The ANCR WG is pleased to announce that the WG effort to specify a PII Controller credential for Digital Privacy and Privacy by Design. A credential which is comprised of publicly required privacy information, (digital privacy transparency) that is directly regulated by international privacy law. Providing a notice credential using an international standard security + privacy ISO/IEC framework of standards that are interoperable. Building upon the ISO 31700-1:2023(en) Consumer protection — Privacy by design for consumer goods and services — Part 1: High-level requirements privacy by design framework to support privacy defined, data governance interoperability. It’s intended use is to enhance the digital privacy transparency and as a result the operational usability and the adequancy of a digital privacy notice, notifications or disclosures.
It adds the next layer to the notice record and consent receipt framework for generating records of processing activities for people. It provides the capability for new network architectures, where a micro-notice credentials can provide proof of digital notice and where consent receipt tokens are used for evidence of consent.
It’s specified scope of authority is for the notice and its linked context. We are publishing a specification in the WG that can be self-asserted (our Level 0 Digital Privacy and Transparency) and for public use, including the ability to “broadcast” digital transparency enhancing dynamic digital notifications.
The Open Notice Controller Credential is specified to be a regulated controller credential by design using ISO/IEC 29100 security and privacy techniques, ISO/IEC 29184 privacy and security controls and cross-referenced and mapped to Convention 108+, and GDPR initially,.
By open the credential is designed to be what we refer to as Open +++
Open for people, as a record for digital privacy transparency
Open, in that it is specified to international standards and laws that are openly accessible and binding
Open for business - usable for people to use to access business service data directly increasing trust and value in a dynamic (personal) data economy
[More to Come]