May 24, 2024 ANCR (PrivMas) WG Report : For International Digital Security and Privacy Community
There is a problem with digital identity governance due to the lack of transparency about who is processing your data, under what authority, to what purpose, and to what benefit. All the security and privacy engineering has been for institutional and enterprise infrastructure, none of it has been built as infrastructure for the individual. In the ANCR WG (Anchored Notice and Consent Receipt) we have worked to standardize the record and receipts, so they can be digitally anchored and notarized by the Individual so that everyone can use the same digital transparency on any PII Controller and their services, autonomously.
Consent by design defined in the ANCR WG expresses operationally how records and receipts so people self-identify themselves and digitally consent.
Introduction
Digital Transparency refers to Record and Receipt specifications for Record of Processing Activities, (contributed as 27560 Consent Record Information Structure to JTC1 WG5 after 6 years of community group @ Identity Commons, called Identity Trust WG )
The study and specification of Consent by Design has been evolving at Kantara since 2011 to the point where we can now present consent as decentralized digital identity governance model for master control of ones own data. This model prioritizes the privacy principle of transparency and accountability over choice and consent, placing this as the first privacy principle (as opposed to the 4th in 29100) for PII Principal centric data trust and governance.
The work is contributed to the commons governance framework, which in it’s latest Commonwealth iteration is the Council of Europe’s Convention 108+ as the international legal adequacy base line for transparency modalities required for security and privacy regulation. The foundation for internet based data governance technologies to interoperate, using the PII Controller Notice Record and Credential to specifically govern identity management technology.
Our focus in the Kantara Initiative and the Digital Transparency Lab has been records an receipts and to demonstrate how to govern mis-information, in digital identity management standards using an ISO/IEC 29100 specified record framework.
Consent by Design is described here in a number of ways
Digital Privacy Transparency, referring to the presentation of notice, notifications and disclosures are presented in a way that mimics the physical how people, notice, permission and consent. In particular, humans manage consent while systems manage permission (an instance of a consented surveillance context)
Very Canadian approach, in that permission is first required to introduce a new purpose for consent, and the individuals consent is implied by engagement and capture in a notice record.
Notification and disclosure can be capture with standardised record, receipt, semantics, and data privacy legal vocabulary, so as to be entirely specified according to not only the standard but in accordance with Convention 108+ which mirrors Chapter 1 of the GDPR Transparency Modalities, as well as Article 30 Records of Processing activities, but also provides extra-territorial logging (Article 80) and controller reporting obligations.
The individual is anonymous to begin with, and the first interaction with a PII Controller/service is when a PII Controller Notice Record is provided as a consent receipt to the individual.
The individual can define and present their own digital identity, identifiers, credentials according to context and as anonymous PII Principle, when interacting online.
Standardised Digital Privacy Transparency(SDPT) is conceptualized much like bank accounts, in which every personal data processing activity is recorded, and where services provide a record to the bank and the receipt to the individual when interacting with currency.
SDPT, requires that all surveillance, data processing, capture, and inference be identified, notified, with the risks of secondary and extra-territorial disclosure, provided through notification just in time, prior to processing dynamically in context, to provide high assurance.
Notification, notification and disclosure requirements for technologies performance internet based governance functions are specified in Commonwealth International Privacy Convention 108+ and mirrored in the GDPR. These are legally specified to inform the individual about the identity of the PII Controller, if there is a DPO Delegate, for 1 of the 6 legal justifications for processing personal information, from the legal context of existing consent in common spaces. (known as consensus)
SDPT as specified in the ANCR WG, takes into account Data Control, Data Protection, and whether or not the data trust is co-regulated, in order to assess levels of digital transparency technical risk assurance and liability mitigation, that can be provided to the individual in context.
Links to Previous Privmas Events
May 24 - 2020 - Privacy Jedi Day Workshop