The ANCR WG delivered a readout that focused on a critical security flaw in the existing working draft whereby the PII Principal's identifier is being unnecessarily exposed in the consent record and is no longer under the control of the PII Principal. The readout point to the ongoing efforts at Kantara on the evolution of the Consent Receipt and the current workgroup draft of the ANCR Notice Record which addresses this issue and show how to make receipts by and for people and under their control independently of service providers. The record uses the open 29100 Framework and the Consent Receipt v1.1. (ISO/IEC 29184 Online privacy notices and consent Annex B.) and maps to the General Data Protection Regulation (GDPR) as well as the Council of Europe 108+ as well as the 27560 record structure.
The WG also provided 6 comments targeted primarily at security and privacy considerations in the draft. The comments are located here.