Managing the Life Cycle of Consent with Notice Receipts
- Consent Notice Receipt lifecycle
- Notice of risk for adv transparency to mitigate
- Notice of azcknolwdledge of rights (for the acknowledged risks)
Use Case points
- Privacy Shield Replacement
- decentralized risks management
- enhancing or upgrading existing T&C's with receipt framework
Items to cover
- conformance framework
- code of conduct
- Regulator approved (GDPR Adequacy - Industry & Sector )
- code of practice
- certification
- code of conduct
A consent by design protocol
Types of consent processing Notice receipt type extensions https://openconsent.atlassian.net/l/c/82LahUFw
Extending the Notice Receipt Fields by purpose.
- ANCR (Explicit Consent Receipt)- added designation to the notice receipt ID to indicate explict record of consent for a purpose
- All subsequent receipt - link to
- Implied - processing receipt for when an ANCR receipt is implied -
- Expressed by action (should link ANCR receipt)
- Directed - when a consent notice receipt is a privacy agreement for future consent to a Controller
- Altruistic - a consent notice receipt privacy agreement without a specifically identified controller for processing (usually a data trust)
LifeCycle Framework : a Walk through outline
- A notice receipt captures the record entity relationship and indicate an active relationship with a Controller notice - indicating the status of the controller and risk assurance provided by the notice for processing - (risk assurance must be independent / notarized - to provide assurance)
- This can then be extended - (rather then combined ) with a consent receipt CR v1.1 for consent purpose specification
- Identifies purpose_cat - if any legally sensitive (special) categories exist (y/n)
- The scheme Must be frame from industry and sector best practice .
- categories have different rule frameworks for processing personal data which are consistent internationally and specified in ISO 29100
- e.g. explicit notice and consent is required for sensitive personal data category types are processed by this purpose (unless legal exemption exists)
- The scheme Must be frame from industry and sector best practice .
- Purpose Cat = Defined by a Scheme - which is defined by industry code and sector code
- Any required attribute names
- Deletion, expiry rights, controls, actions, security
- Identifies purpose_cat - if any legally sensitive (special) categories exist (y/n)
- The purpose specification provides a notice that,
- The purpose name
- The purpose description
- The personal data/info categories
- The treatment of the data
- Link to - send the receipt with a notice to withdraw consent (or manage its lifecycle)
The initial consent_notice receipt can be turened into an ANCR with a consent notice that provides required legal information, *e.g, privacy by design
- Anchor receipt is base receipt for active state receipt event systems''
- notice receipt (of anytime used, kept and collect by the person)
- Manually - 3 options:
- Track the analytics of the service and its performance
- 1. Print - mail - address - (with corresponding email) - snail mail - written and notarized by the OPN Registrar service
- 2. Send Notice via an OPN notice receipt
- 3. We have
- Manually - 3 options:
- This receipt can then be used by the person to provide a context profile (used for permissions and preferences)
- Consent Notice Receipt Types
- Consent Notice Receipt
- Implied Notice Receipt
- Expressed Notice Receipt
- Consent Directive
- Altruistic Consent
- Anchor Notice Receipt