Overview
The ANCR WG specifications present a transparency framework for digital identity relationships and surveillance technologies, defined by an international privacy law using an open to access, ISO/IEC 21900 Privacy framework, which specifies roles, realationships, for security and privacy to be used online.
ANCR refers to an Anchored Notice and Consent Receipt, which are credentials anchored by human control, and they are used to enable digital security and privacy roles, to create records of processing (receipts) activities for digital identity and surveillance technologies.
The core concept for Anchored digital trust, is the use of a receipt to automatically verify the PII Controller and Privacy State, in order to see and make the choice of wether or not to trust the state of digital privacy. Digital Privacy referring to the technical representation of privacy using the ISO/IEC framework, to make transparent authority, and providence online.
Key ANCR Assurance Specification documents
This introduction to Levels of Operational Transparency Risk Assurance,
The Notice Receipt/Record and PII Controller Notice Credential format to identify the PII Controller (AP + Data Privacy Officer).
Transparency Code of Conduct (International Convention 108+ for governance interoperability with ISO/IEC 29100 security and privacy framework for systems (as digital privacy is not valid without security)
For Levels of Operational Transparency Assurance
Consent Receipt v2 ANCR Credential Set (Consent Tokens)
Framework Component Specifications
Differential Transparency (AuthC Protocol)
Two Factor Concentric Notice
Concentric Notice Labels
Data Control Risk Assessment
Purpose of Use
Digital Privacy - Co-Regulatory Framework for all stakeholders
Consent for trans-boarder flows - with Consent Tokens for the individual to authorize trans-boarder flow and access control to PII Principals PII
Authoritative Law, Guidance and Standards Referenced
The core of the referencing can be found in the ANCR’D PII Controller Credential specification focused on legal authority for risk and liability governance. It is defined with reference to OECD Transborder Data Flow International and authoritative law (Convntion 108+) the EU GDPR, and ISO/IEC specifica the stakeholders are security framework is defined with the Open (not paid for) ISO/IEC 29100 security & privacy framework. International baseline for a Transparency Code of Conduct and a subsequent Digtial Privacy Code of Practice is derived in order to implement this framework for public benefits in public, privacy, people partnerships. (which this WG is looking to support)
As a result, and through active participating through Kantara ISO/IEC Liaison, and active participation with NIST, DIACC, W3C, and Kantara Community this work is contributed in multiple ways. Comments, Calls for Contribution, as a specification Editors, advocates and importantly, through the production of specifications. Like the Consent Receipt v1.1 used for trust assurance infrastructure.