Transparency Performance Reporting (TPR) is a novel approach to digital transparency and data control reporting, pioneered by the same group that specified Notice and Consent Receipts at the Kantara Initiative. This represents a significant advancement for decentralizing digital identification and data surveillance governance within data flows.
The initial Transparency Performance Report v0.9 is posted for comment at the ANCR Wiki. It is focused on evaluating the validity, security, sovereignty, and accountability of digital consent. It is a tool to expose dark patterns and secret surveillance. It builds on the consent receipt specification by adding standardized transparency with regards to the sovereignty of data and consent and its validity in conjunction with digital identification systems.
The ANCR transparency and consent work has a 'bottom-up' history, originating as the Notice and Consent Receipt brought to Kantara in 2013 by the Open Notice Initiative, and before that, the Identity Commons in California. This initiative aimed to create standards addressing “the Biggest Lie on the Internet,” a campaign against terms and conditions in support of do-not-track. Transparency performance reporting clarifies when a notice and consent receipt is required.
The Kantara Consent Receipt v1.1 specification has been influential, eventually being drafted in conjunction with ISO/IEC Online privacy notice and consent standard (29814), also known as JTC 1, SC 27, WG 5 – the international standards group focused on privacy and identity management. Beginning at Identity Commons, the project reached the international stage through the Kantara Initiative. The Notice and Consent receipt schema itself has now evolved into an ISO/IEC technical standard, 27560 Consent record information structure.
The ANCR specification for Transparency Reporting introduces four transparency performance indicators (TPIs) to assess the validity of consent for digital identification management.
This TPR report, developed through volunteer work over three years in the ANCR workgroup represents a significant step towards addressing big-tech surveillance and tracking, and promotes the glass-box Commonwealth security and privacy legal standards.
The timing of this announcement is significant, as the expected 2025 ratification of the international Commonwealth treaty, Convention 108+, will create the only global rules set for security and privacy, that is rights, law, and Commons-based. This technical record foundation is suitable for a common set of rules allowing people to have their own authoritative records of digital identification relationships. Records of processing activities (GDPR Article 30) that enable services to be accountable to international (internet) standards for data governance.