CR V1.1 Issues Resolved for CR v1.2 Framework
the receipt is further defined and fields and broken down into
- Part 1 : Required Notice of Controller Identity Fields - the capture of the identity of the controller, and the physical context of the notice for processing provided by the controller
- Part 2: Legal Justification and (services) purpose specification to generate a consent notice receipt from the notice presented to the Individual
- Part 3: the human interaction point - in which proof of notice being provided/read is captured and a Consent Notice Receipt is generated.
Additional information for data control & accountability providence can be nested in the receipt to provide a higher level of automated privacy assurance to better mitigate risk and liability
Consent Types Defined in v1.2
- explicit
- implied
- directed
- altruistic
The CR v1,1 as published known challenges have been addressed and are specified here in the v1.2 update.
- See Update
CR v1,2 Format Structure and fieilds
- Notice field object
- Location & Time
- Location – twin -
- Physical Device -
- PII Controller object
- Jurisdictions,
- Link to physical notice
- Extend it (Legal Justification)
- Privacy Stakeholders
- Categories of controllers
- Consent Purpose Specification (v.1.1)
- Purpose Category
- Purpose Descriptions
- Purpose Sensitive Categories of Data
- Sensitive data category
- Personal Data Category
- Personal Data Types/attributes etc
- Personal Data Processing Treatment
- Storage
- Security (cert/sighed key)
- Extensions –Requirements (according to Context)
Notice & Notifications
A Notice can itself be extended with a Notification for the maintenance of a consent record, and consent based relationship. Notice Receipts facilitate a Semantic Governance Framework
A notice of controller is the first section of the receipt 1, can be extended with these receipt profiles
- Contract Notice Receipt
- Vital Notice Receipt
- Notice of (legal) Obligation Receipt
- Legitimate Interest Notice Receipt
- Public Interest Notice Receipt
Notification
notifications
Rights Consent Notice Receipt
Privacy and Surveillance based rights are applied to context according to the legal justification, which is confusing even for the experts.
- Withdraw Consent
Consent Notice Receipts (Lifecycle)
The spectrum of consent has multiple vectors
- Is the relationship vector:
- Starting at the first notice for consent, then lasting for the lifecycle of Consent and permission
- This first Notice for Consent receipt is the Anchor receipt and is maintained with linked notices
- Consent Notice Receipts
- Anchor receipt
Type of Consent Receipt | Description | Lifecycle Use |
|
Explicit Consent | Anchor Receipt (starts a receipt) |
|
|
Implied Consent | Action of the PII Principal |
|
|
expressed | Notification by the PII Principal |
|
|
Directed | (Health Care ) |
|
|
Altruistic | No Notice Required - |
|
|