Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Draft:  starting outline

Intro to PaeCG project, which created the technical assets and framework for a simple visual signal to show if the state of the legal entity and service is the same as expected.  

Privacy as expected is the legal expression of the state of notice people should have over privacy risk, in order to have privacy they expect.  Online, these privacy risks extend to digital identity, surveillance and the security of the surveillance.  Without clarity of these, it is hard to mitigate risks so people can trust independently of the service being provided. 

Identity Trust framework focus on (trust us) technology transparency )

in the PaeCG project we are specifying a universal, decentralized identity and data governance signalling protocol for this human + legal baseline.  Over trustworthiness of the transparency and accountability of data processing, collection and use with online services.   This article describes this protocol for the PaeCG UI (name yet to be determined). 

Note: The Open Consent Group is looking for support and proposing grant applications to start an open source ANCR project for the UI and it's binding with identity protocol's. (If you are interested in the project, please contact Mark L)

Simply put, the internet is missing the active state/ context for people, and most identity management efforts are about activating the identifier for the individual, which has revealed over time, with lots of research a signalling/security gap for people and systems (which is the security of Surveillanc tech). Represeting the  signalling gap required for (trustworthiness). 

Visual Signal Being Specified

  • a person generates  a notice receipt for an online website based interaction, and then when returning to this website generates another receipt, then compares the state of these two receipts to see if privacy is as expected.

    • if the signal is green - their is no need for a cookie notice or privacy ritual 
    • if the signal is yellow - then legally a notice is required to be provided, the person can ignore, accept, refuse these notices 
    • if the signal is red - then a notice is legally required to maintain system permissions and to manage a consent (which is technical no longer valid) for example a data breach. 
  • Extending the existing policy, security, technical laws and standards with PaeCG, is the design goal of the effort. 

 Overview 

In this document there is the principle reference and any new/proposed principles for the use of receipts for Active State Transparency and Semantic Governance. 

The aim of the PaeCG signalling protocol is to extend existing security and privacy governance schemes with an overarching privacy operator risk and liability scheme for digital identity technologies. 

The PaGe

Use of PaE Notice Gateway with 

  • existing Principles
    • Notice 
    • Consent 
    • Choice
  • Additional  Principles
    • understanding that consent management is something humans do, not what identity management systems do.  (not the same thing) 
  • Extending Codes of Conduct with PaeCG
    • technical code of conduct = privacy/surveillance  standard defaults which are then distilled into a code of practice/certification for a specific role that is registered to the code of conduct. 

Use Case: Parental Consent 


  • No labels