A Notice Record and Consent Receipt Framework
The receipt is further defined and fields broken down for use by privacy framework for conformance assessment, which is based on the lifecycle of a specific notice for processing personal data and a specified purpose, the purpose is used to define the consent grant which provide the scope of permissions for a digital identifier management system.
an Anchor Record is generated for the PII Principle
- a self-asserted PII Controller ANCR record provides a tier 0 privacy assurance,
- if held by PII Controller, on behalf of the PII Subject then this is not compliant
- must be witnessed by 3rd Party Privacy Assurance Provider
- a self-asserted PII Principle ANCR Record
- is held by PII Principle, used to generate consent notice receipts
- a self-asserted PII Controller ANCR record provides a tier 0 privacy assurance,
Conformance assessment use cases for 27560 for the PII Principal:
- use of receipt as evidence for proof of notice and consent.
- use of receipts as proof of awareness for identity management system
- use of receipt to see the state of privacy / consent lifecycle - so that people can automatically see what to expect without reading a privacy policy or terms - with access directly to digital use of privacy rights .Consent Grant Roadmap - Scope protocol for Identity management system permissioning
- Consent Grant (human scope) - Identity Management = technoal permission and access controls
Updating from v1.1 - represented by submission to ISO 27560
- delegation
- jurisdictions
- personal data categories
- consent record structions
- purpose finger print
- purpose
V1.2 : Consent Receipt Framework
Intro - Implements PasE Protocol with 2FC
V1.2.1 : ANCR Record Conformance
- First Factor Notice for PII Principal
- Fields for DS location require a verifier
- verifying (or synthetic) attribute
- a specified legal jurisdiction
- quality of notice of control receipt
- quality of service purpose specification receipt
- PII Controller
- notice location
- legal jurisdiction
- governing framework - e.g. t&c's?
V1.2.2 : Consent (Notice) Receipt:27560
- Extend with Legal justification to specify purpose for a service
- Specifying the Legal Justification for data processing in a notification
- Specifying Data Categories
- Specifying Data Treatment
- Specifying Security
V 1.2.3 : Rights Access & Automation
- rights with ANCR Record
- universal context right
- right to information about privacy and security
- right to see contoller and purpose(s)
- legal requirement for presenting risk
- right to information about privacy and security
- universal context right
V 1.2.4 : Consent Validation - The Life cycle of a consent
- Active State of Consent Validation
- identity governance controls and scope
- Consent Grant for Identity Protocol Governance
- Scope of a Consent Grant Represented in the User Managed Access Protocol
- use of consent gateway for consent grant validation
- Scope of a Consent Grant Represented in the User Managed Access Protocol
Protocol Scope Use Cases
UMA
SAML / eIDAS
- FAPI
- GNAP
V 1..2.5 :
- Privacy as Expected - Part 3: Consent by Design - operational conformance - standardizing signalling - UI interaction point conformance - proof of notice and transparency/accountability assurance
- 29184 notice controls and consent structure
V 1.2.6 Data Governance Interoperability
- Privacy Framework for Gov interop for Security/Surveillance, Evidence and Policing
- Re-Issuing Identity Credentials with a native and local identity service - rather than exporting a federation into foreign governance models (e.g. Contracts / T&C's)
- Transparency Assurance
V 1.2.6 Topics Raised to be Reviewed / Refined and Addressed in Roadmap to V2
- Delegation
- Jurisdiction (physical location proof)
- Consent Types Defined in v1.2
- explicit
- implied
- directed
- altruistic
WKD ISSUES
The CR v1,1 as published known challenges have been addressed and are specified here in the v1.2 update.
- See V1.1 Update https://kantarainitiative.org/confluence/x/VYSVC
- V1.1 (2017) addressed with GDPR and then adopted to ISO
- V1.1 completed with comments to ISO
- delegation
- Jurisdiction
- PII categories
CR v1.2 Format Structure and fields
- Notice field object
- Location & Time
- Location – twin -
- Physical Device -
- PII Controller object
- Jurisdictions,
- Link to physical notice
- Extend it (Legal Justification)
- Privacy Stakeholders
- Categories of controllers
- Consent Purpose Specification (v.1.1)
- Purpose Category
- Purpose Descriptions
- Purpose Sensitive Categories of Data
- Sensitive data category
- Personal Data Category
- Personal Data Types/attributes etc
- Personal Data Processing Treatment
- Storage
- Security (cert/sighed key)
- Extensions –Requirements (according to Context)
Notice & Notifications
A Notice can itself be extended with a Notification for the maintenance of a consent record, and consent based relationship. Notice Receipts facilitate a Semantic Governance Framework
A notice of controller is the first section of the receipt 1, can be extended with these receipt profiles
- Contract Notice Receipt
- Vital Notice Receipt
- Notice of (legal) Obligation Receipt
- Legitimate Interest Notice Receipt
- Public Interest Notice Receipt
Notification `
The spectrum of consent has multiple vectors
- Is the relationship vector:
- Starting at the first notice for consent, then lasting for the lifecycle of Consent and permission
- This first Notice for Consent receipt is the Anchor receipt and is maintained with linked notices
- Consent Notice Receipts
- Anchor receipt
Type of Consent Receipt | Description | Lifecycle Use |
|
Explicit Consent | Anchor Receipt (starts a receipt) |
|
|
Implied Consent | Action of the PII Principal |
|
|
expressed | Notification by the PII Principal |
|
|
Directed | (Health Care ) |
|
|
Altruistic | No Notice Required - |
|
|