  • there are different performance levels for privacy information access and rights which is captured in this assessment, 
    • Performance 
      • if online and access is provided with a PISP which is an api access fore in conxt privacy then privacy information and controls can be dynamic
        • this field has dynamic,
        • out-of-band,
        • static
      • Access Conformance 
        • access to information in the information according to context
          • linked data - 
    • Confromance 
      • a) if using standards, information access has a higher level of transparency 
        • a person, 
        • self-service
        • bot 
        • mailbox
        • answering machine
        • email 
    • b)

Consent Type 



Field Glossary

(Note: all terms refer to ISO/IEC 29100 and ISO/IEC 29184, Kantara Consent Receipt, adopted for -  for terms, unless they are specified here to further extend terms or definitions in a more granular manner,


Consent Types refers to the context of wether there is a notice which specifies the legal justification, or wether a consent type is inferred and used to specify the permissions for processing with digital identifiers. 

  • Other: Not Consent, 
  • delegated
  • Implied
  • implicit
  • expressed
  • explicit
  • directed 
  • altruistic 


This refers to the initial state or context of processing, and data's subject knowledge and or expectation,  prior to the notice or notification. 

Other is used to indicate that the context is not consent, as there is not enough information in the notice, or a data processing context doesn't include consent or a choice for the individual.  These context may be predetermined to be a notice for a different legal justification, exemption, derogation, and the purpose for this.  e.g. your data if you continue, will be processed for security purposes - a) to check for fraud, 

This can be included in the consent context, or the context might be for public surveillance and security where people have no choice. e.g. at the airport. 

Notice

in this document  a) refers broadly to any privacy or surveillance notice, notification or disclosure,  b) a notice that is  presented or represented in a layered information fashion and a linked manner according to context 

Layered/Linked Notice

  • Notice Information Layers
    • ISO/IEC References for Notice 
      • ISO 29184 
    • Notice Signal
    • Notice pop-up
    • notice statement 
    • notice privacy overview
    • notice privacy policy 



Instructions 

  1. Read a notice 
    1. capture the name of the notice provider and enter this into the PII Controller field
    2. collect down the PII Controller Address
    3. collect contact information 
      1. what type - use appendix to indicate dynamic, out-of band, static, in person active
    4. collect link to privacy policy 
    5. collect any links to privacy access information 
  2. Indicate in which concentric manner data has been 
  3. Capture the legal justifications for processing 
  4.  Capture the Notice
    1.  indicate what the expected consent type is  prior to the notice
    2. indicate if personal identifiers are collected prior to presenting the notice
  5. Indicate the legal justification from the 6 categories - 
  6. indicate the personal data is sensitive 
  7. capture purpose description 
  8. capture the authorization scope
    1. frequency 
    2. duration


Q's to add to instructions

  • is the notice linked
  • is their notice of risk and harms?
  • is there a privacy information service point / api for dynamic data controls?


Field Name

Type

PII(Y)

Field Label

Description 

Required/Optional

version

string


Schema Version

The version of specification used to which the receipt conforms. To refer to this version of the specification, the string "v1" or the IRI "https://w3id.org/OPN/v1" should be used.

Required

profile

string


Privacy Profile URI

Link to the controller's profile in its registry. 

Required

Notice Receipt

string 


Type of Notice Receipt

Label Notice Receipt 

Required

id

string


Receipt ID

A unique number for each Notice Receipt. SHOULD use UUID-4 [RFC 4122].

Required

timestamp

integer


Timestamp

Date and time of when the notice was generated and provided. The JSON value MUST be expressed as the number of seconds since 1970-01-01 00:00:00 GMT (Unix epoch).

Required

key

string


Signing Key

The Controller’s profile public key. Used to sign notice icons, receipts and policies for higher assurance.

Optional

language

string


Language

Language in which the consent was obtained. MUST use ISO 639-1:2002 [ISO 639] if this field is used. Default is 'EN'.

Required

controllerID

string


Controller Identity

The identity (legal name) of the controller.

Required




Controller Address

jurisdiction

string


Legal Jurisdiction

The jurisdiction(s) applicable to this notice

Required

controllerContact

string


Controller Contact

Contact name of the Controller. Contact could be a telephone number or an email address or a twitter handle.

Required

notice

string


Link to Notice

Link to the notice the receipt is for 

Optional

policy

string


Link to Policy

Link to the policies relevant to this notice e.g. privacy policy active at the time notice was provided

Required

context

string


Context

Method of notice  presentation, sign, website pop-up etc

Optional




Receipt TypeThe human understandable label for a record or receipt for data processing.  This is used to extend the schema with  profile for the type of legal processing - and is Used to identify data privacy rights and controls 



Notice Text 



Accountable Person Role










Case Study: privacy cafe

  • Privacy Cafe Narrative
    • Scenario 1 imagine - first time to a privacy cafe
      • new country, differ language, different types of coffee, different currency, different technology, different measures, different indegrediants eg. type of sugar, cream, milk and cup size measures
    • Scenario 2 - a known regular at a privacy cafe close to your home or work 
      • the user experience with high level of consent
    • Scenario 3 - Digitally Twinning both scenarios for governance online
      • withdraw consent
      • access to use surveillance 
      • getting a report on who benefits from personal data in the cafe, out of the cafe
  • Main functionality point is focused on dynamic privacy performance in proprotion to the surveillance 
    • this transfers liability, and enable people with controls to mitigate risk 
    • difference between Permission for a purpose, or permission for a data base field - 
      • having to go into each service and change or withdraw permission -
      • or pressing one button to withdraw consent, for many services  
  • For Example the Priavcy Cafe 
    • Human XU - physical governance defaults - Notice for this 
      • in this context - there can be consent
    • Using the video surveillance in (or public camera outside) a privacy cafe to make a police report 
    • Privacy Cafe, making the session cookie for the web server - 

Identity Governance Findings

  • people are unable to natively use digital identifiers, credentials or digital wallets.  e.g. unable to use a computer or phone to log in, take a picture, or even capture a QR code, which is from   a wide spectrum of accessibility issues, from age-range etc.  Critical is that these range from external circumstances (e.g. security)  to internal use of digital identifiers, as well as the design of the  services provided,  aka usable access to privacy information and rights or for situational, security, personal, physical, age, or simply basic knowledge of, or access to, an identifier technology.
  • this is why proof of notice, (when not in person) is a missing privacy assurance,  that can be captured with an ANCR-Record, a proof which indicates if a person has a) enough information or even b) the capacity to provide systems permissions based on consent.  especially for online services. 



  • No labels